www/squid3: copy from www/squid and add PKGNAMESUFFIX

PR:		229601
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)

www/Makefile

@@ -2263,6 +2263,7 @@
     SUBDIR += spreadlogd
     SUBDIR += sqstat
     SUBDIR += squid
+    SUBDIR += squid3
     SUBDIR += squid-devel
     SUBDIR += squid_radius_auth
     SUBDIR += squidanalyzer

www/squid3/Makefile

@@ -0,0 +1,314 @@
+# $FreeBSD$
+
+PORTNAME=	squid
+PORTVERSION=	3.5.27
+PORTREVISION=	3
+CATEGORIES=	www ipv6
+MASTER_SITES=	http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
+		http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
+		http://www1.at.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
+		http://www.eu.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
+		http://www1.jp.squid-cache.org/Versions/v3/${PORTVERSION:R}/
+PKGNAMESUFFIX=  3
+DIST_SUBDIR=	squid${PORTVERSION:R}
+
+PATCH_SITES=	http://www.squid-cache.org/%SUBDIR%/ \
+		http://www2.us.squid-cache.org/%SUBDIR%/ \
+		http://www1.at.squid-cache.org/%SUBDIR%/ \
+		http://www.eu.squid-cache.org/%SUBDIR%/ \
+		http://www1.jp.squid-cache.org/%SUBDIR%/ \
+		http://master.squid-cache.org/~amosjeffries/patches/:nosid
+PATCH_SITE_SUBDIR=	Versions/v3/${PORTVERSION:R}/changesets
+
+MAINTAINER=	timp87@gmail.com
+COMMENT=	HTTP Caching Proxy
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+CONFLICTS=	squid*-4.*
+
+BROKEN_powerpc64=	Does not build: error: unrecognizable insn
+
+USES=		compiler cpe perl5 shebangfix tar:xz
+CPE_VENDOR=	squid-cache
+SHEBANG_FILES=	scripts/*.pl contrib/*.pl src/*.pl tools/*.pl \
+		helpers/ssl/cert_valid.pl
+GNU_CONFIGURE=	yes
+USE_RC_SUBR=	squid
+
+USERS=		squid
+GROUPS=		squid
+
+MYDOCS=		QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
+PORTDOCS=	${MYDOCS:T}
+PORTEXAMPLES=	*
+SUB_FILES+=	pkg-install pkg-message
+
+OPTIONS_SUB=	yes
+OPTIONS_GROUP=	AUTH
+OPTIONS_RADIO=	FW
+OPTIONS_GROUP_AUTH=AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SMB AUTH_SQL
+OPTIONS_RADIO_FW=TP_IPF TP_IPFW TP_PF
+OPTIONS_DEFINE=	ARP_ACL CACHE_DIGESTS DEBUG DELAY_POOLS DOCS ECAP ESI EXAMPLES \
+		FOLLOW_XFF FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 \
+		KQUEUE LARGEFILE LAX_HTTP NETTLE PCRE SNMP SSL SSL_CRTD \
+		STACKTRACES VIA_DB WCCP WCCPV2
+
+OPTIONS_SINGLE=	GSSAPI
+OPTIONS_SINGLE_GSSAPI=	GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
+
+OPTIONS_DEFAULT=ARP_ACL AUTH_NIS CACHE_DIGESTS DELAY_POOLS FOLLOW_XFF FS_AUFS \
+		FS_DISKD FS_ROCK GSSAPI_BASE HTCP ICAP ICMP IDENT KQUEUE \
+		LARGEFILE LAX_HTTP PCRE SNMP SSL SSL_CRTD TP_IPFW VIA_DB WCCP \
+		WCCPV2
+
+ARP_ACL_CONFIGURE_ENABLE=	eui
+AUTH_LDAP_CFLAGS=		-I${LOCALBASE}/include
+AUTH_LDAP_LDFLAGS=		-L${LOCALBASE}/lib
+AUTH_LDAP_USE=			OPENLDAP=yes
+AUTH_LDAP_VARS=			BASIC_AUTH+=LDAP EXTERNAL_ACL+=LDAP_group
+AUTH_SASL_CFLAGS=		-I${LOCALBASE}/include
+AUTH_SASL_CPPFLAGS=		-I${LOCALBASE}/include
+AUTH_SASL_LDFLAGS=		-L${LOCALBASE}/lib
+AUTH_SASL_LIB_DEPENDS=		libsasl2.so:security/cyrus-sasl2
+AUTH_SASL_VARS=			BASIC_AUTH+=SASL
+AUTH_SMB_USES=			samba:run
+AUTH_SMB_VARS=			BASIC_AUTH+=SMB EXTERNAL_ACL+=wbinfo_group
+AUTH_SQL_RUN_DEPENDS=		p5-DBI>=1.08:databases/p5-DBI
+AUTH_SQL_VARS=			EXTERNAL_ACL+=SQL_session
+CACHE_DIGESTS_CONFIGURE_ENABLE=	cache-digests
+DELAY_POOLS_CONFIGURE_ENABLE=	delay-pools
+ECAP_CFLAGS=			-I${LOCALBASE}/include
+ECAP_CONFIGURE_ENABLE=		ecap
+ECAP_LDFLAGS=			-L${LOCALBASE}/lib
+ECAP_LIB_DEPENDS=		libecap.so:www/libecap
+ECAP_USES=			pkgconfig:build
+ESI_CFLAGS=			-I${LOCALBASE}/include -I${LOCALBASE}/include/libxml2
+ESI_CONFIGURE_ENABLE=		esi
+ESI_LDFLAGS=			-L${LOCALBASE}/lib
+ESI_LIB_DEPENDS=		libexpat.so:textproc/expat2 \
+				libxml2.so:textproc/libxml2
+FOLLOW_XFF_CONFIGURE_ENABLE=	follow-x-forwarded-for
+HTCP_CONFIGURE_ENABLE=		htcp
+ICAP_CONFIGURE_ENABLE=		icap-client
+ICMP_CONFIGURE_ENABLE=		icmp
+IDENT_CONFIGURE_ENABLE=		ident-lookups
