author: Sergei Kolobov <sergei@FreeBSD.org> 2004-03-17 07:06:46 +0000
committer: Sergei Kolobov <sergei@FreeBSD.org> 2004-03-17 07:06:46 +0000
commit: a0c6cf9fc487d7411215bd26244da5cacab079b3 (patch)
tree: 7e482a5d8fa0b8cd2433192ead17b7871299f520 /www/squid30
parent: 2c0949bf8ea2a1d82e2c9995ade35dd2f6e0e7fc (diff)
download: ports-a0c6cf9fc487d7411215bd26244da5cacab079b3.tar.gz
ports-a0c6cf9fc487d7411215bd26244da5cacab079b3.zip
8 files changed, 673 insertions, 209 deletions
diff --git a/www/squid30/Makefile b/www/squid30/Makefile
index 0019d32b7d1a..2bf807a8e303 100644
--- a/www/squid30/Makefile
+++ b/www/squid30/Makefile
@@ -7,11 +7,17 @@
 # Tunables not (yet) configurable via 'make config':
 # SQUID_{U,G}ID
 #   Which user/group squid should run as (default: squid/squid).
-#   The user and group will be created if they do not already exist.
+#   The user and group will be created if they do not already exist using
+#   a uid:gid of 100:100.
 #   NOTE: before version 2.5.4_6, these settings defaulted to
 #   nobody/nogroup.
 #   If you wish to keep these settings, please define SQUID_UID=nobody and
 #   SQUID_GID=nogroup in your make environment before you start the update.
+#   NOTE2:
+#   Before version 2.5.4_11 the numerical id chosen for SQUID_UID (and
+#   SQUID_GID respectively) was the first free id greater than or equal 3128.
+#   If you wish to move your squid user to id 100:100, run "make changeuser",
+#   please see the changeuser target's definition for further information.
 # SQUID_LANGUAGES
 #   A list of languages for which error page files should be installed
 #   (default: all)
@@ -22,8 +28,7 @@
 #   Additional configuration options, see below for a list
 
 PORTNAME=	squid
-PORTVERSION=	2.5.4
-PORTREVISION=	10
+PORTVERSION=	2.5.5
 CATEGORIES=	www
 MASTER_SITES=	\
 		ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -32,68 +37,18 @@ MASTER_SITES=	\
 		ftp://ftp.leo.org/pub/comp/general/infosys/www/servers/squid/%SUBDIR%/ \
 		${MASTER_SITE_RINGSERVER:S,%SUBDIR%,net/www/squid/&,}
 MASTER_SITE_SUBDIR=	squid-2/STABLE
-DISTNAME=	squid-2.5.STABLE4
+DISTNAME=	squid-2.5.STABLE5
 DIST_SUBDIR=	squid2.5
 
 PATCH_SITES=	http://www.squid-cache.org/Versions/v2/2.5/bugs/
-PATCHFILES=	squid-2.5.STABLE4-reconfigure_message.patch \
-		squid-2.5.STABLE4-digest_auth_pwchange.patch \
-		squid-2.5.STABLE4-redirect_login_space.patch \
-		squid-2.5.STABLE4-fqdnnegcache.patch \
-		pam_auth-2.2.patch \
-		squid-2.5.STABLE4_auth_param_doc.patch \
-		squid-2.5.STABLE4-errorpages.patch \
-		squid-2.5.STABLE4-error_load_text.patch \
-		squid-2.5.STABLE4-xpi_mime.patch \
-		squid-2.5.STABLE4-size_overflow.patch \
-		squid-2.5.STABLE4-extacl_auth_loop.patch \
-		squid-2.5.STABLE4-squid_ldap_group.patch \
-		squid-2.5.STABLE4-positive_dns_ttl.patch \
-		squid-2.5.STABLE4-gopherhtml.patch \
-		squid-2.5.STABLE4-netroute.patch \
-		squid-2.5.STABLE4-synflood.patch \
-		squid-2.5.STABLE4-fqdn.patch \
-		squid-2.5.STABLE4-connect_cleanup.patch \
-		squid-2.5.STABLE4-pconn_post.patch \
-		squid-2.5.STABLE4-ftp_put.patch \
-		squid-2.5.STABLE4-pconn-load.patch \
-		squid-2.5.STABLE4-icon_urls.patch \
-		squid-2.5.STABLE4-redirector_access.patch \
-		squid-2.5.STABLE4-pconn-lifo.patch \
-		squid-2.5.STABLE4-cache_peer_maxconn.patch \
-		squid-2.5.STABLE4-pid_filename_none.patch \
-		squid-2.5.STABLE4-dns_namelength.patch \
-		squid-2.5.STABLE4-urllogin_acl.patch \
-		squid-2.5.STABLE4-russian.patch \
-		squid-2.5.STABLE4-redirlog.patch \
-		squid-2.5.STABLE4-pinger.patch \
-		squid-2.5.STABLE4-partial_reload.patch \
-		squid-2.5.STABLE4-ldap_tls.patch \
-		squid-2.5.STABLE4-ldap_group_bufsize.patch \
-		squid-2.5.STABLE4-http_workarounds.patch \
-		squid-2.5.STABLE4-empty_proxy_auth.patch \
-		squid-2.5.STABLE4-ftp_telnet.patch \
-		squid-2.5.STABLE4-ntlm_auth_popups.patch \
-		squid-2.5.STABLE4-ldap_group-S.patch \
-		squid-2.5.STABLE4-ipcache_purge.patch \
-		squid-2.5.STABLE4-cache_peer_access_ntlm.patch \
-		squid-2.5.STABLE4-wbinfo_group.patch \
-		squid-2.5.STABLE4-SMB_ntlm_auth.patch \
-		squid-2.5.STABLE4-miss_access_internal.patch \
-		squid-2.5.STABLE4-squidclient_auth.patch \
-		squid-2.5.STABLE4-authfixes.patch \
-		squid-2.5.STABLE4-arp-FreeBSD.patch \
-		squid-2.5.STABLE4-deny_info_reply.patch \
-		squid-2.5.STABLE4-authfixes2.patch \
-		squid-2.5.STABLE4-reply_body_max_size.patch \
-		squid-2.5.STABLE4-digest-abort.patch \
-		squid-2.5.STABLE4-ntlm_auth_user_hash_pointer-leak.patch
+PATCHFILES=	squid-2.5.STABLE5-ntlm_assert.patch \
+		squid-2.5.STABLE5-ldap.patch
 PATCH_DIST_STRIP=	-p1
 
 MAINTAINER=	tmseck@netcologne.de
 COMMENT=	The successful WWW proxy cache and accelerator
 
-CONFLICTS=	squid-*
+CONFLICTS=	squid-2.[^5]*
 GNU_CONFIGURE=	yes
 USE_BZIP2=	yes
 USE_PERL5=	yes
@@ -120,10 +75,16 @@ OPTIONS=	SQUID_LDAP_AUTH "Install LDAP authentication helpers" off \
 		SQUID_CACHE_DIGESTS "Enable cache digests" off \
 		SQUID_WCCP "Enable Web Cache Coordination Protocol" on \
 		SQUID_UNDERSCORES "Allow underscores in hostnames" on \
+		SQUID_CHECK_HOSTNAME "Do hostname checking" on \
 		SQUID_STRICT_HTTP "Be strictly HTTP compliant" off \
 		SQUID_IDENT "Enable ident (RFC 931) lookups" on \
 		SQUID_USERAGENT_LOG "Enable User-Agent-header logging" off \
-		SQUID_ARP_ACL "Enable ACLs based on ethernet address" off
+		SQUID_ARP_ACL "Enable ACLs based on ethernet address" off \
+		SQUID_PF "Enable transp. proxy support using PF" off \
+		SQUID_FOLLOW_XFF "Follow X-Forwarded-For headers" off \
+		SQUID_AUFS "Enable the aufs store type" off \
+		SQUID_COSS "Enable the COSS store type" off \
+		SQUID_STACKTRACES "Create backtraces on fatal errors" off
 
