www/squid: Upgrade version 2.7.9 => 3.4.7

From now on, there will only be one squid port, this one. Squid33 has been deprecated and will expire on 31 JAN 2015. PR: 192828 Submitted by: timp87 (gmail) Contributions: takefu (airport.fm), Dennis Glatting
svn path=/head/; revision=368307
2014-09-16 12:29:19 +00:00 · 2014-09-16 12:29:19 +00:00 · e24475de2e · 2021-03-31 03:12:20 +00:00
commit e24475de2e
parent 203d558d69
20 changed files with 2661 additions and 1228 deletions
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@ -1,450 +1,340 @@
 # Created by: Adrian Chadd <adrian@FreeBSD.org>
 # $FreeBSD$
 # Tunables not (yet) configurable via 'make config':
 # SQUID_{U,G}ID
 #   Which user/group Squid should run as (default: squid/squid).
 #   The user and group will be created if they do not already exist using
 #   a uid:gid of 100:100.
 #   NOTE: older versions of Squid defaulted to nobody/nogroup.
 #   If you wish to run Squid as "nobody" (which is not recommended), please
 #   define SQUID_UID=nobody and SQUID_GID=nogroup in your make environment
 #   before you start the update or installation of this port.
 #
 # SQUID_LANGUAGES
 #   A list of languages for which error page files should be installed
 #   (default: all)
 #
 #   E.g. use `make SQUID_LANGUAGES="English French"' if you want to
 #   install the files for these languages only.
 #   Use `make -VSQUID_LANGUAGES' or scroll down to this variable's
 #   definition to see which values are valid.
 #
 # SQUID_DEFAULT_LANG
 #   If you define SQUID_LANGUAGES, select which language should be the default
 #   one (this variable defaults to English). This setting can be overwritten
 #   with squid.conf's error_directory directive.
 #
 # SQUID_CONFIGURE_ARGS
 #   Additional configuration options.
 #
 #   To enable them, use e.g
 #   `make SQUID_CONFIGURE_ARGS="--enable-dlmalloc --enable-truncate" install'
 #
 #   The list below may be incomplete, please see the configure script
 #   in the Squid source distribution for the complete list of additional
 #   options.
 #   Note that you probably do not need to worry about these options in most
 #   cases, they are included in case you want to experiment with them.
 #
 #    --enable-dlmalloc
 #     Compile and use the malloc package from Doug Lea
 #    --enable-gnuregex
 #     Compile and use the supplied GNUregex routines instead of BSD regex
 #     (not recommended).
 #    --enable-xmalloc-statistics
 #     Show malloc statistics in status page
 #    --enable-cachemgr-hostname=some.hostname
 #     Set an explicit hostname in cachemgr.cgi
 #    --enable-truncate
 #     Use truncate() rather than unlink()
 #    --disable-unlinkd
 #     Do not use "unlinkd"
 #    --with-aufs-threads=N_THREADS
 #     Tune the number of worker threads for the aufs object
 #    --with-coss-membuf-size
 #     COSS membuf size (default: 1048576 bytes)
 #    --with-maxfd=N
 #     Override the maximum number of filedescriptors. Useful if you
 #     build as another user who is not privileged to use the amount
 #     of filedescriptors the resulting binary is expected to support.
 #    --enable-ntlm-fail-open
 #     Enable NTLM fail open, where a helper that fails one of the
 #     Authentication steps can allow Squid to still authenticate the user
 #    --enable-x-accelerator-vary
 #     Enable support for the X-Accelerator-Vary HTTP header. Can be used
 #     to indicate variance within an accelerator setup. Typically used
 #     together with other code that adds custom HTTP headers to the
 #     requests.
 #    --enable-forward-log
 #     Enable experimental forward_log directive.
 #    --enable-multicast-miss
 #     Enable experimental multicast notification of cachemisses.
 #
 PORTNAME=	squid
-PORTVERSION=	2.7.${SQUID_STABLE_VER}
+PORTVERSION=	3.4.7
-PORTREVISION=	5
+CATEGORIES=	www ipv6
-CATEGORIES=	www
+MASTER_SITES=	http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
-MASTER_SITES=	ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
+		http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
-		http://mirrors.ccs.neu.edu/Squid/ \
+		http://www1.at.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
-		ftp://ftp.fu-berlin.de/unix/www/squid/squid/ \
+		http://www.eu.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
-		ftp://ftp.nl.uu.net/pub/unix/www/squid/ \
+		http://www1.jp.squid-cache.org/Versions/v3/${PORTVERSION:R}/
 		ftp://ftp.solnet.ch/mirror/squid/ \
 		ftp://ftp.ntua.gr/pub/www/Squid/squid/ \
 		http://mirror.aarnet.edu.au/pub/squid/squid/ \
 		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid,} \
 		http://www.squid-cache.org/Versions/v2/2.7/ \
 		http://www2.us.squid-cache.org/Versions/v2/2.7/ \
 		http://www1.at.squid-cache.org/Versions/v2/2.7/ \
 		http://www2.de.squid-cache.org/Versions/v2/2.7/ \
 		http://www.eu.squid-cache.org/Versions/v2/2.7/ \
 		http://www1.ie.squid-cache.org/Versions/v2/2.7/ \
 		http://www1.jp.squid-cache.org/Versions/v2/2.7/ \
 		http://www2.tw.squid-cache.org/Versions/v2/2.7/
 MASTER_SITE_SUBDIR=	squid
-DISTNAME=	squid-2.7.STABLE${SQUID_STABLE_VER}
+DIST_SUBDIR=	squid3.4
 DIST_SUBDIR=	squid2.7
 PATCH_SITES=	http://www.squid-cache.org/%SUBDIR%/ \
 		http://www2.us.squid-cache.org/%SUBDIR%/ \
 		http://www1.at.squid-cache.org/%SUBDIR%/ \
 		http://www2.de.squid-cache.org/%SUBDIR%/ \
 		http://www.eu.squid-cache.org/%SUBDIR%/ \
 		http://www1.ie.squid-cache.org/%SUBDIR%/ \
 		http://www1.jp.squid-cache.org/%SUBDIR%/ \
-		http://www2.tw.squid-cache.org/%SUBDIR%/
+		http://master.squid-cache.org/~amosjeffries/patches/:nosid
-PATCH_SITE_SUBDIR=	Versions/v2/2.7/changesets
+PATCH_SITE_SUBDIR=	Versions/v3/${PORTVERSION:R}/changesets
-#PATCH_DIST_STRIP=	-p1
+#PATCHFILES=	
 PATCHFILES=	SQUID-2012_1.patch
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	HTTP Caching Proxy
-DEPRECATED=	Reach EOL on 14 Aug 2012
+LICENSE=	GPLv2
-EXPIRATION_DATE=2014-09-15
+LICENSE_FILE=	${WRKSRC}/COPYING
-SQUID_STABLE_VER=	9
+CONFLICTS_INSTALL=	squid33-*
-CONFLICTS_INSTALL=	squid-2.[^7]* squid3?-* cacheboy-[0-9]* lusca-head-[0-9]*
+USES=		perl5 tar:xz shebangfix
-USES=		perl5 shebangfix tar:bzip2
+SHEBANG_FILES=	scripts/*.pl contrib/*.pl src/*.pl tools/*.pl \
-SHEBANG_FILES=	scripts/*.pl \
+		helpers/external_acl/kerberos_ldap_group/cert_tool \
-		src/mk-globals-c.pl \
+		helpers/ssl/cert_valid.pl
 		src/mk-string-arrays.pl \
 		contrib/rredir.pl \
 		contrib/user-agents.pl \
 		contrib/url-normalizer.pl \
 		helpers/basic_auth/multi-domain-NTLM/smb_auth.pl \
 		helpers/basic_auth/POP3/pop3.pl \
 		helpers/ntlm_auth/no_check/no_check.pl \
 		helpers/external_acl/wbinfo_group/wbinfo_group.pl
 GNU_CONFIGURE=	yes
 USE_RC_SUBR=	squid
-SQUID_UID?=	squid
+USERS=		squid
-SQUID_GID?=	squid
+GROUPS=		squid
-MAN8=		cachemgr.cgi.8 squid.8
+MYDOCS=		QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
-docs=		QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
+PORTDOCS=	${MYDOCS:T}
-PORTDOCS=	${docs:T}
+PORTEXAMPLES=	*
-PORTEXAMPLES=	passwd.sql
+SUB_FILES+=	pkg-install pkg-message
 SUB_FILES+=	pkg-deinstall pkg-install pkg-message
 SUB_LIST+=	SQUID_UID=${SQUID_UID} SQUID_GID=${SQUID_GID}
-OPTIONS_DEFINE=	KERB_AUTH LDAP_AUTH NIS_AUTH SASL_AUTH DELAY_POOLS SNMP CARP \
+OPTIONS_SUB=	yes
-		SSL PINGER DNS_HELPER HTCP VIA_DB CACHE_DIGESTS WCCP WCCPV2 \
+OPTIONS_DEFINE=	ARP_ACL AUTH_KERB AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SMB \
-		STRICT_HTTP IDENT REFERER_LOG USERAGENT_LOG ARP_ACL PF IPFILTER \
+		AUTH_SQL \
-		FOLLOW_XFF AUFS COSS KQUEUE LARGEFILE STACKTRACES
+		CACHE_DIGESTS DEBUG DELAY_POOLS DNS_HELPER ECAP ESI \
-OPTIONS_DEFAULT=	KERB_AUTH NIS_AUTH CARP WCCP IDENT KQUEUE
+		FOLLOW_XFF FS_AUFS HTCP ICAP ICMP IDENT IPV6 KQUEUE \
-KERB_AUTH_DESC=		Install Kerberos authentication helpers
+		LARGEFILE SNMP SSL SSL_CRTD STACKTRACES LAX_HTTP \
-LDAP_AUTH_DESC=		Install LDAP authentication helpers
+		TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 DOCS EXAMPLES
