Update to 2.5.STABLE12

PR:             ports/88327
Submitted by:   maintainer

Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- document that tcp_outgoing_xxx works badly in combination with
  server_persistent_connections (squid bug #454)
- add more tracing in test mode of squid_ldap_auth (squid bug #1395)
- fix breakage of accel_single_host when combined with
  server_persistent_connection (squid bug #1402)
- correctly implement the CACHE_HTTP_PORT configuration directive
  (squid bug #1403)
- fix the problem that CNAME addresses were remembered with a wrong TTL
  (squid bug #1404)
- fix incorrect handling of squid-internal-dynamic/netdb in conjunction with
  httpd_accel/transparent proxies (squid bug #1410)
- properly revalidate the cache on HEAD requests (squid bug #1411)
- correct handling of Set-Cookie headers on cache refreshes (squid bug #1419)
- fix a vulnerability in the FTP parsing code (squid bug #1426)

PR:             ports/87637
Submitted by:   maintainer

Fix smb_auth helper

PR:             86850
Pointed by:     Dean M. Phillips <dmphilli@gmail.com>
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

Integrate a patch from
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
- fix delay pools behaviour which was broken by the patch for squid bug #500,
  introduced in squid-2.5.10_6 (squid bug #1405)

PR:             ports/86669
Submitted by:   maintainer

- Update to 2.5-STABLE11
- Adapt the follow-XFF patches to the changes to squid's sources

PR:             ports/86472
Submitted by:   maintainer

Update the NTLM-scheme patch to version 2. The first version of the patch is
broken (cf <http://www.squid-cache.org/bugs/show_bug.cgi?id=1391>).

PR:             ports/86215
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

- Integrate the following vendor patches:
  - LDAP helpers do not work with TLS (-Z option)
    (squid bug #1389)
  - Incorrect store dir selection debug message on objects >2G
    (squid bug #1343)
  - Enums cannot be assumed to be signed ints
    (squid bug #1343)
  - Allow leaving core dumps on Linux
    (squid bug #1335)
  - Do not let clients bypass delay pools by faking a cache hit
    (squid bug #500)
  - Fix problems regarding CONNECT requests when squid is configured with
    "pipeline_prefetch on"
  - Fix a possible DOS condition which may be triggered by certain NTLM
    authentication requests
    (squid bug #1391)
- Remove patching relevant to recently removed pf from ports option

PR:             ports/86179
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

- Remove dependencies on security/pf, it was removed. pf is in base since
  502106

Pointy hat to:  pav

- Fix somewhat messed up titles in FTP listings (squid bug #1220)
- FTP listings use "BASE HREF" much more than necessary (squid bug #1204)
- Cleanups for 64bit architectures (squid bug #1316)
- Allow wb_ntlm_auth to run more silent (squid bug #518)
- Add a new 'mail_program' configuration option
- Fix a possible denial of service condition regarding sslConnectTimeout
  (squid bug #1355, Secunia Advisory SA16674)
- Avoid a possible assertion failure in StatHist.c (squid bug #1325)
- Fix issues regarding chroot'ed installations on 'squid -k reconfigure'
  (squid bug #1331)
- Make URLs in error pages more consistent and less confusing (squid bug #1342)
- Fix compilation when _FORTIFY_SOURCE is defined (squid bug #1344)
- Fix handling of unexpected 250 replies from certain odd FTP servers
  (squid bug #1348)
- Add Greek error pages (squid bug #1351)
- Fix a possible denial of service condition with regards to aborted requests
  (squid bug #1368)
- Fix the -U option of squid_ldap_auth (squid bug #1370)
- Fix the output of the SNMP cacheClientTable for IP adresses that consist of
  16 digits (squid bug #1375)
- Make the From: field of mails sent from squid configurable to avoid
  mails getting lost due to spam filtering (squid bug #1380)

PR:             ports/85688
Submitted by:   maintainer

- Update transparent patch.