+IPV6_CONFIGURE_ENABLE=		ipv6
+KQUEUE_CONFIGURE_ENABLE=	kqueue
+LARGEFILE_CONFIGURE_WITH=	large-files
+LAX_HTTP_CONFIGURE_ENABLE=	http-violations
+FS_AUFS_VARS=			STORAGE_SCHEMES+=aufs DISKIO_MODULES+=DiskThreads
+FS_AUFS_LDFLAGS=		-pthread
+FS_AUFS_CONFIGURE_OFF=		--without-pthreads
+FS_DISKD_VARS=			STORAGE_SCHEMES+=diskd DISKIO_MODULES+=DiskDaemon
+FS_ROCK_VARS=			STORAGE_SCHEMES+=rock
+NETTLE_LIB_DEPENDS=		libnettle.so:security/nettle
+NETTLE_CONFIGURE_OFF=		--without-nettle
+PCRE_LIB_DEPENDS=		libpcre.so:devel/pcre
+PCRE_CPPFLAGS=			-I${LOCALBASE}/include
+PCRE_LDFLAGS=			-L${LOCALBASE}/lib -lpcreposix -lpcre
+SNMP_CONFIGURE_ENABLE=		snmp
+SSL_CONFIGURE_ENABLE=		ssl
+SSL_CONFIGURE_ON=		--with-openssl=${OPENSSLBASE} \
+				LIBOPENSSL_CFLAGS=-I${OPENSSLINC} \
+				LIBOPENSSL_LIBS="-lcrypto -lssl"
+SSL_USES=			ssl
+SSL_VARS=			BROKEN_SSL=openssl-devel
+SSL_CRTD_CONFIGURE_ENABLE=	ssl-crtd
+SSL_CRTD_IMPLIES=		SSL
+STACKTRACES_CONFIGURE_ENABLE=	stacktraces
+STACKTRACES_EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gen-stacktrace
+STACKTRACES_LIB_DEPENDS=	libunwind.so:devel/libunwind
+STACKTRACES_CONFIGURE_ON=	--disable-strict-error-checking
+STACKTRACES_CFLAGS=		-g
+STACKTRACES_LDFLAGS=		-lunwind -L${LOCALBASE}/lib
+STACKTRACES_VARS=		strip=""
+TP_IPFW_CONFIGURE_ENABLE=	ipfw-transparent
+TP_IPF_CONFIGURE_ENABLE=	ipf-transparent
+TP_PF_CONFIGURE_ENABLE=		pf-transparent
+TP_PF_CONFIGURE_WITH=		nat-devpf
+VIA_DB_CONFIGURE_ENABLE=	forw-via-db
+WCCPV2_CONFIGURE_ENABLE=	wccpv2
+WCCP_CONFIGURE_ENABLE=		wccp
+
+GSSAPI_NONE_CONFIGURE_ON=	--without-heimdal-krb5 \
+				--without-mit-krb5 \
+				--without-gss
+
+GSSAPI_BASE_USES=		gssapi
+GSSAPI_BASE_CONFIGURE_ON=	--with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+GSSAPI_BASE_PLIST_SUB=		AUTH_KERB=""
+
+GSSAPI_HEIMDAL_USES=		gssapi:heimdal
+GSSAPI_HEIMDAL_CONFIGURE_ON=	--with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+GSSAPI_HEIMDAL_PLIST_SUB=	AUTH_KERB=""
+
+GSSAPI_MIT_USES=		gssapi:mit
+GSSAPI_MIT_CONFIGURE_ON=	--with-mit-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+GSSAPI_MIT_PLIST_SUB=		AUTH_KERB=""
+
+# TODO:
+# add an option for external_acl/session (requires some kind of external
+# Berkeley DB support, unsure which one)
+ARP_ACL_DESC=		ARP/MAC/EUI based authentification
+AUTH_DESC=		Authentication helpers
+AUTH_LDAP_DESC=		Install LDAP authentication helpers
+AUTH_NIS_DESC=		Install NIS/YP authentication helpers
+AUTH_SASL_DESC=		Install SASL authentication helpers
+AUTH_SMB_DESC=		Samba authentication helpers
+AUTH_SQL_DESC=		Install SQL based auth
+CACHE_DIGESTS_DESC=	Use cache digests
+DEBUG_DESC=		Build with extended debugging support
+DELAY_POOLS_DESC=	Delay pools (bandwidth limiting)
+ECAP_DESC=		Loadable content adaptation modules
+ESI_DESC=		ESI support
+FOLLOW_XFF_DESC=	Support for the X-Following-For header
+FS_AUFS_DESC=		AUFS (threaded-io) support
+FS_DISKD_DESC=		DISKD storage engine controlled by separate service
+FS_ROCK_DESC=		ROCK storage engine
+HTCP_DESC=		HTCP support
+ICAP_DESC=		the ICAP client
+ICMP_DESC=		ICMP pinging and network measurement
+IDENT_DESC=		Ident lookups (RFC 931)
+KQUEUE_DESC=		Kqueue(2) support
+LARGEFILE_DESC=		Support large (>2GB) cache and log files
+NETTLE_DESC=		Nettle MD5 algorithm support
+SNMP_DESC=		SNMP support
+SSL_CRTD_DESC=		Use ssl_crtd to handle SSL cert requests
+SSL_DESC=		SSL gatewaying support
+STACKTRACES_DESC=	Enable automatic backtraces on fatal errors
+LAX_HTTP_DESC=		Do not enforce strict HTTP compliance
+TP_IPFW_DESC=		Transparent proxying with IPFW
+TP_IPF_DESC=		Transparent proxying with IPFilter
+TP_PF_DESC=		Transparent proxying with PF
+VIA_DB_DESC=		Forward/Via database
+WCCPV2_DESC=		Web Cache Coordination Protocol v2
+WCCP_DESC=		Web Cache Coordination Protocol
+
+change_files=	ChangeLog \
+		contrib/nextstep/makepkg \
