10 files changed, 324 insertions, 455 deletions
diff --git a/net-proxy/bfilter/ChangeLog b/net-proxy/bfilter/ChangeLog
index 3f564651685a..c568ac124be7 100644
--- a/net-proxy/bfilter/ChangeLog
+++ b/net-proxy/bfilter/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-proxy/bfilter
-# Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/bfilter/ChangeLog,v 1.3 2005/12/31 16:28:10 mrness Exp $
+# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/bfilter/ChangeLog,v 1.4 2006/03/05 08:31:31 mrness Exp $
+
+*bfilter-0.10.3 (05 Mar 2006)
+
+  05 Mar 2006; Alin Nastac <mrness@gentoo.org>
+  -files/bfilter-0.9.4-droppriv.patch, files/bfilter.8, files/bfilter.conf,
+  files/bfilter.init, -bfilter-0.9.4.ebuild, +bfilter-0.10.3.ebuild:
+  Version bump (#124950). Credit goes to Alan Swanson <swanson@ukfsn.org>.
 
   31 Dec 2005; Alin Nastac <mrness@gentoo.org> bfilter-0.10.1.ebuild:
   Fix libsigc++ dependency (#117278).
diff --git a/net-proxy/bfilter/Manifest b/net-proxy/bfilter/Manifest
index a5375a67bd89..5b953de08d7e 100644
--- a/net-proxy/bfilter/Manifest
+++ b/net-proxy/bfilter/Manifest
@@ -1,21 +1,10 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 25879d3ce78b34dbc59d353f5c5d18a9 ChangeLog 832
+MD5 dc6cfb2249f0ba6df683f6724772b038 ChangeLog 1111
 MD5 70889ee77a02542ea04a05e106645823 bfilter-0.10.1.ebuild 1732
-MD5 f0ccb6eae44507f9faf8faf911bc9b9a bfilter-0.9.4.ebuild 1259
+MD5 ea3ef629abf2130860aa2ec9b433df60 bfilter-0.10.3.ebuild 1588
 MD5 13b255051243f8ef4f66a4118d4a1cbd files/bfilter-0.10.1-droppriv.patch 3650
-MD5 59c8af85f08eaafc38f6c3421caa8ca3 files/bfilter-0.9.4-droppriv.patch 5108
-MD5 51acec84c4acfc995ab2a02fd8a3c7fe files/bfilter.8 9512
-MD5 598c43884dae3c39ecd580f74fbf5bef files/bfilter.conf 154
-MD5 cf9b6d00bed0c12ed1fc046cda9b49e5 files/bfilter.init 493
+MD5 f90e9af9022576e75ff93a69b76fdb04 files/bfilter.8 11933
+MD5 ae7cda107d31d465fa7cc8ef61fb5849 files/bfilter.conf 156
+MD5 68c828183c3d032240e92c9d360b9334 files/bfilter.init 918
 MD5 8c7f7fd24bd2fc2681e185c511db4d57 files/digest-bfilter-0.10.1 67
-MD5 e6e2c311139ed184131d6a945b12a3fb files/digest-bfilter-0.9.4 66
+MD5 d6dea972b0d02c7f77440d983ce2e375 files/digest-bfilter-0.10.3 67
 MD5 2b32df81d3a9693c235baddd9386cce9 metadata.xml 1179
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.2 (GNU/Linux)
-
-iD8DBQFDtrGrjG8pv1lIUX4RAgI+AKDcTM+otzP0eHtSPwJ2JleZu+8kCACeNE30
-KI32R5spWFda+ZlBu8oWL+M=
-=oFOl
------END PGP SIGNATURE-----
diff --git a/net-proxy/bfilter/bfilter-0.10.3.ebuild b/net-proxy/bfilter/bfilter-0.10.3.ebuild
new file mode 100644
index 000000000000..60403a97ce35
--- /dev/null
+++ b/net-proxy/bfilter/bfilter-0.10.3.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/bfilter/bfilter-0.10.3.ebuild,v 1.1 2006/03/05 08:31:31 mrness Exp $
+
+inherit eutils
+
+DESCRIPTION="An ad-filtering web proxy featuring an effective heuristic ad-detection algorithm"
+HOMEPAGE="http://bfilter.sourceforge.net/"
+SRC_URI="mirror://sourceforge/bfilter/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86"
+IUSE="X debug"
+
+RDEPEND="sys-libs/zlib
+	>=dev-libs/ace-5.4.6
+	=dev-libs/libsigc++-2.0*
+	X? ( >=dev-cpp/gtkmm-2.4 )"
+DEPEND="${RDEPEND}
+	dev-util/scons
+	dev-util/pkgconfig"
+
+src_compile() {
+	econf `use_enable debug` `use_with X gui` || die "econf failed"
+	emake -j1 || die "emake failed"
+}
+
+src_install() {
+	make DESTDIR="${D}" install || die "make install failed"
+
+	doman "${FILESDIR}/bfilter.8"
+
+	dodoc AUTHORS ChangeLog
+	dohtml doc/*.png doc/*.jpg doc/*.html
+
+	newinitd "${FILESDIR}/bfilter.init" bfilter
+	newconfd "${FILESDIR}/bfilter.conf" bfilter
+}
+
+pkg_preinst() {
+	enewgroup bfilter
+	enewuser bfilter -1 -1 -1 bfilter
+}
+
+pkg_postinst() {
+	if has_version "=${CATEGORY}/${PN}-0.9.4" ; then
+		ewarn "Please note that the filtering configuration files have been changed."