 NIS_AUTH_DESC=		Install NIS/YP authentication helpers
 SASL_AUTH_DESC=		Install SASL authentication helpers
 DELAY_POOLS_DESC=	Enable delay pools
 SNMP_DESC=		Enable SNMP support
 CARP_DESC=		Enable CARP support
 SSL_DESC=		Enable SSL support for reverse proxies
 PINGER_DESC=		Install the icmp helper
 DNS_HELPER_DESC=	Use the old 'dnsserver' helper
 HTCP_DESC=		Enable HTCP support
 VIA_DB_DESC=		Enable forward/via database
 CACHE_DIGESTS_DESC=	Enable cache digests
 WCCP_DESC=		Enable Web Cache Coordination Prot. v1
 WCCPV2_DESC=		Enable Web Cache Coordination Prot. v2
 STRICT_HTTP_DESC=	Be strictly HTTP compliant
 IDENT_DESC=		Enable ident (RFC 931) lookups
 REFERER_LOG_DESC=	Enable Referer-header logging
 USERAGENT_LOG_DESC=	Enable User-Agent-header logging
 ARP_ACL_DESC=		Enable ACLs based on ethernet address
 PF_DESC=		Enable transparent proxying with PF
 IPFILTER_DESC=		Enable transp. proxying with IPFilter
 FOLLOW_XFF_DESC=	Follow X-Forwarded-For headers
 AUFS_DESC=		Enable the aufs storage scheme
 COSS_DESC=		Enable the COSS storage scheme
 KQUEUE_DESC=		Use kqueue(2) instead of poll(2)
 LARGEFILE_DESC=		Support log and cache files >2GB
 STACKTRACES_DESC=	Create backtraces on fatal errors
-etc_files=	squid/cachemgr.conf.default \
+# Note: FS_FCOSS was removed from OPTIONS, it is broken and only experimentel
-		squid/mib.txt squid/mime.conf.default \
+#OPTIONS_DEFINE+=	FS_COSS
 		squid/msntauth.conf.default squid/squid.conf.default
-icon_files=	anthony-binhex.gif anthony-bomb.gif anthony-box.gif \
+OPTIONS_DEFAULT=AUTH_KERB AUTH_NIS FS_AUFS HTCP IDENT KQUEUE SNMP WCCP WCCPV2
 		anthony-box2.gif anthony-c.gif anthony-compressed.gif \
 		anthony-dir.gif anthony-dirup.gif anthony-dvi.gif \
 		anthony-f.gif anthony-image.gif anthony-image2.gif \
 		anthony-layout.gif anthony-link.gif anthony-movie.gif \
 		anthony-pdf.gif anthony-portal.gif anthony-ps.gif \
 		anthony-quill.gif anthony-script.gif anthony-sound.gif \
 		anthony-tar.gif anthony-tex.gif anthony-text.gif \
 		anthony-unknown.gif anthony-xbm.gif anthony-xpm.gif
-error_files=	ERR_ACCESS_DENIED ERR_CACHE_ACCESS_DENIED \
+ARP_ACL_CONFIGURE_ENABLE=	eui
-		ERR_CACHE_MGR_ACCESS_DENIED ERR_CANNOT_FORWARD \
+AUTH_LDAP_CFLAGS=		-I${LOCALBASE}/include
-		ERR_CONNECT_FAIL ERR_DNS_FAIL ERR_FORWARDING_DENIED \
+AUTH_LDAP_LDFLAGS=		-L${LOCALBASE}/lib
-		ERR_FTP_DISABLED ERR_FTP_FAILURE ERR_FTP_FORBIDDEN \
+AUTH_LDAP_USE=			OPENLDAP=yes
-		ERR_FTP_NOT_FOUND ERR_FTP_PUT_CREATED \
+AUTH_SASL_CFLAGS=		-I${LOCALBASE}/include
-		ERR_FTP_PUT_ERROR ERR_FTP_PUT_MODIFIED ERR_FTP_UNAVAILABLE \
+AUTH_SASL_CPPFLAGS=		-I${LOCALBASE}/include
-		ERR_INVALID_REQ ERR_INVALID_RESP ERR_INVALID_URL \
+AUTH_SASL_LDFLAGS=		-L${LOCALBASE}/lib
-		ERR_LIFETIME_EXP ERR_NO_RELAY ERR_ONLY_IF_CACHED_MISS \
+AUTH_SASL_LIB_DEPENDS=		libsasl2.so:${PORTSDIR}/security/cyrus-sasl2
-		ERR_READ_ERROR ERR_READ_TIMEOUT ERR_SHUTTING_DOWN \
+AUTH_SMB_BUILD_DEPENDS=		smbclient:${PORTSDIR}/net/samba36
-		ERR_SOCKET_FAILURE ERR_TOO_BIG ERR_UNSUP_REQ \
+AUTH_SMB_RUN_DEPENDS=		smbclient:${PORTSDIR}/net/samba36
-		ERR_URN_RESOLVE ERR_WRITE_ERROR ERR_ZERO_SIZE_OBJECT
+AUTH_SQL_RUN_DEPENDS=		p5-DBD-mysql>=0:${PORTSDIR}/databases/p5-DBD-mysql
 AUTH_SQL_USE=			MYSQL=yes
 CACHE_DIGESTS_CONFIGURE_ENABLE=	cache-digests
 DELAY_POOLS_CONFIGURE_ENABLE=	delay-pools
 DNS_HELPER_CONFIGURE_ON=	--disable-internal-dns
 ECAP_CFLAGS=			-I${LOCALBASE}/include
 ECAP_CONFIGURE_ENABLE=		ecap
 ECAP_LDFLAGS=			-L${LOCALBASE}/lib
 ECAP_LIB_DEPENDS=		libecap.so:${PORTSDIR}/www/libecap
 ECAP_USES=			pkgconfig:build
 ESI_CFLAGS=			-I${LOCALBASE}/include -I${LOCALBASE}/include/libxml2
 ESI_CONFIGURE_ENABLE=		esi
 ESI_LDFLAGS=			-L${LOCALBASE}/lib
 ESI_LIB_DEPENDS=		libexpat.so:${PORTSDIR}/textproc/expat2 \
 				libxml2.so:${PORTSDIR}/textproc/libxml2
 FOLLOW_XFF_CONFIGURE_ENABLE=	follow-x-forwarded-for
 HTCP_CONFIGURE_ENABLE=		htcp
 ICAP_CONFIGURE_ENABLE=		icap-client
 ICMP_CONFIGURE_ENABLE=		icmp
 IDENT_CONFIGURE_ENABLE=		ident-lookups
 IPV6_CONFIGURE_ENABLE=		ipv6
 KQUEUE_CONFIGURE_ENABLE=	kqueue
 LARGEFILE_CONFIGURE_WITH=	large-files
 LAX_HTTP_CONFIGURE_ENABLE=	http-violations
 SNMP_CONFIGURE_ENABLE=		snmp
 SSL_CONFIGURE_ENABLE=		ssl
 SSL_CRTD_CONFIGURE_ENABLE=	ssl-crtd
 STACKTRACES_CONFIGURE_ENABLE=	stacktraces
 TP_IPFW_CONFIGURE_ENABLE=	ipfw-transparent
 TP_IPF_CONFIGURE_ENABLE=	ipf-transparent
 TP_PF_CONFIGURE_ENABLE=		pf-transparent
 VIA_DB_CONFIGURE_ENABLE=	forw-via-db
 WCCPV2_CONFIGURE_ENABLE=	wccpv2
 WCCP_CONFIGURE_ENABLE=		wccp
-libexec=	cachemgr.cgi digest_pw_auth diskd-daemon \
+# TODO:
-		ip_user_check logfile-daemon \
+# add an option for external_acl/session (requires some kind of external
-		msnt_auth ncsa_auth ntlm_auth \
+# Berkeley DB support, unsure which one)
-		pam_auth smb_auth smb_auth.sh squid_db_auth squid_session \
+ARP_ACL_DESC=		ARP/MAC/EUI based authentification
-		squid_unix_group wbinfo_group.pl
+AUTH_KERB_DESC=		Install Kerberos authentication helpers
-.if !defined(SQUID_CONFIGURE_ARGS) || ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == ""
+AUTH_LDAP_DESC=		Install LDAP authentication helpers
-libexec+=	unlinkd
+AUTH_NIS_DESC=		Install NIS/YP authentication helpers
 AUTH_SASL_DESC=		Install SASL authentication helpers
 AUTH_SMB_DESC=		Install SMB auth. helpers (req. Samba)
 AUTH_SQL_DESC=		Install SQL based auth (uses MySQL)
 CACHE_DIGESTS_DESC=	Use cache digests
 DEBUG_DESC=		Build with extended debugging support
 DELAY_POOLS_DESC=	Delay pools (bandwidth limiting)
 DNS_HELPER_DESC=	Use external dnsserver processes for DNS
 ECAP_DESC=		Loadable content adaptation modules (broken on FreeBSD 10+)
 ESI_DESC=		ESI support
 FOLLOW_XFF_DESC=	Support for the X-Following-For header
 FS_AUFS_DESC=		AUFS (async-io) support
 FS_COSS_DESC=		COSS (not stable yet)
 HTCP_DESC=		HTCP support
 ICAP_DESC=		the ICAP client
 ICMP_DESC=		ICMP pinging and network measurement
 IDENT_DESC=		Ident lookups (RFC 931)
 KQUEUE_DESC=		Kqueue(2) support
 LARGEFILE_DESC=		Support large (>2GB) cache and log files
 SNMP_DESC=		SNMP support
 SSL_CRTD_DESC=		Use ssl_crtd to handle SSL cert requests
 SSL_DESC=		SSL gatewaying support
 STACKTRACES_DESC=	Enable automatic backtraces on fatal errors
 LAX_HTTP_DESC=		Do not enforce strict HTTP compliance
 TP_IPFW_DESC=		Transparent proxying with IPFW
 TP_IPF_DESC=		Transparent proxying with IPFilter
 TP_PF_DESC=		Transparent proxying with PF
 VIA_DB_DESC=		Forward/Via database
 WCCPV2_DESC=		Web Cache Coordination Protocol v2
 WCCP_DESC=		Web Cache Coordination Protocol
 change_files=	ChangeLog \
 		contrib/nextstep/makepkg \
 		contrib/nextstep/post_install \
 		errors/Makefile.am \
 		errors/Makefile.in \
 		helpers/basic_auth/MSNT/Makefile.am \
 		helpers/basic_auth/MSNT/Makefile.in \
 		src/Makefile.am \
 		src/Makefile.in \
 		src/cf_gen.cc \
 		src/squid.8.in \
 		tools/Makefile.am \
 		tools/Makefile.in
 .if !defined(SQUID_CONFIGURE_ARGS) \
 	|| ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == ""
 PLIST_SUB+=	UNLINKD=""
 .else
 PLIST_SUB+=	UNLINKD="@comment "
 .endif
-sbin=		RunCache squidclient squid
+CONFIGURE_ARGS=	--with-default-user=squid \
-
+		--bindir=${PREFIX}/sbin \
-CONFIGURE_ARGS=	--bindir=${PREFIX}/sbin  \
+		--sbindir=${PREFIX}/sbin \
 		--sbindir=${PREFIX}/sbin  \
 		--datadir=${ETCDIR} \
 		--libexecdir=${PREFIX}/libexec/squid \
-		--localstatedir=/var/squid \
+		--localstatedir=/var \
 		--sysconfdir=${ETCDIR} \
 		--with-logdir=/var/log/squid \
 		--with-pidfile=/var/run/squid/squid.pid \
 		--with-swapdir=/var/squid/cache/squid \
 		--enable-auth \
 		--enable-build-info \
 		--enable-loadable-modules \
 		--enable-removal-policies="lru heap" \
 		--disable-epoll \
 		--disable-linux-netfilter \
 		--disable-linux-tproxy \
-		--disable-epoll
+		--disable-translation
-.include <bsd.port.pre.mk>
+.include <bsd.port.options.mk>
 .if ${CC:T:Mclang*} || ${CXX:T:Mclang++*} \