+		contrib/nextstep/post_install \
+		errors/Makefile.am \
+		errors/Makefile.in \
+		helpers/basic_auth/SMB_LM/README.html \
+		src/Makefile.am \
+		src/Makefile.in \
+		src/cf_gen.cc \
+		src/squid.8.in \
+		test-suite/Makefile.in \
+		tools/Makefile.am \
+		tools/Makefile.in
+
+.if !defined(SQUID_CONFIGURE_ARGS) \
+	|| ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == ""
+PLIST_SUB+=	UNLINKD=""
+.else
+PLIST_SUB+=	UNLINKD="@comment "
+.endif
+
+CONFIGURE_ARGS=	--with-default-user=squid \
+		--bindir=${PREFIX}/sbin \
+		--sbindir=${PREFIX}/sbin \
+		--datadir=${ETCDIR} \
+		--libexecdir=${PREFIX}/libexec/squid \
+		--localstatedir=/var \
+		--sysconfdir=${ETCDIR} \
+		--with-logdir=/var/log/squid \
+		--with-pidfile=/var/run/squid/squid.pid \
+		--with-swapdir=/var/squid/cache \
+		--without-gnutls \
+		--enable-auth \
+		--enable-zph-qos \
+		--enable-build-info \
+		--enable-loadable-modules \
+		--enable-removal-policies="lru heap" \
+		--disable-epoll \
+		--disable-linux-netfilter \
+		--disable-linux-tproxy \
+		--disable-translation \
+		--disable-arch-native
+
+.include <bsd.port.options.mk>
+
+# Authentication methods and modules:
+
+BASIC_AUTH+=	DB SMB_LM MSNT-multi-domain NCSA PAM POP3 RADIUS fake getpwnam
+EXTERNAL_ACL+=	file_userip time_quota unix_group
+
+# POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
+.if ${PORT_OPTIONS:MAUTH_NIS} && !defined(NO_NIS) && !defined(WITHOUT_NIS)
+BASIC_AUTH+=	NIS
+.endif
+
+# POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
+.if ${PORT_OPTIONS:MGSSAPI_NONE} || defined(NO_KERBEROS) || defined(WITHOUT_KERBEROS)
+NEGOTIATE_AUTH=	none
+PLIST_SUB+=	AUTH_KERB="@comment "
+.else
+
+# The kerberos_ldap_group external helper also depends on LDAP and SASL:
+. if ${PORT_OPTIONS:MAUTH_LDAP} && ${PORT_OPTIONS:MAUTH_SASL}
+EXTERNAL_ACL+=	kerberos_ldap_group
+. endif
+NEGOTIATE_AUTH=	kerberos wrapper
+.endif
+
+# Storage schemes
+STORAGE_SCHEMES+=	ufs
+DISKIO_MODULES+=	AIO Blocking IpcIo Mmapped
+
+CONFIGURE_ARGS+=	--enable-auth-basic="${BASIC_AUTH}" \
+			--enable-auth-digest="file" \
+			--enable-external-acl-helpers="${EXTERNAL_ACL}" \
+			--enable-auth-negotiate="${NEGOTIATE_AUTH}" \
+			--enable-auth-ntlm="fake smb_lm" \
+			--enable-storeio="${STORAGE_SCHEMES}" \
+			--enable-disk-io="${DISKIO_MODULES}" \
+			--enable-log-daemon-helpers="file" \
+			--enable-url-rewrite-helpers="fake" \
+			--enable-storeid-rewrite-helpers="file"
+
+# Other options set via 'make config':
+
+.if ${PORT_OPTIONS:MDEBUG} || defined(WITH_DEBUG)
+CONFIGURE_ARGS+=	--disable-optimizations --enable-debug-cbdata
+WITH_DEBUG?=		yes
+.endif
+
+# Finally, add additional user specified configuration options:
+CONFIGURE_ARGS+=	${SQUID_CONFIGURE_ARGS}
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \
+		${WRKSRC}/src/cf.data.pre
+	@(cd ${WRKSRC} && ${REINPLACE_CMD} \
+		-e 's|\.conf\.default|.conf.sample|' \
+		-e 's|)\.default|).sample|' \
+		${change_files})
+	@(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample)
+
+post-patch-IPV6-off:
+	@${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \
+		-e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \
+		-e's/ 2001:DB8::a:0\/64//' \
+		-e'/tcp_outgoing_address 2001:db8::c001 good_service_net/d' \
+		-e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \
+		-e'/tcp_outgoing_address 2001:db8::1/d' \
+		${WRKSRC}/src/cf.data.pre
+
+post-install:
+	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/helpers/basic_auth/DB/passwd.sql \
+		${STAGEDIR}${EXAMPLESDIR}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	(cd ${WRKSRC} && ${INSTALL_DATA} ${MYDOCS} ${STAGEDIR}${DOCSDIR})
+
+.include <bsd.port.pre.mk>
+
+.if ${CHOSEN_COMPILER_TYPE} == clang
+CXXFLAGS+=	-Wno-unknown-warning-option
+CXXFLAGS+=	-Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess
+.endif
+
+.include <bsd.port.post.mk>