PR:             ports/82838
Submitted by:   maintainer

Update the chroot vendor patch to version 2, cf
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-chroot

PR:             ports/82739
Submitted by:   maintainer

- Integrate the following vendor patches as published on
  <http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

  + double content-length often harmless (squid bug #1305)
  + update spanish error pages
  + squid internal icons were served with slightly incorrect headers
    (squid bug #1275)
  + squid -k fails in combination with chroot (squid bug #1307)
  + core dump with --enable-ipf-transparent if access to NAT device is denied
    (squid bug #1313)
  + http_accel_single_host incompatible with redirection (squid bug #1314)
  + squid -k reconfigure caused data corruption when a cache_dir type had been
    changed (squid bug #1308)
  + SNMP getnext failed if the given OID was outside the squid MIB (squid bug
    #1317)

PR:             ports/82703
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

- Read cachemgr.conf rather than cachemgr.conf.default
- Add a missing %SUBDIR% in MASTER_SITES

PR:             ports/81319
Submitted by:   maintainer

- Update Squid to 2.5.STABLE10

PR:             ports/81213
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

- update distinfo for the updated syslog patch
- remove local patch that is now incorporated into the corresponding
  vendor patch (with slightly different wording)

PR:             ports/80367
Submitted by:   maintainer

- Update distinfo for the 2GB patch, this includes a fix for
  squid bugs #1283, 1287 and 1288 (assertion failed in store_client.c:343).
  (already committed)

- Bump portrevision as a datapoint for this bugfix.

PR:             80163
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

- according web page, the patch file is rerolled at 2005-04-20 14:59 again
  http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-2GB

Noticed by:     kris

- the patch is repacked at 2005-04-18 00:57, after maintainer submit PR 80028

- diff is listed below:

--- /tmp/squid-2.5.STABLE9-2GB.patch    Mon Apr  4 17:09:16 2005
+++ /usr/ports/distfiles/squid2.5/squid-2.5.STABLE9-2GB.patch   Mon Apr 18
08:57:57 2005
@@ -3000,7 +3000,7 @@
       }
       /* there are some things we cannot do yet */
 Index: squid/src/protos.h
-diff -c squid/src/protos.h:1.420.2.28 squid/src/protos.h:1.420.2.32
+diff -c squid/src/protos.h:1.420.2.28 squid/src/protos.h:1.420.2.30
 *** squid/src/protos.h:1.420.2.28      Fri Mar 18 17:01:52 2005
 --- squid/src/protos.h Sat Mar 26 10:36:01 2005
 ***************

Integrate the following vendor patches as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

- Correct several minor aufs issues (squid bug #671)
- Basic authentification fails when login+password totalled to more than
  64 characters (squid bug #1171)
- Fix an assertion that could occur when traffic other than HTTPS was
  tunneled through squid via the CONNECT method (squid bug #1269)
- Make the --disable-hostname-check configuration option actually work
  (squid bug #1270)
- Fix aufs warning about open filedescriptors when the cache was shut down
  (squid bug #671)
- Allow squid to process requests for files larger than 2GB in size
  (squid bug #437)

- Chase checksum of the updated pid_t patch

PR:             ports/78897
Submitted by:   maintainer

- Integrate the following vendor patches as published on
  <http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
  + Handle odd data formats (squid bug #321)
  + reload_into_ims fails to revalidate negatively cached entries
    (squid bug #1159)
  + Clarify delay_access function (squid bug #1245)
  + Check several squid.conf directives for int overflows (squid bug #1247)
  + Use memset(3) instead of bzero(3) (squid bug #1256)
  + Fix compile warnings due to pid_t not being an int (squid bug #1257)
  + Fix incorrect use of ctype functions (squid bug #1259)
  + Defer digest fetch if the peer is not allowed to be used (squid bug #1262)
  + Extend relaxed_header_parser to work around "excess data from" errors from
    many major web servers (squid bug #1265)

- Enable IPFilter based transparent proxying on all FreeBSD versions where
  IPFilter headers are part of the base system (i.e. RELENG_4 < 4.7-RELEASE,
  RELENG_5 and 6-CURRENT). Create a new OPTION WITH_SQUID_IPFILTER for this
  purpose. Thanks to sem@ for keeping track of this issue!