 PLIST_FILES=	etc/rc.d/squid.sh etc/squid/mib.txt etc/squid/mime.conf.default \
 		etc/squid/msntauth.conf.default etc/squid/squid.conf.default \
@@ -133,8 +94,7 @@ CONFIGURE_ARGS=	--bindir=${PREFIX}/sbin  --sysconfdir=${PREFIX}/etc/squid \
 		--datadir=${PREFIX}/etc/squid \
 		--libexecdir=${PREFIX}/libexec/squid \
 		--localstatedir=${PREFIX}/squid \
-		--enable-storeio="ufs diskd null" \
-		--enable-removal-policies="lru heap" \
+		--enable-removal-policies="lru heap"
 
 .include <bsd.port.pre.mk>
 
@@ -157,6 +117,20 @@ CONFIGURE_ARGS+=	--enable-auth="basic ntlm digest" \
 			--enable-external-acl-helpers="${external_acl}" \
 			--enable-ntlm-auth-helpers="SMB winbind"
 
+# Selection of store types:
+
+store_types=	ufs diskd null
+.if defined(WITH_SQUID_AUFS)
+store_types+=	aufs
+# Nil aufs threads is default, set any other value via SQUID_CONFIGURE_ARGS
+CONFIGURE_ARGS+=	--enable-async-io --with-pthreads
+.endif
+.if defined(WITH_SQUID_COSS)
+store_types+=	coss
+CONFIGURE_ARGS+=	--with-aio
+.endif
+CONFIGURE_ARGS+=	--enable-storeio="${store_types}"
+
 # Other options set via 'make config':
 
 .if defined(WITH_SQUID_DELAY_POOLS)
@@ -192,6 +166,9 @@ CONFIGURE_ARGS+=	--disable-wccp
 .if defined(WITH_SQUID_UNDERSCORES)
 CONFIGURE_ARGS+=	--enable-underscores
 .endif
+.if defined(WITHOUT_SQUID_CHECK_HOSTNAME)
+CONFIGURE_ARGS+=	--disable-hostname-checks
+.endif
 .if defined(WITH_SQUID_STRICT_HTTP)
 CONFIGURE_ARGS+=	--disable-http-violations
 .endif
@@ -204,6 +181,24 @@ CONFIGURE_ARGS+=	--enable-useragent-log
 .if defined(WITH_SQUID_ARP_ACL)
 CONFIGURE_ARGS+=	--enable-arp-acl
 .endif
+.if defined(WITH_SQUID_PF)
+.if ${OSVERSION} >= 502106
+# This will work only systems where PF is part of the base system for now.
+# If someone is eager to teach autoconf to pick up the pf port
+# on 5.[0-2] systems instead, go on, I will integrate your patch.
+CONFIGURE_ARGS+=	--enable-pf-transparent
+.else
+.error WITH_SQUID_PF only works on systems where pf is part of the base system.
+.endif
+.endif
+.if defined(WITH_SQUID_FOLLOW_XFF)
+EXTRA_PATCHES+=		${PATCHDIR}/follow_xff-2.5.patch \
+			${PATCHDIR}/follow_xff-configure.patch
+CONFIGURE_ARGS+=	--enable-follow-x-forwarded-for
+.endif
+.if defined(WITH_SQUID_STACKTRACES)
+CONFIGURE_ARGS+=	--enable-stacktraces
+.endif
 
 # Languages:
 #
@@ -235,16 +230,12 @@ CONFIGURE_ARGS+=	--enable-err-languages="${SQUID_LANGUAGES}" \
 #  Set an explicit hostname in cachemgr.cgi
 # --enable-truncate
 #  Use truncate() rather than unlink()
-# --disable-hostname-checks
-#  Squid by default rejects any host names with odd characters in their name
-#  to conform with internet standards. If you disagree with this you may use
-#  this switch to turn off any such checks, provided that the resolver used by
-#  Squid does not reject such host names. This may be required to participate
-#  in testbeds for international domain names.
 # --disable-unlinkd
 #  Do not use "unlinkd"
-# --enable-stacktraces
-#  Enable automatic call backtrace on fatal errors
+# --with-aufs-threads=N_THREADS
+#  Tune the number of worker threads for the aufs object
+# --with-coss-membuf-size
+#  COSS membuf size (default: 1048576 bytes)
 #
 # This option does not yet work on FreeBSD:
 #
@@ -260,15 +251,15 @@ CONFIGURE_ARGS+=	${SQUID_CONFIGURE_ARGS}
 post-patch:
 	@${REINPLACE_CMD} -e 's|-lpthread|${PTHREAD_LIBS}|g' ${WRKSRC}/configure
 	@${REINPLACE_CMD} -e 's|/etc|${PREFIX}/etc|g' ${WRKSRC}/doc/squid.8
-# Prevent installation of .orig files by deleting them.
-	@${FIND} ${WRKSRC} -name '*.bak' -delete
-	@${FIND} ${WRKSRC} -name '*.orig' -delete
 
 pre-configure:
 	@${REINPLACE_CMD} -e 's|%%SQUID_UID%%|${SQUID_UID}|g' \
 	    -e 's|%%SQUID_GID%%|${SQUID_GID}|g' ${WRKSRC}/src/cf.data.pre
 
 pre-install:
+# Prevent installation of .orig files by deleting them.
+	@${FIND} ${WRKSRC} -name '*.bak' -delete
+	@${FIND} ${WRKSRC} -name '*.orig' -delete
 	@${SED} -e 's|%%PREFIX%%|${PREFIX}|g' \
 	    -e 's|%%SQUID_UID%%|${SQUID_UID}|g' ${FILESDIR}/squid.sh \
 	    >${WRKDIR}/squid.sh
@@ -287,14 +278,8 @@ post-install:
 	@${MKDIR} ${DOCSDIR}
 	cd ${WRKSRC} && ${INSTALL_DATA} ${docs} ${DOCSDIR}
 .endif
-
-# Work around the fact that the errorpages.patch creates files in
-# an "Attic" subdir:
-.if exists(${PREFIX}/etc/squid/errors/Lithuanian)
-	@${FIND} ${WRKSRC}/errors/Lithuanian/Attic -type f \
-   	    -exec ${INSTALL_DATA} {} ${PREFIX}/etc/squid/errors/Lithuanian/ \;
-.endif
-	@${SETENV} PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
+	@${SETENV} PKG_PREFIX=${PREFIX} \
+	    ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
 # Create package list:
 	@cd ${PREFIX} && ${FIND} libexec/squid -type f -o -type l | ${SORT} \
 	    >>${TMPPLIST}
@@ -309,4 +294,50 @@ post-install:
 .endfor
 	@${ECHO_CMD} "@dirrm etc/squid/errors" >>${TMPPLIST}
 