 	|| ${OPSYS} == FreeBSD && ${OSVERSION} >= 1000024
 CXXFLAGS+=	-Wno-unused-private-field
 .endif
 # Authentication methods and modules:
-basic_auth=	DB NCSA PAM MSNT SMB
+basic_auth=	DB MSNT MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam
-digest_auth=	password
+digest_auth=	file
-external_acl=	ip_user session unix_group wbinfo_group
+external_acl=	file_userip time_quota unix_group
-MAN8+=		ncsa_auth.8 pam_auth.8 squid_db_auth.8 squid_session.8 \
+ntlm_auth=	fake smb_lm
-		squid_unix_group.8
+
-.if ${PORT_OPTIONS:MLDAP_AUTH}
+.if ${PORT_OPTIONS:MAUTH_LDAP}
 USE_OPENLDAP=	yes
 CFLAGS+=	-I${LOCALBASE}/include
 LDFLAGS+=	-L${LOCALBASE}/lib
 MAN8+=		squid_ldap_auth.8 squid_ldap_group.8
 basic_auth+=	LDAP
-digest_auth+=	ldap
+external_acl+=	LDAP_group
 external_acl+=	ldap_group
 libexec+=	digest_ldap_auth squid_ldap_auth squid_ldap_group
 .endif
-.if ${PORT_OPTIONS:MSASL_AUTH}
+
-LIB_DEPENDS+=	libsasl2.so:${PORTSDIR}/security/cyrus-sasl2
+.if ${PORT_OPTIONS:MAUTH_SASL}
 CFLAGS+=	-I${LOCALBASE}/include
 CPPFLAGS+=	-I${LOCALBASE}/include
 LDFLAGS+=	-L${LOCALBASE}/lib
 basic_auth+=	SASL
 libexec+=	sasl_auth
 .endif
 .if ${PORT_OPTIONS:MAUTH_SMB}
 basic_auth+=	SMB
 external_acl+=	wbinfo_group
 .endif
 .if ${PORT_OPTIONS:MAUTH_SQL}
 external_acl+=	SQL_session
 .endif
 # POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
-.if ${PORT_OPTIONS:MNIS_AUTH} && !defined(NO_NIS) && !defined(WITHOUT_NIS)
+.if ${PORT_OPTIONS:MAUTH_NIS} && !defined(NO_NIS) && !defined(WITHOUT_NIS)
-basic_auth+=	YP
+basic_auth+=	NIS
 libexec+=	yp_auth
 .endif
-CONFIGURE_ARGS+=	--enable-auth="basic digest negotiate ntlm" \
+
-			--enable-basic-auth-helpers="${basic_auth}" \
+# POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
-			--enable-digest-auth-helpers="${digest_auth}" \
+.if ${PORT_OPTIONS:MAUTH_KERB} && !defined(NO_KERBEROS) && !defined(WITHOUT_KERBEROS)
 negotiate_auth=	kerberos wrapper
 . if ${OPSYS} == DragonFly
 LIB_DEPENDS+=	libkrb5.so:${PORTSDIR}/security/krb5
 . endif
 # the kerberos_ldap_group external helper depends on LDAP and SASL:
 . if ${PORT_OPTIONS:MAUTH_LDAP} && ${PORT_OPTIONS:MAUTH_SASL}
 external_acl+=	kerberos_ldap_group
 . endif
 .else
 negotiate_auth=	none
 .endif
 CONFIGURE_ARGS+=	--enable-auth-basic="${basic_auth}" \
 			--enable-auth-digest="${digest_auth}" \
 			--enable-external-acl-helpers="${external_acl}" \
-			--enable-ntlm-auth-helpers="SMB"
+			--enable-auth-negotiate="${negotiate_auth}" \
-# POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
+			--enable-auth-ntlm="${ntlm_auth}"
 .if ${PORT_OPTIONS:MKERB_AUTH} && !defined(NO_KERBEROS) && !defined(WITHOUT_KERBEROS)
 # XXX This currently only works with heimdal from the base system,
 #     see files/patch-squid_kerb_auth:
 CONFIGURE_ARGS+=	--enable-negotiate-auth-helpers="squid_kerb_auth"
 libexec+=	squid_kerb_auth
 .endif
 # Storage schemes:
 storage_schemes=	diskd rock ufs
 diskio_modules=		AIO Blocking DiskDaemon IpcIo Mmapped
-storage_schemes=	ufs diskd null
+.if ${PORT_OPTIONS:MFS_AUFS}
 .if ${PORT_OPTIONS:MAUFS}
 storage_schemes+=	aufs
-.if ${OSVERSION}<700055
+diskio_modules+=	DiskThreads
-# Only document libmap.conf for releases where it may be needed to
+# Nil aufs threads is default, set any other value via SQUID_CONFIGURE_ARGS,
-# switch from libpthread (aka libkse) to libthr:
+# e.g. SQUID_CONFIGURE_ARGS=--with-aufs-threads=N
-EXTRA_PATCHES+=		${PATCHDIR}/extra-patch-src-cf.data.pre.aufs
+LDFLAGS+=		-pthread
 .else
 CONFIGURE_ARGS+=	--without-pthreads
 .endif
-# Nil aufs threads is default, set any other value via SQUID_CONFIGURE_ARGS
+
-CONFIGURE_ARGS+=	--with-pthreads
+.if ${PORT_OPTIONS:MFS_COSS}
-.endif
+BROKEN=			FS_COSS does not compile
 .if ${PORT_OPTIONS:MCOSS}
 storage_schemes+=	coss
 .if ! ${PORT_OPTIONS:MAUFS}
 # use Posix AIO instead of aufs' AIO; note that you then need the kernel to
 # supply AIO support, either by loading the aio(4) module (n/a on 4.x) or by
 # adding the option VFS_AIO to your kernel configuration if you want to
 # actually use COSS storage:
 CONFIGURE_ARGS+=	--enable-coss-aio-ops
 .endif
-sbin+=		cossdump
+
-.endif
+CONFIGURE_ARGS+=	--enable-storeio="${storage_schemes}" \
-CONFIGURE_ARGS+=	--enable-storeio="${storage_schemes}"
+			--enable-disk-io="${diskio_modules}"
 # Log daemon helpers:
 logdaemon_helpers=	file
 CONFIGURE_ARGS+=	--enable-log-daemon-helpers="${logdaemon_helpers}"
 # URL rewrite helpers:
 url_rewrite_helpers=	fake
 CONFIGURE_ARGS+=	--enable-url-rewrite-helpers="${url_rewrite_helpers}"
 # Storeid rewrite helpers:
 storeid_rewrite_helpers=	file
 CONFIGURE_ARGS+=	--enable-storeid-rewrite-helpers="${storeid_rewrite_helpers}"
 # Other options set via 'make config':
 .if ${PORT_OPTIONS:MDELAY_POOLS}
 CONFIGURE_ARGS+=	--enable-delay-pools
 .endif
 .if ${PORT_OPTIONS:MSNMP}
 CONFIGURE_ARGS+=	--enable-snmp
 .endif
 .if ! ${PORT_OPTIONS:MCARP}
 CONFIGURE_ARGS+=	--disable-carp
 .endif
 .if ${PORT_OPTIONS:MSSL}
 # we need to .include bsd.openssl.mk manually here.because USE_OPENSSL only
 # works when it is defined before bsd.port{.pre}.mk is .included.
 # This makes it currently impossible to combine this macro with OPTIONS to
 # conditionally include OpenSSL support.
 # XXX: is this still true with OptionsNG as of 2014-09?
 #.include "${.CURDIR}/../../Mk/bsd.openssl.mk"
 .include "${PORTSDIR}/Mk/bsd.openssl.mk"
-CONFIGURE_ARGS+=	--enable-ssl \
+CONFIGURE_ARGS+=	--with-openssl="${OPENSSLBASE}"
-			--with-openssl="${OPENSSLBASE}"
+CFLAGS+=		-I${OPENSSLINC}
-CFLAGS+=	-I${OPENSSLINC}
+LDFLAGS+=		-L${OPENSSLLIB}
 LDFLAGS+=	-L${OPENSSLLIB}
 .endif
-.if ${PORT_OPTIONS:MPINGER}
+
-CONFIGURE_ARGS+=	--enable-icmp
+.if ${PORT_OPTIONS:MECAP}
-libexec+=	pinger
+.if ${OPSYS} == FreeBSD && ${OSVERSION} > 1000000
 # re-evaluate on FreeBSD 10+ with the next release
 # http://www.squid-cache.org/mail-archive/squid-users/201402/0324.html
 BROKEN=		ECAP and clang are not friendly
 .endif
-.if ${PORT_OPTIONS:MDNS_HELPER}
+LIB_DEPENDS+=	libecap.so:${PORTSDIR}/www/libecap
-CONFIGURE_ARGS+=	--disable-internal-dns
+CFLAGS+=	-I${LOCALBASE}/include
-libexec+=	dnsserver
+LDFLAGS+=	-L${LOCALBASE}/lib
 .endif
 .if ${PORT_OPTIONS:MHTCP}
 CONFIGURE_ARGS+=	--enable-htcp
 .endif
 .if ${PORT_OPTIONS:MVIA_DB}
 CONFIGURE_ARGS+=	--enable-forw-via-db
 .endif
 .if ${PORT_OPTIONS:MCACHE_DIGESTS}
 CONFIGURE_ARGS+=	--enable-cache-digests
 .endif
 .if ! ${PORT_OPTIONS:MWCCP}
 CONFIGURE_ARGS+=	--disable-wccp
 .endif
 .if ${PORT_OPTIONS:MWCCPV2}
 CONFIGURE_ARGS+=	--enable-wccpv2
 .endif
 .if ${PORT_OPTIONS:MSTRICT_HTTP}
 CONFIGURE_ARGS+=	--disable-http-violations
 .endif
 .if ! ${PORT_OPTIONS:MIDENT}
 CONFIGURE_ARGS+=	--disable-ident-lookups
 .endif
 .if ${PORT_OPTIONS:MREFERER_LOG}
 CONFIGURE_ARGS+=	--enable-referer-log
 .endif
 .if ${PORT_OPTIONS:MUSERAGENT_LOG}
 CONFIGURE_ARGS+=	--enable-useragent-log
 .endif
 .if ${PORT_OPTIONS:MARP_ACL}
 CONFIGURE_ARGS+=	--enable-arp-acl
 .endif
 .if ${PORT_OPTIONS:MPF}
 CONFIGURE_ARGS+=	--enable-pf-transparent
 .endif
 .if ${PORT_OPTIONS:MIPFILTER}
 CONFIGURE_ARGS+=	--enable-ipf-transparent
 .endif
 .if ${PORT_OPTIONS:MFOLLOW_XFF}
 CONFIGURE_ARGS+=	--enable-follow-x-forwarded-for
 .endif
 .if ${PORT_OPTIONS:MICAP}
 IGNORE=		does not have working ICAP support anymore -- please use Squid 3.x if you need ICAP. Please remove WITH_SQUID_ICAP from your make environment
 .endif
 .if ! ${PORT_OPTIONS:MKQUEUE}
 CONFIGURE_ARGS+=	--disable-kqueue
 .endif
 .if ${PORT_OPTIONS:MLARGEFILE}
 CONFIGURE_ARGS+=	--with-large-files --enable-large-cache-files
 .endif
 .if ${PORT_OPTIONS:MSTACKTRACES}
 CONFIGURE_ARGS+=	--enable-stacktraces
 CFLAGS+=	-g
 STRIP=
 .endif
-# Languages:
+.if ${PORT_OPTIONS:MDEBUG} || defined(WITH_DEBUG)
-#
+CONFIGURE_ARGS+=	--disable-optimizations --enable-debug-cbdata
-# If you do not define SQUID_LANGUAGES yourself, all available language files
+WITH_DEBUG?=		yes
-# will be installed; the default language will be English.