www/squid3/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1479930399
+SHA256 (squid3.5/squid-3.5.27.tar.xz) = 5ddb4367f2dc635921f9ca7a59d8b87edb0412fa203d1543393ac3c7f9fef0ec
+SIZE (squid3.5/squid-3.5.27.tar.xz) = 2303468

www/squid3/files/extra-patch-gen-stacktrace

@@ -0,0 +1,62 @@
+--- src/tools.cc.orig	2014-10-31 12:36:43.000000000 +0300
++++ src/tools.cc	2014-11-21 14:11:25.000000000 +0300
+@@ -71,6 +71,13 @@
+ #include <errno.h>
+ #endif
+ 
++#if PRINT_STACK_TRACE
++#ifdef __FreeBSD__
++#define UNW_LOCAL_ONLY
++#include <libunwind.h>
++#endif
++#endif
++
+ #define DEAD_MSG "\
+ The Squid Cache (version %s) died.\n\
+ \n\
+@@ -411,6 +418,45 @@
+     }
+ 
+ #endif
++#ifdef __FreeBSD__
++    do {
++	unw_context_t unw_ctx;
++	unw_cursor_t unw_cp;
++	unw_word_t sp, ip, off;
++	int rc = 0;
++	char procname[256];
++	size_t frame;
++
++	bzero((void *)&unw_ctx, sizeof(unw_ctx));
++	bzero((void *)&unw_cp, sizeof(unw_cp));
++
++	if ((rc = unw_getcontext(&unw_ctx))) {
++            fprintf(debug_log, "Failed to trace own stack: "
++		    "unw_context() said '%s'.\n", unw_strerror(rc));
++	    break;
++	}
++	if ((rc = unw_init_local(&unw_cp, &unw_ctx))) {
++            fprintf(debug_log, "Failed to trace own stack: "
++		    "unw_init_local() said '%s'.\n", unw_strerror(rc));
++	    break;
++	}
++	frame = 0;
++	fprintf(debug_log, "Backtrace follows (deepest frame first):\n");
++	while ((rc = unw_step(&unw_cp)) > 0) {
++	    frame++;
++	    ip = 0; sp = 0;
++	    unw_get_reg(&unw_cp, UNW_REG_IP, &ip);
++	    unw_get_reg(&unw_cp, UNW_REG_SP, &sp);
++	    off = 0;
++	    rc = unw_get_proc_name(&unw_cp, procname, sizeof(procname), &off);
++	    if (rc)
++		snprintf (procname, sizeof(procname), "[unknown]");
++	    fprintf(debug_log, "#%zd: %s + 0x%zx, ip = 0x%zx, sp = 0x%zx\n",
++		    frame, procname, (size_t)off, (size_t)ip, (size_t)sp);
++	}
++	fprintf(debug_log, "Use addr2line of similar to translate offsets to line information.\n");
++    } while (0);
++#endif /* __FreeBSD__ */
+ #endif /* PRINT_STACK_TRACE */
+ 
+ #if SA_RESETHAND == 0 && !_SQUID_WINDOWS_