+changeuser:
+# Recover from the problem that earlier versions of this port created the
+# squid pseudo-user with an id greater than 999 which is not allowed in
+# FreeBSD's ports system. The port now uses id 100:100.
+# NOTE:
+# This target assumes that SQUID_GID is the primary group of SQUID_UID. If you
+# have a different setup, do not run this target!
+.if ${SQUID_UID:L} == nobody
+	@${ECHO_CMD} "'nobody' is a system user, you do not need to execute"; \
+	${ECHO_CMD} "this target!"
+	exit 1
+.endif
+	@if [ `id -u` -ne 0 ]; \
+	then ${ECHO_CMD} "Sorry, you must be root to use this target."; exit 1; fi; \
+	current_uid=`id -u ${SQUID_UID}`; \
+	current_gid=`pw groupshow ${SQUID_GID}|cut -f 3 -d :`; \
+	${ECHO_CMD} "I will remove this user:"; \
+	${ID} -P $${current_uid}; \
+	${ECHO_CMD} "and this group:"; \
+	pw groupshow ${SQUID_GID}; \
+	${ECHO_CMD} "I will then re-create them with a user and group id of 100."; \
+	${ECHO_CMD} "Then all files and directories under ${PREFIX} and /var that"; \
+	${ECHO_CMD} "are owned by uid $${current_uid} will be chown(1)'ed."; \
+	${ECHO_CMD} "After that, all files and directories that were accessible"; \
+	${ECHO_CMD} "by group $${current_gid} will chgrp(1)'ed respectively."; \
+	${ECHO_CMD} "Note that this assumes group '${SQUID_GID}' to be the primary"; \
+	${ECHO_CMD} "group of user '${SQUID_UID}'. If you have a different setup"; \
+	${ECHO_CMD} "please abort this target now."; \
+	read -p "Press RETURN to continue or CTRL-C to abort:" dummy ; \
+	${ECHO_CMD} "OK, here we go:"; \
+	${ECHO_CMD} "deleting user $${current_uid} and his primary group..."; \
+	pw userdel -u $${current_uid}; \
+	${ECHO_CMD} "adding user ${SQUID_UID} with id 100..."; \
+	pw groupadd -n ${SQUID_GID} -g 100; \
+	pw useradd -n ${SQUID_UID} -u 100 -c "squid caching-proxy pseudo user" \
+	    -d ${PREFIX}/squid -s /sbin/nologin -h - ; \
+	${ECHO_CMD} "chown(1)'ing everything under ${PREFIX} from $${current_uid} to 100..."; \
+	${FIND} -H ${PREFIX} -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \
+	${ECHO_CMD} "chgrp(1)'ing everything under ${PREFIX} from $${current_gid} to 100..."; \
+	${FIND} -H ${PREFIX} -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \
+	${ECHO_CMD} "chown(1)'ing everything under /var from $${current_uid} to 100..."; \
+	${FIND} -H /var -user $${current_uid} -exec ${CHOWN} 100 {} \; ; \
+	${ECHO_CMD} "chgrp(1)'ing everything under /var from $${current_gid} to 100..."; \
+	${FIND} -H /var -group $${current_gid} -exec ${CHOWN} :100 {} \; ; \
+	${ECHO_CMD} "Finished."
+
 .include <bsd.port.post.mk>
diff --git a/www/squid30/distinfo b/www/squid30/distinfo
index bdb4bcc9a438..4fd6ad221560 100644
--- a/www/squid30/distinfo
+++ b/www/squid30/distinfo
@@ -1,106 +1,6 @@
-MD5 (squid2.5/squid-2.5.STABLE4.tar.bz2) = 9894a1fe855b0cccdc14fbf014060990
-SIZE (squid2.5/squid-2.5.STABLE4.tar.bz2) = 1036704
-MD5 (squid2.5/squid-2.5.STABLE4-reconfigure_message.patch) = a746143deab8b609730660916a297618
-SIZE (squid2.5/squid-2.5.STABLE4-reconfigure_message.patch) = 760
-MD5 (squid2.5/squid-2.5.STABLE4-digest_auth_pwchange.patch) = e5020f5b87a92c4d9621ce25403d691b
-SIZE (squid2.5/squid-2.5.STABLE4-digest_auth_pwchange.patch) = 2694
-MD5 (squid2.5/squid-2.5.STABLE4-redirect_login_space.patch) = 2374ed6dae7ef57c009e2428284d6b65
-SIZE (squid2.5/squid-2.5.STABLE4-redirect_login_space.patch) = 619
-MD5 (squid2.5/squid-2.5.STABLE4-fqdnnegcache.patch) = ae1b7cce41ca403ebd7115d4506b0c25
-SIZE (squid2.5/squid-2.5.STABLE4-fqdnnegcache.patch) = 701
-MD5 (squid2.5/pam_auth-2.2.patch) = 3037a67d8f4b85cd7d51cb2dd5b4e8b8
-SIZE (squid2.5/pam_auth-2.2.patch) = 4878
-MD5 (squid2.5/squid-2.5.STABLE4_auth_param_doc.patch) = 3b35c424db58c71c541563cd5ae39d15
-SIZE (squid2.5/squid-2.5.STABLE4_auth_param_doc.patch) = 9068
-MD5 (squid2.5/squid-2.5.STABLE4-errorpages.patch) = df16c73a786ce0c59b1585ab6b745210
-SIZE (squid2.5/squid-2.5.STABLE4-errorpages.patch) = 49937
-MD5 (squid2.5/squid-2.5.STABLE4-error_load_text.patch) = 3935a3005d125f55cd78b228eba20647
-SIZE (squid2.5/squid-2.5.STABLE4-error_load_text.patch) = 571
-MD5 (squid2.5/squid-2.5.STABLE4-xpi_mime.patch) = 1143fb9244690a24450c3c9ce6105da4
-SIZE (squid2.5/squid-2.5.STABLE4-xpi_mime.patch) = 601
-MD5 (squid2.5/squid-2.5.STABLE4-size_overflow.patch) = 7cd2d6b1ebbd86aa143fa5a57156d6ce
-SIZE (squid2.5/squid-2.5.STABLE4-size_overflow.patch) = 438
-MD5 (squid2.5/squid-2.5.STABLE4-extacl_auth_loop.patch) = de06bbc89f5408b7ab83733d894d4fe7
-SIZE (squid2.5/squid-2.5.STABLE4-extacl_auth_loop.patch) = 756
-MD5 (squid2.5/squid-2.5.STABLE4-squid_ldap_group.patch) = a5d0a8730aacf129401aabdfa61d60f7
-SIZE (squid2.5/squid-2.5.STABLE4-squid_ldap_group.patch) = 30490
-MD5 (squid2.5/squid-2.5.STABLE4-positive_dns_ttl.patch) = 7fca4475d86acc7db242c261b08751d7
-SIZE (squid2.5/squid-2.5.STABLE4-positive_dns_ttl.patch) = 3409
-MD5 (squid2.5/squid-2.5.STABLE4-gopherhtml.patch) = 2c6c50a4a8f4d0d0017ab7c15bacfe26
-SIZE (squid2.5/squid-2.5.STABLE4-gopherhtml.patch) = 3382
-MD5 (squid2.5/squid-2.5.STABLE4-netroute.patch) = f83e66712f37f34a04571b31be6c2db8
-SIZE (squid2.5/squid-2.5.STABLE4-netroute.patch) = 592
-MD5 (squid2.5/squid-2.5.STABLE4-synflood.patch) = b92e7a56e87374ebf2eb50e044f07f6d
-SIZE (squid2.5/squid-2.5.STABLE4-synflood.patch) = 12861
-MD5 (squid2.5/squid-2.5.STABLE4-fqdn.patch) = dbf2c020e3c3c52ae540d96a724fac87
-SIZE (squid2.5/squid-2.5.STABLE4-fqdn.patch) = 713
-MD5 (squid2.5/squid-2.5.STABLE4-connect_cleanup.patch) = ee0398f51a22ab2c82048c8935d6d11c
-SIZE (squid2.5/squid-2.5.STABLE4-connect_cleanup.patch) = 32516
-MD5 (squid2.5/squid-2.5.STABLE4-pconn_post.patch) = 4a5b7ab04fe8b73906db441448534bbb
-SIZE (squid2.5/squid-2.5.STABLE4-pconn_post.patch) = 1231
-MD5 (squid2.5/squid-2.5.STABLE4-ftp_put.patch) = d3b69c8e79c96c13005d6dbeb72e5c76
-SIZE (squid2.5/squid-2.5.STABLE4-ftp_put.patch) = 584
-MD5 (squid2.5/squid-2.5.STABLE4-pconn-load.patch) = a432f9eff9e0963b7338e41a91230d95
-SIZE (squid2.5/squid-2.5.STABLE4-pconn-load.patch) = 2397
-MD5 (squid2.5/squid-2.5.STABLE4-icon_urls.patch) = cf28143216b1364e56e820dddbb66dfc
