Reinstate www/squid-devel port after repo-copy of www/squid ->

www/squid-devel

Reported by:	danfe

www/squid-devel/Makefile

@@ -0,0 +1,378 @@
+# $FreeBSD$
+
+PORTNAME=	squid
+PORTVERSION=	4.0.9
+CATEGORIES=	www ipv6
+MASTER_SITES=	http://www.squid-cache.org/Versions/v4/ \
+		http://www2.us.squid-cache.org/Versions/v4/ \
+		http://www1.at.squid-cache.org/Versions/v4/ \
+		http://www.eu.squid-cache.org/Versions/v4/ \
+		http://www1.jp.squid-cache.org/Versions/v4/
+PKGNAMESUFFIX=	-devel
+DIST_SUBDIR=	squid${PORTVERSION:R}
+
+PATCH_SITES=	http://www.squid-cache.org/%SUBDIR%/ \
+		http://www2.us.squid-cache.org/%SUBDIR%/ \
+		http://www1.at.squid-cache.org/%SUBDIR%/ \
+		http://www.eu.squid-cache.org/%SUBDIR%/ \
+		http://www1.jp.squid-cache.org/%SUBDIR%/ \
+		http://master.squid-cache.org/~amosjeffries/patches/:nosid
+PATCH_SITE_SUBDIR=	Versions/v4/changesets
+#PATCHFILES=
+
+MAINTAINER=	timp87@gmail.com
+COMMENT=	HTTP Caching Proxy
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/COPYING
+
+CONFLICTS=	squid*-3.*
+
+USES=		compiler:c++11-lang cpe perl5 shebangfix tar:xz
+CPE_VENDOR=	squid-cache
+SHEBANG_FILES=	scripts/*.pl contrib/*.pl tools/*.pl
+GNU_CONFIGURE=	yes
+USE_RC_SUBR=	squid
+
+USERS=		squid
+GROUPS=		squid
+
+MYDOCS=		QUICKSTART README RELEASENOTES.html doc/debug-sections.txt
+PORTDOCS=	${MYDOCS:T}
+PORTEXAMPLES=	*
+SUB_FILES+=	pkg-install pkg-message
+
+OPTIONS_SUB=	yes
+OPTIONS_GROUP=	AUTH
+OPTIONS_RADIO=	FW
+OPTIONS_GROUP_AUTH=AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SMB AUTH_SQL
+OPTIONS_RADIO_FW=TP_IPF TP_IPFW TP_PF
+OPTIONS_DEFINE=	ARP_ACL CACHE_DIGESTS DEBUG DELAY_POOLS ECAP ESI \
+		FOLLOW_XFF FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 \
+		KQUEUE LARGEFILE NETTLE SNMP SSL SSL_CRTD STACKTRACES LAX_HTTP \
+		VIA_DB WCCP WCCPV2 DOCS EXAMPLES
+
+OPTIONS_SINGLE=	GSSAPI
+OPTIONS_SINGLE_GSSAPI=	GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
+
+OPTIONS_DEFAULT=ARP_ACL AUTH_NIS CACHE_DIGESTS DELAY_POOLS DOCS EXAMPLES FOLLOW_XFF \
+		FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE \
+		LAX_HTTP SNMP SSL SSL_CRTD TP_IPFW VIA_DB WCCP WCCPV2 GSSAPI_BASE
+
+ARP_ACL_CONFIGURE_ENABLE=	eui
+AUTH_LDAP_CFLAGS=		-I${LOCALBASE}/include
+AUTH_LDAP_LDFLAGS=		-L${LOCALBASE}/lib
+AUTH_LDAP_USE=			OPENLDAP=yes
+AUTH_SASL_CFLAGS=		-I${LOCALBASE}/include
+AUTH_SASL_CPPFLAGS=		-I${LOCALBASE}/include
+AUTH_SASL_LDFLAGS=		-L${LOCALBASE}/lib
+AUTH_SASL_LIB_DEPENDS=		libsasl2.so:security/cyrus-sasl2
+AUTH_SMB_RUN_DEPENDS=		smbclient:net/samba42
+AUTH_SQL_RUN_DEPENDS=		p5-DBI>=1.08:databases/p5-DBI
+CACHE_DIGESTS_CONFIGURE_ENABLE=	cache-digests
+DELAY_POOLS_CONFIGURE_ENABLE=	delay-pools
+ECAP_CFLAGS=			-I${LOCALBASE}/include
+ECAP_CONFIGURE_ENABLE=		ecap
+ECAP_LDFLAGS=			-L${LOCALBASE}/lib
+ECAP_LIB_DEPENDS=		libecap.so:www/libecap
+ECAP_USES=			pkgconfig:build
+ESI_CFLAGS=			-I${LOCALBASE}/include -I${LOCALBASE}/include/libxml2
+ESI_CONFIGURE_ENABLE=		esi
+ESI_LDFLAGS=			-L${LOCALBASE}/lib
+ESI_LIB_DEPENDS=		libexpat.so:textproc/expat2 \
+				libxml2.so:textproc/libxml2
+FOLLOW_XFF_CONFIGURE_ENABLE=	follow-x-forwarded-for
+HTCP_CONFIGURE_ENABLE=		htcp
+ICAP_CONFIGURE_ENABLE=		icap-client
+ICMP_CONFIGURE_ENABLE=		icmp