www/squid3/files/patch-compat_compat.h

@@ -0,0 +1,20 @@
+--- compat/compat.h.orig	2015-11-01 10:44:25 UTC
++++ compat/compat.h
+@@ -42,17 +42,6 @@
+ #endif
+ #endif
+ 
+-/* Solaris 10 has a broken definition for minor_t in IPFilter compat.
+- * We must pre-define before doing anything with OS headers so the OS
+- * do not. Then un-define it before using the IPFilter *_compat.h headers.
+- */
+-#if IPF_TRANSPARENT && USE_SOLARIS_IPFILTER_MINOR_T_HACK
+-/* But we only need do this nasty thing for src/ip/Intercept.cc */
+-#if BUILDING_SQUID_IP_INTERCEPT_CC
+-#define minor_t solaris_minor_t_fubar
+-#endif
+-#endif
+-
+ /*****************************************************/
+ /* FDSETSIZE is messy and needs to be done before    */
+ /* sys/types.h are defined.                          */

www/squid3/files/patch-compat_shm.cc

@@ -0,0 +1,11 @@
+--- compat/shm.cc.orig	2015-11-01 10:44:25 UTC
++++ compat/shm.cc
+@@ -29,6 +29,8 @@ shm_portable_segment_name_is_path()
+     size_t len = sizeof(jailed);
+     ::sysctlbyname("security.jail.jailed", &jailed, &len, NULL, 0);
+     return !jailed;
++#elif defined (__DragonFly__)
++    return true;
+ #else
+     return false;
+ #endif

www/squid3/files/patch-configure

@@ -0,0 +1,82 @@
+--- configure.orig	2015-11-01 10:46:19 UTC
++++ configure
+@@ -32038,7 +32040,7 @@ done
+ ##
+ 
+ BUILD_HELPER="NIS"
+-for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h crypt.h
++for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h rpcsvc/crypt.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
+@@ -32053,8 +32055,10 @@ if eval test \"x\$"$as_ac_Header"\" = x"
+ #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+ _ACEOF
+ 
+-else
+-  BUILD_HELPER=""
++# XXX: On FreeBSD we have to do this to make NIS work
++# until https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188247
++# is resolved.
++  BUILD_HELPER="NIS"
+ fi
+ 
+ done
+@@ -32519,7 +32523,7 @@ done
+ 
+   # unconditionally requires crypt(3), for now
+   if test "x$ac_cv_func_crypt" != "x"; then
+-    for ac_header in unistd.h crypt.h shadow.h
++    for ac_header in unistd.h rpcsvc/crypt.h shadow.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+@@ -34574,7 +34578,7 @@ for ac_header in \
+   arpa/nameser.h \
+   assert.h \
+   bstring.h \
+-  crypt.h \
++  rpcsvc/crypt.h \
+   ctype.h \
+   direct.h \
+   errno.h \
+@@ -34785,6 +34789,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
+ #include <netinet/ip.h>
+ #endif
+ #if HAVE_NETINET_IP_COMPAT_H
++#include <net/if.h>	/* IFNAMSIZ */
+ #include <netinet/ip_compat.h>
+ #endif
+ #if HAVE_NETINET_IP_FIL_H
+@@ -38773,6 +38778,7 @@ if test "x$enable_ipf_transparent" != "x
+ #     include <sys/ioccom.h>
+ #     include <netinet/in.h>
+ 
++#     include <net/if.h>	/* IFNAMSIZ */
+ #     include <netinet/ip_compat.h>
+ #     include <netinet/ip_fil.h>
+ #     include <netinet/ip_nat.h>
+@@ -38803,6 +38809,7 @@ else
+ #       include <sys/ioccom.h>
+ #       include <netinet/in.h>
+ #undef minor_t
++#       include <net/if.h>	/* IFNAMSIZ */
+ #       include <netinet/ip_compat.h>
+ #       include <netinet/ip_fil.h>
+ #       include <netinet/ip_nat.h>
+@@ -38847,6 +38854,7 @@ _ACEOF
+ 	ip_fil_compat.h \
+ 	ip_fil.h \
+ 	ip_nat.h \
++	net/if.h \
+ 	netinet/ip_compat.h \
+ 	netinet/ip_fil_compat.h \
+ 	netinet/ip_fil.h \
+@@ -38876,6 +38884,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
+ #if HAVE_IP_COMPAT_H
+ #include <ip_compat.h>
+ #elif HAVE_NETINET_IP_COMPAT_H
++#include <net/if.h>	/* IFNAMSIZ */
+ #include <netinet/ip_compat.h>
+ #endif
+ #if HAVE_IP_FIL_H

www/squid3/files/patch-src-cf.data.pre

@@ -0,0 +1,13 @@
+--- src/cf.data.pre.orig	2015-11-01 10:44:25 UTC
++++ src/cf.data.pre
+@@ -4558,6 +4558,10 @@ DEFAULT: @DEFAULT_PID_FILE@
+ LOC: Config.pidFilename
+ DOC_START
+ 	A filename to write the process-id to.  To disable, enter "none".
++
++	Note: If you change this setting, you need to set squid_pidfile
++	in /etc/rc.conf to reflect the new value. Please see
++	/usr/local/etc/rc.d/squid for details.
+ DOC_END
+ 
+ NAME: client_netmask