-SIZE (squid2.5/squid-2.5.STABLE4-icon_urls.patch) = 2399
-MD5 (squid2.5/squid-2.5.STABLE4-redirector_access.patch) = 9c534a3d58fe0e3545cd4ed9af92a0e8
-SIZE (squid2.5/squid-2.5.STABLE4-redirector_access.patch) = 3498
-MD5 (squid2.5/squid-2.5.STABLE4-pconn-lifo.patch) = f41051c248764749d9d9ca5704925da7
-SIZE (squid2.5/squid-2.5.STABLE4-pconn-lifo.patch) = 1350
-MD5 (squid2.5/squid-2.5.STABLE4-cache_peer_maxconn.patch) = efd99c5e2f526c08cb52d9af948c7b25
-SIZE (squid2.5/squid-2.5.STABLE4-cache_peer_maxconn.patch) = 3603
-MD5 (squid2.5/squid-2.5.STABLE4-pid_filename_none.patch) = 808bafa144b22c3cf6900759b30f39e6
-SIZE (squid2.5/squid-2.5.STABLE4-pid_filename_none.patch) = 508
-MD5 (squid2.5/squid-2.5.STABLE4-dns_namelength.patch) = 290da300d02124be3971282d5b0a799d
-SIZE (squid2.5/squid-2.5.STABLE4-dns_namelength.patch) = 603
-MD5 (squid2.5/squid-2.5.STABLE4-urllogin_acl.patch) = 5ad09d7d4bf105e699cfeb647a4836a3
-SIZE (squid2.5/squid-2.5.STABLE4-urllogin_acl.patch) = 3064
-MD5 (squid2.5/squid-2.5.STABLE4-russian.patch) = 5a4357bd56134fc6578c435314c1a835
-SIZE (squid2.5/squid-2.5.STABLE4-russian.patch) = 20731
-MD5 (squid2.5/squid-2.5.STABLE4-redirlog.patch) = 8a2cc15f2bde6fa263a9e40aae807f82
-SIZE (squid2.5/squid-2.5.STABLE4-redirlog.patch) = 762
-MD5 (squid2.5/squid-2.5.STABLE4-pinger.patch) = 0902849d051873aaf5f54584d0536bb5
-SIZE (squid2.5/squid-2.5.STABLE4-pinger.patch) = 738
-MD5 (squid2.5/squid-2.5.STABLE4-partial_reload.patch) = 6d8fa663f46ffc2272b7d18a0b6eea34
-SIZE (squid2.5/squid-2.5.STABLE4-partial_reload.patch) = 751
-MD5 (squid2.5/squid-2.5.STABLE4-ldap_tls.patch) = dcd6b4ec46e252833a54c4bfd155c284
-SIZE (squid2.5/squid-2.5.STABLE4-ldap_tls.patch) = 1853
-MD5 (squid2.5/squid-2.5.STABLE4-ldap_group_bufsize.patch) = e42207a45232ca739a64f2ac3901263c
-SIZE (squid2.5/squid-2.5.STABLE4-ldap_group_bufsize.patch) = 762
-MD5 (squid2.5/squid-2.5.STABLE4-http_workarounds.patch) = 77d1a43dffa7aa97eb39b9178689e8df
-SIZE (squid2.5/squid-2.5.STABLE4-http_workarounds.patch) = 12322
-MD5 (squid2.5/squid-2.5.STABLE4-empty_proxy_auth.patch) = ff55a2c7a718868ad245fd6de07018c9
-SIZE (squid2.5/squid-2.5.STABLE4-empty_proxy_auth.patch) = 2719
-MD5 (squid2.5/squid-2.5.STABLE4-ftp_telnet.patch) = 570ed0193201946fc10b42c0d96f7f48
-SIZE (squid2.5/squid-2.5.STABLE4-ftp_telnet.patch) = 3844
-MD5 (squid2.5/squid-2.5.STABLE4-ntlm_auth_popups.patch) = 922ef0774b855866b6daeb5df19bb4b3
-SIZE (squid2.5/squid-2.5.STABLE4-ntlm_auth_popups.patch) = 63653
-MD5 (squid2.5/squid-2.5.STABLE4-ldap_group-S.patch) = 35eb045971a1fe12b847e05862614aa6
-SIZE (squid2.5/squid-2.5.STABLE4-ldap_group-S.patch) = 993
-MD5 (squid2.5/squid-2.5.STABLE4-ipcache_purge.patch) = d76b6163f0806494defe9cba37a2d708
-SIZE (squid2.5/squid-2.5.STABLE4-ipcache_purge.patch) = 1022
-MD5 (squid2.5/squid-2.5.STABLE4-cache_peer_access_ntlm.patch) = 94841c505d86a1ab310b817119079e3b
-SIZE (squid2.5/squid-2.5.STABLE4-cache_peer_access_ntlm.patch) = 3378
-MD5 (squid2.5/squid-2.5.STABLE4-wbinfo_group.patch) = 4fff0be253f87fa538691497600daf70
-SIZE (squid2.5/squid-2.5.STABLE4-wbinfo_group.patch) = 1105
-MD5 (squid2.5/squid-2.5.STABLE4-SMB_ntlm_auth.patch) = 6ee610502b49c00914e2fe986f21db78
-SIZE (squid2.5/squid-2.5.STABLE4-SMB_ntlm_auth.patch) = 1924
-MD5 (squid2.5/squid-2.5.STABLE4-miss_access_internal.patch) = 8f4259401052ecae31fa3de4535a624f
-SIZE (squid2.5/squid-2.5.STABLE4-miss_access_internal.patch) = 837
-MD5 (squid2.5/squid-2.5.STABLE4-squidclient_auth.patch) = eff31cbd54adad086d50e0ae7dbe2c6e
-SIZE (squid2.5/squid-2.5.STABLE4-squidclient_auth.patch) = 1107
-MD5 (squid2.5/squid-2.5.STABLE4-authfixes.patch) = 139ab240c01acf6eeed7ead27f0ce387
-SIZE (squid2.5/squid-2.5.STABLE4-authfixes.patch) = 9401
-MD5 (squid2.5/squid-2.5.STABLE4-arp-FreeBSD.patch) = bad7a9a59071faf569734f022b35b28f
-SIZE (squid2.5/squid-2.5.STABLE4-arp-FreeBSD.patch) = 3999
-MD5 (squid2.5/squid-2.5.STABLE4-deny_info_reply.patch) = 97a9af2a33ded35bcef989181318ac71
-SIZE (squid2.5/squid-2.5.STABLE4-deny_info_reply.patch) = 1951
-MD5 (squid2.5/squid-2.5.STABLE4-authfixes2.patch) = b1de702ac773133affa1393c48d04807
-SIZE (squid2.5/squid-2.5.STABLE4-authfixes2.patch) = 2222
-MD5 (squid2.5/squid-2.5.STABLE4-reply_body_max_size.patch) = 79beba0e5466279ffbdd4322a3579aeb
-SIZE (squid2.5/squid-2.5.STABLE4-reply_body_max_size.patch) = 524
-MD5 (squid2.5/squid-2.5.STABLE4-digest-abort.patch) = a0cf9a5451b89bb6d8a8982a14791c15
-SIZE (squid2.5/squid-2.5.STABLE4-digest-abort.patch) = 946
-MD5 (squid2.5/squid-2.5.STABLE4-ntlm_auth_user_hash_pointer-leak.patch) = 8422d34ab797ae07727a5f2fdfe1a832
-SIZE (squid2.5/squid-2.5.STABLE4-ntlm_auth_user_hash_pointer-leak.patch) = 3277
+MD5 (squid2.5/squid-2.5.STABLE5.tar.bz2) = 45ed1b1cd492e3f529085d09c3ffc1b8
+SIZE (squid2.5/squid-2.5.STABLE5.tar.bz2) = 1044932
+MD5 (squid2.5/squid-2.5.STABLE5-ntlm_assert.patch) = 1bb2a8455a1e988c52b2ca3cf3fe0867
+SIZE (squid2.5/squid-2.5.STABLE5-ntlm_assert.patch) = 545
+MD5 (squid2.5/squid-2.5.STABLE5-ldap.patch) = 81bdcaf96390eab1655fd8d65cf607ed
+SIZE (squid2.5/squid-2.5.STABLE5-ldap.patch) = 6245
diff --git a/www/squid30/files/follow_xff-2.5.patch b/www/squid30/files/follow_xff-2.5.patch
new file mode 100644
index 000000000000..6f062e5c3317
--- /dev/null
+++ b/www/squid30/files/follow_xff-2.5.patch
@@ -0,0 +1,412 @@
+! This is a reduced part of the original follow-XFF patchset from
+! devel.squid-cache.org for use with the FreeBSD squid-2.5 port.
+Index: src/acl.c
+--- src/acl.c	13 May 2003 02:14:12 -0000	1.43.2.16
++++ src/acl.c	23 Nov 2003 14:20:12 -0000
+@@ -2001,6 +2001,11 @@
+     cbdataLock(A);
+     if (request != NULL) {
+ 	checklist->request = requestLink(request);
++#if FOLLOW_X_FORWARDED_FOR
++	if (Config.onoff.acl_uses_indirect_client) {
++	    checklist->src_addr = request->indirect_client_addr;
++	} else
++#endif /* FOLLOW_X_FORWARDED_FOR */
+ 	checklist->src_addr = request->client_addr;
+ 	checklist->my_addr = request->my_addr;
+ 	checklist->my_port = request->my_port;
+Index: src/cf.data.pre
+--- src/cf.data.pre	7 Nov 2003 03:14:30 -0000	1.49.2.46
++++ src/cf.data.pre	23 Nov 2003 14:20:17 -0000