+IDENT_CONFIGURE_ENABLE=		ident-lookups
+IPV6_CONFIGURE_ENABLE=		ipv6
+KQUEUE_CONFIGURE_ENABLE=	kqueue
+LARGEFILE_CONFIGURE_WITH=	large-files
+LAX_HTTP_CONFIGURE_ENABLE=	http-violations
+NETTLE_LIB_DEPENDS=		libnettle.so:security/nettle
+NETTLE_CONFIGURE_OFF=		--without-nettle
+SNMP_CONFIGURE_ENABLE=		snmp
+SSL_CONFIGURE_ENABLE=		ssl
+SSL_CRTD_CONFIGURE_ENABLE=	ssl-crtd
+STACKTRACES_CONFIGURE_ENABLE=	stacktraces
+STACKTRACES_LIB_DEPENDS=	libunwind.so:devel/libunwind
+STACKTRACES_CONFIGURE_ON=	--disable-strict-error-checking
+TP_IPFW_CONFIGURE_ENABLE=	ipfw-transparent
+TP_IPF_CONFIGURE_ENABLE=	ipf-transparent
+TP_PF_CONFIGURE_ENABLE=		pf-transparent
+TP_PF_CONFIGURE_WITH=		nat-devpf
+VIA_DB_CONFIGURE_ENABLE=	forw-via-db
+WCCPV2_CONFIGURE_ENABLE=	wccpv2
+WCCP_CONFIGURE_ENABLE=		wccp
+
+GSSAPI_NONE_CONFIGURE_ON=	--without-heimdal-krb5 \
+				--without-mit-krb5 \
+				--without-gss
+
+GSSAPI_BASE_USES=		gssapi
+GSSAPI_BASE_CONFIGURE_ON=	--with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+
+GSSAPI_HEIMDAL_USES=		gssapi:heimdal
+GSSAPI_HEIMDAL_CONFIGURE_ON=	--with-heimdal-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+
+GSSAPI_MIT_USES=		gssapi:mit
+GSSAPI_MIT_CONFIGURE_ON=	--with-mit-krb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
+
+# TODO:
+# add an option for external_acl/session (requires some kind of external
+# Berkeley DB support, unsure which one)
+ARP_ACL_DESC=		ARP/MAC/EUI based authentification
+AUTH_DESC=		Authentication helpers
+GSSAPI_DESC=		Install Kerberos authentication helpers
+GSSAPI_NONE_DESC=	Build without Kerberos support
+GSSAPI_BASE_DESC=	Build with Kerberos support from base
+GSSAPI_HEIMDAL_DESC=	Build with Kerberos support from security/heimdal
+GSSAPI_MIT_DESC=	Build with Kerberos support from security/krb5
+AUTH_LDAP_DESC=		Install LDAP authentication helpers
+AUTH_NIS_DESC=		Install NIS/YP authentication helpers
+AUTH_SASL_DESC=		Install SASL authentication helpers
+AUTH_SMB_DESC=		Install SMB auth. helpers (req. Samba)
+AUTH_SQL_DESC=		Install SQL based auth
+CACHE_DIGESTS_DESC=	Use cache digests
+DEBUG_DESC=		Build with extended debugging support
+DELAY_POOLS_DESC=	Delay pools (bandwidth limiting)
+ECAP_DESC=		Loadable content adaptation modules
+ESI_DESC=		ESI support
+FOLLOW_XFF_DESC=	Support for the X-Following-For header
+FS_AUFS_DESC=		AUFS (threaded-io) support
+FS_DISKD_DESC=		DISKD storage engine controlled by separate service
+FS_ROCK_DESC=		ROCK storage engine
+HTCP_DESC=		HTCP support
+ICAP_DESC=		the ICAP client
+ICMP_DESC=		ICMP pinging and network measurement
+IDENT_DESC=		Ident lookups (RFC 931)
+KQUEUE_DESC=		Kqueue(2) support
+LARGEFILE_DESC=		Support large (>2GB) cache and log files
+NETTLE_DESC=		Nettle MD5 algorithm support
+SNMP_DESC=		SNMP support
+SSL_CRTD_DESC=		Use ssl_crtd to handle SSL cert requests
+SSL_DESC=		SSL gatewaying support
+STACKTRACES_DESC=	Enable automatic backtraces on fatal errors
+LAX_HTTP_DESC=		Do not enforce strict HTTP compliance
+TP_IPFW_DESC=		Transparent proxying with IPFW
+TP_IPF_DESC=		Transparent proxying with IPFilter
+TP_PF_DESC=		Transparent proxying with PF
+VIA_DB_DESC=		Forward/Via database
+WCCPV2_DESC=		Web Cache Coordination Protocol v2
+WCCP_DESC=		Web Cache Coordination Protocol