PR:             ports/78780
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

Integrate the following vendor patches as published on
- correct a race condition related to the Set-Cookie header
- correct the FTP parser with regards to the EPLF format
  (squid bug #1252)
- correct FTP listing output when the URL was requested without a trailing
  slash (squid bug #1253)
- make ACL configuration errors fatal (squid bug #1255)

PR:             ports/78446
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

- Update to 2.5.STABLE9

PR:             ports/78079
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

* Vendor patches:
- fix some cross-platform build format warnings
- allow high characters in generated FTP and Gopher directory listings
  (squid bug #1220)
  - cleanup generation of FTP URLs
  - relax the newly introduced strict HTTP parser slightly to work around some
    more malformed HTTP responses (squid bug #1242)

PR:             ports/77779
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

- Update to 2.5-STABLE8
- Integrate a vendor patch from:
  http://www.squid-cache.org/Versions/v2/2.5/bugs/
  it fixes a major problem regarding the handling of invalid DNS responses

PR:             ports/77423
Submitted by:   maintainer

- Update header_parsing.patch

PR:             ports/77360
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

Integrate the following vendor patch as published on
<http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

 - Address HTTP protocol mismatch related to oversized reply headers and
   enhance cache.log on reply header parsing failures (squid bug #1216)
 - correct the search request generated by the LDAP authentication helper
 - fix a race within the NTLM authentication mechanism (squid bug #1127)
 - fix handling of failed PUT/POST requests (squid bug #1224)
 - fix problems with persistent server connections after failed PUT/POST
   requests (squid bug #1122)
 - improve handling of forged WCCP packets (squid bug #1225)

PR:             ports/76967
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Security:      
http://vuxml.freebsd.org/bfda39de-7467-11d9-9e1e-c296ac722cb3.html

- Fix fetching.
  * The response_splitting patch has been updated
    to correct a problem with cache digests.

PR:             ports/76889
Submitted by:   maintainer

- Integrate a vendor patch against a buffer overflow in the WCCP handling,
  see
<http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow>
  and <http://www.squid-cache.org/Advisories/SQUID-2005_3.txt>.

PR:             ports/76827
Submitted by:   maintainer

Sync follow-XFF with the latest vendor patch.

PR:             ports/76801
Submitted by:   maintainer

- Integrate vendor patches as published on
  <http://www.squid-cache.org/Versions/v2/2.5/bugs/>:
  + Reject malformed HTTP requests and responses that conflict with the HTTP
    specifications
    This issue is qualified as a security issue by the vendor.
  + PURGE is allowed to delete internal objects (squid bug #1112)
  + Disable Path-MTU discovery on intercepted requests (squid bug #1154)

  (VuXML vid=b4d94fa0-6e38-11d9-9e1e-c296ac722cb3)

- Clean up and correct package list generation. Now installed files
  and directories are visible via PLIST_FILES and PLIST_DIRS.
- Don't claim that squid related files or directories are still present
  after deinstallation when in fact they are not.
- Add "-g" to CFLAGS when WITH_SQUID_STACKTRACES is defined to make this
  option actually useful.

PR:             ports/76628
Submitted by:   maintainer

[Maintainer/security] www/squid: protect against HTTP resonse split
attack and other patches

    Integrate vendor patches as published on
    <http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

    - FTP data connection fails on some FTP servers when requesting
      a directory without a trailing slash (squid bug #1194)

    - Icons fail to load on non-anonymous FTP when using the
      short_icons_url configuration directive (squid bug #1203)

    - Strengthen squid against HTTP response splitting cache pollution
      attacks (squid bug #1200), classified as security issue by
      the vendor

[Maintainer/Security] www/squid: integrate vendor patches

        Integrate vendor patches as published on
        <http://www.squid-cache.org/Versions/v2/2.5/bugs/>:

        - Sanity check usernames in squid_ldap_auth (squid bug #1187),
          classified as minor security issue by the vendor, see below for VuXML
          information
        - FQDN names truncated on compressed DNS responses (squid bug #1136)
        - Internal DNS memory leak on malformed responses (squid bug #1197)

PR:             ports/76364
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

- Integrate vendor patches as published on
  <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for the following
  issues:
  + Prevent a possible denial of service attack via WCCP messages (squid bug
    #1190), classified as security issue by the vendor
  + Fix a buffer overflow in the Gopher to HTML conversion routine (squid bug
    #1189), classified as security issue by the vendor
  + Fix a null pointer access and plug memory leaks in the fake_auth NTLM
    helper (squid bug #1183) (this helper app is not installed by default by
    the port)
  + Stop closing open filedescriptors beyond stdin, stdout and stderr on
    startup (squid bug #1177)

- Unbreak the port on NO_NIS systems (thanks to "Alexander <freebsd AT
  nagilum.de>" for reporting this)

- Document the two security issues in VuXML.