+.endif
 SQUID_LANGUAGES?=	Armenian Azerbaijani Bulgarian Catalan Czech Danish \
 			Dutch English Estonian Finnish French German Greek \
 			Hebrew Hungarian Italian Japanese Korean Lithuanian \
 			Polish Portuguese Romanian Russian-1251 Russian-koi8-r \
 			Serbian Simplify_Chinese Slovak Spanish Swedish \
 			Traditional_Chinese Turkish Ukrainian-1251 \
 			Ukrainian-koi8-u Ukrainian-utf8
 SQUID_DEFAULT_LANG?=	English
 CONFIGURE_ARGS+=	--enable-err-languages="${SQUID_LANGUAGES}" \
 			--enable-default-err-language=${SQUID_DEFAULT_LANG}
 # Finally, add additional user specified configuration options:
 CONFIGURE_ARGS+=	${SQUID_CONFIGURE_ARGS}
 CONFIGURE_ENV+=		GREP="${GREP}"
 PLIST_DIRS=	%%ETCDIR%%/icons libexec/squid
 PLIST_FILES=	${etc_files:S,^,etc/,} ${icon_files:S,^,%%ETCDIR%%/icons/,} \
 		${libexec:S,^,libexec/squid/,} ${sbin:S,^,sbin/,}
 PLIST_FILES+=	man/man8/cachemgr.cgi.8.gz \
 		man/man8/ncsa_auth.8.gz \
 		man/man8/pam_auth.8.gz \
 		man/man8/squid.8.gz \
 		man/man8/squid_db_auth.8.gz \
 		man/man8/squid_session.8.gz \
 		man/man8/squid_unix_group.8.gz \
 		%%ETCDIR%%/cachemgr.conf \
 		%%ETCDIR%%/mime.conf \
 		%%ETCDIR%%/msntauth.conf \
 		%%ETCDIR%%/squid.conf
 .for d in ${SQUID_LANGUAGES}
 PLIST_DIRS+=	%%ETCDIR%%/errors/${d}
 PLIST_FILES+=	${error_files:S,^,%%ETCDIR%%/errors/${d}/,}
 .endfor
 PLIST_DIRS+=	%%ETCDIR%%/errors
 PLIST_DIRSTRY+=	%%ETCDIR%% /var/squid/logs /var/squid
 post-patch:
-	@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
+	@${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \
-	    -e 's|%%SQUID_GID%%|${SQUID_GID}|g' \
+		${WRKSRC}/src/cf.data.pre
-	    -e 's|%%PREFIX%%|${PREFIX}|g' ${WRKSRC}/src/cf.data.pre
+	@(cd ${WRKSRC} && ${REINPLACE_CMD} \
-	@${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
+		-e 's|\.conf\.default|.conf.sample|' \
-	    ${WRKSRC}/helpers/basic_auth/SMB/Makefile.in \
+		-e 's|)\.default|).sample|' \
-	    ${WRKSRC}/helpers/basic_auth/SMB/smb_auth.sh
+		${change_files})
-# Prevent installation of .orig files by deleting them.
+	@(cd ${WRKSRC} && ${MV} helpers/basic_auth/MSNT/msntauth.conf.default \
-	@${FIND} ${WRKSRC} -name '*.bak' -delete
+		helpers/basic_auth/MSNT/msntauth.conf.sample)
-	@${FIND} ${WRKSRC} -name '*.orig' -delete
+	@(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample)
 .if !${PORT_OPTIONS:MIPV6}
 	@${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \
 		-e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \
 		-e's/ 2001:DB8::a:0\/64//' \
 		-e'/tcp_outgoing_address 2001:db8::c001 good_service_net/d' \
 		-e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \
 		-e'/tcp_outgoing_address 2001:db8::1/d' \
 		${WRKSRC}/src/cf.data.pre
 .endif
 post-install:
 .if ${PORT_OPTIONS:MEXAMPLES}
 	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
 	${INSTALL_DATA} ${WRKSRC}/helpers/basic_auth/DB/passwd.sql \
 		${STAGEDIR}${EXAMPLESDIR}
 .endif
 .if ${PORT_OPTIONS:MPINGER}
 	${CHMOD} 4510 ${STAGEDIR}${PREFIX}/libexec/squid/pinger; \
 	${CHGRP} ${SQUID_GID} ${STAGEDIR}${PREFIX}/libexec/squid/pinger
 .endif
 .if ${PORT_OPTIONS:MDOCS}
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
-	cd ${WRKSRC} && ${INSTALL_DATA} ${docs} ${STAGEDIR}${DOCSDIR}
+	(cd ${WRKSRC} && ${INSTALL_DATA} ${MYDOCS} ${STAGEDIR}${DOCSDIR})
-.endif
+	${MKDIR} ${STAGEDIR}/var/squid/logs
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
--- a/www/squid/distinfo
+++ b/www/squid/distinfo
@ -1,4 +1,2 @@
-SHA256 (squid2.7/squid-2.7.STABLE9.tar.bz2) = c0bdfcb5bb68debc1c9441308178bf148c67979b824c892a4710dc80a5b05d5e
+SHA256 (squid3.4/squid-3.4.7.tar.xz) = cc40a3cccdcdfc11269ea969e658d99e3ef2202999b78aa01a647a6bc71759ee
-SIZE (squid2.7/squid-2.7.STABLE9.tar.bz2) = 1351366
+SIZE (squid3.4/squid-3.4.7.tar.xz) = 2158672
 SHA256 (squid2.7/SQUID-2012_1.patch) = a456ed7a45fbecd94a4c68c0e72905135c4424c41c01ab858dc8c5760ee03a6f
 SIZE (squid2.7/SQUID-2012_1.patch) = 4804
--- a/www/squid/files/extra-patch-src-cf.data.pre.aufs
+++ b/www/squid/files/extra-patch-src-cf.data.pre.aufs
@ -1,20 +0,0 @@
 --- src/cf.data.pre.orig	Wed Nov  1 15:12:02 2006
 +++ src/cf.data.pre	Wed Nov  1 15:12:17 2006
@@ -1097,6 +1100,17 @@
 	see argument descriptions under ufs above
 +	Note:
 +	By default, FreeBSD uses the pthread(3) M:N threading library.
 +	You can, however, map the thread library to the 1:1 libthr(3)
 +	implementation by inserting the following lines into
 +	/etc/libmap.conf and see whether this performs better on your
 +	system:
 +
 +	[%%PREFIX%%/sbin/squid]
 +	libpthread.so.1	libthr.so.1
 +	libpthread.so.2	libthr.so.2
 +
 	The diskd store type:
 	"diskd" uses the same storage format as "ufs", utilizing a
--- a/www/squid/files/patch-compat_Makefile.in
+++ b/www/squid/files/patch-compat_Makefile.in
@ -0,0 +1,28 @@
 --- compat/Makefile.in.orig	2013-12-30 04:33:49.000000000 -0700
 +++ compat/Makefile.in	2014-01-27 00:05:25.000000000 -0700
@@ -113,7 +113,8 @@
 libcompat_squid_la_DEPENDENCIES = $(LIBOBJS)
 am_libcompat_squid_la_OBJECTS = assert.lo compat.lo debug.lo \
 	eui64_aton.lo GnuRegex.lo shm.lo strnstr.lo strnrchr.lo \
 -	xalloc.lo xstrerror.lo xstring.lo xstrto.lo mswindows.lo
 +	xalloc.lo xstrerror.lo xstring.lo xstrto.lo mswindows.lo \
 +	strlen.lo
 libcompat_squid_la_OBJECTS = $(am_libcompat_squid_la_OBJECTS)
 am_testPreCompiler_OBJECTS = testPreCompiler.$(OBJEXT) \
 	testMain.$(OBJEXT)
@@ -401,6 +402,7 @@
 	getnameinfo.h \
 	GnuRegex.c \
 	GnuRegex.h \
 +	strlen.c \
 	inet_ntop.h \
 	inet_pton.h \
 	initgroups.h \
@@ -539,6 +541,7 @@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shm.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strnrchr.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strnstr.Plo@am__quote@
 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strlen.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testMain.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testPreCompiler.Po@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xalloc.Plo@am__quote@
--- a/www/squid/files/patch-compat_strlen.c
+++ b/www/squid/files/patch-compat_strlen.c
@ -0,0 +1,31 @@
 --- compat/strlen.c.orig	2014-01-26 23:28:26.000000000 -0700
 +++ compat/strlen.c	2014-01-26 23:33:01.000000000 -0700
@@ -0,0 +1,28 @@
 +/* Dennis Glatting
 +   January 2014   
 +
 +   Various places within Squid call strlen() with a NULL pointer,
 +   which causes a SIGSEV on FreeBSD. This is a simple, dumb
 +   replacement that first checks for a NULL pointer before counting
 +   the string's length. In the case of a NULL pointer, the string's
 +   length is 0.