+@@ -2065,6 +2065,92 @@
+ NOCOMMENT_END
+ DOC_END
+ 
++NAME: follow_x_forwarded_for
++TYPE: acl_access
++IFDEF: FOLLOW_X_FORWARDED_FOR
++LOC: Config.accessList.followXFF
++DEFAULT: none
++DEFAULT_IF_NONE: deny all
++DOC_START
++	Allowing or Denying the X-Forwarded-For header to be followed to
++	find the original source of a request.
++
++	Requests may pass through a chain of several other proxies
++	before reaching us.  The X-Forwarded-For header will contain a
++	comma-separated list of the IP addresses in the chain, with the
++	rightmost address being the most recent.
++
++	If a request reaches us from a source that is allowed by this
++	configuration item, then we consult the X-Forwarded-For header
++	to see where that host received the request from.  If the
++	X-Forwarded-For header contains multiple addresses, and if
++	acl_uses_indirect_client is on, then we continue backtracking
++	until we reach an address for which we are not allowed to
++	follow the X-Forwarded-For header, or until we reach the first
++	address in the list.  (If acl_uses_indirect_client is off, then
++	it's impossible to backtrack through more than one level of
++	X-Forwarded-For addresses.)
++
++	The end result of this process is an IP address that we will
++	refer to as the indirect client address.  This address may
++	be treated as the client address for access control, delay
++	pools and logging, depending on the acl_uses_indirect_client,
++	delay_pool_uses_indirect_client and log_uses_indirect_client
++	options.
++
++	SECURITY CONSIDERATIONS:
++
++		Any host for which we follow the X-Forwarded-For header
++		can place incorrect information in the header, and Squid
++		will use the incorrect information as if it were the
++		source address of the request.  This may enable remote
++		hosts to bypass any access control restrictions that are
++		based on the client's source addresses.
++
++	For example:
++
++		acl localhost src 127.0.0.1
++		acl my_other_proxy srcdomain .proxy.example.com
++		follow_x_forwarded_for allow localhost
++		follow_x_forwarded_for allow my_other_proxy
++DOC_END
++
++NAME: acl_uses_indirect_client
++COMMENT: on|off
++TYPE: onoff
++IFDEF: FOLLOW_X_FORWARDED_FOR
++DEFAULT: on
++LOC: Config.onoff.acl_uses_indirect_client
++DOC_START
++	Controls whether the indirect client address
++	(see follow_x_forwarded_for) is used instead of the
++	direct client address in acl matching.
++DOC_END
++
++NAME: delay_pool_uses_indirect_client
++COMMENT: on|off
++TYPE: onoff
++IFDEF: FOLLOW_X_FORWARDED_FOR && DELAY_POOLS
++DEFAULT: on
++LOC: Config.onoff.delay_pool_uses_indirect_client
++DOC_START
++	Controls whether the indirect client address
++	(see follow_x_forwarded_for) is used instead of the
++	direct client address in delay pools.
++DOC_END
++
++NAME: log_uses_indirect_client
++COMMENT: on|off
++TYPE: onoff
++IFDEF: FOLLOW_X_FORWARDED_FOR
++DEFAULT: on
++LOC: Config.onoff.log_uses_indirect_client
++DOC_START
++	Controls whether the indirect client address
++	(see follow_x_forwarded_for) is used instead of the
++	direct client address in the access log.
++DOC_END
++
+ NAME: http_access
+ TYPE: acl_access
+ LOC: Config.accessList.http
+Index: src/client_side.c
+--- src/client_side.c	2 Sep 2003 02:13:45 -0000	1.47.2.39
++++ src/client_side.c	23 Nov 2003 14:20:22 -0000
+@@ -109,6 +109,11 @@
+ #if USE_IDENT
+ static IDCB clientIdentDone;
+ #endif
++#if FOLLOW_X_FORWARDED_FOR
++static void clientFollowXForwardedForStart(void *data);
++static void clientFollowXForwardedForNext(void *data);
++static void clientFollowXForwardedForDone(int answer, void *data);
++#endif /* FOLLOW_X_FORWARDED_FOR */
+ static int clientOnlyIfCached(clientHttpRequest * http);
+ static STCB clientSendMoreData;
+ static STCB clientCacheHit;
+@@ -177,10 +182,179 @@
+     return ch;
+ }
+ 
++#if FOLLOW_X_FORWARDED_FOR
++/*
++ * clientFollowXForwardedForStart() copies the X-Forwarded-For
++ * header into x_forwarded_for_iterator and passes control to
++ * clientFollowXForwardedForNext().
++ *
++ * clientFollowXForwardedForNext() checks the indirect_client_addr
++ * against the followXFF ACL and passes the result to
++ * clientFollowXForwardedForDone().
++ *
++ * clientFollowXForwardedForDone() either grabs the next address
++ * from the tail of x_forwarded_for_iterator and loops back to
++ * clientFollowXForwardedForNext(), or cleans up and passes control to
++ * clientAccessCheck().
++ */
++
++static void
++clientFollowXForwardedForStart(void *data)
++{
++    clientHttpRequest *http = data;
++    request_t *request = http->request;
++    if (Config.accessList.followXFF
++	&& httpHeaderHas(&request->header, HDR_X_FORWARDED_FOR))
++    {
++	request->x_forwarded_for_iterator = httpHeaderGetList(
++			&request->header, HDR_X_FORWARDED_FOR);
++	debug(33, 5) ("clientFollowXForwardedForStart: indirect_client_addr=%s XFF='%s'\n",
++			inet_ntoa(request->indirect_client_addr),
++			strBuf(request->x_forwarded_for_iterator));
++	clientFollowXForwardedForNext(http);
++    } else {
++	/* not configured to follow X-Forwarded-For, or nothing to follow */
++	debug(33, 5) ("clientFollowXForwardedForStart: nothing to do\n");
++	clientFollowXForwardedForDone(-1, http);
++    }
++}
++
++static void
++clientFollowXForwardedForNext(void *data)
++{
++    clientHttpRequest *http = data;
++    request_t *request = http->request;
++    debug(33, 5) ("clientFollowXForwardedForNext: indirect_client_addr=%s XFF='%s'\n",
++		    inet_ntoa(request->indirect_client_addr),
++		    strBuf(request->x_forwarded_for_iterator));
++    if (strLen(request->x_forwarded_for_iterator) != 0) {
++	/* check the acl to see whether to believe the X-Forwarded-For header */
++	http->acl_checklist = clientAclChecklistCreate(
++			Config.accessList.followXFF, http);
++	aclNBCheck(http->acl_checklist, clientFollowXForwardedForDone, http);
++    } else {
++	/* nothing left to follow */
++	debug(33, 5) ("clientFollowXForwardedForNext: nothing more to do\n");
++	clientFollowXForwardedForDone(-1, http);
++    }
++}
++
++static void
++clientFollowXForwardedForDone(int answer, void *data)