www/squid3/files/patch-src_DiskIO_Mmapped_MmappedFile.cc

@@ -0,0 +1,11 @@
+--- src/DiskIO/Mmapped/MmappedFile.cc.orig	2015-11-01 10:44:25 UTC
++++ src/DiskIO/Mmapped/MmappedFile.cc
+@@ -235,7 +235,7 @@ Mmapping::map()
+     static const int pageSize = getpagesize();
+     delta = offset % pageSize;
+ 
+-    buf = mmap(NULL, length + delta, prot, flags, fd, offset - delta);
++    buf = mmap(NULL, length + delta, prot, flags | MAP_NOSYNC, fd, offset - delta);
+ 
+     if (buf == MAP_FAILED) {
+         const int errNo = errno;

www/squid3/files/patch-src__ip__Intercept.cc

@@ -0,0 +1,15 @@
+--- src/ip/Intercept.cc.orig	2015-11-01 10:44:25 UTC
++++ src/ip/Intercept.cc
+@@ -202,10 +202,10 @@ Ip::Intercept::IpfInterception(const Com
+     // for NAT lookup set local and remote IP:port's
+     if (newConn->remote.isIPv6()) {
+ #if IPFILTER_VERSION < 5000003
+-        // warn once every 10 at critical level, then push down a level each repeated event
++        // warn once every million at critical level, then push down a level each repeated event
+         static int warningLevel = DBG_CRITICAL;
+         debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
+-        warningLevel = (warningLevel + 1) % 10;
++        warningLevel = (warningLevel + 1) % 1048576;
+         return false;
+ #else
+         natLookup.nl_v = 6;

www/squid3/files/patch-src_client__side__request.cc

@@ -0,0 +1,23 @@
+http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
+
+commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
+Author: squidadm <squidadm@users.noreply.github.com>
+Date:   2018-01-21 08:07:08 +1300
+
+    Fix indirect IP logging for transactions without a client connection (#129) (#136)
+
+--- src/client_side_request.cc.orig	2018-02-23 13:39:32 UTC
++++ src/client_side_request.cc
+@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *d
+         * Ensure that the access log shows the indirect client
+         * instead of the direct client.
+         */
+-        ConnStateData *conn = http->getConn();
+-        conn->log_addr = request->indirect_client_addr;
+-        http->al->cache.caddr = conn->log_addr;
++        http->al->cache.caddr = request->indirect_client_addr;
++        if (ConnStateData *conn = http->getConn())
++            conn->log_addr = request->indirect_client_addr;
+     }
+     request->x_forwarded_for_iterator.clean();
+     request->flags.done_follow_x_forwarded_for = true;

www/squid3/files/patch-src_esi_CustomParser.cc

@@ -0,0 +1,28 @@
+http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
+
+commit eb2db98a676321b814fc4a51c4fb7928a8bb45d9 (refs/remotes/origin/v3.5)
+Author: Amos Jeffries <yadij@users.noreply.github.com>
+Date:   2018-01-19 13:54:14 +1300
+
+    ESI: make sure endofName never exceeds tagEnd (#130)
+
+--- src/esi/CustomParser.cc.orig	2018-02-23 13:37:52 UTC
++++ src/esi/CustomParser.cc
+@@ -121,7 +121,7 @@ ESICustomParser::parse(char const *dataToParse, size_t
+ 
+             char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+ 
+-            if (endofName > tagEnd)
++            if (!endofName || endofName > tagEnd)
+                 endofName = const_cast<char *>(tagEnd);
+ 
+             *endofName = '\0';
+@@ -214,7 +214,7 @@ ESICustomParser::parse(char const *dataToParse, size_t
+ 
+             char * endofName = strpbrk(const_cast<char *>(tag), w_space);
+ 
+-            if (endofName > tagEnd)
++            if (!endofName || endofName > tagEnd)
+                 endofName = const_cast<char *>(tagEnd);
+ 
+             *endofName = '\0';

www/squid3/files/patch-src_ipc_mem_Segment.cc

@@ -0,0 +1,11 @@
+--- src/ipc/mem/Segment.cc.orig	2015-11-01 10:44:25 UTC
++++ src/ipc/mem/Segment.cc
+@@ -150,7 +150,7 @@ Ipc::Mem::Segment::attach()
+     assert(theSize == static_cast<off_t>(static_cast<size_t>(theSize)));
+ 
+     void *const p =
+-        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED, theFD, 0);
++        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_NOSYNC, theFD, 0);
+     if (p == MAP_FAILED) {
+         debugs(54, 5, HERE << "mmap " << theName << ": " << xstrerror());
+         fatalf("Ipc::Mem::Segment::attach failed to mmap(%s): %s\n",

www/squid3/files/patch-src_tools.cc

@@ -0,0 +1,11 @@
+--- src/tools.cc.orig	2015-11-01 10:44:25 UTC
++++ src/tools.cc
+@@ -635,7 +635,7 @@ no_suid(void)
+     uid = geteuid();
+     debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever");
+ 
+-    if (setuid(0) < 0)
++    if (setuid(0) < 0 && TheProcessKind != pkHelper)
+         debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerror());
+ 
+     if (setuid(uid) < 0)