+		ewarn "Any custom settings defined in the rules and rules.local files"
+		ewarn "need to be converted to the new url and url.local files"
+		ewarn "(the old rules and rules.local can then be deleted). "
+		ewarn "See http://bfilter.sourceforge.net/doc/url-patterns.php for further details."
+	fi
+}
diff --git a/net-proxy/bfilter/bfilter-0.9.4.ebuild b/net-proxy/bfilter/bfilter-0.9.4.ebuild
deleted file mode 100644
index 1c3343874c6b..000000000000
--- a/net-proxy/bfilter/bfilter-0.9.4.ebuild
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright 1999-2005 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/bfilter/bfilter-0.9.4.ebuild,v 1.1 2005/09/19 05:35:35 mrness Exp $
-
-inherit eutils
-
-DESCRIPTION="An ad-filtering web proxy featuring an effective heuristic ad-detection algorithm"
-HOMEPAGE="http://bfilter.sourceforge.net/"
-SRC_URI="mirror://sourceforge/bfilter/${P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~x86"
-IUSE="X debug"
-
-RDEPEND="sys-libs/zlib
-	dev-libs/popt
-	=dev-libs/libsigc++-1.2*
-	X? ( =dev-cpp/gtkmm-2.2* )"
-DEPEND="${RDEPEND}
-	dev-util/pkgconfig"
-
-src_unpack() {
-	unpack ${A}
-
-	# Provide user, group and chroot privilege lowering
-	epatch ${FILESDIR}/${P}-droppriv.patch
-}
-
-src_compile() {
-	econf `use_enable debug` `use_with X gui` || die "econf failed"
-	emake || die "emake failed"
-}
-
-src_install() {
-	make DESTDIR="${D}" install || die "make install failed"
-
-	# This is also created by openssh for privilege separation
-	keepdir /var/empty
-
-	doman ${FILESDIR}/bfilter.8
-
-	dodoc AUTHORS ChangeLog
-	dohtml doc/*.png doc/*.html
-
-	newinitd ${FILESDIR}/bfilter.init bfilter
-	newconfd ${FILESDIR}/bfilter.conf bfilter
-}
-
-pkg_preinst() {
-	enewgroup bfilter
-	enewuser bfilter -1 -1 -1 bfilter
-}
diff --git a/net-proxy/bfilter/files/bfilter-0.9.4-droppriv.patch b/net-proxy/bfilter/files/bfilter-0.9.4-droppriv.patch
deleted file mode 100644
index 923988cfd0f9..000000000000
--- a/net-proxy/bfilter/files/bfilter-0.9.4-droppriv.patch
+++ /dev/null
@@ -1,170 +0,0 @@
-diff -ur bfilter-0.9.4/main/main_unix.cpp bfilter-0.9.4-privdrop/main/main_unix.cpp
---- bfilter-0.9.4/main/main_unix.cpp	2003-12-19 19:27:32.000000000 +0000
-+++ bfilter-0.9.4-privdrop/main/main_unix.cpp	2005-08-27 19:43:13.000000000 +0100
-@@ -26,13 +26,16 @@
- #include <popt.h>
- #include "network.h"
- #include <ipcportal.h>
-+#include <sys/stat.h>
-+#include <pwd.h>
-+#include <grp.h>
- 
- // some older versions of popt don't define POPT_TABLEEND
- #ifndef POPT_TABLEEND
- #define POPT_TABLEEND { NULL, '\0', 0, 0, 0, NULL, NULL }
- #endif
- 
--int main_unix_standalone(const std::string& confdir, bool nodaemon);
-+int main_unix_standalone(const std::string& confdir, bool nodaemon, char *chroot, uid_t user, gid_t group);
- int main_unix_backend(Network::Socket csock, IPCPortal* portal);
- 
- int main(int argc, char *argv[])
-@@ -40,16 +43,27 @@
- 	enum {
- 		ARG_VERSION = 1,
- 		ARG_CONFDIR,
-+		ARG_CHROOT,
-+		ARG_USER,
-+		ARG_GROUP,
- 		ARG_NODAEMON,
- 		ARG_BACKEND
- 	};
- 	bool backend = false;
- 	bool nodaemon = false;
- 	char *cdir = 0;
-+	char *chroot = 0;
-+	char *user = 0;
-+	char *group = 0;
-+	uid_t uid = 0;
-+	uid_t gid = 0;
- 	std::string confdir = CONFDIR;
- 	struct poptOption options[] = {
- 		{ "version", 'v', POPT_ARG_NONE, NULL, ARG_VERSION, "Print version and exit" },
- 		{ "confdir", 'c', POPT_ARG_STRING, &cdir, ARG_CONFDIR, "Set custom config directory", "dir" },
-+		{ "chroot", 'r', POPT_ARG_STRING, &chroot, ARG_CHROOT, "Set chroot directory", "dir" },
-+		{ "user", 'u', POPT_ARG_STRING, &user, ARG_USER, "Set unprivileged user", "name" },
-+		{ "group", 'g', POPT_ARG_STRING, &group, ARG_GROUP, "Set unprivileged group", "name" },
- 		{ "nodaemon", 'n', POPT_ARG_NONE, NULL, ARG_NODAEMON, "Disable background daemon mode" },