PR:             ports/76173
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Approved by:    erwin (mentor)

Patch was rerolled because of some bug fixes.

Approved by:    maintainer

Handle empty ACL definitions properly.

PR:             ports/75403
Submitted by:   maintainer

Integrate the following vendor patches as published on
http://www.squid-cache.org/Versions/v2/2.5/bugs/:

- a malformed hostname can cause squid to return random data as error messages,
  possibly leaking internal information from former requests (squid bug #1143).
  (This is classified as a minor security issue by the squid developers, so
  maintainer cc'ed security-team@. See VuXML entry.)
- the "httpd_accel_port 0" directive does not work on its own (squid bug #1121)
- fix crashes occuring when using cachemgr's "vm_objects" operation (squid
  bug #1149)

PR:             ports/74859
Submitted by:   maintainer

- fix shutting down of helper applications on reconfigure or
  logrotation (squid bug #1118)
- properly close the client TCP connection when a malformed blank
  HTTP response was received from the server (squid bug #1116)

PR:             ports/73913
Submitted by:   maintainer

- Integrate the following vendor patches:
  - document the LDAP helpers' -v option
  - correct the implementation of the req_header and resp_header acls
    (the original implementation submitted in squid bug #961 was faulty)
    See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further details.
- Bump PORTREVISION

PR:             ports/73154
Submitted by:   Thomas-Martin Seck (maintainer)

- Integrate a vendor patch that prevents squid from consuming 100%
  CPU for half closed PUT/POST requests (squid bugs #354, 1096).
  See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further
  details.
- Adapt the follow_xff patch to changes in some of squid's data
  structures and unbreak the WITH_SQUID_FOLLOW_XFF option.
- Bump PORTREVISION.

PR:             ports/72840
Submitted by:   Thomas-Martin Seck (maintainer)

- Update to 2.5-STABLE7; this release fixes a security issue regarding
  the SNMP module
- Remove a patch that is now part of the distribution
- Miscellaneuous small fixes:
  + in squid.sh, make stop_command poll for the squid processes' exit in
    the rcNG case too; this eliminates the need to do this in restart_command
  + make the information regarding rcNG'ness in pkg-install easier to read
  + install unstripped binaries if WITH_SQUID_STACKTRACES is defined

PR:             ports/72581
Submitted by:   Thomas-Martin Seck (maintainer)

- Unbreak fetching squid again:
  The recently updated client_db_gc patch has been reissued again;
  according to squid CVS to "finetune the client db garbage collection
  interval".  Update distinfo accordingly and bump PORTREVISION.

PR:             ports/72461 [1], ports/72463 [2]
Submitted by:   Sunpoet Po-Chuan Hsieh <sunpoet@sunpoet.net> [1],
                Thomas-Martin Seck (maintainer) [2]
Approved by:    portsmgr (krion)

- Unbreak fetching:
  The client_db_gc patch contained a wrong debugging information
  and was thus reissued by the vendor.
  Update distinfo accordingly and bump PORTREVISION.

PR:             ports/72387
Submitted by:   Thomas-Martin Seck (maintainer)
Approved by:    portsmgr (krion)

Implement vendor patches for the following issues:
- try to prevent crashes of the digest helper (squid bug #1031)
- correct parsing of the acl_time directive when multiple time specifications
  are given (squid bug #1060)
- correct "cachemgr config" output for http_header_* directives
  (squid bug #1056)
- recognize the Content-Disposition header to be able to specify
  http_header_access directives using it (squid bug #961)

See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further
information.

Reimplement the rcNG support. See UPDATING for details.