www/squid3/files/pkg-install.in

@@ -0,0 +1,70 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+PATH=/bin:/usr/bin:/usr/sbin
+pkgname=$1
+squid_homedir="/var/squid"
+squid_cache_basedir="${squid_homedir}/cache"
+squid_confdir="${PKG_PREFIX:-%%PREFIX%%}/etc/squid"
+squid_logdir="/var/log/squid"
+# these are hardcoded, see /usr/ports/UIDs and /usr/ports/GIDs:
+squid_user=squid
+squid_group=squid
+squid_gid=100
+squid_uid=100
+case $2 in
+PRE-INSTALL)
+	echo "===> Pre-installation configuration for ${pkgname}"
+	;;
+POST-INSTALL)
+	# Since we usually start the Squid master process as ${squid_user}
+	# instead of root make sure that ${squid_homedir} is writable for it.
+	if [ ! -d ${squid_homedir} ]; then
+		echo "Creating ${squid_homedir}..."
+		install -d -o root -g ${squid_group} \
+		    -m 0775 ${squid_homedir}
+	else
+		chgrp ${squid_group} ${squid_homedir}
+		chmod g+w ${squid_homedir}
+	fi
+	if [ ! -d ${squid_cache_basedir} ]; then
+		echo "Creating ${squid_cache_basedir} ..."
+		install -d -o ${squid_user} -g ${squid_group} \
+		    -m 0750 ${squid_cache_basedir}
+	else
+		chown ${squid_user} ${squid_cache_basedir}
+		chgrp ${squid_group} ${squid_cache_basedir}
+		chmod 0750 ${squid_cache_basedir}
+	fi
+	if [ ! -d ${squid_confdir} ]; then
+		echo "Creating ${squid_confdir}..."
+		install -d -o root -g ${squid_group} \
+		    -m 0755 ${squid_confdir}
+	else
+		chgrp ${squid_group} ${squid_confdir}
+	fi
+	if [ ! -d ${squid_logdir} ]; then
+		echo "Creating ${squid_logdir}..."
+		install -d -o ${squid_user} -g ${squid_group} \
+		    -m 0750 ${squid_logdir}
+	else
+		chown ${squid_user} ${squid_logdir}
+		chgrp ${squid_group} ${squid_logdir}
+	fi
+	for file in cachemgr.conf errorpage.css mime.conf msntauth.conf squid.conf; do
+		if [ ! -f ${squid_confdir}/${file} \
+		    -a -f ${squid_confdir}/${file}.default ]; then
+			echo "Creating ${file} from default..."
+			install -c -o root -g ${squid_group} -m 0640 \
+		    	    ${squid_confdir}/${file}.default \
+			    ${squid_confdir}/${file}
+		fi
+	done
+	;;
+*)
+	exit 64
+	;;
+esac
+exit 0

www/squid3/files/pkg-message.in

@@ -0,0 +1,48 @@
+     o You can find the configuration files for this package in the
+       directory %%PREFIX%%/etc/squid.
+
+     o The default cache directory is /var/squid/cache/.
+       The default log directory is /var/log/squid/.
+
+       Note:
+       You must initialize new cache directories before you can start
+       squid.  Do this by running "squid -z" as 'root' or 'squid'.
+       If your cache directories are already initialized (e.g. after an
+       upgrade of squid) you do not need to initialize them again.
+
+     o When using DiskD storage scheme remember to read documentation:
+         http://wiki.squid-cache.org/Features/DiskDaemon
+       and alter your kern.ipc defaults in /boot/loader.conf. DiskD will not
+       work reliably without this. Last recomendations were:
+
+         kern.ipc.msgmnb=8192
+         kern.ipc.msgssz=64
+         kern.ipc.msgtql=2048
+
+     o The default configuration will deny everyone but the local host and
+       local networks as defined in RFC 1918 for IPv4 and RFCs 4193 and
+       4291 for IPv6 access to the proxy service.  Edit the "http_access
+       allow/deny" directives in %%PREFIX%%/etc/squid/squid.conf
+       to suit your needs.
+
+     o If AUTH_SQL option is set, please, don't forget to install one of
+       following perl modules depending on database you like:
+         databases/p5-DBD-mysql
+         databases/p5-DBD-Pg
+         databases/p5-DBD-SQLite
+
+     To enable Squid, set squid_enable=yes in either
+     /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid
+     Please see %%PREFIX%%/etc/rc.d/squid for further details.
+
+     Note:
+     If you just updated your Squid installation from an earlier version,
+     make sure to check your Squid configuration against the 3.4 default
+     configuration file %%PREFIX%%/etc/squid/squid.conf.sample.
+
+     %%PREFIX%%/etc/squid/squid.conf.documented is a fully annotated
+     configuration file you can consult for further reference.
+
+     Additionally, you should check your configuration by calling
+     'squid -f /path/to/squid.conf -k parse' before starting Squid.
+