+
+change_files=	ChangeLog \
+		contrib/nextstep/makepkg \
+		contrib/nextstep/post_install \
+		errors/Makefile.am \
+		errors/Makefile.in \
+		src/auth/basic/SMB_LM/README.html \
+		src/Makefile.am \
+		src/Makefile.in \
+		src/cf_gen.cc \
+		src/squid.8.in \
+		test-suite/Makefile.in \
+		tools/Makefile.am \
+		tools/Makefile.in
+
+.if !defined(SQUID_CONFIGURE_ARGS) \
+	|| ${SQUID_CONFIGURE_ARGS:M*--disable-unlinkd*} == ""
+PLIST_SUB+=	UNLINKD=""
+.else
+PLIST_SUB+=	UNLINKD="@comment "
+.endif
+
+CONFIGURE_ARGS=	--with-default-user=squid \
+		--bindir=${PREFIX}/sbin \
+		--sbindir=${PREFIX}/sbin \
+		--datadir=${ETCDIR} \
+		--libexecdir=${PREFIX}/libexec/squid \
+		--localstatedir=/var \
+		--sysconfdir=${ETCDIR} \
+		--with-logdir=/var/log/squid \
+		--with-pidfile=/var/run/squid/squid.pid \
+		--with-swapdir=/var/squid/cache \
+		--without-gnutls \
+		--enable-auth \
+		--enable-build-info \
+		--enable-loadable-modules \
+		--enable-removal-policies="lru heap" \
+		--disable-epoll \
+		--disable-linux-netfilter \
+		--disable-linux-tproxy \
+		--disable-translation \
+		--disable-arch-native
+
+.include <bsd.port.options.mk>
+
+# Authentication methods and modules:
+
+basic_auth=	DB SMB_LM NCSA PAM POP3 RADIUS fake getpwnam
+digest_auth=	file
+external_acl=	file_userip time_quota unix_group
+ntlm_auth=	fake SMB_LM
+
+.if ${PORT_OPTIONS:MAUTH_LDAP}
+basic_auth+=	LDAP
+external_acl+=	LDAP_group
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_SASL}
+basic_auth+=	SASL
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_SMB}
+basic_auth+=	SMB
+external_acl+=	wbinfo_group
+.endif
+
+.if ${PORT_OPTIONS:MAUTH_SQL}
+external_acl+=	SQL_session
+.endif
+
+# POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
+.if ${PORT_OPTIONS:MAUTH_NIS} && !defined(NO_NIS) && !defined(WITHOUT_NIS)
+basic_auth+=	NIS
+.endif
+
+# POLA: allow the old global make.conf(5) (pre src.conf(5)) defines, too:
+.if ${PORT_OPTIONS:MGSSAPI_NONE} || defined(NO_KERBEROS) || defined(WITHOUT_KERBEROS)
+negotiate_auth=	none
+PLIST_SUB+=	AUTH_KERB="@comment "
+.else
+# The kerberos_ldap_group external helper also depends on LDAP and SASL:
+. if ${PORT_OPTIONS:MAUTH_LDAP} && ${PORT_OPTIONS:MAUTH_SASL}
+external_acl+=	kerberos_ldap_group
+. endif
+negotiate_auth=	kerberos wrapper
+PLIST_SUB+=	AUTH_KERB=""
+.endif
+
+# Make it build on FreeBSD < 10
+.if ${PORT_OPTIONS:MGSSAPI_BASE}
+EXTRA_PATCHES+=		${FILESDIR}/extra-patch-build-8-9
+.endif
+
+CONFIGURE_ARGS+=	--enable-auth-basic="${basic_auth}" \
+			--enable-auth-digest="${digest_auth}" \
+			--enable-external-acl-helpers="${external_acl}" \
+			--enable-auth-negotiate="${negotiate_auth}" \
+			--enable-auth-ntlm="${ntlm_auth}"
+
+# Storage schemes:
+storage_schemes=	ufs
+diskio_modules=		AIO Blocking IpcIo Mmapped
+
+.if ${PORT_OPTIONS:MFS_AUFS}
+storage_schemes+=	aufs
+diskio_modules+=	DiskThreads
+# Nil aufs threads is default, set any other value via SQUID_CONFIGURE_ARGS,
+# e.g. SQUID_CONFIGURE_ARGS=--with-aufs-threads=N
+LDFLAGS+=		-pthread
+.else
+CONFIGURE_ARGS+=	--without-pthreads
+.endif
+
+.if ${PORT_OPTIONS:MFS_DISKD}
+storage_schemes+=	diskd
+diskio_modules+=	DiskDaemon
+.endif
+
+.if ${PORT_OPTIONS:MFS_ROCK}