PR:             ports/71260
Submitted by:   maintainer

Integrate vendor patches for the following issues:
- close a memory leak when NTLM authentication without challenge reuse
  is used (squid bug #994)
- close a temporary memory leak when NTLM challenge response reuse is
  enabled (squid bug #910)
- when performing log rotation with 'squid -k rotate' do not crash if a
  swap state file or a cache directory is unwriteable (squid bug #1053)

See <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for further
information.

PR:             ports/71082
Submitted by:   maintainer

Fix grammatical and whitespace errors in squid.conf.default.

Set supplementary group membership correctly when running squid
as a non-root user and do not ignore the squid_group setting
when starting squid as root (squid bug #1021)

Enable the external_acl helper protocol to handle newlines
in the embedded data (squid bug #1038)

PR:             ports/70767
Submitted by:   maintainer

* Integrate a vendor patch for a possible DOS against the NTLM
  authentication helpers, see squid bug #1045.
* Bump PORTREVISION.

PR:             ports/70707
Submitted by:   maintainer

The ldap_helpers patch has been updated again; see squid bug
#1032 for details.

PR:             ports/70312
Submitted by:   maintainer

Integrate new vendor patches:
- fix a problem in the heap policy code that could cause memory
  corruption when a {cache,memory}_replacement_policy other
  than the default "lru" was used (squid bug #1009)
- correct quoting of unknown % escape codes when generating
  error pages (squid bug #1030)

PR:             ports/70110
Submitted by:   maintainer

[Maintainer] www/squid: chase re-issued patch, unbreak fetching

    The concurrent_dns_lookups patch was reissued, update distinfo accordingly.

    See <http://www.squid-cache.org/bugs/show_bug.cgi?id=852> for
    further information.

PR:             ports/69764
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

- integrate a new version of the LDAP update patch, the
  problems with the previous version are hopefully fixed (squid bug #1018)
- integrate a new NTLM authentication patch to address a problem with
  truncating NTLM authentication blobs (squid bug #1016)
- remove two patches which were withdrawn (see squid bugs #910
  and 994)

PR:             ports/69719
Submitted by:   maintainer

Fix a bug that disallowed explicit unsetting of the squid_flags variable.

PR:             69670
Submitted by:   maintainer

- Tweaks to RC script
- Fix dynamic plist generation to not include files that happen to be
  in target directories. This prevents their removal on deinstallation
  or upgrade.

PR:             ports/69552, ports/69266
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

Remove ldap_helpers.patch

PR:             ports/69487 (partially)
Submitted by:   maintainer

Remove squid-2.5.STABLE6-ldap_helpers.patch until it is fixed.
cf <http://www.squid-cache.org/bugs/show_bug.cgi?id=1018>

Do not bump PORTREVISION, since
a) ldap is not in the default configuration
b) we hope to have that fixed soon

PR:             69465
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

The ldap_helpers patch has been rerolled (a missing return
statement was inserted).

PR:             ports/69408
Submitted by:   maintainer

Integrate the following vendor patches as published on
http://www.squid-cache.org/Versions/v2/2.5/bugs/:

- fix a memory leak in client_db (squid bug #833)
- add delay pools information to cachemgr's active_requests
  page
- make basic authentication operate case insensitive by
  default, case sensitive operation can be enabled via
  squid.conf
- log if cache files cannot be created for some reason
- make sure that a HTTP HEAD request does not return stale data
- correctly log partial hits as TCP_MISS instead of TCP_HIT
- fix memory leaks within the NTLM authentication helper
- handle the request_header_max_size directive correctly
- avoid creating a large number of queued DNS lookups for the
  same domain in case of DNS problems
- update LDAP helper

PR:             ports/69307
Submitted by:   maintainer

Update to 2.5-STABLE6

PR:             ports/69060
Submitted by:   maintainer

Fix the patch that simulates the autotools bootstrap for the
follow-xff-patchset (thanks to Michael Ranner for spotting the
problem and testing the fix). While at it, wordsmith the
comments in the patch.

Use the official patch for the NTLM auth helper vulnerability,
see <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for
details.

