www/squid: 3.4.12 -> 3.5.3

As it is written on http://www.squid-cache.org/Versions/ for 3.4.x
versions: they are no longer intended for general use in new installations.
So this is a big upgrade.

Changes to squid-3.5.3 (28 Mar 2015):

- Regression Bug 4213: negotiate_kerberos_auth: freeing non-dynamic memory
- Regression Bug 4206: Incorrect connection close on expect:100-continue
- Bug 4204: ./configure does not abort when required helpers cannot be built
- Bug 3805: support shared memory on MacOS X in Mem::IPC::Segment
- Bug 2907: high CPU usage on CONNECT when using delay pools
- basic_getpwnam_auth: fail authentication on crypt() failures
- basic_nis_auth: fail authentication on crypt() failures
- ext_kerberos_ldap_group_acl: Heimdal support improvements
- ext_wbinfo_group_acl: Perl 5.20 support
- ... and several compile issues

Changes to squid-3.5.2 (18 Feb 2015):

- Regression Bug 4176: Digest auth too many helper lookups
- Regression Bug 4180: not-fully-initialized data member in ACLUserData
- Bug 4172: Solaris broken krb5-config
- Bug 4073: Cygwin compile errors
- Bug 3919: remove several never-true / never-false comparisons
- HTTPS: Add missing root CAs when validating chains that passed
  internal checks
- Fix some cbdataFree related memory leaks
- Quieten CBDATA 'leak' messages
- Set SNI information in transparent bumping mode
- negotiate_kerberos_auth: fix krb5.conf backward compatibility
- Fix memory leaks in cachemgr.cgi URL parser
- Fix sslproxy_options in peek-and-splice mode
- ... and fix several portability and build issues
- ... and some documentation updates
- ... and all fixes from squid 3.4.11

Changes to squid-3.5.1 (13 Jan 2015):

- Fix handling of invalid SSL server certificates when splicing connections
- basic_smb_lm_auth: Simplified MSNT basic auth helper
- squidclient: Fix -A and -P options
- ... and several portability fixes
- ... and all fixes from squid 3.4.11
- ... and a lot of documentation updates

Changes to squid-3.5.0.4 (21 Dec 2014):

- Bug 3826: pt 2: Provide a systemd .service file for Squid
- Support http_access denials of SslBump "peeked" connections.
- Fix DONT_VERIFY_DOMAIN ssl flag
- Fix peek-and-splice mode: certificate validation for domain mismatched errors
- negotiate_kerberos_auth: MEMORY keytab and replay cache support
- ... and some documentation updates
- ... and a large amount of code polishing (non-logic changes)

Changes to squid-3.5.0.3 (09 Dec 2014):

- Bug 4146: workaround SSL Bump crash on Linux
- Bug 4135: Support \-escaped characters in regex patterns
- Bug 4131: SIGSEGV at store.cc:962 content_length > store_maxobjsize
- Fix delay_parameters parsing
- HTTP/2: handle 'PRI' method found in HTTP/1.x traffic
- ... and all changes from squid 3.4.10
- ... and a lot of documentation updates

Changes to squid-3.5.0.2 (31 Oct 2014):

- Fix FTP socket opening during reconfigure
- ... and all changes from 3.4.9
- ... and some build errors in rarely used code
- ... and several documentation updates

Changes to squid-3.5.0.1 (17 Oct 2014):

- Port from 2.7: redirector and logging urlgroup feature
- Bug 4093: source-maintenance.sh bad perl -i option
- Bug 3608: per-service name for workers UDS sockets
- Bug 2554: 32-bit wrap in AUFS counters
- Bug 1961 pt1: URL handling redesign
- Bug 1202 pt1: documentation for refresh_pattern algorithms
- Update Squid boilerplate copyright/license
- Update the http(s)_port directives protocol= parameter
- Update forward_max_tries to permit 25 server paths
- Update Kerberos library detection and build options
- Support ACLs on ftp_epsv directive
- Support >32KB objects in cache_dir rock storage
- Support client connection annotation by helpers via clt_conn_tag=TAG
- Support native FTP Relay
- Support libgnugss Kerberos library
- Support libecap v1.0
- Support SSL Peek and Splice feature
- Support receiving PROXY protocol version 1 and 2
- Replace --enable-ssl build option with --with-openssl
- Enable -n service name command line option for all Squid builds
- Enable ICAP client by default
- Fix configuration file parsing bugs, related to quoted strings
- Fix Windows MinGW build errors
- Fix multiple TCP outgoing TOS/DiffServ bugs
- Fix Cygwin /etc/resolv.conf parsing
- Fix crash when sending %ssl::cert_subject to external ACL w/o certificate
- Fix crash reading malformed config files
- Send selected SSL version and cipher to the certificate validation helper
- Validate server certificates without bumping
- Add zero-copy string buffer support
- Add automated squid.conf parser testing with squid -k parse
- Add adaptation_service ACL
- Add logformat code %tS to log transaction start time
- Add logformat code %>rd to log client URL domain name
- Add key_extras to proxy authentication
- Add url_rewrite_extras and store_id_extras directives
- Add send_hit and store_miss directives
- Add collapsed_forwarding directive
- Add sslproxy_cert_sign_hash directive
- Add SMP SSL session cache
- Add cache_peer standby connections
- Add helper ext_delayer_acl
- Add TCP_TUNNEL log code for CONNECT tunnels which are not SSL-bumped
- Add BUILDCXX and BUILDCXXFLAGS configure options for cross-compile
- Remove COSS storage in favour of Rock storage
- Remove dnsserver and external DNS helper API in favour of mDNS
- Remove broken mallinfo() accounting and memory tracing
- Remove hierarchy_stoplist in favour of always_direct
- Deprecate tag ACL type in favour of note ACL type
- Deprecate urlgroup feature in favour of note ACL type
- HTTP/1.1: method names are case-sensitive
- HTTP/1.1: register new headers from RFC 723x
- squidclient: polish and update help display
- squidclient: support TLS with GnuTLS 3.1.5+
- squidclient: support verbosity levels
- squidclient: --ping mode module support
- url_fake_rewrite: support concurrency
- storeid_file_rewrite: support concurrency
- digest_file_auth: support concurrency
- digest_edirectory_auth: support concurrency
- digest_ldap_auth: support concurrency
- ... and many error page translation updates
- ... and much code cleanup and polishing

PR:		198089
Submitted by:	Pavel Timofeev <timp87@gmail.com>
Tested by:	John Marshall <john.marshall@riverwillow.com.au>

www/squid/Makefile

@@ -1,7 +1,7 @@
 # $FreeBSD$
 
 PORTNAME=	squid
-PORTVERSION=	3.4.12
+PORTVERSION=	3.5.3
 CATEGORIES=	www ipv6
 MASTER_SITES=	http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
 		http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
@@ -26,8 +26,6 @@ COMMENT=	HTTP Caching Proxy
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/COPYING
 