+storage_schemes+=	rock
+.endif
+
+CONFIGURE_ARGS+=	--enable-storeio="${storage_schemes}" \
+			--enable-disk-io="${diskio_modules}"
+
+# Log daemon helpers:
+logdaemon_helpers=	file
+CONFIGURE_ARGS+=	--enable-log-daemon-helpers="${logdaemon_helpers}"
+
+# URL rewrite helpers:
+url_rewrite_helpers=	fake
+CONFIGURE_ARGS+=	--enable-url-rewrite-helpers="${url_rewrite_helpers}"
+
+# Storeid rewrite helpers:
+storeid_rewrite_helpers=	file
+CONFIGURE_ARGS+=	--enable-storeid-rewrite-helpers="${storeid_rewrite_helpers}"
+
+# Security certificate validator helpers:
+security_cert_validators=	fake
+CONFIGURE_ARGS+=	--enable-security-cert-validators="${security_cert_validators}"
+
+# Other options set via 'make config':
+
+.if ${PORT_OPTIONS:MSSL}
+# we need to .include bsd.openssl.mk manually here.because USE_OPENSSL only
+# works when it is defined before bsd.port{.pre}.mk is .included.
+# This makes it currently impossible to combine this macro with OPTIONS to
+# conditionally include OpenSSL support.
+# XXX: is this still true with OptionsNG as of 2015-03?
+#.include "${.CURDIR}/../../Mk/bsd.openssl.mk"
+.include "${PORTSDIR}/Mk/bsd.openssl.mk"
+CONFIGURE_ARGS+=	--with-openssl="${OPENSSLBASE}"
+CFLAGS+=		-I${OPENSSLINC}
+LDFLAGS+=		-L${OPENSSLLIB}
+
+# Security certificate generator helpers:
+security_cert_generators=	file
+CONFIGURE_ARGS+=	--enable-security-cert-generators="${security_cert_generators}"
+.endif
+
+.if ${PORT_OPTIONS:MSSL_CRTD} && !${PORT_OPTIONS:MSSL}
+IGNORE=SSL_CRTD option can be used only if SSL option is enabled
+.endif
+
+.if ${PORT_OPTIONS:MSTACKTRACES}
+CFLAGS+=	-g
+LDFLAGS+=	-lunwind -L${LOCALBASE}/lib
+STRIP=
+EXTRA_PATCHES+=	${FILESDIR}/extra-patch-gen-stacktrace
+.endif
+
+.if ${PORT_OPTIONS:MDEBUG} || defined(WITH_DEBUG)
+CONFIGURE_ARGS+=	--disable-optimizations --enable-debug-cbdata
+WITH_DEBUG?=		yes
+.endif
+
+# Finally, add additional user specified configuration options:
+CONFIGURE_ARGS+=	${SQUID_CONFIGURE_ARGS}
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|g' \
+		${WRKSRC}/src/cf.data.pre
+	@(cd ${WRKSRC} && ${REINPLACE_CMD} \
+		-e 's|\.conf\.default|.conf.sample|' \
+		-e 's|)\.default|).sample|' \
+		${change_files})
+	@(cd ${WRKSRC} && ${MV} src/mime.conf.default src/mime.conf.sample)
+
+.if !${PORT_OPTIONS:MIPV6}
+	@${REINPLACE_CMD} -e's/ ::1//' -e's/ fc00::\/7//' \
+		-e's/ fe80::\/10//' -e's/ 2001:DB8::2//' \
+		-e's/ 2001:DB8::a:0\/64//' \
+		-e'/tcp_outgoing_address 2001:db8::c001 good_service_net/d' \
+		-e'/tcp_outgoing_address 2001:db8::beef normal_service_net/d' \
+		-e'/tcp_outgoing_address 2001:db8::1/d' \
+		${WRKSRC}/src/cf.data.pre
+.endif
+
+post-install:
+	@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+	${INSTALL_DATA} ${WRKSRC}/src/auth/basic/DB/passwd.sql \
+		${STAGEDIR}${EXAMPLESDIR}
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
+	(cd ${WRKSRC} && ${INSTALL_DATA} ${MYDOCS} ${STAGEDIR}${DOCSDIR})
+
+.include <bsd.port.pre.mk>
+
+.if ${COMPILER_TYPE} == clang
+#CXXFLAGS+=	-Wno-unused-private-field
+.if ${COMPILER_VERSION} >= 35
+CXXFLAGS+=	-Wno-undefined-bool-conversion -Wno-tautological-undefined-compare -Wno-dynamic-class-memaccess
+.endif
+.endif
+
+.include <bsd.port.post.mk>