- 		{ "backend", '\0', POPT_ARG_NONE|POPT_ARGFLAG_DOC_HIDDEN, NULL, ARG_BACKEND },
- 		POPT_AUTOHELP
-@@ -78,13 +92,49 @@
- 			<< ": " << poptStrerror(arg) << std::endl;
- 		return 1;
- 	}
-+	if (!backend && (chroot || user || group)) {
-+		struct stat stat_r;
-+		struct passwd *user_r;
-+		struct group *group_r;
-+
-+		if (getuid()) {
-+			std::cerr << "Cannot lower privileges, not running as root" << std::endl;
-+			return 1;
-+		}
-+
-+		if (chroot && stat(chroot, &stat_r)) {
-+			if (!S_ISDIR(stat_r.st_mode)){
-+				std::cerr << "Cannot lower privileges, chroot directory does not exist" << std::endl;
-+				return 1;
-+			}
-+		}
-+		if (user) {
-+			user_r = getpwnam(user);
-+			if (user_r)
-+				uid = user_r->pw_uid;
-+			else {
-+				std::cerr << "Cannot lower privileges, unknown user" << std::endl;
-+				return 1;
-+			}
-+		}
-+
-+		if (group) {
-+			group_r = getgrnam(group);
-+			if (group_r)
-+				gid = group_r->gr_gid;
-+			else {
-+				std::cerr << "Cannot lower privileges, unknown group" << std::endl;
-+				return 1;
-+			}
-+		}
-+	}
- 	poptFreeContext(context);
- 	
- 	if (backend) {
- 		IPCPortal portal(0, 1);
- 		return main_unix_backend(3, &portal);
- 	} else {
--		return main_unix_standalone(confdir, nodaemon);
-+		return main_unix_standalone(confdir, nodaemon, chroot, uid, gid);
- 	}
- }
- 
-diff -ur bfilter-0.9.4/main/main_unix_standalone.cpp bfilter-0.9.4-privdrop/main/main_unix_standalone.cpp
---- bfilter-0.9.4/main/main_unix_standalone.cpp	2003-12-11 03:34:51.000000000 +0000
-+++ bfilter-0.9.4-privdrop/main/main_unix_standalone.cpp	2005-08-28 13:03:29.000000000 +0100
-@@ -26,6 +26,9 @@
- #include "state.h"
- #include <ipcportal.h>
- #include "syscall.h"
-+#include <pwd.h>
-+#include <grp.h>
-+#include <resolv.h>
- 
- class StandaloneState : public State
- {
-@@ -175,7 +178,34 @@
- 	return strm.str();
- }
- 
--int main_unix_standalone(const std::string& confdir, bool nodaemon)
-+static int drop_privileges(char *dir, uid_t uid, gid_t gid)
-+{
-+	if (dir) {
-+		// Using gethostbyname before chrooting means that the chroot
-+		// directory can be empty (no etc/resolv.conf or dynamically
-+		// loaded lib/libnss* libraries). Unfortunately simply using
-+		// gethostbyname once in the parent process does not apply to
-+		// forked children. Using localhost here to prevent remote
-+		// name resolution also does not work.
-+		gethostbyname("slashdot.org");
-+		if (chroot(dir)) {
-+			std::cerr << "Cannot lower privileges, chroot directory no longer exists" << std::endl;
-+			return 1;
-+		}
-+		chdir("/");
-+	}
-+	if (gid) {
-+		setgroups(0, NULL);
-+		setgid(gid);
-+	}
-+	if (uid) {
-+		setuid(uid);
-+	}
-+
-+	return 0;
-+}
-+
-+int main_unix_standalone(const std::string& confdir, bool nodaemon, char *chroot, uid_t uid, gid_t gid)
- {
- 	Network::Socket serv_sock = Network::INVALID_SOCK;
- 	Network::Socket clnt_sock = Network::INVALID_SOCK;
-@@ -249,6 +279,9 @@
- 		daemon(1, 0);
- 	}
- 	setup_parent_signals();
-+	if (!chroot) {
-+		drop_privileges(NULL, uid, gid);
-+	}
- 	
- 	while (true) {
- 		clnt_sock = Network::tcpServerWaitConn(serv_sock, &client);
-@@ -261,6 +294,10 @@
- 			setup_child_signals();
- 			Network::closeSocket(serv_sock);
- 			Network::sockSetNodelay(clnt_sock, true);
-+			if (drop_privileges(chroot, uid, gid)) {
-+				Network::disconnectAndCloseSocket(clnt_sock, 10);
-+				return 1;
-+			}
- 			BFilter filter(clnt_sock, &state);
- 			filter.run();
- 			Network::disconnectAndCloseSocket(clnt_sock, 10);
diff --git a/net-proxy/bfilter/files/bfilter.8 b/net-proxy/bfilter/files/bfilter.8
index 3c37a1447daf..c8f9481f4f64 100644
--- a/net-proxy/bfilter/files/bfilter.8
+++ b/net-proxy/bfilter/files/bfilter.8
@@ -1,24 +1,27 @@
 .\" Man Page for BFILTER
 .\" groff -man -Tascii bfilter.8
 