-CONFLICTS_INSTALL=	squid33-*
-
 USES=		compiler cpe perl5 shebangfix tar:xz
 CPE_VENDOR=	squid-cache
 SHEBANG_FILES=	scripts/*.pl contrib/*.pl src/*.pl tools/*.pl \
@@ -44,16 +42,16 @@ PORTEXAMPLES=	*
 SUB_FILES+=	pkg-install pkg-message
 
 OPTIONS_SUB=	yes
-OPTIONS_DEFINE=	ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SMB \
-		AUTH_SQL CACHE_DIGESTS DEBUG DELAY_POOLS DNS_HELPER ECAP ESI \
+OPTIONS_DEFINE=	ARP_ACL AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SMB \
+		AUTH_SQL CACHE_DIGESTS DEBUG DELAY_POOLS ECAP ESI \
 		FOLLOW_XFF FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 \
 		KQUEUE LARGEFILE NETTLE SNMP SSL SSL_CRTD STACKTRACES LAX_HTTP \
 		TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 DOCS EXAMPLES
 
-# Note: FS_FCOSS was removed from OPTIONS, it is broken and only experimental
-#OPTIONS_DEFINE+=	FS_COSS
+OPTIONS_SINGLE=	GSSAPI
+OPTIONS_SINGLE_GSSAPI=	GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
 
-OPTIONS_DEFAULT=AUTH_KERB AUTH_NIS FS_AUFS FS_DISKD HTCP IDENT KQUEUE SNMP \
+OPTIONS_DEFAULT=GSSAPI_BASE AUTH_NIS FS_AUFS FS_DISKD HTCP IDENT KQUEUE SNMP \
 		WCCP WCCPV2
 
 ARP_ACL_CONFIGURE_ENABLE=	eui
@@ -70,7 +68,6 @@ AUTH_SQL_RUN_DEPENDS=		p5-DBD-mysql>=0:${PORTSDIR}/databases/p5-DBD-mysql
 AUTH_SQL_USE=			MYSQL=yes
 CACHE_DIGESTS_CONFIGURE_ENABLE=	cache-digests
 DELAY_POOLS_CONFIGURE_ENABLE=	delay-pools
-DNS_HELPER_CONFIGURE_ON=	--disable-internal-dns
 ECAP_CFLAGS=			-I${LOCALBASE}/include
 ECAP_CONFIGURE_ENABLE=		ecap
 ECAP_LDFLAGS=			-L${LOCALBASE}/lib
@@ -106,11 +103,28 @@ VIA_DB_CONFIGURE_ENABLE=	forw-via-db
 WCCPV2_CONFIGURE_ENABLE=	wccpv2
 WCCP_CONFIGURE_ENABLE=		wccp
 
+GSSAPI_NONE_CONFIGURE_ON=	--without-heimdal-krb5 \
+				--without-mit-krb5 \
+				--without-gss
+
+GSSAPI_BASE_USES=		gssapi
+GSSAPI_BASE_CONFIGURE_ON=	--with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+
+GSSAPI_HEIMDAL_USES=		gssapi:heimdal
+GSSAPI_HEIMDAL_CONFIGURE_ON=	--with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+
+GSSAPI_MIT_USES=		gssapi:mit
+GSSAPI_MIT_CONFIGURE_ON=	--with-mit-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+
 # TODO:
 # add an option for external_acl/session (requires some kind of external
 # Berkeley DB support, unsure which one)
 ARP_ACL_DESC=		ARP/MAC/EUI based authentification
-AUTH_KERB_DESC=		Install Kerberos authentication helpers
+GSSAPI_DESC=		Install Kerberos authentication helpers
+GSSAPI_NONE_DESC=	Build without Kerberos support
+GSSAPI_BASE_DESC=	Build with Kerberos support from base
+GSSAPI_HEIMDAL_DESC=	Build with Kerberos support from security/heimdal
+GSSAPI_MIT_DESC=	Build with Kerberos support from security/krb5
 AUTH_LDAP_DESC=		Install LDAP authentication helpers
 AUTH_NIS_DESC=		Install NIS/YP authentication helpers
 AUTH_SASL_DESC=		Install SASL authentication helpers
@@ -119,14 +133,12 @@ AUTH_SQL_DESC=		Install SQL based auth (uses MySQL)
 CACHE_DIGESTS_DESC=	Use cache digests
 DEBUG_DESC=		Build with extended debugging support
 DELAY_POOLS_DESC=	Delay pools (bandwidth limiting)
-DNS_HELPER_DESC=	Use external dnsserver processes for DNS
 ECAP_DESC=		Loadable content adaptation modules
 ESI_DESC=		ESI support
 FOLLOW_XFF_DESC=	Support for the X-Following-For header
 FS_AUFS_DESC=		AUFS (threaded-io) support
-FS_COSS_DESC=		COSS (not stable yet)
 FS_DISKD_DESC=		DISKD storage engine controlled by separate service
-FS_ROCK_DESC=		ROCK (unstable)
+FS_ROCK_DESC=		ROCK storage engine
 HTCP_DESC=		HTCP support
 ICAP_DESC=		the ICAP client
 ICMP_DESC=		ICMP pinging and network measurement
@@ -151,12 +163,12 @@ change_files=	ChangeLog \
 		contrib/nextstep/post_install \
 		errors/Makefile.am \
 		errors/Makefile.in \
-		helpers/basic_auth/MSNT/Makefile.am \
-		helpers/basic_auth/MSNT/Makefile.in \
+		helpers/basic_auth/SMB_LM/README.html \
 		src/Makefile.am \
 		src/Makefile.in \
 		src/cf_gen.cc \
 		src/squid.8.in \
+		test-suite/Makefile.in \
 		tools/Makefile.am \
 		tools/Makefile.in
 
@@ -177,6 +189,7 @@ CONFIGURE_ARGS=	--with-default-user=squid \
 		--with-logdir=/var/log/squid \
 		--with-pidfile=/var/run/squid/squid.pid \
 		--with-swapdir=/var/squid/cache \
+		--without-gnutls \
 		--enable-auth \
 		--enable-build-info \
 		--enable-loadable-modules \
@@ -191,7 +204,7 @@ CONFIGURE_ARGS=	--with-default-user=squid \
 
 # Authentication methods and modules:
 
-basic_auth=	DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam
+basic_auth=	DB SMB_LM MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam
 digest_auth=	file
 external_acl=	file_userip time_quota unix_group
 ntlm_auth=	fake smb_lm
@@ -220,18 +233,21 @@ basic_auth+=	NIS
 .endif
 
 # POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
-.if ${PORT_OPTIONS:MAUTH_KERB} && !defined(NO_KERBEROS) && !defined(WITHOUT_KERBEROS)
-negotiate_auth=	kerberos wrapper
-. if ${OPSYS} == DragonFly
-LIB_DEPENDS+=	libkrb5.so:${PORTSDIR}/security/krb5
-CFLAGS+=	-I${LOCALBASE}/include
-. endif
-# the kerberos_ldap_group external helper also depends on LDAP and SASL:
+.if ${PORT_OPTIONS:MGSSAPI_NONE} || defined(NO_KERBEROS) || defined(WITHOUT_KERBEROS)
+negotiate_auth=	none
+PLIST_SUB+=	AUTH_KERB="@comment "
+.else
+# The kerberos_ldap_group external helper also depends on LDAP and SASL:
 . if ${PORT_OPTIONS:MAUTH_LDAP} && ${PORT_OPTIONS:MAUTH_SASL}
 external_acl+=	kerberos_ldap_group
 . endif
-.else
-negotiate_auth=	none
+negotiate_auth=	kerberos wrapper
+PLIST_SUB+=	AUTH_KERB=""
+.endif
+
+# Make it build on FreeBSD < 10
+.if ${PORT_OPTIONS:MGSSAPI_BASE}
+EXTRA_PATCHES+=		${FILESDIR}/extra-patch-build-8-9
 .endif
 
 CONFIGURE_ARGS+=	--enable-auth-basic="${basic_auth}" \
@@ -240,6 +256,10 @@ CONFIGURE_ARGS+=	--enable-auth-basic="${basic_auth}" \
 			--enable-auth-negotiate="${negotiate_auth}" \
 			--enable-auth-ntlm="${ntlm_auth}"
 
+.if ${PORT_OPTIONS:MECAP}
+BROKEN=			It needs eCAP 1.0 lib, which isn't in ports tree now
+.endif
+
 # Storage schemes:
 storage_schemes=	ufs
 diskio_modules=		AIO Blocking IpcIo Mmapped
@@ -254,11 +274,6 @@ LDFLAGS+=		-pthread
 CONFIGURE_ARGS+=	--without-pthreads
 .endif
 
-.if ${PORT_OPTIONS:MFS_COSS}
-BROKEN=			FS_COSS does not compile
-storage_schemes+=	coss
-.endif
-
 .if ${PORT_OPTIONS:MFS_DISKD}
 storage_schemes+=	diskd
 diskio_modules+=	DiskDaemon
@@ -290,7 +305,7 @@ CONFIGURE_ARGS+=	--enable-storeid-rewrite-helpers="${storeid_rewrite_helpers}"
 # works when it is defined before bsd.port{.pre}.mk is .included.
 # This makes it currently impossible to combine this macro with OPTIONS to
 # conditionally include OpenSSL support.
-# XXX: is this still true with OptionsNG as of 2014-09?
+# XXX: is this still true with OptionsNG as of 2015-03?
 #.include "${.CURDIR}/../../Mk/bsd.openssl.mk"
 .include "${PORTSDIR}/Mk/bsd.openssl.mk"
 CONFIGURE_ARGS+=	--with-openssl="${OPENSSLBASE}"
@@ -320,8 +335,6 @@ post-patch:
 		-e 's|\.conf\.default|.conf.sample|' \
 		-e 's|)\.default|).sample|' \
 		${change_files})
-	@(cd ${WRKSRC} && ${MV} helpers/basic_auth/MSNT/msntauth.conf.default \
-		helpers/basic_auth/MSNT/msntauth.conf.sample)
 	@(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample)
 
 .if !${PORT_OPTIONS:MIPV6}
@@ -346,7 +359,7 @@ post-install:
 .include <bsd.port.pre.mk>
 
 .if ${COMPILER_TYPE} == clang
-CXXFLAGS+=	-Wno-unused-private-field
+#CXXFLAGS+=	-Wno-unused-private-field
 .if ${COMPILER_VERSION} >= 35
 CXXFLAGS+=	-Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess
 .endif

www/squid/distinfo

@@ -1,2 +1,2 @@
-SHA256 (squid3.4/squid-3.4.12.tar.xz) = a3f4f18fa17e81a8d8e1a2ec059cdbe3211a90ccd1717c3d9e092c0afdde2864
-SIZE (squid3.4/squid-3.4.12.tar.xz) = 2162096
+SHA256 (squid3.5/squid-3.5.3.tar.xz) = 73ec65a08384a3ec93ccc17e89ef7a06ba221816551946f2f051cc736c2981c0
+SIZE (squid3.5/squid-3.5.3.tar.xz) = 2283580

www/squid/files/extra-patch-build-8-9

@@ -0,0 +1,11 @@
+--- helpers/negotiate_auth/kerberos/negotiate_kerberos.h.orig	2015-04-04 11:08:51.000000000 +0400
++++ helpers/negotiate_auth/kerberos/negotiate_kerberos.h	2015-04-04 11:11:10.000000000 +0400
+@@ -135,7 +135,7 @@
+ 
+ char *gethost_name(void);
+ 
+-#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC
++#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC && __FreeBSD__ >= 10
+ #define HAVE_PAC_SUPPORT 1
+ #define MAX_PAC_GROUP_SIZE 200*60
+ typedef struct {

www/squid/files/patch-bug4190

@@ -0,0 +1,41 @@
+--- src/auth/User.cc.orig	2015-03-18 13:22:42.134592000 +0300
++++ src/auth/User.cc	2015-03-18 13:26:48.850592000 +0300
+@@ -309,10 +309,7 @@
+ Auth::User::BuildUserKey(const char *username, const char *realm)
+ {
+     SBuf key;
+-    if (realm)
+-        key.Printf("%s:%s", username, realm);
+-    else
+-        key.append(username, strlen(username));
++    key.Printf("%s:%s", username, realm);
+     return key;
+ }
+ 
+@@ -368,11 +365,11 @@
+     if (aString) {
+         assert(!username_);
+         username_ = xstrdup(aString);
+-        // NP: param #2 is working around a c_str() data-copy performance regression
+-        userKey_ = BuildUserKey(username_, (!requestRealm_.isEmpty() ? requestRealm_.c_str() : NULL));
++        if (!requestRealm_.isEmpty())
++            userKey_ = BuildUserKey(username_, requestRealm_.c_str());
++
+     } else {
+         safe_free(username_);
+-        userKey_.clear();
+     }
+ }
+ 
+--- src/auth/User.h.orig	2015-03-18 13:27:30.809059000 +0300
++++ src/auth/User.h	2015-03-18 13:28:22.078121000 +0300
+@@ -65,8 +65,7 @@
+     char const *username() const { return username_; }
+     void username(char const *); ///< set stored username and userKey
+ 
+-    // NP: key is set at the same time as username_. Until then both are empty/NULL.
+-    const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : NULL;}
++    const char *userKey() {return !userKey_.isEmpty() ? userKey_.c_str() : username_;}
+ 
+     /**
+      * How long these credentials are still valid for.