 +
 + */
 +
 +
 +#include "squid.h"
 +#include <string.h>
 +
 +size_t
 +strlen( const char* s ) {
 +
 +  size_t c = 0;
 +
 +  if( s == NULL )
 +    return 0;
 +
 +  while( *s++ )
 +    ++c;
 +
 +    return c;
 +}
--- a/www/squid/files/patch-configure
+++ b/www/squid/files/patch-configure
@ -1,19 +1,11 @@
-Patch for Squid bug 2203:
+--- configure.orig	2014-06-25 18:43:23.000000000 +0400
-
+++ configure	2014-08-18 14:46:23.000000000 +0400
--with-maxfd inadvertently unsets LDFLAGS.
+@@ -31752,6 +31752,8 @@
 --- configure.orig	2009-02-05 19:27:06.000000000 +0100
 +++ configure	2009-02-05 19:27:59.000000000 +0100
@@ -27810,11 +27810,12 @@
 fi
-+TLDFLAGS="$LDFLAGS"
+LIBOBJS="$LIBOBJS strlen.$ac_objext"
 +
- if test -z "$SQUID_MAXFD"; then
+ ac_fn_cxx_check_func "$LINENO" "strtoll" "ac_cv_func_strtoll"
- 
+ if test "x$ac_cv_func_strtoll" = xyes; then :
- { $as_echo "$as_me:$LINENO: checking Maximum number of filedescriptors we can open" >&5
+   $as_echo "#define HAVE_STRTOLL 1" >>confdefs.h
 $as_echo_n "checking Maximum number of filedescriptors we can open... " >&6; }
 -TLDFLAGS="$LDFLAGS"
 case $host in
 i386-unknown-freebsd*)
     if echo "$LDFLAGS" | grep -q pthread; then
--- a/www/squid/files/patch-helpers-basic_auth-SMB-Makefile.in
+++ b/www/squid/files/patch-helpers-basic_auth-SMB-Makefile.in
@ -1,11 +0,0 @@
 --- helpers/basic_auth/SMB/Makefile.in.orig	Tue Oct  4 07:29:26 2005
 +++ helpers/basic_auth/SMB/Makefile.in	Tue Oct  4 07:29:49 2005
@@ -129,7 +129,7 @@
 makesnmplib = @makesnmplib@
 SMB_AUTH_HELPER = smb_auth.sh
 -SAMBAPREFIX = /usr/local/samba
 +SAMBAPREFIX = %%LOCALBASE%%
 SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
 libexec_SCRIPTS = $(SMB_AUTH_HELPER)
--- a/www/squid/files/patch-helpers-basic_auth-SMB-smb_auth.sh
+++ b/www/squid/files/patch-helpers-basic_auth-SMB-smb_auth.sh
@ -1,13 +0,0 @@
 *** helpers/basic_auth/SMB/smb_auth.sh.orig	Thu Feb 26 20:58:22 2004
 --- helpers/basic_auth/SMB/smb_auth.sh	Thu Feb 26 20:59:45 2004
 ***************
 *** 17,22 ****
 --- 17,24 ----
  # along with this program; if not, write to the Free Software
  # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 + SAMBAPREFIX=${SAMBAPREFIX:-%%LOCALBASE%%}
 + 
  read DOMAINNAME
  read PASSTHROUGH
  read NMBADDR
--- a/www/squid/files/patch-include-squid_types.h
+++ b/www/squid/files/patch-include-squid_types.h
@ -1,11 +0,0 @@
 --- include/squid_types.h.orig Mon Jul  7 00:45:26 2003
 +++ include/squid_types.h      Mon Jul  7 00:48:39 2003
@@ -66,8 +66,5 @@
 #if HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 -#if HAVE_SYS_BITYPES_H
 -#include <sys/bitypes.h>
 -#endif
 #endif /* SQUID_TYPES_H */
--- a/www/squid/files/patch-squid_kerb_auth
+++ b/www/squid/files/patch-squid_kerb_auth
@ -1,581 +0,0 @@
 This file contains various patches that in general try to enable the
 compilation of the squid_kerb_auth authentication helper program on
 all versions of FreeBSD that are currently supported by the FreeBSD
 ports framework where Heimdal is part of the base system.
 --- configure.orig	2009-02-05 19:27:06.000000000 +0100
 +++ configure	2009-02-05 19:40:29.000000000 +0100
@@ -773,10 +773,13 @@
 NTLM_AUTH_HELPERS
 DIGEST_AUTH_HELPERS
 NEGOTIATE_AUTH_HELPERS
 -EXTERNAL_ACL_HELPERS
 +KRB5CONFIG
 +KERBLIBS
 +KERBINC
 CPP
 GREP
 EGREP
 +EXTERNAL_ACL_HELPERS
 LIBSASL
 ENABLE_UNLINKD_TRUE
 ENABLE_UNLINKD_FALSE
@@ -5789,50 +5792,59 @@
 fi
 -# Check whether --enable-ntlm-fail-open was given.
 -if test "${enable_ntlm_fail_open+set}" = set; then
 -  enableval=$enable_ntlm_fail_open;  if test "$enableval" = "yes" ; then
 -
 -cat >>confdefs.h <<\_ACEOF
 -#define NTLM_FAIL_OPEN 1
 -_ACEOF
 +if `echo "$NEGOTIATE_AUTH_HELPERS" | grep -q squid_kerb_auth`; then
 +    # Extract the first word of "krb5-config", so it can be a program name with args.
 +set dummy krb5-config; ac_word=$2
 +{ $as_echo "$as_me:$LINENO: checking for $ac_word" >&5
 +$as_echo_n "checking for $ac_word... " >&6; }
 +if test "${ac_cv_path_KRB5CONFIG+set}" = set; then
 +  $as_echo_n "(cached) " >&6
 +else
 +  case $KRB5CONFIG in
 +  [\\/]* | ?:[\\/]*)
 +  ac_cv_path_KRB5CONFIG="$KRB5CONFIG" # Let the user override the test with a path.
 +  ;;
 +  *)
 +  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
 +for as_dir in $PATH
 +do
 +  IFS=$as_save_IFS
 +  test -z "$as_dir" && as_dir=.
 +  for ac_exec_ext in '' $ac_executable_extensions; do
 +  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
 +    ac_cv_path_KRB5CONFIG="$as_dir/$ac_word$ac_exec_ext"
 +    $as_echo "$as_me:$LINENO: found $as_dir/$ac_word$ac_exec_ext" >&5
 +    break 2
   fi
 +done
 +done
 +IFS=$as_save_IFS
 +  test -z "$ac_cv_path_KRB5CONFIG" && ac_cv_path_KRB5CONFIG="false"
 +  ;;
 +esac
 fi
 -
 -
 -EXTERNAL_ACL_HELPERS=
 -# Check whether --enable-external-acl-helpers was given.
 -if test "${enable_external_acl_helpers+set}" = set; then
 -  enableval=$enable_external_acl_helpers;  case "$enableval" in
 -  yes)
 -    echo "ERROR: --enable-external-acl-helpers requires an argument"
 -    exit 1
 -    ;;
 -  no)
 -    ;;
 -  *)
 -    EXTERNAL_ACL_HELPERS="`echo $enableval| sed -e 's/,/ /g;s/  */ /g'`"
 -  esac
 -
 +KRB5CONFIG=$ac_cv_path_KRB5CONFIG
 +if test -n "$KRB5CONFIG"; then
 +  { $as_echo "$as_me:$LINENO: result: $KRB5CONFIG" >&5
 +$as_echo "$KRB5CONFIG" >&6; }
 +else
 +  { $as_echo "$as_me:$LINENO: result: no" >&5
 +$as_echo "no" >&6; }
 fi
 -if test -n "$EXTERNAL_ACL_HELPERS"; then
 -    for helper in $EXTERNAL_ACL_HELPERS; do
 -	if test -f $srcdir/helpers/external_acl/$helper/Makefile.in; then
 -		:
 -	else
 -		echo "ERROR: external acl helper $helper does not exists"
 -		exit 1
 -	fi
 -    done
 -    echo "External acl helpers built: $EXTERNAL_ACL_HELPERS"
 -fi
 +    if test -z "$KRB5CONFIG"; then
 +	{ { $as_echo "$as_me:$LINENO: error: sorry" >&5
 +$as_echo "$as_me: error: sorry" >&2;}
 +   { (exit need krb5-config to determine compilation settings); exit need krb5-config to determine compilation settings; }; }
 +    else
 +	KERBLIBS=`$KRB5CONFIG --libs gssapi`
 +	KERBINC=`$KRB5CONFIG --cflags`
 -if test "$require_sasl" = "yes"; then
 +    fi
 ac_ext=c
 ac_cpp='$CPP $CPPFLAGS'
@@ -6454,6 +6466,359 @@
 +for ac_header in gssapi/gssapi.h
 +do
 +as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
 +  { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
 +$as_echo_n "checking for $ac_header... " >&6; }
 +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
 +  $as_echo_n "(cached) " >&6
 +fi
 +ac_res=`eval 'as_val=${'$as_ac_Header'}
 +		 $as_echo "$as_val"'`
 +	       { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
 +$as_echo "$ac_res" >&6; }
 +else
 +  # Is the header compilable?
 +{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5
 +$as_echo_n "checking $ac_header usability... " >&6; }
 +cat >conftest.$ac_ext <<_ACEOF
 +/* confdefs.h.  */
 +_ACEOF
 +cat confdefs.h >>conftest.$ac_ext
 +cat >>conftest.$ac_ext <<_ACEOF
 +/* end confdefs.h.  */
 +$ac_includes_default
 +#include <$ac_header>
 +_ACEOF
 +rm -f conftest.$ac_objext
 +if { (ac_try="$ac_compile"
 +case "(($ac_try" in
 +  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
 +  *) ac_try_echo=$ac_try;;
 +esac
 +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
 +$as_echo "$ac_try_echo") >&5
 +  (eval "$ac_compile") 2>conftest.er1
 +  ac_status=$?
 +  grep -v '^ *+' conftest.er1 >conftest.err
 +  rm -f conftest.er1
 +  cat conftest.err >&5
 +  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
 +  (exit $ac_status); } && {
 +	 test -z "$ac_c_werror_flag" ||
 +	 test ! -s conftest.err
 +       } && test -s conftest.$ac_objext; then
 +  ac_header_compiler=yes
 +else
 +  $as_echo "$as_me: failed program was:" >&5
 +sed 's/^/| /' conftest.$ac_ext >&5
 +
 +	ac_header_compiler=no
 +fi
 +
 +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 +{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
 +$as_echo "$ac_header_compiler" >&6; }
 +
 +# Is the header present?