-.TH BFILTER 8 "August 2005"
+.TH BFILTER 8 "March 2006"
 
 .SH NAME
-bfilter \- An ad-filtering web proxy using heuristic ad-detection algorithms
+BFilter \- An ad-filtering web proxy using heuristic ad-detection algorithms
 
 .SH SYNOPSIS
+.sp
 .B bfilter
-[-c DIRECTORY]
-[-r DIRECTORY]
-[-u USER]
-[-g GROUP]
-[-n]
-[-h]
-[-v]
+.BI "[-c " directory ]
+.BI "[-r " directory ]
+.BI "[-u " user ]
+.BI "[-g " group ]
+.B [-n]
+.BI "[-p " file ]
+.B [-k]
+.B [-h]
+.B [-v]
 
 .SH "DESCRIPTION"
 .PP
-.B bfilter
+.B BFilter
 is a web proxy that uses effective heuristic ad-detection algorithms to remove
 banner adverts, popups and webbugs from web pages. The traditional blocklist
 based approach is also implemented, but it is mostly used for dealing with false
@@ -54,35 +57,70 @@ support CONNECT requests typically used for HTTPS.
 
 .SH OPTIONS
 .TP
-.B -c, --confdir DIRECTORY
+.BI "-c, --confdir " directory
 Set custom config directory
 .TP
-.B -r, --chroot DIRECTORY
-Set chroot directory
+.BI "-r, --chroot " directory
+Set chroot directory. This must contain the config directory but if config
+directory is not specified then chroot directory is used as config directory.
 .TP
-.B -u, --user USER
+.BI "-u, --user " user
 Set unprivileged user
 .TP
-.B -g, --group GROUP
+.BI "-g, --group " group
 Set unprivileged group
 .TP
 .B -n, --nodaemon
 Disable background daemon mode
 .TP
+.BI "-p, --pid " file
+Write process ID to a file
+.TP
+.B -k --kill
+Kill the running process specified with -p
+.TP
 .B -h, --help
 Show help
 .TP 
 .B -v, --version
 Print version
 