++{
++    clientHttpRequest *http = data;
++    request_t *request = http->request;
++    /*
++     * answer should be be ACCESS_ALLOWED or ACCESS_DENIED if we are
++     * called as a result of ACL checks, or -1 if we are called when
++     * there's nothing left to do.
++     */
++    if (answer == ACCESS_ALLOWED) {
++	/*
++	 * The IP address currently in request->indirect_client_addr
++	 * is trusted to use X-Forwarded-For.  Remove the last
++	 * comma-delimited element from x_forwarded_for_iterator and use
++	 * it to to replace indirect_client_addr, then repeat the cycle.
++	 */
++	const char *p;
++	const char *asciiaddr;
++	int l;
++	struct in_addr addr;
++	debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s is trusted\n",
++			inet_ntoa(request->indirect_client_addr));
++	p = strBuf(request->x_forwarded_for_iterator);
++	l = strLen(request->x_forwarded_for_iterator);
++
++	/*
++	 * XXX x_forwarded_for_iterator should really be a list of
++	 * IP addresses, but it's a String instead.  We have to
++	 * walk backwards through the String, biting off the last
++	 * comma-delimited part each time.  As long as the data is in
++	 * a String, we should probably implement and use a variant of
++	 * strListGetItem() that walks backwards instead of forwards
++	 * through a comma-separated list.  But we don't even do that;
++	 * we just do the work in-line here.
++	 */
++	/* skip trailing space and commas */
++	while (l > 0 && (p[l-1] == ',' || xisspace(p[l-1])))
++	    l--;
++	strCut(request->x_forwarded_for_iterator, l);
++	/* look for start of last item in list */
++	while (l > 0 && ! (p[l-1] == ',' || xisspace(p[l-1])))
++	    l--;
++	asciiaddr = p+l;
++	if (inet_aton(asciiaddr, &addr) == 0) {
++	    /* the address is not well formed; do not use it */
++	    debug(33, 3) ("clientFollowXForwardedForDone: malformed address '%s'\n",
++			    asciiaddr);
++	    goto done;
++	}
++	debug(33, 3) ("clientFollowXForwardedForDone: changing indirect_client_addr from %s to '%s'\n",
++		    inet_ntoa(request->indirect_client_addr),
++		    asciiaddr);
++	request->indirect_client_addr = addr;
++	strCut(request->x_forwarded_for_iterator, l);
++	if (! Config.onoff.acl_uses_indirect_client) {
++	    /*
++	     * If acl_uses_indirect_client is off, then it's impossible
++	     * to follow more than one level of X-Forwarded-For.
++	     */
++	    goto done;
++	}
++	clientFollowXForwardedForNext(http);
++	return;
++    } else if (answer == ACCESS_DENIED) {
++	debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s not trusted\n",
++			inet_ntoa(request->indirect_client_addr));
++    } else {
++	debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s nothing more to do\n",
++			inet_ntoa(request->indirect_client_addr));
++    }
++done:
++    /* clean up, and pass control to clientAccessCheck */
++    debug(33, 6) ("clientFollowXForwardedForDone: cleanup\n");
++    if (Config.onoff.log_uses_indirect_client) {
++	/*
++	 * Ensure that the access log shows the indirect client
++	 * instead of the direct client.
++	 */
++	ConnStateData *conn = http->conn;
++	conn->log_addr = request->indirect_client_addr;
++	conn->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr;
++	debug(33, 3) ("clientFollowXForwardedForDone: setting log_addr=%s\n",
++			inet_ntoa(conn->log_addr));
++    }
++    stringClean(&request->x_forwarded_for_iterator);
++    request->flags.done_follow_x_forwarded_for = 1;
++    http->acl_checklist = NULL; /* XXX do we need to aclChecklistFree() ? */
++    clientAccessCheck(http);
++}
++#endif /* FOLLOW_X_FORWARDED_FOR */
++
+ void
+ clientAccessCheck(void *data)
+ {
+     clientHttpRequest *http = data;
++#if FOLLOW_X_FORWARDED_FOR
++    if (! http->request->flags.done_follow_x_forwarded_for
++        && httpHeaderHas(&http->request->header, HDR_X_FORWARDED_FOR))
++    {
++	/*
++	 * There's an X-ForwardedFor header and we haven't yet tried
++	 * to follow it to find the indirect_client_addr.  Follow it now.
++	 * clientFollowXForwardedForDone() will eventually pass control
++	 * back to us.
++	 *
++	 * XXX perhaps our caller should have called
++	 *     clientFollowXForwardedForStart instead.  Then we wouldn't
++	 *     need to do this little dance transferring control over
++	 *     there and then back here, and we wouldn't need the
++	 *     done_follow_x_forwarded_for flag.
++	 */
++	clientFollowXForwardedForStart(data);
++	return;
++    }
++#endif /* FOLLOW_X_FORWARDED_FOR */
+     if (checkAccelOnly(http)) {
+ 	/* deny proxy requests in accel_only mode */
+ 	debug(33, 1) ("clientAccessCheck: proxy request denied in accel_only mode\n");
+@@ -325,6 +499,9 @@
+ 	new_request->http_ver = old_request->http_ver;
+ 	httpHeaderAppend(&new_request->header, &old_request->header);
+ 	new_request->client_addr = old_request->client_addr;
++#if FOLLOW_X_FORWARDED_FOR
++	new_request->indirect_client_addr = old_request->indirect_client_addr;
++#endif /* FOLLOW_X_FORWARDED_FOR */
+ 	new_request->my_addr = old_request->my_addr;
+ 	new_request->my_port = old_request->my_port;
+ 	new_request->flags.redirected = 1;
+@@ -3051,6 +3228,9 @@
+ 	    safe_free(http->log_uri);
+ 	    http->log_uri = xstrdup(urlCanonicalClean(request));
+ 	    request->client_addr = conn->peer.sin_addr;
++#if FOLLOW_X_FORWARDED_FOR
++	    request->indirect_client_addr = request->client_addr;
++#endif /* FOLLOW_X_FORWARDED_FOR */
+ 	    request->my_addr = conn->me.sin_addr;
+ 	    request->my_port = ntohs(conn->me.sin_port);
+ 	    request->http_ver = http->http_ver;
+Index: src/delay_pools.c
+--- src/delay_pools.c	19 Jun 2003 02:13:57 -0000	1.5.54.6
++++ src/delay_pools.c	23 Nov 2003 14:20:23 -0000
+@@ -318,6 +318,11 @@
+     r = http->request;
+ 
+     memset(&ch, '\0', sizeof(ch));
++#if FOLLOW_X_FORWARDED_FOR
++    if (Config.onoff.delay_pool_uses_indirect_client) {
++	ch.src_addr = r->indirect_client_addr;
++    } else
++#endif /* FOLLOW_X_FORWARDED_FOR */
+     ch.src_addr = r->client_addr;
+     ch.my_addr = r->my_addr;
+     ch.my_port = r->my_port;
+Index: src/structs.h