 +{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5
 +$as_echo_n "checking $ac_header presence... " >&6; }
 +cat >conftest.$ac_ext <<_ACEOF
 +/* confdefs.h.  */
 +_ACEOF
 +cat confdefs.h >>conftest.$ac_ext
 +cat >>conftest.$ac_ext <<_ACEOF
 +/* end confdefs.h.  */
 +#include <$ac_header>
 +_ACEOF
 +if { (ac_try="$ac_cpp conftest.$ac_ext"
 +case "(($ac_try" in
 +  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
 +  *) ac_try_echo=$ac_try;;
 +esac
 +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
 +$as_echo "$ac_try_echo") >&5
 +  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
 +  ac_status=$?
 +  grep -v '^ *+' conftest.er1 >conftest.err
 +  rm -f conftest.er1
 +  cat conftest.err >&5
 +  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
 +  (exit $ac_status); } >/dev/null && {
 +	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
 +	 test ! -s conftest.err
 +       }; then
 +  ac_header_preproc=yes
 +else
 +  $as_echo "$as_me: failed program was:" >&5
 +sed 's/^/| /' conftest.$ac_ext >&5
 +
 +  ac_header_preproc=no
 +fi
 +
 +rm -f conftest.err conftest.$ac_ext
 +{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
 +$as_echo "$ac_header_preproc" >&6; }
 +
 +# So?  What about this header?
 +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
 +  yes:no: )
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
 +$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
 +    ac_header_preproc=yes
 +    ;;
 +  no:yes:* )
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
 +$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
 +$as_echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
 +$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
 +$as_echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 +$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
 +    ( cat <<\_ASBOX
 +## ----------------------------------------------- ##
 +## Report this to http://www.squid-cache.org/bugs/ ##
 +## ----------------------------------------------- ##
 +_ASBOX
 +     ) | sed "s/^/$as_me: WARNING:     /" >&2
 +    ;;
 +esac
 +{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
 +$as_echo_n "checking for $ac_header... " >&6; }
 +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
 +  $as_echo_n "(cached) " >&6
 +else
 +  eval "$as_ac_Header=\$ac_header_preproc"
 +fi
 +ac_res=`eval 'as_val=${'$as_ac_Header'}
 +		 $as_echo "$as_val"'`
 +	       { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
 +$as_echo "$ac_res" >&6; }
 +
 +fi
 +if test `eval 'as_val=${'$as_ac_Header'}
 +		 $as_echo "$as_val"'` = yes; then
 +  cat >>confdefs.h <<_ACEOF
 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
 +_ACEOF
 +
 +fi
 +
 +done
 +
 +    if test x"$ac_cv_header_gssapi_gssapi_h" != x"yes"; then
 +
 +for ac_header in gssapi.h
 +do
 +as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
 +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
 +  { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
 +$as_echo_n "checking for $ac_header... " >&6; }
 +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
 +  $as_echo_n "(cached) " >&6
 +fi
 +ac_res=`eval 'as_val=${'$as_ac_Header'}
 +		 $as_echo "$as_val"'`
 +	       { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
 +$as_echo "$ac_res" >&6; }
 +else
 +  # Is the header compilable?
 +{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5
 +$as_echo_n "checking $ac_header usability... " >&6; }
 +cat >conftest.$ac_ext <<_ACEOF
 +/* confdefs.h.  */
 +_ACEOF
 +cat confdefs.h >>conftest.$ac_ext
 +cat >>conftest.$ac_ext <<_ACEOF
 +/* end confdefs.h.  */
 +$ac_includes_default
 +#include <$ac_header>
 +_ACEOF
 +rm -f conftest.$ac_objext
 +if { (ac_try="$ac_compile"
 +case "(($ac_try" in
 +  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
 +  *) ac_try_echo=$ac_try;;
 +esac
 +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
 +$as_echo "$ac_try_echo") >&5
 +  (eval "$ac_compile") 2>conftest.er1
 +  ac_status=$?
 +  grep -v '^ *+' conftest.er1 >conftest.err
 +  rm -f conftest.er1
 +  cat conftest.err >&5
 +  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
 +  (exit $ac_status); } && {
 +	 test -z "$ac_c_werror_flag" ||
 +	 test ! -s conftest.err
 +       } && test -s conftest.$ac_objext; then
 +  ac_header_compiler=yes
 +else
 +  $as_echo "$as_me: failed program was:" >&5
 +sed 's/^/| /' conftest.$ac_ext >&5
 +
 +	ac_header_compiler=no
 +fi
 +
 +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 +{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
 +$as_echo "$ac_header_compiler" >&6; }
 +
 +# Is the header present?
 +{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5
 +$as_echo_n "checking $ac_header presence... " >&6; }
 +cat >conftest.$ac_ext <<_ACEOF
 +/* confdefs.h.  */
 +_ACEOF
 +cat confdefs.h >>conftest.$ac_ext
 +cat >>conftest.$ac_ext <<_ACEOF
 +/* end confdefs.h.  */
 +#include <$ac_header>
 +_ACEOF
 +if { (ac_try="$ac_cpp conftest.$ac_ext"
 +case "(($ac_try" in
 +  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
 +  *) ac_try_echo=$ac_try;;
 +esac
 +eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
 +$as_echo "$ac_try_echo") >&5
 +  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
 +  ac_status=$?
 +  grep -v '^ *+' conftest.er1 >conftest.err
 +  rm -f conftest.er1
 +  cat conftest.err >&5
 +  $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
 +  (exit $ac_status); } >/dev/null && {
 +	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
 +	 test ! -s conftest.err
 +       }; then
 +  ac_header_preproc=yes
 +else
 +  $as_echo "$as_me: failed program was:" >&5
 +sed 's/^/| /' conftest.$ac_ext >&5
 +
 +  ac_header_preproc=no
 +fi
 +
 +rm -f conftest.err conftest.$ac_ext
 +{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
 +$as_echo "$ac_header_preproc" >&6; }
 +
 +# So?  What about this header?
 +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
 +  yes:no: )
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
 +$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
 +    ac_header_preproc=yes
 +    ;;
 +  no:yes:* )
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
 +$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
 +$as_echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
 +$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
 +$as_echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
 +$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
 +    { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
 +$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
 +    ( cat <<\_ASBOX
 +## ----------------------------------------------- ##
 +## Report this to http://www.squid-cache.org/bugs/ ##
 +## ----------------------------------------------- ##
 +_ASBOX
 +     ) | sed "s/^/$as_me: WARNING:     /" >&2
 +    ;;
 +esac
 +{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
 +$as_echo_n "checking for $ac_header... " >&6; }
 +if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
 +  $as_echo_n "(cached) " >&6
 +else
 +  eval "$as_ac_Header=\$ac_header_preproc"
 +fi
 +ac_res=`eval 'as_val=${'$as_ac_Header'}
 +		 $as_echo "$as_val"'`
 +	       { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
 +$as_echo "$ac_res" >&6; }
 +
 +fi
 +if test `eval 'as_val=${'$as_ac_Header'}
 +		 $as_echo "$as_val"'` = yes; then
 +  cat >>confdefs.h <<_ACEOF
 +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
 +_ACEOF
 +
 +else
 +  { { $as_echo "$as_me:$LINENO: error: neither <gssapi/gssapi.h> nor <gssapi.h> found" >&5
 +$as_echo "$as_me: error: neither <gssapi/gssapi.h> nor <gssapi.h> found" >&2;}
 +   { (exit 1); exit 1; }; }
 +
 +fi
 +
 +done
 +
 +    fi
 +fi
 +
 +# Check whether --enable-ntlm-fail-open was given.
 +if test "${enable_ntlm_fail_open+set}" = set; then
 +  enableval=$enable_ntlm_fail_open;  if test "$enableval" = "yes" ; then
 +
 +cat >>confdefs.h <<\_ACEOF
 +#define NTLM_FAIL_OPEN 1
 +_ACEOF
 +
 +  fi
 +
 +fi
 +
 +
 +EXTERNAL_ACL_HELPERS=
 +# Check whether --enable-external-acl-helpers was given.
 +if test "${enable_external_acl_helpers+set}" = set; then
 +  enableval=$enable_external_acl_helpers;  case "$enableval" in
 +  yes)
 +    echo "ERROR: --enable-external-acl-helpers requires an argument"
 +    exit 1
 +    ;;
 +  no)
 +    ;;
 +  *)
 +    EXTERNAL_ACL_HELPERS="`echo $enableval| sed -e 's/,/ /g;s/  */ /g'`"
 +  esac
 +
 +fi
 +
 +if test -n "$EXTERNAL_ACL_HELPERS"; then
 +    for helper in $EXTERNAL_ACL_HELPERS; do
 +	if test -f $srcdir/helpers/external_acl/$helper/Makefile.in; then
 +		:
 +	else
 +		echo "ERROR: external acl helper $helper does not exists"
 +		exit 1
 +	fi
 +    done
 +    echo "External acl helpers built: $EXTERNAL_ACL_HELPERS"
 +fi
 +
 +
 +
 +if test "$require_sasl" = "yes"; then
 +
 for ac_header in sasl/sasl.h sasl.h
 do
 --- include/autoconf.h.in.orig	2008-06-05 02:18:07.000000000 +0200
 +++ include/autoconf.h.in	2008-07-06 17:45:05.000000000 +0200
@@ -161,6 +161,12 @@
 /* Define to 1 if you have the <grp.h> header file. */
 #undef HAVE_GRP_H
 +/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
 +#undef HAVE_GSSAPI_GSSAPI_H
 +
 +/* Define to 1 if you have the <gssapi.h> header file. */
 +#undef HAVE_GSSAPI_H
 +
 /* Define to 1 if you have the `initgroups' function. */
 #undef HAVE_INITGROUPS
 --- helpers/negotiate_auth/squid_kerb_auth/Makefile.in.orig	2007-11-12 02:14:15.000000000 +0100
 +++ helpers/negotiate_auth/squid_kerb_auth/Makefile.in	2008-07-06 17:45:05.000000000 +0200
@@ -130,6 +130,18 @@
 INSTALL_PROGRAM = @INSTALL_PROGRAM@
 INSTALL_SCRIPT = @INSTALL_SCRIPT@
 INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
 +#-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS)
 +
 +# HEIMDAL
 +#KERBINC = -DHEIMDAL -I/usr/include/heimdal
 +#KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken
 +
 +# MIT
 +#KERBINC = 
 +#KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err
 +KERBINC = -DHEIMDAL @KERBINC@
 +KERBLIBS = @KERBLIBS@
 +KRB5CONFIG = @KRB5CONFIG@
 LDFLAGS = @LDFLAGS@
 LIBDLMALLOC = @LIBDLMALLOC@
 LIBOBJS = @LIBOBJS@
@@ -265,15 +277,6 @@
 squid_kerb_auth_SOURCES = $(SOURCE) $(SPNEGO)
 #-I$(top_srcdir)/include -I$(top_srcdir)/src
 LDADD = $(KERBLIBS)
 -#-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS)
 -
 -# HEIMDAL
 -#KERBINC = -DHEIMDAL -I/usr/include/heimdal
 -#KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken
 -
 -# MIT
 -KERBINC = 
 -KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err
 all: all-am
 .SUFFIXES:
 --- helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c.orig	2008-02-24 20:18:53.000000000 +0100
 +++ helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c	2008-07-06 17:45:05.000000000 +0200
@@ -24,6 +24,7 @@
 /*
  * Hosted at http://sourceforge.net/projects/squidkerbauth
  */
 +#include "config.h"
 #include <string.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -31,6 +32,7 @@
 #include <unistd.h>
 #include <time.h>
 #include <sys/time.h>
 +#include <sys/param.h>
 #include "base64.h"
 #ifndef HAVE_SPNEGO
@@ -47,7 +49,11 @@
 #define PROGRAM "squid_kerb_auth"
 #ifdef HEIMDAL
 +#ifdef HAVE_GSSAPI_GSSAPI_H
 +#include <gssapi/gssapi.h>
 +#else
 #include <gssapi.h>
 +#endif
 #define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE
 #else
 #include <gssapi/gssapi.h>
 --- helpers/negotiate_auth/squid_kerb_auth/spnegohelp/derparse.c.orig	2007-05-15 01:36:32.000000000 +0200
 +++ helpers/negotiate_auth/squid_kerb_auth/spnegohelp/derparse.c	2009-03-28 17:21:54.000000000 +0100
@@ -22,12 +22,19 @@
 //
 /////////////////////////////////////////////////////////////
 +#include "config.h"
 #include <stdlib.h>
 #include <stdio.h>
 #include <memory.h>
 #include "spnego.h"
 #include "derparse.h"
 +#ifdef WORDS_BIGENDIAN
 +#undef __LITTLE_ENDIAN__
 +#else
 +#define __LITTLE_ENDIAN__ 1
 +#endif
 +
 //
 // The GSS Mechanism OID enumeration values (SPNEGO_MECH_OID) control which offset in
 // the array below, that a mechanism can be found.