-.SH RESOURCES
-.HP
-.B /etc/bfilter/config
-.br
+.SH FILES
+The default configuration settings for bfilter are in files located underneath
+the
+.B /etc/bfilter
+(and optionally 
+.B ~/.bfilter
+for the user GUI configuration) directories.
+.PP
+For the base configuration the 
+.B config
+and
+.B config.default
+files are used. For the URL pattern matching the
+.B urls
+and
+.B urls.local
+files are used. For the content filtering the
+.B filters/
+directory may contain files specifying groups of filters and whether they
+are enabled.
+
+.SH PROXY CONFIGURATION
+.LP
+There are two configuration files,
+.B config.default
+which is shipped with bfilter and is overwritten when upgrading and
+.B config
+which has a higher priority so it can override rules specified in the config.default
+file. The following parameters can be defined in these files.
+.PP
 .I listen_address = host:port
 .br
-The address to bind the proxy to. If unspecified, bind to all interfaces.
-.br
+The address and port to which to bind the proxy. If host is unspecified it will
+bind to all interfaces. Multiple address seperated with a comman may be
+specified.
+.PP
 .I client_compression = yes | no
 .br
 If set to yes, all the textual data with "Content-Type: text/*" will be
@@ -90,20 +128,55 @@ compressed before sending it to the client. This option can be useful if you
 are on a slow connection and you set up bfilter somewhere on a fast connection.
 In other cases, setting this option to yes will just introduce additional
 latency to the loading process.
-.br
+.PP
 .I ad_border = rrggbb | none
 .br
-The default behavior is to draw borders around removed adverts. You may want
+The default behaviour is to draw borders around removed adverts. You may want
 to change the border color or turn the borders off.
+.PP
+.I try_icon_animation = yes | no
 .br
-.I no_flash = yes | no
+Enable or disable the tray icon animation which indicate traffic is passing
+through bfilter (GUI only).
+.PP
+.I max_script_fetch_size = size_in_kilobytes
+.br
+Limits the size of external scripts that bfilter fetches for processing.
+Browsing with bfilter should feel as fast or faster than without bfilter.
+The only thing that can make it feel slower is the necessity to fetch external
+scripts to analyze them. A browser can usually cache external scripts but
+bfilter would download them each time for analysis. If you have a caching
+proxy server between bfilter and the internet, then it will cache scripts
+for bfilter otherwise you may want to adjust this parameter.
+.PP
+.I max_script_eval_size = size_in_kilobytes
+.br
+Protection against compressed scripts decompressing to very large sizes.
+.PP
+.I max_script_nest_level = number
 .br
-This option is for people who don't want to install a Flash plugin and don't
-want to be constantly prompted to do so. Setting it to yes will cause all
-Flash objects to be replaced with transparent GIF's. (You can't use rules to
-achieve the same effect because a Flash advert is normally replaced with a
-blank Flash object that loads the original into itself when you click on it.)
+Limits the number of nested scripts that bfilter fetches for processing
+(similar reasoning to max_script_fetch_size). A smaller value like 3 will
+make bfilter faster, while a bigger value like 9 will make it detect more ads.
+(However the author has never seen an ad that is generated at levels more
+than 6.) Setting this value to 0 will disable script processing.
+.PP
+.I save_traffic_threshold = size_in_kilobytes
+.br
+Sometimes bfilter needs to download an image or a flash file to determine if
+it's an advert or not. Since bfilter tries to do everything on the fly, it
+usually knows the answer before the whole file is downloaded. At that time it
+checks how much data is left to be downloaded and if it's more than the value
+of this parameter (or if the size is unknown), bfilter will drop the connection
+to the server in order to save some traffic. The default value of 15 is good
+for most people, but if you use a dialup or a GPRS connection you may want to
+lower it to maybe 8 and if you use a satellite connection you may want to raise
+it to maybe 40.
+.PP
+.I report_client_ip = yes | no | fixed_ip
 .br
+Enable reporting the client IP to servers using the X-Forwarded-For header.
+.PP
 .I use_proxy = yes | no
 .br
 .I proxy_host = host
@@ -112,7 +185,7 @@ blank Flash object that loads the original into itself when you click on it.)
 .br
 When use_proxy is set to yes, you may specify a proxy for bfilter to forward
 requests onto.
-.br
+.PP
 .I no_proxy_for = host, host, host
 .br
 When use_proxy is set to yes, you may specify some hosts to be contacted
@@ -123,99 +196,104 @@ that .mydomain.com won't cover mydomain.com itself but only its subdomains.
 (When matching no_proxy_for hosts, no DNS queries are being made. That means
 127.0.0.1 won't act as localhost or the other way around.)
 