www/squid/files/patch-compat_Makefile.in

@@ -1,28 +0,0 @@
---- compat/Makefile.in.orig	2013-12-30 04:33:49.000000000 -0700
-+++ compat/Makefile.in	2014-01-27 00:05:25.000000000 -0700
-@@ -113,7 +113,8 @@
- libcompat_squid_la_DEPENDENCIES = $(LIBOBJS)
- am_libcompat_squid_la_OBJECTS = assert.lo compat.lo debug.lo \
- 	eui64_aton.lo GnuRegex.lo shm.lo strnstr.lo strnrchr.lo \
--	xalloc.lo xstrerror.lo xstring.lo xstrto.lo mswindows.lo
-+	xalloc.lo xstrerror.lo xstring.lo xstrto.lo mswindows.lo \
-+	strlen.lo
- libcompat_squid_la_OBJECTS = $(am_libcompat_squid_la_OBJECTS)
- am_testPreCompiler_OBJECTS = testPreCompiler.$(OBJEXT) \
- 	testMain.$(OBJEXT)
-@@ -401,6 +402,7 @@
- 	getnameinfo.h \
- 	GnuRegex.c \
- 	GnuRegex.h \
-+	strlen.c \
- 	inet_ntop.h \
- 	inet_pton.h \
- 	initgroups.h \
-@@ -539,6 +541,7 @@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shm.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strnrchr.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strnstr.Plo@am__quote@
-+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlen.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testMain.Po@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testPreCompiler.Po@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xalloc.Plo@am__quote@

www/squid/files/patch-compat_compat.h

@@ -1,6 +1,6 @@
---- compat/compat.h.orig	2015-01-13 11:53:17 UTC
-+++ compat/compat.h
-@@ -34,17 +34,6 @@
+--- compat/compat.h.orig	2015-02-26 17:09:19.142090018 +0300
++++ compat/compat.h	2015-02-26 17:09:42.440097986 +0300
+@@ -42,17 +42,6 @@
  #endif
  #endif
  

www/squid/files/patch-compat_strlen.c

@@ -1,31 +0,0 @@
---- compat/strlen.c.orig	2014-01-26 23:28:26.000000000 -0700
-+++ compat/strlen.c	2014-01-26 23:33:01.000000000 -0700
-@@ -0,0 +1,28 @@
-+/* Dennis Glatting
-+   January 2014   
-+
-+   Various places within Squid call strlen() with a NULL pointer,
-+   which causes a SIGSEV on FreeBSD. This is a simple, dumb
-+   replacement that first checks for a NULL pointer before counting
-+   the string's length. In the case of a NULL pointer, the string's
-+   length is 0.
-+
-+ */
-+
-+
-+#include "squid.h"
-+#include <string.h>
-+
-+size_t
-+strlen( const char* s ) {
-+
-+  size_t c = 0;
-+
-+  if( s == NULL )
-+    return 0;
-+
-+  while( *s++ )
-+    ++c;
-+
-+    return c;
-+}

www/squid/files/patch-configure

@@ -1,11 +0,0 @@
---- configure.orig	2014-06-25 18:43:23.000000000 +0400
-+++ configure	2014-08-18 14:46:23.000000000 +0400
-@@ -31752,6 +31752,8 @@
- 
- fi
- 
-+LIBOBJS="$LIBOBJS strlen.$ac_objext"
-+
- ac_fn_cxx_check_func "$LINENO" "strtoll" "ac_cv_func_strtoll"
- if test "x$ac_cv_func_strtoll" = xyes; then :
-   $as_echo "#define HAVE_STRTOLL 1" >>confdefs.h

www/squid/files/patch-configure_NIS

@@ -0,0 +1,12 @@
+--- configure.orig	2015-03-11 10:22:50.000000000 +0400
++++ configure	2015-03-11 10:27:05.000000000 +0400
+@@ -31858,8 +31858,7 @@
+ #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+ _ACEOF
+ 
+-else
+-  BUILD_HELPER=""
++  BUILD_HELPER="NIS"
+ fi
+ 
+ done

www/squid/files/patch-configure_crypt.h

@@ -0,0 +1,29 @@
+--- configure.orig	2015-02-27 14:32:14.424780752 +0300
++++ configure	2015-02-27 14:33:30.345774382 +0300
+@@ -31843,7 +31843,7 @@
+ ##
+ 
+ BUILD_HELPER="NIS"
+-for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h crypt.h
++for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h rpcsvc/crypt.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
+@@ -32319,7 +32319,7 @@
+ 
+   # unconditionally requires crypt(3), for now
+   if test "x$ac_cv_func_crypt" != "x"; then
+-    for ac_header in unistd.h crypt.h shadow.h
++    for ac_header in unistd.h rpcsvc/crypt.h shadow.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+@@ -34263,7 +34263,7 @@
+   arpa/nameser.h \
+   assert.h \
+   bstring.h \
+-  crypt.h \
++  rpcsvc/crypt.h \
+   ctype.h \
+   direct.h \
+   errno.h \

www/squid/files/patch-src-cf.data.pre

@@ -1,6 +1,6 @@
---- src/cf.data.pre.orig	2013-03-12 11:17:07.000000000 +0100
-+++ src/cf.data.pre	2013-04-09 11:43:01.000000000 +0200
-@@ -3849,6 +3849,10 @@
+--- src/cf.data.pre.orig	2015-02-26 17:56:12.817890613 +0300
++++ src/cf.data.pre	2015-02-26 17:56:41.556917775 +0300
+@@ -4461,6 +4461,10 @@
  LOC: Config.pidFilename
  DOC_START
  	A filename to write the process-id to.  To disable, enter "none".
@@ -10,4 +10,4 @@
 +	%%PREFIX%%/etc/rc.d/squid for details.
  DOC_END
  