+*** src/structs.h.orig	Thu Feb 26 20:32:47 2004
+--- src/structs.h	Thu Feb 26 20:34:51 2004
+***************
+*** 594,599 ****
+--- 594,604 ----
+  	int pipeline_prefetch;
+  	int request_entities;
+  	int detect_broken_server_pconns;
++ #if FOLLOW_X_FORWARDED_FOR
++ 	int acl_uses_indirect_client;
++ 	int delay_pool_uses_indirect_client;
++ 	int log_uses_indirect_client;
++ #endif /* FOLLOW_X_FORWARDED_FOR */
+      } onoff;
+      acl *aclList;
+      struct {
+***************
+*** 615,620 ****
+--- 620,628 ----
+  	acl_access *reply;
+  	acl_address *outgoing_address;
+  	acl_tos *outgoing_tos;
++ #if FOLLOW_X_FORWARDED_FOR
++ 	acl_access *followXFF;
++ #endif /* FOLLOW_X_FORWARDED_FOR */
+      } accessList;
+      acl_deny_info_list *denyInfoList;
+      struct _authConfig {
+***************
+*** 1611,1616 ****
+--- 1619,1629 ----
+      unsigned int internal:1;
+      unsigned int body_sent:1;
+      unsigned int reset_tcp:1;
++ #if FOLLOW_X_FORWARDED_FOR
++     /* XXX this flag could be eliminated;
++      * see comments in clientAccessCheck */
++     unsigned int done_follow_x_forwarded_for;
++ #endif /* FOLLOW_X_FORWARDED_FOR */
+  };
+  
+  struct _link_list {
+***************
+*** 1657,1662 ****
+--- 1670,1678 ----
+      int max_forwards;
+      /* these in_addr's could probably be sockaddr_in's */
+      struct in_addr client_addr;
++ #if FOLLOW_X_FORWARDED_FOR
++     struct in_addr indirect_client_addr; /* after following X-Forwarded-For */
++ #endif /* FOLLOW_X_FORWARDED_FOR */
+      struct in_addr my_addr;
+      unsigned short my_port;
+      HttpHeader header;
+***************
+*** 1667,1672 ****
+--- 1683,1693 ----
+      char *peer_login;		/* Configured peer login:password */
+      time_t lastmod;		/* Used on refreshes */
+      const char *vary_headers;	/* Used when varying entities are detected. Changes how the store key is calculated */
++ #if FOLLOW_X_FORWARDED_FOR
++     /* XXX a list of IP addresses would be a better data structure
++      * than this String */
++     String x_forwarded_for_iterator;
++ #endif /* FOLLOW_X_FORWARDED_FOR */
+  };
+  
+  struct _cachemgr_passwd {
diff --git a/www/squid30/files/follow_xff-configure.patch b/www/squid30/files/follow_xff-configure.patch
new file mode 100644
index 000000000000..a0920813868d
--- /dev/null
+++ b/www/squid30/files/follow_xff-configure.patch
@@ -0,0 +1,52 @@
+!Patch configure directly to enable testing for the
+!--enable-follow-x-forwarding-for configuration option
+!instead of running configure.in through autoconf as in the
+!original follow-XFF patchset from devel.squid-cache.org.
+!Beware that all line number informations in configure.log greater
+!than 2972 are offset by -29 (correcting all line numbers would have
+!bloated the patch by 92kB!)
+--- configure.orig	Tue Mar  2 10:18:14 2004
++++ configure	Tue Mar  2 10:18:56 2004
+@@ -222,6 +222,12 @@
+                           variance within an accelerator setup.
+                           Typically used together with other code
+                           that adds custom HTTP headers to the requests."
++ac_help="$ac_help
++  --enable-follow-x-forwarded-for
++                          Enable support for following the X-Forwarded-For
++                          HTTP header to try to find the IP address of the
++                          original or indirect client when a request has
++                          been forwarded through other proxies."
+ 
+ # Initialize some variables set by options.
+ # The variables have the same names as the options, with
+@@ -2966,6 +2972,29 @@
+ fi
+ 
+ 
++follow_xff=1
++# Check whether --enable-follow-x-forwarded-for or --disable-follow-x-forwarded-for was given.
++if test "${enable_follow_x_forwarded_for+set}" = set; then
++  enableval="$enable_follow_x_forwarded_for"
++   if test "$enableval" = "yes" ; then
++    echo "follow X-Forwarded-For enabled"
++    follow_xff=1
++  fi
++
++fi
++
++if test $follow_xff = 1; then
++    cat >> confdefs.h <<\EOF
++#define FOLLOW_X_FORWARDED_FOR 1
++EOF
++
++else
++    cat >> confdefs.h <<\EOF
++#define FOLLOW_X_FORWARDED_FOR 0
++EOF
++
++fi
++
+ # Force some compilers to use ANSI features
+ #
+ case "$host" in
diff --git a/www/squid30/files/patch-configure b/www/squid30/files/patch-configure
new file mode 100644
index 000000000000..2d6d233edac4
--- /dev/null
+++ b/www/squid30/files/patch-configure
@@ -0,0 +1,11 @@
+--- configure.orig	Tue Mar  2 11:29:57 2004
++++ configure	Tue Mar  2 11:30:34 2004
+@@ -2236,6 +2236,8 @@
+ 	    ;;
+ 	*-solaris-*)
+ 	    ;;
++	*-freebsd*)
++	    ;;
+ 	*)
+ 	    echo "WARNING: ARP ACL support probably won't work on $host."
+ 	    sleep 10
diff --git a/www/squid30/files/patch-helpers-basic_auth-SMB-smb_auth.sh b/www/squid30/files/patch-helpers-basic_auth-SMB-smb_auth.sh
new file mode 100644
index 000000000000..8115ac0b7938
--- /dev/null
+++ b/www/squid30/files/patch-helpers-basic_auth-SMB-smb_auth.sh
@@ -0,0 +1,13 @@
+*** helpers/basic_auth/SMB/smb_auth.sh.orig	Thu Feb 26 20:58:22 2004
+--- helpers/basic_auth/SMB/smb_auth.sh	Thu Feb 26 20:59:45 2004
+***************
+*** 17,22 ****
+--- 17,24 ----
+  # along with this program; if not, write to the Free Software
+  # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+  
++ SAMBAPREFIX=${SAMBAPREFIX:-/usr/local/bin}
++ 
+  read DOMAINNAME
+  read PASSTHROUGH
+  read NMBADDR
diff --git a/www/squid30/files/squid.sh b/www/squid30/files/squid.sh
index ec92a10bc3fc..5fbf1f3d24ba 100644
--- a/www/squid30/files/squid.sh
+++ b/www/squid30/files/squid.sh
@@ -8,15 +8,13 @@
 # KEYWORD: FreeBSD
 # 
 # Note:
-# If you are running an rcNG-System (i.e. FreeBSD 5 and later or after
-# having installed the rc_subr-port on an earlier system) you must set
+# If you are running an rcNG-System (i.e. FreeBSD 5 and later) you need to set
 # "squid_enable=YES" in either /etc/rc.conf, /etc/rc.conf.local or
 # /etc/rc.conf.d/squid to make this script actually do something. There
 # you can also set squid_chdir, squid_user, and squid_flags.
 #
 # Please see squid(8), rc.conf(5) and rc(8) for further details.
 