Build install the SMB basic authentication helpers by default

PR:             ports/68448
Submitted by:   maintainer

Correct the patch for the NTLM helper vulnerability according
to <http://www.squid-cache.org/bugs/show_bug.cgi?id=998>

Apply some cleanups:
 + prefer PATCHDIR over FILEDIR when referring patches
 + remove unnecessary quotes
 + move all substitution tasks to the post-patch target
 + use "${FALSE}" instead of "exit 1" to generate error 1 from a shell

Bump PORTREVISION

PR:             ports/68078
Submitted by:   maintainer

- Support systems where pf(4) must be installed from ports (see
  ports/67724, submitted by Michal F. Hanula)
- Change ": foo=${foo:=bar}" into "foo=${foo:-bar}" to make the
  shell scripts easier to read and understand
- Correct credits for the recently published NTLM auth
  vulnerability and fix a nearby braino, too
- Bump PORTREVISION

PR:             ports/67797
Submitted by:   maintainer

Add a couple of patches, including one for a buffer overflow in the NTLM
authentication helper.

PR:             ports/67764
Submitted by:   maintainer

- correct report of available cache memory for cache sizes >2GB
  in cache.log (squid bug #570)
- correct the least-load store directory selection algorithm
  for the cache directories using the "ufs" storage scheme (squid bug #676)
- correct the type of the cacheCurrentUnlinkRequests SNMP variable
  (squid bug #946)
- include client IP addresses in debug output (squid bug #948)
- correct the HTML doctype for autogenerated FTP directory listings
  (squid bug #969)
- if no resolv.conf is present the dns_servers variable now defaults
  to 127.0.0.1 (squid bug #991)
- update the documentation of the MSNT basic authentication helper
  (squid bug #717)

PR:             ports/67495
Submitted by:   maintainer

- Add new vendor patches:
  + clarify the meaning of the ERR keyword in digest authentication
  + correct a spelling error in the Turkish ERR_DNS_FAIL error page
    (squid bug #950)
  + fix a problem regarding negatively cached 404 replies with VARY: header
    (squid bug #616)
  + correct a parsing bug which rejected a 'range_offset_limit -1 KB'
    statement in squid.conf (squid bug #968)
- Bump PORTREVISION

PR:             ports/66139
Submitted by:   maintainer

- Fix plist
- Bump PORTREVISION
- Clean up pkg-deinstall:
  + remove an unnecessary variable
  + replace rmdir -p with two distinct rmdir calls since we
    do not want to delete $PKG_PREFIX too if it happens to be empty

PR:             ports/65918
Submitted by:   maintainer

- Add a vendor patch to fix an assertion failure that could
  occur in certain rare conditions involving aborted POST/PUT
  requests (squid bug #943)
- Bump PORTREVISION

PR:             ports/65776
Submitted by:   maintainer

- integrate a vendor patch to fix a segfault that occured when
  submitting a blank username in digest authentication (squid bug #954)
  and bump PORTREVISION
- follow Duane Wessel's squid book and use "storage scheme"
  instead of "store type"
- remove trailing whitespace
- no longer hardcode the path of the nologin binary in
  pkg-install and re-wrap pw(8)'s arguments for better readability

PR:             ports/65723
Submitted by:   maintainer

- Integrate a vendor patch that fixes an assertion caused by
  truncated DNS replies (squid bug #962)
- Bump PORTREVISION

PR:             ports/65458
Submitted by:   maintainer

- Integrate two new vendor patches, please see
  <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for details
- Correct OpenSSL support and, while at it, clean up CFLAGS and
  LDFLAGS handling (thanks to dinoex for lots of helpful advice!).
- better be safe than sorry and pass PTHREAD_CFLAGS through in
  case we are compiling with threads
- try to remove the errorpages directory silently since user
  defined directories might legitimately be present
- clean up shell scripting:
  + do not use too many variables
  + use /bin/sh's features instead of external commands

PR:             ports/65356
Submitted by:   maintainer

- Integrate four new vendor patches applicable to FreeBSD, see
  http://www.squid-cache.org/Versions/v2/2.5/bugs/ for details
- Fix OPTIONS parser to handle a default-to-on option correctly
  when either the portoptions file does not exist and/or is not read
  (i.e. the PACKAGE_BUILDING and BATCH cases)
- use IGNORE instead of .error to abort
- use ${ID} consistently
- inform the user of squid.sh's rcNG-ness when /etc/rc.subr is present
  at installation time
- bump PORTREVISION