- NAME: log_fqdn
+ NAME: client_netmask

www/squid/pkg-plist

@@ -1,5 +1,7 @@
 @sample %%ETCDIR%%/cachemgr.conf.sample
 @sample %%ETCDIR%%/errorpage.css.sample
+@sample %%ETCDIR%%/mime.conf.sample
+@sample %%ETCDIR%%/squid.conf.sample
 %%ETCDIR%%/errors/COPYRIGHT
 %%ETCDIR%%/errors/TRANSLATORS
 %%ETCDIR%%/errors/af/ERR_ACCESS_DENIED
@@ -962,6 +964,49 @@
 %%ETCDIR%%/errors/ja/ERR_WRITE_ERROR
 %%ETCDIR%%/errors/ja/ERR_ZERO_SIZE_OBJECT
 %%ETCDIR%%/errors/ja/error-details.txt
+%%ETCDIR%%/errors/ka-ge
+%%ETCDIR%%/errors/ka/ERR_ACCESS_DENIED
+%%ETCDIR%%/errors/ka/ERR_ACL_TIME_QUOTA_EXCEEDED
+%%ETCDIR%%/errors/ka/ERR_AGENT_CONFIGURE
+%%ETCDIR%%/errors/ka/ERR_AGENT_WPAD
+%%ETCDIR%%/errors/ka/ERR_CACHE_ACCESS_DENIED
+%%ETCDIR%%/errors/ka/ERR_CACHE_MGR_ACCESS_DENIED
+%%ETCDIR%%/errors/ka/ERR_CANNOT_FORWARD
+%%ETCDIR%%/errors/ka/ERR_CONFLICT_HOST
+%%ETCDIR%%/errors/ka/ERR_CONNECT_FAIL
+%%ETCDIR%%/errors/ka/ERR_DIR_LISTING
+%%ETCDIR%%/errors/ka/ERR_DNS_FAIL
+%%ETCDIR%%/errors/ka/ERR_ESI
+%%ETCDIR%%/errors/ka/ERR_FORWARDING_DENIED
+%%ETCDIR%%/errors/ka/ERR_FTP_DISABLED
+%%ETCDIR%%/errors/ka/ERR_FTP_FAILURE
+%%ETCDIR%%/errors/ka/ERR_FTP_FORBIDDEN
+%%ETCDIR%%/errors/ka/ERR_FTP_NOT_FOUND
+%%ETCDIR%%/errors/ka/ERR_FTP_PUT_CREATED
+%%ETCDIR%%/errors/ka/ERR_FTP_PUT_ERROR
+%%ETCDIR%%/errors/ka/ERR_FTP_PUT_MODIFIED
+%%ETCDIR%%/errors/ka/ERR_FTP_UNAVAILABLE
+%%ETCDIR%%/errors/ka/ERR_GATEWAY_FAILURE
+%%ETCDIR%%/errors/ka/ERR_ICAP_FAILURE
+%%ETCDIR%%/errors/ka/ERR_INVALID_REQ
+%%ETCDIR%%/errors/ka/ERR_INVALID_RESP
+%%ETCDIR%%/errors/ka/ERR_INVALID_URL
+%%ETCDIR%%/errors/ka/ERR_LIFETIME_EXP
+%%ETCDIR%%/errors/ka/ERR_NO_RELAY
+%%ETCDIR%%/errors/ka/ERR_ONLY_IF_CACHED_MISS
+%%ETCDIR%%/errors/ka/ERR_PRECONDITION_FAILED
+%%ETCDIR%%/errors/ka/ERR_READ_ERROR
+%%ETCDIR%%/errors/ka/ERR_READ_TIMEOUT
+%%ETCDIR%%/errors/ka/ERR_SECURE_CONNECT_FAIL
+%%ETCDIR%%/errors/ka/ERR_SHUTTING_DOWN
+%%ETCDIR%%/errors/ka/ERR_SOCKET_FAILURE
+%%ETCDIR%%/errors/ka/ERR_TOO_BIG
+%%ETCDIR%%/errors/ka/ERR_UNSUP_HTTPVERSION
+%%ETCDIR%%/errors/ka/ERR_UNSUP_REQ
+%%ETCDIR%%/errors/ka/ERR_URN_RESOLVE
+%%ETCDIR%%/errors/ka/ERR_WRITE_ERROR
+%%ETCDIR%%/errors/ka/ERR_ZERO_SIZE_OBJECT
+%%ETCDIR%%/errors/ka/error-details.txt
 %%ETCDIR%%/errors/ko-kp
 %%ETCDIR%%/errors/ko-kr
 %%ETCDIR%%/errors/ko/ERR_ACCESS_DENIED
@@ -1305,8 +1350,8 @@
 %%ETCDIR%%/errors/pt-br/ERR_WRITE_ERROR
 %%ETCDIR%%/errors/pt-br/ERR_ZERO_SIZE_OBJECT
 %%ETCDIR%%/errors/pt-br/error-details.txt
-%%ETCDIR%%/errors/pt-pt
 %%ETCDIR%%/errors/pt-bz
+%%ETCDIR%%/errors/pt-pt
 %%ETCDIR%%/errors/pt/ERR_ACCESS_DENIED
 %%ETCDIR%%/errors/pt/ERR_ACL_TIME_QUOTA_EXCEEDED
 %%ETCDIR%%/errors/pt/ERR_AGENT_CONFIGURE
@@ -1523,6 +1568,9 @@
 %%ETCDIR%%/errors/sl/ERR_ZERO_SIZE_OBJECT
 %%ETCDIR%%/errors/sl/error-details.txt
 %%ETCDIR%%/errors/sr
+%%ETCDIR%%/errors/sr-cyrl-cs
+%%ETCDIR%%/errors/sr-cyrl-me
+%%ETCDIR%%/errors/sr-cyrl-rs
 %%ETCDIR%%/errors/sr-cyrl/ERR_ACCESS_DENIED
 %%ETCDIR%%/errors/sr-cyrl/ERR_ACL_TIME_QUOTA_EXCEEDED
 %%ETCDIR%%/errors/sr-cyrl/ERR_AGENT_CONFIGURE
@@ -1566,6 +1614,8 @@
 %%ETCDIR%%/errors/sr-cyrl/ERR_ZERO_SIZE_OBJECT
 %%ETCDIR%%/errors/sr-cyrl/error-details.txt
 %%ETCDIR%%/errors/sr-latn-cs
+%%ETCDIR%%/errors/sr-latn-me
+%%ETCDIR%%/errors/sr-latn-rs
 %%ETCDIR%%/errors/sr-latn/ERR_ACCESS_DENIED
 %%ETCDIR%%/errors/sr-latn/ERR_ACL_TIME_QUOTA_EXCEEDED
 %%ETCDIR%%/errors/sr-latn/ERR_AGENT_CONFIGURE
@@ -1608,6 +1658,7 @@
 %%ETCDIR%%/errors/sr-latn/ERR_WRITE_ERROR
 %%ETCDIR%%/errors/sr-latn/ERR_ZERO_SIZE_OBJECT