-unset rcNG
 name="squid"
 command=%%PREFIX%%/sbin/squid
 extra_commands=reload
@@ -28,26 +26,22 @@ stop_cmd="${command} -k shutdown"
 default_config=%%PREFIX%%/etc/squid/squid.conf
 
 if [ -f /etc/rc.subr ]; then
-	. /etc/rc.subr && rcNG=yes
-else
-	if [ -f %%PREFIX%%/etc/rc.subr ]; then
-		. %%PREFIX%%/etc/rc.subr && rcNG=yes
-	fi
-fi
-
-if [ "${rcNG}" ]; then
+	# make use of rcNG features:
+	. /etc/rc.subr
 	rcvar=`set_rcvar`
 	load_rc_config ${name}
-	# check that squid's default configuration is present when
-	# squid_flags is not set. We assume that you specify at
-	# least the path to your non-default configuration with
-	# '-f /path/to/config.file' in squid_flags if you delete this file.
+	# squid(8) will not start if ${default_config} is not present so try
+	# to catch that beforehand via ${required_files} rather than make
+	# squid(8) crash.
+	# If you remove the default configuration file make sure to add
+	# '-f /path/to/your/squid.conf' to squid_flags
 	if [ -z "${squid_flags}" ]; then
 		required_files=${default_config}
 	fi
 	required_dirs=${squid_chdir}
 	run_rc_command "$1"
 else
+	# implement the startup using the "old style" for non-rcNG-systems:
 	case $1 in
 	start)
 		if [ -x "${command}" -a \
diff --git a/www/squid30/pkg-install b/www/squid30/pkg-install
index ed7fd6d9c992..35a034c778ce 100644
--- a/www/squid30/pkg-install
+++ b/www/squid30/pkg-install
@@ -9,16 +9,19 @@ squid_base=${PKG_PREFIX:-/usr/local}/squid
 squid_confdir=${PKG_PREFIX:-/usr/local}/etc/squid
 squid_user=${SQUID_USER:=squid}
 squid_group=${SQUID_GROUP:=squid}
-squid_gid=3128
-squid_uid=3128
-
+squid_gid=100
+squid_uid=100
+# Try to catch the case where the $squid_user might have been created with an
+# id greater than or equal 3128. The valid exception is "nobody".
+nobody_uid=65534
+nobody_gid=65534
+squid_oldgid=3128
+squid_olduid=3128
+unset wrong_id
 case $2 in
 PRE-INSTALL)
 	echo "===> Pre-installation configuration for ${pkgname}"
 	if ! pw groupshow ${squid_group} -q >/dev/null ; then
-		while pw groupshow -g ${squid_gid} -q >/dev/null; do
-			squid_gid=`expr ${squid_gid} + 1`
-		done
 		echo "There is no group '${squid_group}' on this system, so I will try to create it:"
 		if ! pw groupadd ${squid_group} -g ${squid_gid} -q ; then
 			echo "Failed to create group \"${squid_group}\"!" >&2
@@ -29,12 +32,15 @@ PRE-INSTALL)
 		fi
 	else
 		echo "I will use the existing group '${squid_group}':"
+		current_gid=`pw groupshow ${squid_group}|cut -f 3 -d :`
+		if [ ${current_gid} -ge ${squid_oldgid} \
+		    -a ${current_gid} -ne ${nobody_gid} ]; then
+			wrong_id=1
+		fi	
 	fi
 	pw groupshow ${squid_group}
+
 	if ! pw usershow ${squid_user} -q >/dev/null ; then
-		while pw usershow -u ${squid_uid} -q >/dev/null; do
-			squid_uid=`expr ${squid_uid} + 1`
-		done
 		echo "There is no account '${squid_user}' on this system, so I will try to create it:"
 		if ! pw useradd ${squid_user} -u ${squid_uid} -q \
 	  	    -c "squid caching-proxy pseudo user" -g ${squid_group} \
@@ -47,8 +53,53 @@ PRE-INSTALL)
 		fi
 	else
 		echo "I will use the existing user '${squid_user}':"
+		current_uid=`id -u ${squid_user}`
+		if [ ${current_uid} -ge ${squid_olduid} \
+		    -a ${current_uid} -ne ${nobody_uid} ];
+		then
+			wrong_id=1
+		fi
 	fi
 	pw usershow ${squid_user}
+	if [ "${wrong_id}" ]; then
+		echo ""
+		echo " * NOTICE *"
+		echo ""
+		echo "The squid pseudo-user's uid and/or gid have been found"
+		echo "to be greater than or equal 3128."
+		echo ""
+		echo "This is not a problem as such, but violates the FreeBSD"
+		echo "ports' principle that a ports must not claim a uid greater"
+		echo "than 999."
+		echo ""
+		echo "Since version 2.5.4_11, the squid user is thus created"
+		echo "with an id of ${squid_uid}:${squid_gid} while earlier versions of this"
+		echo "port used the first unused uid/gid greater than or"
+		echo "equal 3128."
+		echo ""
+		echo "If you want to change the existing squid user's id, run"
+		echo "'make changeuser' after the installation has completed."
+		echo "If you installed this port via a package, issue the"
+		echo "following commands as root:"
+		echo ""
+		echo "pw userdel -u ${current_uid}"
+		echo "pw groupadd -n ${squid_group} -g ${squid_gid}"
+		echo "pw useradd -n ${squid_user} -u ${squid_uid} \\"
+		echo "    -c \"squid caching-proxy pseudo user\" \\"
+		echo "    -g ${squid_group} -d ${squid_base} -s /sbin/nologin \\"
+		echo "    -h -"
+		echo "find -H ${PKG_PREFIX} -user ${current_uid} -exec chown ${squid_user} {} \\;"
+		echo "find -H ${PKG_PREFIX} -group ${current_gid} -exec chgrp ${squid_group} {} \\;"
+		echo ""
+		echo "In case you have installed third party software for squid"
+		echo "like squidGuard, you should additionally run:"
+		echo "find -H /var -user ${current_uid} -exec chown ${squid_user} {} \\;"
+		echo "find -H /var -group ${current_gid} -exec chgrp ${squid_group} {} \\;"
+		echo ""
+		if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
+			sleep 30
+		fi
+	fi
 	for dir in cache logs; do
 	if [ ! -d ${squid_base}/${dir} ]; then
 		echo "Creating ${squid_base}/${dir}..."
author	Sergei Kolobov <sergei@FreeBSD.org>	2004-03-17 07:06:46 +0000
committer	Sergei Kolobov <sergei@FreeBSD.org>	2004-03-17 07:06:46 +0000
commit	a0c6cf9fc487d7411215bd26244da5cacab079b3 (patch)
tree	7e482a5d8fa0b8cd2433192ead17b7871299f520 /www/squid30
parent	2c0949bf8ea2a1d82e2c9995ade35dd2f6e0e7fc (diff)
download	ports-a0c6cf9fc487d7411215bd26244da5cacab079b3.tar.gz ports-a0c6cf9fc487d7411215bd26244da5cacab079b3.zip