www/squid-devel/distinfo

@@ -0,0 +1,2 @@
+SHA256 (squid4.0/squid-4.0.9.tar.xz) = cfc42dcd3a50096f25a4514ef8ad16290098e6d150cd56d171bb481f115b95d9
+SIZE (squid4.0/squid-4.0.9.tar.xz) = 2382228

www/squid-devel/files/extra-patch-build-8-9

@@ -0,0 +1,11 @@
+--- src/auth/negotiate/kerberos/negotiate_kerberos.h.orig	2015-08-01 06:08:17 UTC
++++ src/auth/negotiate/kerberos/negotiate_kerberos.h
+@@ -140,7 +140,7 @@ int check_gss_err(OM_uint32 major_status
+ 
+ char *gethost_name(void);
+ 
+-#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC
++#if (HAVE_GSSKRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT || HAVE_GSS_MAP_NAME_TO_ANY) && HAVE_KRB5_PAC && __FreeBSD__ >= 10
+ #define HAVE_PAC_SUPPORT 1
+ #define MAX_PAC_GROUP_SIZE 200*60
+ typedef struct {

www/squid-devel/files/extra-patch-gen-stacktrace

@@ -0,0 +1,62 @@
+--- src/tools.cc.orig	2014-10-31 12:36:43.000000000 +0300
++++ src/tools.cc	2014-11-21 14:11:25.000000000 +0300
+@@ -71,6 +71,13 @@
+ #include <errno.h>
+ #endif
+ 
++#if PRINT_STACK_TRACE
++#ifdef __FreeBSD__
++#define UNW_LOCAL_ONLY
++#include <libunwind.h>
++#endif
++#endif
++
+ #define DEAD_MSG "\
+ The Squid Cache (version %s) died.\n\
+ \n\
+@@ -411,6 +418,45 @@
+     }
+ 
+ #endif
++#ifdef __FreeBSD__
++    do {
++	unw_context_t unw_ctx;
++	unw_cursor_t unw_cp;
++	unw_word_t sp, ip, off;
++	int rc = 0;
++	char procname[256];
++	size_t frame;
++
++	bzero((void *)&unw_ctx, sizeof(unw_ctx));
++	bzero((void *)&unw_cp, sizeof(unw_cp));
++
++	if ((rc = unw_getcontext(&unw_ctx))) {
++            fprintf(debug_log, "Failed to trace own stack: "
++		    "unw_context() said '%s'.\n", unw_strerror(rc));
++	    break;
++	}
++	if ((rc = unw_init_local(&unw_cp, &unw_ctx))) {
++            fprintf(debug_log, "Failed to trace own stack: "
++		    "unw_init_local() said '%s'.\n", unw_strerror(rc));
++	    break;
++	}
++	frame = 0;
++	fprintf(debug_log, "Backtrace follows (deepest frame first):\n");
++	while ((rc = unw_step(&unw_cp)) > 0) {
++	    frame++;
++	    ip = 0; sp = 0;
++	    unw_get_reg(&unw_cp, UNW_REG_IP, &ip);
++	    unw_get_reg(&unw_cp, UNW_REG_SP, &sp);
++	    off = 0;
++	    rc = unw_get_proc_name(&unw_cp, procname, sizeof(procname), &off);
++	    if (rc)
++		snprintf (procname, sizeof(procname), "[unknown]");
++	    fprintf(debug_log, "#%zd: %s + 0x%zx, ip = 0x%zx, sp = 0x%zx\n",
++		    frame, procname, (size_t)off, (size_t)ip, (size_t)sp);
++	}
++	fprintf(debug_log, "Use addr2line of similar to translate offsets to line information.\n");
++    } while (0);
++#endif /* __FreeBSD__ */
+ #endif /* PRINT_STACK_TRACE */
+ 
+ #if SA_RESETHAND == 0 && !_SQUID_WINDOWS_