 %%ETCDIR%%/errors/sr-latn/error-details.txt
+%%ETCDIR%%/errors/sr-rs
 %%ETCDIR%%/errors/sr-sp
 %%ETCDIR%%/errors/sv-fi
 %%ETCDIR%%/errors/sv-se
@@ -1909,93 +1960,100 @@
 %%ETCDIR%%/errors/vi/ERR_WRITE_ERROR
 %%ETCDIR%%/errors/vi/ERR_ZERO_SIZE_OBJECT
 %%ETCDIR%%/errors/vi/error-details.txt
-%%ETCDIR%%/errors/zh-cn/ERR_ACCESS_DENIED
-%%ETCDIR%%/errors/zh-cn/ERR_ACL_TIME_QUOTA_EXCEEDED
-%%ETCDIR%%/errors/zh-cn/ERR_AGENT_CONFIGURE
-%%ETCDIR%%/errors/zh-cn/ERR_AGENT_WPAD
-%%ETCDIR%%/errors/zh-cn/ERR_CACHE_ACCESS_DENIED
-%%ETCDIR%%/errors/zh-cn/ERR_CACHE_MGR_ACCESS_DENIED
-%%ETCDIR%%/errors/zh-cn/ERR_CANNOT_FORWARD
-%%ETCDIR%%/errors/zh-cn/ERR_CONFLICT_HOST
-%%ETCDIR%%/errors/zh-cn/ERR_CONNECT_FAIL
-%%ETCDIR%%/errors/zh-cn/ERR_DIR_LISTING
-%%ETCDIR%%/errors/zh-cn/ERR_DNS_FAIL
-%%ETCDIR%%/errors/zh-cn/ERR_ESI
-%%ETCDIR%%/errors/zh-cn/ERR_FORWARDING_DENIED
-%%ETCDIR%%/errors/zh-cn/ERR_FTP_DISABLED
-%%ETCDIR%%/errors/zh-cn/ERR_FTP_FAILURE
-%%ETCDIR%%/errors/zh-cn/ERR_FTP_FORBIDDEN
-%%ETCDIR%%/errors/zh-cn/ERR_FTP_NOT_FOUND
-%%ETCDIR%%/errors/zh-cn/ERR_FTP_PUT_CREATED
-%%ETCDIR%%/errors/zh-cn/ERR_FTP_PUT_ERROR
-%%ETCDIR%%/errors/zh-cn/ERR_FTP_PUT_MODIFIED
-%%ETCDIR%%/errors/zh-cn/ERR_FTP_UNAVAILABLE
-%%ETCDIR%%/errors/zh-cn/ERR_GATEWAY_FAILURE
-%%ETCDIR%%/errors/zh-cn/ERR_ICAP_FAILURE
-%%ETCDIR%%/errors/zh-cn/ERR_INVALID_REQ
-%%ETCDIR%%/errors/zh-cn/ERR_INVALID_RESP
-%%ETCDIR%%/errors/zh-cn/ERR_INVALID_URL
-%%ETCDIR%%/errors/zh-cn/ERR_LIFETIME_EXP
-%%ETCDIR%%/errors/zh-cn/ERR_NO_RELAY
-%%ETCDIR%%/errors/zh-cn/ERR_ONLY_IF_CACHED_MISS
-%%ETCDIR%%/errors/zh-cn/ERR_PRECONDITION_FAILED
-%%ETCDIR%%/errors/zh-cn/ERR_READ_ERROR
-%%ETCDIR%%/errors/zh-cn/ERR_READ_TIMEOUT
-%%ETCDIR%%/errors/zh-cn/ERR_SECURE_CONNECT_FAIL
-%%ETCDIR%%/errors/zh-cn/ERR_SHUTTING_DOWN
-%%ETCDIR%%/errors/zh-cn/ERR_SOCKET_FAILURE
-%%ETCDIR%%/errors/zh-cn/ERR_TOO_BIG
-%%ETCDIR%%/errors/zh-cn/ERR_UNSUP_HTTPVERSION
-%%ETCDIR%%/errors/zh-cn/ERR_UNSUP_REQ
-%%ETCDIR%%/errors/zh-cn/ERR_URN_RESOLVE
-%%ETCDIR%%/errors/zh-cn/ERR_WRITE_ERROR
-%%ETCDIR%%/errors/zh-cn/ERR_ZERO_SIZE_OBJECT
-%%ETCDIR%%/errors/zh-cn/error-details.txt
+%%ETCDIR%%/errors/zh-cn
+%%ETCDIR%%/errors/zh-hans-cn
+%%ETCDIR%%/errors/zh-hans-sg
+%%ETCDIR%%/errors/zh-hans/ERR_ACCESS_DENIED
+%%ETCDIR%%/errors/zh-hans/ERR_ACL_TIME_QUOTA_EXCEEDED
+%%ETCDIR%%/errors/zh-hans/ERR_AGENT_CONFIGURE
+%%ETCDIR%%/errors/zh-hans/ERR_AGENT_WPAD
+%%ETCDIR%%/errors/zh-hans/ERR_CACHE_ACCESS_DENIED
+%%ETCDIR%%/errors/zh-hans/ERR_CACHE_MGR_ACCESS_DENIED
+%%ETCDIR%%/errors/zh-hans/ERR_CANNOT_FORWARD
+%%ETCDIR%%/errors/zh-hans/ERR_CONFLICT_HOST
+%%ETCDIR%%/errors/zh-hans/ERR_CONNECT_FAIL
+%%ETCDIR%%/errors/zh-hans/ERR_DIR_LISTING
+%%ETCDIR%%/errors/zh-hans/ERR_DNS_FAIL
+%%ETCDIR%%/errors/zh-hans/ERR_ESI
+%%ETCDIR%%/errors/zh-hans/ERR_FORWARDING_DENIED
+%%ETCDIR%%/errors/zh-hans/ERR_FTP_DISABLED
+%%ETCDIR%%/errors/zh-hans/ERR_FTP_FAILURE
+%%ETCDIR%%/errors/zh-hans/ERR_FTP_FORBIDDEN
+%%ETCDIR%%/errors/zh-hans/ERR_FTP_NOT_FOUND
+%%ETCDIR%%/errors/zh-hans/ERR_FTP_PUT_CREATED
+%%ETCDIR%%/errors/zh-hans/ERR_FTP_PUT_ERROR
+%%ETCDIR%%/errors/zh-hans/ERR_FTP_PUT_MODIFIED
+%%ETCDIR%%/errors/zh-hans/ERR_FTP_UNAVAILABLE
+%%ETCDIR%%/errors/zh-hans/ERR_GATEWAY_FAILURE
+%%ETCDIR%%/errors/zh-hans/ERR_ICAP_FAILURE
+%%ETCDIR%%/errors/zh-hans/ERR_INVALID_REQ
+%%ETCDIR%%/errors/zh-hans/ERR_INVALID_RESP
+%%ETCDIR%%/errors/zh-hans/ERR_INVALID_URL
+%%ETCDIR%%/errors/zh-hans/ERR_LIFETIME_EXP
+%%ETCDIR%%/errors/zh-hans/ERR_NO_RELAY
