Announcements about the wwwoffle program
Sun, 02 Apr 2006 09:59:36 -0700
------------------------ WWWOFFLE Announcement ------------------------
Finally the new version of WWWOFFLE is ready for release. After a
long time since the previous version (2.8e) the new version is 2.9 and
is now available.
There are two main parts to the new work that makes up version 2.9
compared to version 2.8e.
The first part of the work since the version 2.8 has been bug fixes
and internal changes. There has been a lot of rewriting of the
internal mechanisms to tidy up the code and remove compilation
warnings on certain systems. There has also been quite a bit of
optimisation work (executable size and speed).
The second new piece of code is caching of https connections (by
interception, not by breaking the encryption). The addition of this
feature means that WWWOFFLE will see the un-encrypted version of the
headers and page content. This means that all of the other WWWOFFLE
features are available like censoring headers, modifying HTML,
blocking content, URL specific age limits etc.
There is obviously a downside to this, if not used correctly it could
lead to a reduction in security. This could be accidental, for
example caching web pages that contain cookies to log onto your online
bank. It could also be deliberate deception by interfering with the
https connections of other users without telling them. Neither of
these are specific to WWWOFFLE, cookies may leak from your browser if
they are saved to disk and other proxies allow interception like
WWWOFFLE does.
If you want to use this feature you will need to take positive
actions. This means compiling WWWOFFLE with the gnutls library and
enabling caching of https instead of tunneling which is the default.
This option can be selected on a host by host basis so that some hosts
are cached and some are tunneled like in older WWWOFFLE versions. You
will need to have version 1.2.8 or later of libgnutls installed when
compiling.
If you do not want to use this feature then you can just compile
WWWOFFLE as normal and there will be no change to the behaviour with
encrypted pages compared to the older versions.
-------------------- NEWS --------------------
Since version 2.8:
Bug Fixes:
When modifying HTML check cache status of link aliases. Fix an error message
when executing a change mode script.
Fix URL encoding in index pages. Remove warnings compiling with CYGWIN. Make
the ssl-allow-port config file option work for port 80. If confirm-requests is
enabled don't allow POST/PUT. Warn if timestamp of monitored file cannot be
changed. Remove fake URL arguments from aliased URL for POST/PUT. Print
internal page headers in ExtraDebug mode. 'wwwoffle -fetch' works in autodial
mode. Avoid config editing pages being cached by browser. Be more consistent
with removing '#' from URLs in all cases. Handle URLs with URL-encoded
hostnames. Handle purge with age=-1 and min-free or max-size set. Break
socket writes into small pieces for huge data blocks. Purge from lasttime and
prevtime if URL purged from main cache.
Internal Code Changes:
Lots of internal modifications to remove years of accumulated ugliness.
Source code changes to increase speed and reduce memory size.
Use 'const' for fixed data arrays and function parameters where possible.
Be careful with integer variables on systems where sizeof(long)!=sizeof(int).
Reduce code size if compiling without zlib option.
New Features:
Add a new layer of buffering to avoid large number of small network writes.
Add checkboxes to protocol indexes (e.g. /index/http) for deleting multiple.
Add reset button (and more if javascript) to clear delete checkboxes.
Add the ability to use the Hyper Estraier programs to search the cache.
Improve the purge output, print more information about what is happening.
Programs:
Move the convert-cache and uncompress-cache functions into wwwoffle-tools.
Documentation:
Remove the file called CONVERT and all references to ancient WWWOFFLE versions.
Add new documentation about Hyper Estraier and update other search documents.
Tidy the README.1st file.
*NOTE* The configure script will enable IPv6 by default if possible.
If you explicitly want it disabled you must do this yourself.
*NOTE* The URLs for deleting cached web pages has changed.
For example '/control/delete-url/?xxx' is now '/control/delete/url?xxx'.
*NOTE* The HTML message files no longer have 'localhost' defined, but 'localurl'
is used instead (http://$localhost/ -> $localurl/).
Since version 2.9-beta:
Bug Fixes:
Fix configure script AC_INIT and tests for sys/mount.h. Block more Javascript
when modifying HTML. Don't change the URL hash for a POST request when
fetching it. Don't handle parameter separately from path in URL. Don't split
up large writes when no timeout is set.
Internal Code Changes:
More changes for integer variables on systems where sizeof(long)!=sizeof(int).
Change the configure_io_*() functions for each type of IO not each direction.
New Features:
Added ability to make secure browser connection to WWWOFFLE using HTTPS.
Added ability to cache SSL connection data (https) (config file options).
Added a page to show information about the SSL certificates stored by WWWOFFLE.
Documentation:
Add new documentation about HTTPS SSL/TLS security, trust and WWWOFFLE.
*NOTE* If you want to enable HTTPS/SSL functions in WWWOFFLE you must enable it
when running configure prior to compiling. It is not enabled by default.
*NOTE* If you have compiled WWWOFFLE with gnutls there will be a delay the first
time that wwwoffled is started and the first time each https server is
accessed due to the creation of secure encryption keys.
Since version 2.9-beta-ssl:
Bug Fixes:
Fix script removal tag attribute confusion. Fix cygwin handling of certificate
filenames. Fix audit-usage.pl so that it works with syslog output. Make sure
trusted certificates have valid dates. Detect and fetch background images in
table cells. Lower the logging level of some unimportant warning messages.
New Features:
Added an option 'cookies-force-refresh' so requests with cookies are refreshed.
-------------------- NEWS --------------------
Downloading
-----------
I have changed the download policy for WWWOFFLE and now the source
code is only available from my web pages and not from FTP servers.
http://www.gedanken.demon.co.uk/wwwoffle/version-2.9/download.html
The complete version (1049 kB) is available from:
http://www.gedanken.freeserve.co.uk/download-wwwoffle/wwwoffle-2.9.tgz
http://www.gedanken.demon.co.uk/download-wwwoffle/wwwoffle-2.9.tgz
------------------------ WWWOFFLE Announcement ------------------------
Send all replies to [EMAIL PROTECTED]
To unsubscribe send the command 'unsubscribe' as the subject of
a message to [EMAIL PROTECTED]