www/squid-devel/files/patch-compat_compat.h

@@ -0,0 +1,20 @@
+--- compat/compat.h.orig	2015-11-01 10:44:25 UTC
++++ compat/compat.h
+@@ -42,17 +42,6 @@
+ #endif
+ #endif
+ 
+-/* Solaris 10 has a broken definition for minor_t in IPFilter compat.
+- * We must pre-define before doing anything with OS headers so the OS
+- * do not. Then un-define it before using the IPFilter *_compat.h headers.
+- */
+-#if IPF_TRANSPARENT && USE_SOLARIS_IPFILTER_MINOR_T_HACK
+-/* But we only need do this nasty thing for src/ip/Intercept.cc */
+-#if BUILDING_SQUID_IP_INTERCEPT_CC
+-#define minor_t solaris_minor_t_fubar
+-#endif
+-#endif
+-
+ /*****************************************************/
+ /* FDSETSIZE is messy and needs to be done before    */
+ /* sys/types.h are defined.                          */

www/squid-devel/files/patch-compat_shm.cc

@@ -0,0 +1,11 @@
+--- compat/shm.cc.orig	2015-11-01 10:44:25 UTC
++++ compat/shm.cc
+@@ -29,6 +29,8 @@ shm_portable_segment_name_is_path()
+     size_t len = sizeof(jailed);
+     ::sysctlbyname("security.jail.jailed", &jailed, &len, NULL, 0);
+     return !jailed;
++#elif defined (__DragonFly__)
++    return true;
+ #else
+     return false;
+ #endif

www/squid-devel/files/patch-configure

@@ -0,0 +1,82 @@
+--- configure.orig	2015-11-01 10:46:19 UTC
++++ configure
+@@ -32038,7 +32040,7 @@ done
+ ##
+ 
+ BUILD_HELPER="NIS"
+-for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h crypt.h
++for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h rpcsvc/crypt.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
+@@ -32053,8 +32055,10 @@ if eval test \"x\$"$as_ac_Header"\" = x"
+ #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+ _ACEOF
+ 
+-else
+-  BUILD_HELPER=""
++# XXX: On FreeBSD we have to do this to make NIS work
++# until https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188247
++# is resolved.
++  BUILD_HELPER="NIS"
+ fi
+ 
+ done
+@@ -32519,7 +32523,7 @@ done
+ 
+   # unconditionally requires crypt(3), for now
+   if test "x$ac_cv_func_crypt" != "x"; then
+-    for ac_header in unistd.h crypt.h shadow.h
++    for ac_header in unistd.h rpcsvc/crypt.h shadow.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+@@ -34574,7 +34578,7 @@ for ac_header in \
+   arpa/nameser.h \
+   assert.h \
+   bstring.h \
+-  crypt.h \
++  rpcsvc/crypt.h \
+   ctype.h \
+   direct.h \
+   errno.h \
+@@ -34785,6 +34789,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
+ #include <netinet/ip.h>
+ #endif
+ #if HAVE_NETINET_IP_COMPAT_H
++#include <net/if.h>	/* IFNAMSIZ */
+ #include <netinet/ip_compat.h>
+ #endif
+ #if HAVE_NETINET_IP_FIL_H
+@@ -38773,6 +38778,7 @@ if test "x$enable_ipf_transparent" != "x
+ #     include <sys/ioccom.h>
+ #     include <netinet/in.h>
+ 
++#     include <net/if.h>	/* IFNAMSIZ */
+ #     include <netinet/ip_compat.h>
+ #     include <netinet/ip_fil.h>
+ #     include <netinet/ip_nat.h>
+@@ -38803,6 +38809,7 @@ else
+ #       include <sys/ioccom.h>
+ #       include <netinet/in.h>
+ #undef minor_t
++#       include <net/if.h>	/* IFNAMSIZ */
+ #       include <netinet/ip_compat.h>
+ #       include <netinet/ip_fil.h>
+ #       include <netinet/ip_nat.h>
+@@ -38847,6 +38854,7 @@ _ACEOF
+ 	ip_fil_compat.h \
+ 	ip_fil.h \
+ 	ip_nat.h \
++	net/if.h \
+ 	netinet/ip_compat.h \
+ 	netinet/ip_fil_compat.h \
+ 	netinet/ip_fil.h \
+@@ -38876,6 +38884,7 @@ ac_fn_cxx_check_header_compile "$LINENO"
+ #if HAVE_IP_COMPAT_H
+ #include <ip_compat.h>
+ #elif HAVE_NETINET_IP_COMPAT_H
++#include <net/if.h>	/* IFNAMSIZ */
+ #include <netinet/ip_compat.h>
+ #endif
+ #if HAVE_IP_FIL_H