+%%ETCDIR%%/errors/zh-hans/ERR_ONLY_IF_CACHED_MISS
+%%ETCDIR%%/errors/zh-hans/ERR_PRECONDITION_FAILED
+%%ETCDIR%%/errors/zh-hans/ERR_READ_ERROR
+%%ETCDIR%%/errors/zh-hans/ERR_READ_TIMEOUT
+%%ETCDIR%%/errors/zh-hans/ERR_SECURE_CONNECT_FAIL
+%%ETCDIR%%/errors/zh-hans/ERR_SHUTTING_DOWN
+%%ETCDIR%%/errors/zh-hans/ERR_SOCKET_FAILURE
+%%ETCDIR%%/errors/zh-hans/ERR_TOO_BIG
+%%ETCDIR%%/errors/zh-hans/ERR_UNSUP_HTTPVERSION
+%%ETCDIR%%/errors/zh-hans/ERR_UNSUP_REQ
+%%ETCDIR%%/errors/zh-hans/ERR_URN_RESOLVE
+%%ETCDIR%%/errors/zh-hans/ERR_WRITE_ERROR
+%%ETCDIR%%/errors/zh-hans/ERR_ZERO_SIZE_OBJECT
+%%ETCDIR%%/errors/zh-hans/error-details.txt
+%%ETCDIR%%/errors/zh-hant-hk
+%%ETCDIR%%/errors/zh-hant-mo
+%%ETCDIR%%/errors/zh-hant-tw
+%%ETCDIR%%/errors/zh-hant/ERR_ACCESS_DENIED
+%%ETCDIR%%/errors/zh-hant/ERR_ACL_TIME_QUOTA_EXCEEDED
+%%ETCDIR%%/errors/zh-hant/ERR_AGENT_CONFIGURE
+%%ETCDIR%%/errors/zh-hant/ERR_AGENT_WPAD
+%%ETCDIR%%/errors/zh-hant/ERR_CACHE_ACCESS_DENIED
+%%ETCDIR%%/errors/zh-hant/ERR_CACHE_MGR_ACCESS_DENIED
+%%ETCDIR%%/errors/zh-hant/ERR_CANNOT_FORWARD
+%%ETCDIR%%/errors/zh-hant/ERR_CONFLICT_HOST
+%%ETCDIR%%/errors/zh-hant/ERR_CONNECT_FAIL
+%%ETCDIR%%/errors/zh-hant/ERR_DIR_LISTING
+%%ETCDIR%%/errors/zh-hant/ERR_DNS_FAIL
+%%ETCDIR%%/errors/zh-hant/ERR_ESI
+%%ETCDIR%%/errors/zh-hant/ERR_FORWARDING_DENIED
+%%ETCDIR%%/errors/zh-hant/ERR_FTP_DISABLED
+%%ETCDIR%%/errors/zh-hant/ERR_FTP_FAILURE
+%%ETCDIR%%/errors/zh-hant/ERR_FTP_FORBIDDEN
+%%ETCDIR%%/errors/zh-hant/ERR_FTP_NOT_FOUND
+%%ETCDIR%%/errors/zh-hant/ERR_FTP_PUT_CREATED
+%%ETCDIR%%/errors/zh-hant/ERR_FTP_PUT_ERROR
+%%ETCDIR%%/errors/zh-hant/ERR_FTP_PUT_MODIFIED
+%%ETCDIR%%/errors/zh-hant/ERR_FTP_UNAVAILABLE
+%%ETCDIR%%/errors/zh-hant/ERR_GATEWAY_FAILURE
+%%ETCDIR%%/errors/zh-hant/ERR_ICAP_FAILURE
+%%ETCDIR%%/errors/zh-hant/ERR_INVALID_REQ
+%%ETCDIR%%/errors/zh-hant/ERR_INVALID_RESP
+%%ETCDIR%%/errors/zh-hant/ERR_INVALID_URL
+%%ETCDIR%%/errors/zh-hant/ERR_LIFETIME_EXP
+%%ETCDIR%%/errors/zh-hant/ERR_NO_RELAY
+%%ETCDIR%%/errors/zh-hant/ERR_ONLY_IF_CACHED_MISS
+%%ETCDIR%%/errors/zh-hant/ERR_PRECONDITION_FAILED
+%%ETCDIR%%/errors/zh-hant/ERR_READ_ERROR
+%%ETCDIR%%/errors/zh-hant/ERR_READ_TIMEOUT
+%%ETCDIR%%/errors/zh-hant/ERR_SECURE_CONNECT_FAIL
+%%ETCDIR%%/errors/zh-hant/ERR_SHUTTING_DOWN
+%%ETCDIR%%/errors/zh-hant/ERR_SOCKET_FAILURE
+%%ETCDIR%%/errors/zh-hant/ERR_TOO_BIG
+%%ETCDIR%%/errors/zh-hant/ERR_UNSUP_HTTPVERSION
+%%ETCDIR%%/errors/zh-hant/ERR_UNSUP_REQ
+%%ETCDIR%%/errors/zh-hant/ERR_URN_RESOLVE
+%%ETCDIR%%/errors/zh-hant/ERR_WRITE_ERROR
+%%ETCDIR%%/errors/zh-hant/ERR_ZERO_SIZE_OBJECT
+%%ETCDIR%%/errors/zh-hant/error-details.txt
 %%ETCDIR%%/errors/zh-hk
 %%ETCDIR%%/errors/zh-mo
 %%ETCDIR%%/errors/zh-sg
-%%ETCDIR%%/errors/zh-tw/ERR_ACCESS_DENIED
-%%ETCDIR%%/errors/zh-tw/ERR_ACL_TIME_QUOTA_EXCEEDED
-%%ETCDIR%%/errors/zh-tw/ERR_AGENT_CONFIGURE
-%%ETCDIR%%/errors/zh-tw/ERR_AGENT_WPAD
-%%ETCDIR%%/errors/zh-tw/ERR_CACHE_ACCESS_DENIED
-%%ETCDIR%%/errors/zh-tw/ERR_CACHE_MGR_ACCESS_DENIED
-%%ETCDIR%%/errors/zh-tw/ERR_CANNOT_FORWARD
-%%ETCDIR%%/errors/zh-tw/ERR_CONFLICT_HOST
-%%ETCDIR%%/errors/zh-tw/ERR_CONNECT_FAIL
-%%ETCDIR%%/errors/zh-tw/ERR_DIR_LISTING
-%%ETCDIR%%/errors/zh-tw/ERR_DNS_FAIL
-%%ETCDIR%%/errors/zh-tw/ERR_ESI
-%%ETCDIR%%/errors/zh-tw/ERR_FORWARDING_DENIED
-%%ETCDIR%%/errors/zh-tw/ERR_FTP_DISABLED
-%%ETCDIR%%/errors/zh-tw/ERR_FTP_FAILURE
-%%ETCDIR%%/errors/zh-tw/ERR_FTP_FORBIDDEN
-%%ETCDIR%%/errors/zh-tw/ERR_FTP_NOT_FOUND
-%%ETCDIR%%/errors/zh-tw/ERR_FTP_PUT_CREATED