--- a/www/squid/files/patch-src-cf.data.pre
+++ b/www/squid/files/patch-src-cf.data.pre
@ -1,28 +1,6 @@
--- src/cf.data.pre.orig	Tue Jun 26 01:34:57 2007
+--- src/cf.data.pre.orig	2013-03-12 11:17:07.000000000 +0100
-+++ src/cf.data.pre	Mon Jul 16 20:02:21 2007
+++ src/cf.data.pre	2013-04-09 11:43:01.000000000 +0200
-@@ -1207,6 +1207,21 @@
+@@ -3849,6 +3849,10 @@
 	Note that for coss, max-size must be less than COSS_MEMBUF_SZ
 	(hard coded at 1 MB).
 +
 +	Note for FreeBSD users:
 +	COSS -- like aufs -- uses async IO so if you compiled Squid without
 +	support for the aufs storage type, COSS will use POSIX AIO.
 +	This means that you need to add the line
 +
 +	options VFS_AIO
 +
 +	to your kernel configuration in order to use COSS.
 +
 +	On FreeBSD 5 and higher you can load the aio(4) module and do not
 +	necessarily need to recompile your kernel.
 +
 +	If you compiled Squid with both support for aufs and COSS, COSS
 +	will use aufs' routines and does not need special kernel support.
 DOC_END
 NAME: logformat
@@ -1439,6 +1454,10 @@
 LOC: Config.pidFilename
 DOC_START
 	A filename to write the process-id to.  To disable, enter "none".
@ -32,19 +10,4 @@
 +	%%PREFIX%%/etc/rc.d/squid for details.
 DOC_END
- NAME: debug_options
+ NAME: log_fqdn
@@ -3275,12 +3294,12 @@
 NAME: cache_effective_user
 TYPE: string
 -DEFAULT: nobody
 +DEFAULT: %%SQUID_UID%%
 LOC: Config.effectiveUser
 DOC_START
 	If you start Squid as root, it will change its effective/real
 	UID/GID to the user specified below.  The default is to change
 -	to UID to nobody.  If you define cache_effective_user, but not
 +	to UID to %%SQUID_UID%%.  If you define cache_effective_user, but not
 	cache_effective_group, Squid sets the GID to the effective
 	user's default group ID (taken from the password file) and
 	supplementary group list from the from groups membership of
--- a/www/squid/files/patch-src_tools.cc
+++ b/www/squid/files/patch-src_tools.cc
@ -0,0 +1,11 @@
 --- src/tools.cc.orig	2014-08-19 13:38:40.000000000 +0400
 +++ src/tools.cc	2014-08-19 13:39:00.000000000 +0400
@@ -735,7 +735,7 @@
     uid = geteuid();
     debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever");
 -    if (setuid(0) < 0)
 +    if (setuid(0) < 0 && TheProcessKind != pkHelper)
         debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerror());
     if (setuid(uid) < 0)
--- a/www/squid/files/patch-tools-Makefile.in
+++ b/www/squid/files/patch-tools-Makefile.in
@ -1,11 +0,0 @@
 --- tools/Makefile.in.orig	2008-05-10 18:39:20.000000000 +0200
 +++ tools/Makefile.in	2008-05-10 18:40:02.000000000 +0200
@@ -791,6 +791,8 @@
 $(OBJS): $(top_srcdir)/include/version.h ../include/autoconf.h
 install-data-local:
 +	@echo "$(INSTALL_DATA) $(srcdir)/cachemgr.conf $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG).default"; \
 +	$(INSTALL_DATA) $(srcdir)/cachemgr.conf $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG).default;
 	@if test -f $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG) ; then \
 	        echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_CACHEMGR_CONFIG)" ; \
 	else \
--- a/www/squid/files/pkg-deinstall.in
+++ b/www/squid/files/pkg-deinstall.in
@ -1,47 +0,0 @@
 #!/bin/sh
 #
 # $FreeBSD$
 #
 PATH=/bin:/usr/bin:/usr/sbin
 squid_base="/var/squid"
 squid_cachedir="${squid_base}/cache"
 squid_confdir=${PKG_PREFIX}/etc/squid
 squid_logdir="${squid_base}/logs"
 case $2 in
 DEINSTALL)
 	cd ${squid_confdir} || exit 1
 	for f in cachemgr.conf mime.conf msntauth.conf squid.conf; do
 		cmp -s -z ${f} ${f}.default && rm ${f}
 	done
 	# try to cleanup directories in /var:
 	for d in ${squid_cachedir} ${squid_logdir} ${squid_base} ; do
 		rmdir ${d} 2>/dev/null
 	done
 	;;
 POST-DEINSTALL)
 	echo "===> post-deinstallation information for $1:"
 	echo ""
 	echo "     Note:"
 	echo "     Squid related user accounts and groups were not removed."
 	echo ""
 	echo "     To remove the '%%SQUID_UID%%' user and the '%%SQUID_GID%%' group which were"
 	echo "     created by a default installation of this package, run"
 	echo ""
 	echo "     pw userdel -n %%SQUID_UID%% -u 100"
 	if  [ -d ${squid_base} -o -d ${squid_confdir} ] ; then
 		echo ""
 		echo "     In order to ease updates the cache and log directories"
 		echo "     and all configuration files modified by you were preserved."
 		echo ""
 		echo "     Please remove them manually if you do not want to use"
 	       	echo "     Squid any longer."
 	fi
 	echo ""
 	;;
 *)
 	exit 64
 	;;
 esac
 exit 0
--- a/www/squid/files/pkg-install.in
+++ b/www/squid/files/pkg-install.in
@ -5,66 +5,55 @@
 PATH=/bin:/usr/bin:/usr/sbin
 pkgname=$1
-squid_base="/var/squid"
+squid_homedir="/var/squid"
 squid_cache_basedir="${squid_homedir}/cache"
 squid_confdir="${PKG_PREFIX:-%%PREFIX%%}/etc/squid"
-if [ -x /usr/sbin/nologin ]; then
+squid_logdir="/var/log/squid"
-	nologin=/usr/sbin/nologin
+# these are hardcoded, see /usr/ports/UIDs and /usr/ports/GIDs:
-else
+squid_user=squid
-	nologin=/sbin/nologin
+squid_group=squid
 fi
 squid_user="%%SQUID_UID%%"
 squid_group="%%SQUID_GID%%"
 squid_gid=100
 squid_uid=100
 case $2 in
 PRE-INSTALL)
 	echo "===> Pre-installation configuration for ${pkgname}"
-	if ! pw groupshow ${squid_group} -q >/dev/null ; then
+	;;
-		echo "There is no group '${squid_group}' on this system, so I will try to create it (using group id ${squid_gid}):"
+POST-INSTALL)
-		if ! pw groupadd ${squid_group} -g ${squid_gid} -q ; then
+	# Since we usually start the Squid master process as ${squid_user}
-			echo "Failed to create group \"${squid_group}\"!" >&2
+	# instead of root make sure that ${squid_homedir} is writable for it.
-			echo "Please create it manually." >&2
+	if [ ! -d ${squid_homedir} ]; then
-			exit 1
+		echo "Creating ${squid_homedir}..."
-		else
+		install -d -o root -g ${squid_group} \
-			echo "Group '${squid_group}' created successfully:"
+		    -m 0775 ${squid_homedir}
 		fi
 	else
-		echo "I will use the existing group '${squid_group}':"
+		chgrp ${squid_group} ${squid_homedir}
 		chmod g+w ${squid_homedir}
 	fi
-	pw groupshow ${squid_group}
+	if [ ! -d ${squid_cache_basedir} ]; then
-
+		echo "Creating ${squid_cache_basedir} ..."
 	if ! pw usershow ${squid_user} -q >/dev/null ; then
 		echo "There is no account '${squid_user}' on this system, so I will try to create it (using user id ${squid_uid}):"
 		if ! pw useradd -q -n ${squid_user} \
 		    -u ${squid_uid} -g ${squid_group} \
 	  	    -c "Squid caching-proxy pseudo user" \
 		    -d "${squid_base}" -s "${nologin}" \
 		    -h - ; then
 			echo "Failed to create user '${squid_user}'!" >&2
 			echo "Please create it manually." >&2
 			exit 1
 		else
 			echo "User '${squid_user}' created successfully:"
 		fi
 	else
 		echo "I will use the existing user '${squid_user}':"
 	fi
 	pw usershow ${squid_user}
 	for dir in cache logs; do
 	if [ ! -d ${squid_base}/${dir} ]; then
 		echo "Creating ${squid_base}/${dir}..."
 		install -d -o ${squid_user} -g ${squid_group} \
-		    -m 0750 ${squid_base}/${dir}
+		    -m 0750 ${squid_cache_basedir}
 	else
 		chown ${squid_user} ${squid_cache_basedir}
 		chgrp ${squid_group} ${squid_cache_basedir}
 		chmod 0750 ${squid_cache_basedir}
 	fi
 	done
 	if [ ! -d ${squid_confdir} ]; then
 		echo "Creating ${squid_confdir}..."
 		install -d -o root -g ${squid_group} \
 		    -m 0755 ${squid_confdir}
 	else
 		chgrp ${squid_group} ${squid_confdir}
 	fi
-	;;
+	if [ ! -d ${squid_logdir} ]; then
-POST-INSTALL)
+		echo "Creating ${squid_logdir}..."