www/squid-devel/files/patch-src-cf.data.pre

@@ -0,0 +1,13 @@
+--- src/cf.data.pre.orig	2015-11-01 10:44:25 UTC
++++ src/cf.data.pre
+@@ -4558,6 +4558,10 @@ DEFAULT: @DEFAULT_PID_FILE@
+ LOC: Config.pidFilename
+ DOC_START
+ 	A filename to write the process-id to.  To disable, enter "none".
++
++	Note: If you change this setting, you need to set squid_pidfile
++	in /etc/rc.conf to reflect the new value. Please see
++	/usr/local/etc/rc.d/squid for details.
+ DOC_END
+ 
+ NAME: client_netmask

www/squid-devel/files/patch-src_DiskIO_Mmapped_MmappedFile.cc

@@ -0,0 +1,11 @@
+--- src/DiskIO/Mmapped/MmappedFile.cc.orig	2015-11-01 10:44:25 UTC
++++ src/DiskIO/Mmapped/MmappedFile.cc
+@@ -235,7 +235,7 @@ Mmapping::map()
+     static const int pageSize = getpagesize();
+     delta = offset % pageSize;
+ 
+-    buf = mmap(NULL, length + delta, prot, flags, fd, offset - delta);
++    buf = mmap(NULL, length + delta, prot, flags | MAP_NOSYNC, fd, offset - delta);
+ 
+     if (buf == MAP_FAILED) {
+         const int errNo = errno;

www/squid-devel/files/patch-src__ip__Intercept.cc

@@ -0,0 +1,53 @@
+--- src/ip/Intercept.cc.orig	2015-11-01 10:44:25 UTC
++++ src/ip/Intercept.cc
+@@ -202,10 +202,10 @@ Ip::Intercept::IpfInterception(const Com
+     // for NAT lookup set local and remote IP:port's
+     if (newConn->remote.isIPv6()) {
+ #if IPFILTER_VERSION < 5000003
+-        // warn once every 10 at critical level, then push down a level each repeated event
++        // warn once every million at critical level, then push down a level each repeated event
+         static int warningLevel = DBG_CRITICAL;
+         debugs(89, warningLevel, "IPF (IPFilter v4) NAT does not support IPv6. Please upgrade to IPFilter v5.1");
+-        warningLevel = (warningLevel + 1) % 10;
++        warningLevel = (warningLevel + 1) % 1048576;
+         return false;
+ #else
+         natLookup.nl_v = 6;
+@@ -323,13 +323,21 @@
+     }
+ 
+     memset(&nl, 0, sizeof(struct pfioc_natlook));
+-    newConn->remote.getInAddr(nl.saddr.v4);
++    if (newConn->remote.isIPv4()) {
++        newConn->remote.getInAddr(nl.saddr.v4);
++    } else {
++        newConn->remote.getInAddr(nl.saddr.v6);
++    }
+     nl.sport = htons(newConn->remote.port());
+ 
+-    newConn->local.getInAddr(nl.daddr.v4);
++    if (newConn->local.isIPv4()) {
++        newConn->local.getInAddr(nl.daddr.v4);
++    } else {
++        newConn->local.getInAddr(nl.daddr.v6);
++    }
+     nl.dport = htons(newConn->local.port());
+ 
+-    nl.af = AF_INET;
++    nl.af = newConn->remote.isIPv4() ? AF_INET : AF_INET6;
+     nl.proto = IPPROTO_TCP;
+     nl.direction = PF_OUT;
+ 
+@@ -345,7 +353,11 @@
+         debugs(89, 9, HERE << "address: " << newConn);
+         return false;
+     } else {
+-        newConn->local = nl.rdaddr.v4;
++        if (nl.af == AF_INET) {
++            newConn->local = nl.rdaddr.v4;
++        } else {
++            newConn->local = nl.rdaddr.v6;
++        }
+         newConn->local.port(ntohs(nl.rdport));
+         debugs(89, 5, HERE << "address NAT: " << newConn);
+         return true;