-%%ETCDIR%%/errors/zh-tw/ERR_FTP_PUT_ERROR
-%%ETCDIR%%/errors/zh-tw/ERR_FTP_PUT_MODIFIED
-%%ETCDIR%%/errors/zh-tw/ERR_FTP_UNAVAILABLE
-%%ETCDIR%%/errors/zh-tw/ERR_GATEWAY_FAILURE
-%%ETCDIR%%/errors/zh-tw/ERR_ICAP_FAILURE
-%%ETCDIR%%/errors/zh-tw/ERR_INVALID_REQ
-%%ETCDIR%%/errors/zh-tw/ERR_INVALID_RESP
-%%ETCDIR%%/errors/zh-tw/ERR_INVALID_URL
-%%ETCDIR%%/errors/zh-tw/ERR_LIFETIME_EXP
-%%ETCDIR%%/errors/zh-tw/ERR_NO_RELAY
-%%ETCDIR%%/errors/zh-tw/ERR_ONLY_IF_CACHED_MISS
-%%ETCDIR%%/errors/zh-tw/ERR_PRECONDITION_FAILED
-%%ETCDIR%%/errors/zh-tw/ERR_READ_ERROR
-%%ETCDIR%%/errors/zh-tw/ERR_READ_TIMEOUT
-%%ETCDIR%%/errors/zh-tw/ERR_SECURE_CONNECT_FAIL
-%%ETCDIR%%/errors/zh-tw/ERR_SHUTTING_DOWN
-%%ETCDIR%%/errors/zh-tw/ERR_SOCKET_FAILURE
-%%ETCDIR%%/errors/zh-tw/ERR_TOO_BIG
-%%ETCDIR%%/errors/zh-tw/ERR_UNSUP_HTTPVERSION
-%%ETCDIR%%/errors/zh-tw/ERR_UNSUP_REQ
-%%ETCDIR%%/errors/zh-tw/ERR_URN_RESOLVE
-%%ETCDIR%%/errors/zh-tw/ERR_WRITE_ERROR
-%%ETCDIR%%/errors/zh-tw/ERR_ZERO_SIZE_OBJECT
-%%ETCDIR%%/errors/zh-tw/error-details.txt
+%%ETCDIR%%/errors/zh-tw
 %%ETCDIR%%/icons/SN.png
 %%ETCDIR%%/icons/silk/application.png
 %%ETCDIR%%/icons/silk/arrow_up.png
@@ -2048,15 +2106,11 @@
 %%ETCDIR%%/icons/silk/script_gear.png
 %%ETCDIR%%/icons/silk/script_palette.png
 %%ETCDIR%%/mib.txt
-@sample %%ETCDIR%%/mime.conf.sample
-@sample %%ETCDIR%%/msntauth.conf.sample
 %%ETCDIR%%/squid.conf.documented
-@sample %%ETCDIR%%/squid.conf.sample
 libexec/squid/basic_db_auth
 libexec/squid/basic_fake_auth
 libexec/squid/basic_getpwnam_auth
 %%AUTH_LDAP%%libexec/squid/basic_ldap_auth
-libexec/squid/basic_msnt_auth
 libexec/squid/basic_msnt_multi_domain_auth
 libexec/squid/basic_ncsa_auth
 %%AUTH_NIS%%libexec/squid/basic_nis_auth
@@ -2066,12 +2120,12 @@ libexec/squid/basic_radius_auth
 %%AUTH_SASL%%libexec/squid/basic_sasl_auth
 %%AUTH_SMB%%libexec/squid/basic_smb_auth
 %%AUTH_SMB%%libexec/squid/basic_smb_auth.sh
+libexec/squid/basic_smb_lm_auth
 libexec/squid/cachemgr.cgi
 %%AUTH_KERB%%%%AUTH_LDAP%%%%AUTH_SASL%%libexec/squid/cert_tool
 %%SSL%%libexec/squid/cert_valid.pl
 libexec/squid/digest_file_auth
 %%FS_DISKD%%libexec/squid/diskd
-%%DNS_HELPER%%libexec/squid/dnsserver
 libexec/squid/ext_file_userip_acl
 %%AUTH_KERB%%%%AUTH_LDAP%%%%AUTH_SASL%%libexec/squid/ext_kerberos_ldap_group_acl
 %%AUTH_LDAP%%libexec/squid/ext_ldap_group_acl
@@ -2092,17 +2146,18 @@ libexec/squid/ntlm_smb_lm_auth
 %%ICMP%%@group
 %%ICMP%%@mode
 %%SSL_CRTD%%libexec/squid/ssl_crtd
+libexec/squid/storeid_file_rewrite
 %%UNLINKD%%libexec/squid/unlinkd
 libexec/squid/url_fake_rewrite
 libexec/squid/url_fake_rewrite.sh
-libexec/squid/storeid_file_rewrite
-man/man8/storeid_file_rewrite.8.gz
 man/man1/squidclient.1.gz
 man/man8/basic_db_auth.8.gz
 man/man8/basic_getpwnam_auth.8.gz
 %%AUTH_LDAP%%man/man8/basic_ldap_auth.8.gz
+man/man8/basic_msnt_multi_domain_auth.8.gz
 man/man8/basic_ncsa_auth.8.gz
 man/man8/basic_pam_auth.8.gz
+man/man8/basic_pop3_auth.8.gz
 man/man8/basic_radius_auth.8.gz
 %%AUTH_SASL%%man/man8/basic_sasl_auth.8.gz
 man/man8/cachemgr.cgi.8.gz
@@ -2115,10 +2170,11 @@ man/man8/ext_unix_group_acl.8.gz
 %%AUTH_SMB%%man/man8/ext_wbinfo_group_acl.8.gz
 %%AUTH_KERB%%man/man8/negotiate_kerberos_auth.8.gz
 man/man8/squid.8.gz
+man/man8/storeid_file_rewrite.8.gz
 sbin/purge
 sbin/squid
 sbin/squidclient
 @dir(squid,squid,750) /var/log/squid
+@dir(squid,squid,750) /var/squid
 @dir(squid,squid,750) /var/squid/cache
 @dir(squid,squid,750) /var/squid/logs
-@dir(squid,squid,750) /var/squid