-.HP
-.B /etc/bfilter/rules
-.br
-.I filter=0|1
-.br
-Enable filtering.
-.br
-0: Serve the page as is
-.br
-1: (Default) Check for ads and apply the appropriate transformations
-.br
-.I ad=0|1|2
-.br
-Advert detection options.
-.br
-0: (Default) Standard procedure for is_ad decision
-.br
-1: Force negative is_ad decision
-.br
-2: Force positive is_ad decision
-.br
-.I scripts=0|1|2|3|4|5|6|7
-.br
-Javascript filtering options. The default value of 3 is effective against
-js-generated ads, but breaks some sites which are too much dependent on
-Javascript. Fortunately, the built-in Javascript engine mostly solves this
-problem.
-.br
-0: Leave as is
-.br
-1: Remove 3rd party scripts except in header
-.br
-2: Remove 3rd party scripts from everywhere
-.br
-3: (Default) Only allow scripts in header and those 1st party scripts that
-don't contain ".write"
-.br
-4: Only allow scripts in header and those 1st party scripts that contain
-"function "
-.br
-5: Only allow scripts in header
-.br
-6: Only allow 1st party scripts and only in header
-.br
-7: Remove all scripts
-.br
-.br
-.I jsengine=0|1
-.br
-Enable Javascript engine. When the Javascript engine is used, the scripts
-parameter is ignored. The output of a script (generated by document.write or
-writeln) is directed to the standard advert detector. If it detects an advert,
-the script gets removed.
-.br
-0: Don't use
+.SH URL PATTERNS
+.LP
+BFilter allows you to block an arbitrary URL (web address) and to assign hints
+to URL's in order to influence the heuristic analyzer. To do so you assign
+a tag to a URL allowing both blocking and hinting (and more).
+.PP
+There are two configuration files,
+.B urls
+which is shipped with bfilter and is overwritten when upgrading and
+.B urls.local
+which has a higher priority so it can override rules specified in the urls
+file.
+.PP
+These files specify a number of rules. Each rule has the following syntax;
+.IP
+.B
+TAG url_pattern
+.PP
+Where TAG can be one of the following;
+.IP
+.B FORBID
+Output an error page.
 .br
-1: (Default) Use if possible
+.B HTML
+Output a blank page.
 .br
-.I target_blank=0|1
+.B IMAGE
+Output a transparent image.
 .br
-New window attribue for link option. A link may be marked to be opened in a new
-window if target="_blank" is specified as attribute of an <A> tag.
+.B FLASH
+Output a blank flash file.
 .br
-0: (Default) Leave as is
+.B JS
+Output an empty JavaScript file.
 .br
-1: Remove attribute
+.B ALLOW
+Cancel any of the above tags.
 .br
-.I [regex]
+.B NOFILTER
+Don't filter a page or a script.
 .br
-For applying specific options to specific sites. Used after defaults have been
-setup. See
-.B RULES
-section for further information.
+.B +++
+Be more suspicious about the URL (any number of plus signs).
 .br
-.HP
-.B /etc/bfilter/rules.local
+.B ---
+Be less suspicious about the URL (any number of minus signs).
+.PP
+The last two tags are special. They provide a hint to the heuristic analyzer
+and are only considered when we already have an ad suspect. For example, if
+we have a clickable image on a page we are going to consider hints for;
+.IP
+.B o
+The image URL.
 .br
-For local rules and redefining the global parameters. Uses the same syntax as
-for the global rules file.
-
-.SH RULES
-Rules are used for blocking ads which aren't automatically detected and/or for
-dealing with false positives. The rule format is:
-.P
-[regex]
+.B o
+The link URL.
 .br
-param1=val1
+.B o
+The page URL.
+.PP
+Sometimes an advert can't be blocked with hints which can happen if bfilter
+doesn't see it (probably because of a problem interpreting a script) or doesn't
+support that kind of advert (text or hover adverts). In that case you may still
+block it using other tags. Note that hints don't intersect with other tags,
+when we are looking for a hint we don't consider other tags (and vice versa).
+.PP
+BFilter supports two types of patterns;
+.IP
+.B o
+Simple strings with wildcards.
 .br
-param2=val2
-.P
-The regex gets converted to "^http://"+regex+"$" and uses the POSIX extended
-syntax. For those unexperienced with regular expressions, a few explanations:
-
+.B o
+Regular expressions.
+.PP
+The simple string wildcards are ? and * meaning respectively "any character"
+and "any number of any characters". For example;
+.IP
+FORBID http://ads.somehost.com/*
+.PP
+This will block any URL starting with "http://ads.somehost.com/". Note that for
+broad ad-blocking patterns like this, it is recommended to use IMAGE rather
+than FORBID. This sounds wrong as we don't exactly know the type of the object
+we are going to replace with an image, but it turns out that IMAGE produces
+better results than any other tag. Any other tag results in broken images and
+FORBID will additionally cause error pages in place of IFRAME ads. Browsers
+accept an image where html was expected just fine and are even smart enough not
+to interpret an image where a script was expected.
+.PP
+Regular expression patterns must be enclosed within two slashes. For example;
+.IP
+JS /http://(www\.)?somehost\.com/ads/.*\.js/
+.PP
+This regex can be interpreted like this: match "http://", optionally match
+"www.", match "somehost.com/ads/", match any number of any characters or match
+".js".
+.PP
+As a quick summary, in regular expressions;
+.IP
 .B .
 means any character
 .br
@@ -233,111 +311,61 @@ means "this" or "that"
 .br
 .B (something)?
 means "something" or nothing
-.P
-You may use any of the global parameters such as filter, ad, scripts or jsengine
-in rules. The parameters you don't specify are implicitly set to the
-corresponding default value.
-.P
-It is possible to have several rules match a single url. In this case the lowest
-values for each parameter are used. That is, the values for different parameters
-may be taken from different rules.
+.PP
+You may find a tutorial and a complete reference on regular expressions
+at http://www.regular-expressions.info.
+.PP
+Note that both simple and regex patterns are case insensitive.
 