PR:             ports/64946
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

- update to squid-2.5.STABLE5, including two vendor patches issued so far
- provide more OPTIONS, including (untested) support for pf(4)
- integrate the follow-XFF-patch from devel.squid-cache.org (submitted by
  Michael Ranner), this should improve interaction with dansguardian
- use id 100 for the squid pseudo user instead of choosing the first free
  id greater than 3127, a behaviour introduced with PORTVERSION 2.5.4_6.
  Provide a 'changeuser' target to make migration from a high id to id 100
  possible (requested by Kris Kennaway)
- don't let the port CONFLICT with itself (criticized by Oliver Eikemeier)
- provide rcNG support in squid.sh only on systems with /etc/rc.subr

PR:             ports/64061
Submitted by:   Thomas-Martin Seck (maintainer)

- Integrate a new set of vendor patches, see
  http://www.squid-cache.org/Versions/v2/2.5/bugs/ for details
- Remove two local patches in favour of the respective vendor patches
- Bump PORTREVISION

PR:             63030
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>
Obtained from:  http://www.squid-cache.org/Versions/v2/2.5/bugs/

- integrate a new patch from squid-cache.org, see
  http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE4-ftp_telnet
  for details
- integrate a patch by Glen Gibb to enable ARP based ACLs and make this an
  OPTION; see also http://www.squid-cache.org/bugs/show_bug.cgi?id=909
  for his original bug report
- integrate additional vendor patches
- make --enable-underscores an OPTION
- set a tighter ACL on libexec/pinger
- use $SQUID_USER and $SQUID_GROUP in pkg-install
- wordsmith comments
- bump PORTREVISION

PR:             ports/62442
Submitted by:   maintainer

- Fix checksum for updated errorpages patch

PR:             ports/62923
Submitted by:   Michal Pasternak <dotz@irc.pl>
Approved by:    maintainer

- Update distinfo for the http_workarounds patch (again)
  Please see http://www.squid-cache.org/bugs/show_bug.cgi?id=890 for details.
  Bump PORTREVISION
- Update to use new ports collection features:
  + USE_SIZE
  + use PORTDOCS and PLIST_FILES and extend the dynamic package list creation
    to include squid's icon files, too
  + move file and directory cleanup on deinstallation to pkg-deinstall
  + get rid of pkg-plist
  + use OPTIONS for the most commonly used options,
    leave SQUID_CONFIGURE_OPTIONS for more obscure options
- document known non-working features
- use lowercase for local variables
- other minor cleanups

PR:             ports/62222
Submitted by:   maintainer

The http_workarounds.patch has been updated, update distinfo accordingly.

PR:             61595
Submitted by:   maintainer

- integrate another patch from squid-cache.org, see
  http://www.squid-cache.org/Versions/v2/2.5/bugs/ for details
- cleanup dynamic plist generation:
  sort files, replace needlessly complex ex-scripting with a ${REINPLACE_CMD}
  one-liner
- integrate a patch to make the SMB-NTLM helper compile on 5.x and hook this
  helper up to the build (thanks to Stefano Tagliaferri for reporting the bug
  and testing the patch)
- bump PORTREVISION

PR:             61543
Submitted by:   maintainer

- configure squid to run under a dedicated "squid" user by default; make use
  of SQUID_{UID,GID} which other squid-related ports already implemented.
  The user/group will be created on the fly if they do not already exist.
- introduce WITH_SQUID_LDAP_AUTH to pull in the necessary bits to compile and
  use the ldap_auth helper
- install some more authentication helper applications by default
- install helper applications to ${PREFIX}/libexec/squid instead of
  ${PREFIX}/libexec, add notes about it in pkg-install and pkg-descr
- cleanup the pre-installation tasks and move them from Makefile and pkg-plist
  into the pkg-install script; make 'make install' and 'pkg_add' actually do
  the same thing
- introduce a pkg-deinstall script
- make squid.sh rcNG compatible (when either /etc/rc_subr or
  ${PREFIX}/etc/rc_subr is present, the first one will be used, otherwise the
  script will work as a "rc classic" script so no additional dependency on