-	for file in cachemgr.conf mime.conf squid.conf; do
+		install -d -o ${squid_user} -g ${squid_group} \
 		    -m 0750 ${squid_logdir}
 	else
 		chown ${squid_user} ${squid_logdir}
 		chgrp ${squid_group} ${squid_logdir}
 	fi
 	for file in cachemgr.conf errorpage.css mime.conf msntauth.conf squid.conf; do
 		if [ ! -f ${squid_confdir}/${file} \
 		    -a -f ${squid_confdir}/${file}.default ]; then
 			echo "Creating ${file} from default..."
--- a/www/squid/files/pkg-message.in
+++ b/www/squid/files/pkg-message.in
@ -1,28 +1,33 @@
     o You can find the configuration files for this package in the
       directory %%PREFIX%%/etc/squid.
-     o The default cache directory is /var/squid/cache.
+     o The default cache directory is /var/squid/cache/squid/.
-       The default log directory is /var/squid/logs.
+       The default log directory is /var/log/squid/.
       Note:
       You must initialize new cache directories before you can start
-       squid.  Do this by running "squid -z" as 'root' or '%%SQUID_UID%%'.
+       squid.  Do this by running "squid -z" as 'root' or 'squid'.
       If your cache directories are already initialized (e.g. after an
       upgrade of squid) you do not need to initialize them again.
-     o The default configuration will deny everyone but local networks
+     o The default configuration will deny everyone but the local host and
-       as defined in RFC 1918 access to the proxy service.
+       local networks as defined in RFC 1918 for IPv4 and RFCs 4193 and
-       Edit the "http_access allow/deny" directives in
+       4291 for IPv6 access to the proxy service.  Edit the "http_access
-       %%PREFIX%%/etc/squid/squid.conf to suit your needs.
+       allow/deny" directives in %%PREFIX%%/etc/squid/squid.conf
       to suit your needs.
     To enable Squid, set squid_enable=yes in either
     /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid
     Please see %%PREFIX%%/etc/rc.d/squid for further details.
     Note:
-     If you just updated your Squid installation from 2.6 or earlier,
+     If you just updated your Squid installation from an earlier version,
-     make sure to check your Squid configuration against the 2.7 default
+     make sure to check your Squid configuration against the 3.3 default
-     configuration file %%PREFIX%%/etc/squid/squid.conf.default.
+     configuration file %%PREFIX%%/etc/squid/squid.conf.sample.
     %%PREFIX%%/etc/squid/squid.conf.documented is a fully annotated
     configuration file you can consult for further reference.
     Additionally, you should check your configuration by calling
     'squid -f /path/to/squid.conf -k parse' before starting Squid.
--- a/www/squid/files/squid.in
+++ b/www/squid/files/squid.in
@ -13,7 +13,7 @@
 # Additional variables you can define in one of these files:
 #
 # squid_chdir:	the directory into which the rc system moves into before
-# 		starting Squid. Default: /var/squid/logs
+# 		starting Squid. Default: /var/squid
 #
 # squid_conf:	The configuration file that Squid should use.
 #		Default: %%PREFIX%%/etc/squid/squid.conf
@ -24,7 +24,7 @@
 #		system call is not available in FreeBSD versions prior to 7.1.
 #
 # squid_user:	The user id that should be used to run the Squid master
-#		process. Default: %%SQUID_UID%%.
+#		process. Default: squid.
 #		Note that you probably need to define "squid_user=root" if
 #		you want to run Squid in reverse proxy setups or if you want
 #		Squid to listen on a "privileged" port < 1024.
@ -32,19 +32,67 @@
 # squid_pidfile:
 #		The name (including the full path) of the Squid
 #		master process' PID file.
-#		Default: /var/squid/logs/squid.pid.
+#		Default: /var/run/squid/squid.pid.
 #		You only need to change this if you changed the
 #		corresponding entry in your Squid configuration.
 #
 # squid_flags:	Additional commandline arguments for Squid you might want to
 #		use. See squid(8) for further details.
 #
 # squid_krb5_ktname:
 #		Alternative Kerberos 5 Key Table.
 #		Default: none
-squid_checkrunning() {
+. /etc/rc.subr
-	${command} ${squid_flags} -k check 2>/dev/null
+
 name=squid
 rcvar=squid_enable
 # Make sure that we invoke squid with "-f ${squid_conf}"; define this
 # variable early so reload_cmd and stop_precmd pick it up:
 extra_commands=reload
 reload_cmd=squid_reload
 start_precmd=squid_prestart
 start_postcmd=squid_getpid
 stop_precmd=squid_prestop
 stop_postcmd=squid_poststop
 # squid(8) will not start if ${squid_conf} is not present so try
 # to catch that beforehand via ${required_files} rather than make
 # squid(8) crash.
 squid_load_rc_config()
 {
 	: ${squid_chdir:=/var/squid}
 	: ${squid_conf:=%%PREFIX%%/etc/squid/squid.conf}
 	: ${squid_enable:=NO}
 	: ${squid_program:=%%PREFIX%%/sbin/squid}
 	: ${squid_pidfile:=/var/run/squid/squid.pid}
 	: ${squid_user:=squid}
 	required_args="-f ${squid_conf}"
 	required_dirs=$chdir
 	required_files=$squid_conf
 	command_args="${required_args} ${squid_flags}"
 	procname="?squid-*"
 	pidfile=$squid_pidfile
 	state_dir=/var/run/squid
 }
-squid_setfib() {
+squid_prestart()
 {
 	# prepare the state directory:
 	[ -d ${state_dir} ] && rm -rf ${state_dir}
 	install -d -o ${squid_user} -m 0755 ${state_dir}
 	# setup KRB5_KTNAME:
 	squid_krb5_ktname=${squid_krb5_ktname:-"NONE"}
 	if [ "${squid_krb5_ktname}" != "NONE" ]; then
 		export KRB5_KTNAME=${squid_krb5_ktname}
 	fi
 	# setup FIB tables:
 	if command -v check_namevarlist > /dev/null 2>&1; then
 		check_namevarlist fib && return 0
 	fi
@ -52,47 +100,45 @@ squid_setfib() {
 	${SYSCTL} net.fibs >/dev/null 2>&1 || return 0
 	squid_fib=${squid_fib:-"NONE"}
-	if [ "x${squid_fib}" != "xNONE" ]; then
+	if [ "${squid_fib}" != "NONE" ]; then
-		command="setfib -F ${squid_fib} ${command}"
+		command="setfib -F $squid_fib $command"
 	else
 		return 0
 	fi
 }
-squid_stop() {
+squid_reload()
-	echo "Stopping ${name}."
+{
-	${command} ${squid_flags} -k shutdown
+
-	run_rc_command poll
+	$command $required_args $squid_flags -k reconfigure
 }
-. /etc/rc.subr
+squid_getpid()
 {
 	# retrieve the PID of the Squid master process explicitly here
 	# in case rc.subr was unable to determine it:
 	if [ -z "$rc_pid" ]; then
 		while ! [ -f ${pidfile} ]; do
 			sleep 1
 		done
 		read _pid _junk <${pidfile}
 		[ -z "${_pid}" ] || pid=${_pid}
 	else
 		pid=${rc_pid}
 	fi
 }
-name=squid
+squid_prestop()
-rcvar=squid_enable
+{
 	command_args="$command_args -k shutdown"
 	$command $required_args $squid_flags -k check 2>/dev/null
 }
-command=%%PREFIX%%/sbin/squid
+squid_poststop()
-extra_commands=reload
+{
-reload_cmd="${command} ${squid_flags} -k reconfigure"
+	rm -rf ${state_dir}
-start_precmd="squid_setfib"
+}
 stop_precmd="squid_checkrunning"
 stop_cmd="squid_stop"
-load_rc_config ${name}
+load_rc_config $name
-
+squid_load_rc_config
-squid_chdir=${squid_chdir:-"/var/squid/logs"}
+run_rc_command $1
 squid_conf=${squid_conf:-"%%PREFIX%%/etc/squid/squid.conf"}
 squid_enable=${squid_enable:-"NO"}
 squid_flags=${squid_flags-"-D"}
 squid_pidfile=${squid_pidfile:-"/var/squid/logs/squid.pid"}
 squid_user=${squid_user:-%%SQUID_UID%%}
 pidfile=${squid_pidfile}
 required_dirs=${squid_chdir}
 # squid(8) will not start if ${squid_conf} is not present so try
 # to catch that beforehand via ${required_files} rather than make
 # squid(8) crash.
 required_files=${squid_conf}
 run_rc_command "$1"
--- a/www/squid/pkg-descr
+++ b/www/squid/pkg-descr
@ -1,10 +1,5 @@
-Squid is a high-performance proxy caching server for web clients,
+Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite)
-supporting FTP, gopher, and HTTP data objects. Unlike traditional
+HTTP/1.1 compliant. Squid offers a rich access control, authorization and
-caching software, Squid handles all requests in a single, non-blocking,
+logging environment to develop web proxy and content serving applications.
 I/O-driven process.
 Squid supports SSL, extensive access controls, and full request logging.
 By using the lightweight Internet Cache Protocol, Squid caches can be
 arranged in a hierarchy or mesh for additional bandwidth savings.
 WWW: http://www.squid-cache.org/
--- a/www/squid/pkg-plist
+++ b/www/squid/pkg-plist
--- a/www/squid33/Makefile
+++ b/www/squid33/Makefile
@ -25,12 +25,15 @@ PATCHFILES=	FreeBSD_silence_nosuid_mk1.patch:nosid
 MAINTAINER=	ports@FreeBSD.org
 COMMENT=	HTTP Caching Proxy
 DEPRECATED=	Reached EOL on 13 July 2013, use www/squid (v3.4) instead
 EXPIRATION_DATE=2015-01-31
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/COPYING
 SQUID_STABLE_VER=	13
-CONFLICTS_INSTALL=	squid-2.[0-9].* squid32-* cacheboy-[0-9]* lusca-head-[0-9]*
+CONFLICTS_INSTALL=	squid-3*
 USES=		perl5 tar:bzip2 shebangfix
 SHEBANG_FILES=	scripts/*.pl contrib/*.pl src/*.pl tools/*.pl\