-.SH RULES RELATIONSHIP
-.B Question:
-What is the relationship between rules and rules.local files? Do records in
-rules.local override the ones in rules or supplement them?
-.br
-.B Answer:
-It's a rather complex relationship which will be shown in the following
-example.
-.HP
-Suppose the rules file looks like this:
-.br
-filter=1
-.br
-jsengine=1
-.br
-# Other parameters are omited
-.br
-[regex1]
-.br
-filter=0
-.HP
-And the rules.local file looks like this:
-.br
-jsengine=0
-.br
-[regex2]
+.SH CONTENT FILTERS
+BFilter allows you to apply regular expressions to page content. This can be
+used for things like removing portions of a page, altering scripts or injecting
+your own scripts. There are a couple of things that make bfilter's
+implementation of this feature unique;
+.IP
+.B o
+Applying a regex doesn't cause buffering of the whole page.
 .br
-filter=0
-.P
-First of all, the default
-.I filter=1
-parameter from rules is also implicitly present in rules.local as it's not
-overriden there. Then, although only one parameter is associated with each
-regex in this example, all of the other parameters are also implicitly
-associated with them and their values are taken from defaults of the
-corresponding file. So in reality the [regex1] record also contains
-.I jsengine=1
-and the [regex2] record also contains
-.I jsengine=0.
-.P
-Now suppose we want to get the jsengine parameter for an URL that matches
-regex1. First we look for a matching regex in rules.local. Having found none
-we continue to look in rules where we find the [regex1] record that matches the
-given URL. This record has an implicit
-.I jsengine=1
-parameter which we were looking for. If our URL doesn't match any of the
-regexes, we take the default parameter from rules.local which is
-.I jsengine=0
-\/.
+.B o
+Replacement expressions can contain JavaScript code.
+.PP
+Content filter configuration is not currently covered in this man page. Please
+view the bfilter web page at http://bfilter.sourceforge.net/doc/content-filters.php
+for further information.
 
 .SH EXAMPLES
-.B 1)
-All images from hosts or paths with standard advert hostnames or paths are
-classified as adverts and filtered.
-.P
-[(.*/)?banners?(/|\\.).*]
-.br
-ad=2
+All images from known advert domains are replaced with a transparent GIF or
+empty flash.
+.IP
+IMAGE /http://(.*\.)?(doubleclick|fastclick|tradedoubler)\..*/
 .br
-[(.*/)?ad[sv]?(/|\\.).*]
-.br
-ad=2
-.br
-[(.*\\.)?ad[0-9]*\\..*]
+FLASH /http://(.*\.)?(doubleclick|fastclick|tradedoubler)\..*/
+.PP
+Prevent hover adverts (DHTML pop-ups) from known advert domain.
+.IP
+FORBID /http://([^/]+\.)?layer-ads\.de/.*/
+.PP 
+Prevent tooltip adverts from known advert domain.
+.IP
+JS http://kona.kontera.com/javascript/*
+.br
+FORBID /http://[^/]+\.intellitxt\.com/intellitxt/.*/
+.PP
+Allow images used to count page views for projects hosted on SourceForge.
+.IP
+ALLOW /(www\\.)?sourceforge.net/sflogo.php\\?.*/
+.PP
+Apply hints to suspicious URL's.
+.IP
+++++++ /http://ads[\d]*\..*/
 .br
-ad=2
-.P
-.B 2)
-Allow images from the distributed content provider Akamai.
-.P
-[.*\\.akamai.net/.*]
++++++ /.*/(ad[sv]?|advert|banners?)[^a-z].*/
 .br
-ad=1
-.P
-.B 3)
-Disable Javascript engine for the Hitweb tracker and uses scripts rules
-setting instead for filtering.
-.P
-[(www\\.)?hitweb\\.info/Download\\.asp\\?\/.*]
+++++ *banners*
 .br
-jsengine=0
-.P
-.B 4)
-Allow images used to count page views for projects hosted on SourceForge.
-.P
-[(www\\.)?sourceforge.net/sflogo.php\\?.*]
++++ *banner*
 .br
-ad=1
-
-.SH CONTROLLING
-Restart bfilter to reload configuration files.
-.P
-Sending a
-.B SIGUSR1
-to all bfilter processes will cause the child processes only to exit after
-handling their last request.
++++ *click*
 