- Integrate another patch for the LDAP authentication helper
  (see <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for details)
- Correct MASTER_SITES:
  + fix URL for Melbourne University's ftp server
  + replace unreachable ftp mirror at Loughborough University with
    the one at LEO.org, Munich
- Bump PORTREVISION

PR:             61128
Submitted by:   maintainer

- Integrate a new patch issued by the squid development team
  to correct the behaviour of the LDAP authentication helper wrt TLS,
  see <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for details
- Reinstate the errorpages.patch and work around its partial brokenness
  by installing some Lithuanian error pages manually.
- Bump PORTREVISION

PR:             60950
Submitted by:   maintainer

Change maintainer to Thomas-Martin Seck.

Approved by:    adrian

More patches for squid, to keep up to date with the squid distribution.

Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (privately)
Approved by:    maintainer timeout (still)

Add more patch files for www/squid

PR:             ports/59091 (based on)
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Uncomment the lines I needed to test the port. Mea Culpa.

*grabs pointy hat*

[PATCH] www/squid: update to 2.5-STABLE4 (+ vendor patches)

[...]
- Add 2.5-STABLE4 vendor patches
  - cache.log message on "squid -k reconfigure" confusing
  - digest auth never detects password changes
  - login with space confuses redirector helpers
  - FQDNcache discards negative responses when using internal DNS
  - Full details at http://www.squid-cache.org/Versions/v2/2.5/bugs/#STABLE4
[...]

PR:             ports/58090
Submitted by:   Jonathan Noack <noackj@concordiacrusaders.org>
Approved by:    MAINTAINER TIMEOUT

[PATCH] www/squid: update to 2.5 STABLE 4

        - Update to 2.5-STABLE4
        - plist is correct -- see ports/56392 for details on extra files

PR:             ports/56926
Submitted by:   Jonathan Noack <noackj@concordiacrusaders.org>
Approved by:    MAINTAINER TIMEOUT

o Allow to use $SQUID_CONFIGURE_ARGS in /etc/make.conf for additional
  $CONFIGURE_ARGS.

No response from:       maintainer

.. add the missing file.

PR:             ports/54153

Massive upgrade to 2.5-stable3. Thanks!

PR:             ports/54153
Submitted by:   Jon Noack <noackjr@alumni.rice.edu>

Bring the squid-2.5 port up to 2.5.STABLE2.
Expect another few commits soon to improve features :)

Add vendor patches:
 - fixes for some security issues
 - fixes for Samba 2.2.6 or later
 - fixes for OpenSSL 0.9.7 or later
 - performance fixes
 - reliability fixes
 - stability fixes
 - documentation fixes
 - fixes/improvements for OpenLDAP 2.1.x or later
 - ...

Have a look at http://www.squid-cache.org/Versions/v2/2.5/bugs/ for a
more detailed description.

Maintainer timeout after:       ~3 months
Submitted by:   marius@alchemy.franken.de
Approved by:    kris

Clear moonlight beckons.
Requiem mors pacem pkg-comment,
And be calm ports tree.

E Nomini Patri, E Fili, E Spiritu Sancti.

Grab the patch against squid24 from a PR..

PR:             42747

Document the configure argument for reverse SSL proxies.

Removed double USE_PERL5

Submitted by:   marius@alchemy.franken.de

Half of these ones missed yesterday while converting to USE_REINPLACE.
The other half needs perl to build.

Noticed on bento and others (full mailbox :-)

PERL -> REINPLACE
Noticed by: bento

Update the port to squid-2.5.stable1.

Notable features:

* I'm building _all_ of the error page languages now
* I'm building a handful of the helper modules (the ones that don't
  require ldap or samba to be installed)
* underscores in hostnames are enabled - every few weeks we squid people
  get emails asking why someone can't get to some_user.geocities.com .
  Bad geocities. :)

- Use MASTER_SITE_SUBDIR.
- Add MASTER_SITE_RINGSERVER to MASTER_SITES.