www/squid3/files/squid.in

@@ -0,0 +1,158 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: squid
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Note:
+# Set "squid_enable=yes" in either /etc/rc.conf, /etc/rc.conf.local or
+# /etc/rc.conf.d/squid to activate Squid.
+#
+# Additional variables you can define in one of these files:
+#
+# squid_chdir:	the directory into which the rc system moves into before
+# 		starting Squid. Default: /var/squid
+#
+# squid_conf:	The configuration file that Squid should use.
+#		Default: %%PREFIX%%/etc/squid/squid.conf
+#
+# squid_fib:	The alternative routing table id that Squid should use.
+#		Default: none
+#		See setfib(1) for further details. Note that the setfib(2)
+#		system call is not available in FreeBSD versions prior to 7.1.
+#
+# squid_user:	The user id that should be used to run the Squid master
+#		process. Default: squid.
+#		Note that you probably need to define "squid_user=root" if
+#		you want to run Squid in reverse proxy setups or if you want
+#		Squid to listen on a "privileged" port < 1024.
+#
+# squid_pidfile:
+#		The name (including the full path) of the Squid
+#		master process' PID file.
+#		Default: /var/run/squid/squid.pid.
+#		You only need to change this if you changed the
+#		corresponding entry in your Squid configuration.
+#
+# squid_flags:	Additional commandline arguments for Squid you might want to
+#		use. See squid(8) for further details.
+#
+# squid_krb5_ktname:
+#		Alternative Kerberos 5 Key Table.
+#		Default: none
+#
+# squid_krb5_config:
+#		Alternative Kerberos 5 config file
+#		Default: none
+
+. /etc/rc.subr
+
+name=squid
+rcvar=squid_enable
+
+# Make sure that we invoke squid with "-f ${squid_conf}"; define this
+# variable early so reload_cmd and stop_precmd pick it up:
+
+extra_commands="reload configtest"
+reload_cmd=squid_reload
+start_precmd=squid_prestart
+start_postcmd=squid_getpid
+stop_precmd=squid_prestop
+configtest_cmd=squid_configtest
+reload_precmd=squid_configtest
+restart_precmd=squid_configtest
+
+# squid(8) will not start if ${squid_conf} is not present so try
+# to catch that beforehand via ${required_files} rather than make
+# squid(8) crash.
+
+squid_load_rc_config()
+{
+	: ${squid_chdir:=/var/squid}
+	: ${squid_conf:=%%PREFIX%%/etc/squid/squid.conf}
+	: ${squid_enable:=NO}
+	: ${squid_program:=%%PREFIX%%/sbin/squid}
+	: ${squid_pidfile:=/var/run/squid/squid.pid}
+	: ${squid_user:=squid}
+
+	required_args="-f ${squid_conf}"
+	required_dirs=$chdir
+	required_files=$squid_conf
+	command_args="${required_args} ${squid_flags}"
+	procname="?squid-*"
+	pidfile=$squid_pidfile
+}
+
+squid_prestart()
+{
+	# setup KRB5_KTNAME:
+	squid_krb5_ktname=${squid_krb5_ktname:-"NONE"}
+	if [ "${squid_krb5_ktname}" != "NONE" ]; then
+		export KRB5_KTNAME=${squid_krb5_ktname}
+	fi
+
+	# setup KRB5_CONFIG:
+	squid_krb5_config=${squid_krb5_config:-"NONE"}
+	if [ "${squid_krb5_config}" != "NONE" ]; then
+		export KRB5_CONFIG=${squid_krb5_config}
+	fi
+
+	# setup FIB tables:
+	if command -v check_namevarlist > /dev/null 2>&1; then
+		check_namevarlist fib && return 0
+	fi
+
+	${SYSCTL} net.fibs >/dev/null 2>&1 || return 0
+
+	squid_fib=${squid_fib:-"NONE"}
+	if [ "${squid_fib}" != "NONE" ]; then
+		command="setfib -F $squid_fib $command"
+	else
+		return 0
+	fi
+
+	squid_configtest
+}
+
+squid_reload()
+{
+	$command $required_args $squid_flags -k reconfigure
+}
+
+squid_configtest()
+{
+	echo "Performing sanity check on ${name} configuration."
+	if $command $required_args $squid_flags -k check; then
+		echo "Configuration for ${name} passes."
+		return 0
+	else
+		return $?
+	fi
+}
+
+squid_getpid()
+{
+	# retrieve the PID of the Squid master process explicitly here
+	# in case rc.subr was unable to determine it:
+	if [ -z "$rc_pid" ]; then
+		while ! [ -f ${pidfile} ]; do
+			sleep 1
+		done
+		read _pid _junk <${pidfile}
+		[ -z "${_pid}" ] || pid=${_pid}
+	else
+		pid=${rc_pid}
+	fi
+}
+
+squid_prestop()
+{
+	command_args="$command_args -k shutdown"
+	squid_configtest
+}
+
+load_rc_config $name
+squid_load_rc_config
+run_rc_command $1

www/squid3/pkg-descr

@@ -0,0 +1,5 @@
+Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite)
+HTTP/1.1 compliant. Squid offers a rich access control, authorization and
+logging environment to develop web proxy and content serving applications.
+
+WWW: http://www.squid-cache.org/