 .SH NOTES
 If the HTML processor is in doubt about an image or a Flash file, it defers
@@ -362,5 +390,3 @@ http://bfilter.sourceforge.net
 
 .SH SEE ALSO
 regex(7)
-.I http://mozilla.org/js/spidermonkey/
-.I http://www.iki.fi/vl/tre/
diff --git a/net-proxy/bfilter/files/bfilter.conf b/net-proxy/bfilter/files/bfilter.conf
index 284edb47cf97..3c533b418eae 100644
--- a/net-proxy/bfilter/files/bfilter.conf
+++ b/net-proxy/bfilter/files/bfilter.conf
@@ -1,4 +1,4 @@
 # Config file for /etc/init.d/bfilter
 
 # See the bfilter(8) man page for possible options to put here.
-BFILTER_OPTS="-u bfilter -g bfilter -r /var/empty"
+BFILTER_OPTS="-u bfilter -g bfilter -r /etc/bfilter"
diff --git a/net-proxy/bfilter/files/bfilter.init b/net-proxy/bfilter/files/bfilter.init
index 81ebb686e0f1..3108e4db0f47 100644
--- a/net-proxy/bfilter/files/bfilter.init
+++ b/net-proxy/bfilter/files/bfilter.init
@@ -1,13 +1,29 @@
 #!/sbin/runscript
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/bfilter/files/bfilter.init,v 1.1 2005/09/19 05:35:35 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/bfilter/files/bfilter.init,v 1.2 2006/03/05 08:31:31 mrness Exp $
 
 depend() {
 	need net
 }
 
+checkresolvconf() {
+	#make /etc/bfilter/etc/resolv.conf if chroot is set
+	if [[ ${BFILTER_OPTS} == *" -r "* ]] ; then
+		local CHROOTDIR="${BFILTER_OPTS#* -r }"
+		CHROOTDIR="${CHROOTDIR%% *}"
+		mkdir -p "${CHROOTDIR}/etc" || return 1
+		if ! cmp -s /etc/resolv.conf "${CHROOTDIR}/etc/resolv.conf" ; then
+			cp -p /etc/resolv.conf "${CHROOTDIR}/etc/resolv.conf" || return 1
+		fi 
+	fi
+
+	return 0
+}
+
 start() {
+	checkresolvconf || return 1
+
 	ebegin "Starting bfilter"
 	start-stop-daemon --start --quiet --exec /usr/bin/bfilter -- ${BFILTER_OPTS}
 	eend $?
diff --git a/net-proxy/bfilter/files/digest-bfilter-0.10.3 b/net-proxy/bfilter/files/digest-bfilter-0.10.3
new file mode 100644
index 000000000000..b69b31bfe928
--- /dev/null
+++ b/net-proxy/bfilter/files/digest-bfilter-0.10.3
@@ -0,0 +1 @@
+MD5 fde0a7280819d061c36a283cf85e33c4 bfilter-0.10.3.tar.gz 2555426
diff --git a/net-proxy/bfilter/files/digest-bfilter-0.9.4 b/net-proxy/bfilter/files/digest-bfilter-0.9.4
deleted file mode 100644
index 6d53abbd4195..000000000000
--- a/net-proxy/bfilter/files/digest-bfilter-0.9.4
+++ /dev/null
@@ -1 +0,0 @@
-MD5 72ca85565bd4c556b06e3a264c0c24f1 bfilter-0.9.4.tar.gz 1246053