www/squid-devel/files/patch-src_adaptation_ecap_ServiceRep.cc

@@ -0,0 +1,11 @@
+--- src/adaptation/ecap/ServiceRep.cc.orig	2016-04-20 13:19:59 UTC
++++ src/adaptation/ecap/ServiceRep.cc
+@@ -236,7 +236,7 @@ bool Adaptation::Ecap::ServiceRep::probe
+ 
+ bool Adaptation::Ecap::ServiceRep::up() const
+ {
+-    return theService;
++    return theService != NULL;
+ }
+ 
+ bool Adaptation::Ecap::ServiceRep::wantsUrl(const SBuf &urlPath) const

www/squid-devel/files/patch-src_ipc_mem_Segment.cc

@@ -0,0 +1,11 @@
+--- src/ipc/mem/Segment.cc.orig	2015-11-01 10:44:25 UTC
++++ src/ipc/mem/Segment.cc
+@@ -150,7 +150,7 @@ Ipc::Mem::Segment::attach()
+     assert(theSize == static_cast<off_t>(static_cast<size_t>(theSize)));
+ 
+     void *const p =
+-        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED, theFD, 0);
++        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_NOSYNC, theFD, 0);
+     if (p == MAP_FAILED) {
+         debugs(54, 5, HERE << "mmap " << theName << ": " << xstrerror());
+         fatalf("Ipc::Mem::Segment::attach failed to mmap(%s): %s\n",

www/squid-devel/files/patch-src_tools.cc

@@ -0,0 +1,11 @@
+--- src/tools.cc.orig	2015-11-01 10:44:25 UTC
++++ src/tools.cc
+@@ -603,7 +603,7 @@ no_suid(void)
+     uid = geteuid();
+     debugs(21, 3, "no_suid: PID " << getpid() << " giving up root priveleges forever");
+ 
+-    if (setuid(0) < 0) {
++    if (setuid(0) < 0 && TheProcessKind != pkHelper) {
+         int xerrno = errno;
+         debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerr(xerrno));
+     }

www/squid-devel/files/pkg-install.in

@@ -0,0 +1,70 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+PATH=/bin:/usr/bin:/usr/sbin
+pkgname=$1
+squid_homedir="/var/squid"
+squid_cache_basedir="${squid_homedir}/cache"
+squid_confdir="${PKG_PREFIX:-%%PREFIX%%}/etc/squid"
+squid_logdir="/var/log/squid"
+# these are hardcoded, see /usr/ports/UIDs and /usr/ports/GIDs:
+squid_user=squid
+squid_group=squid
+squid_gid=100
+squid_uid=100
+case $2 in
+PRE-INSTALL)
+	echo "===> Pre-installation configuration for ${pkgname}"
+	;;
+POST-INSTALL)
+	# Since we usually start the Squid master process as ${squid_user}
+	# instead of root make sure that ${squid_homedir} is writable for it.
+	if [ ! -d ${squid_homedir} ]; then
+		echo "Creating ${squid_homedir}..."
+		install -d -o root -g ${squid_group} \
+		    -m 0775 ${squid_homedir}
+	else
+		chgrp ${squid_group} ${squid_homedir}
+		chmod g+w ${squid_homedir}
+	fi
+	if [ ! -d ${squid_cache_basedir} ]; then
+		echo "Creating ${squid_cache_basedir} ..."
+		install -d -o ${squid_user} -g ${squid_group} \
+		    -m 0750 ${squid_cache_basedir}
+	else
+		chown ${squid_user} ${squid_cache_basedir}
+		chgrp ${squid_group} ${squid_cache_basedir}
+		chmod 0750 ${squid_cache_basedir}
+	fi
+	if [ ! -d ${squid_confdir} ]; then
+		echo "Creating ${squid_confdir}..."
+		install -d -o root -g ${squid_group} \
+		    -m 0755 ${squid_confdir}
+	else
+		chgrp ${squid_group} ${squid_confdir}
+	fi
+	if [ ! -d ${squid_logdir} ]; then
+		echo "Creating ${squid_logdir}..."
+		install -d -o ${squid_user} -g ${squid_group} \
+		    -m 0750 ${squid_logdir}
+	else
+		chown ${squid_user} ${squid_logdir}
+		chgrp ${squid_group} ${squid_logdir}
+	fi
+	for file in cachemgr.conf errorpage.css mime.conf msntauth.conf squid.conf; do
+		if [ ! -f ${squid_confdir}/${file} \
+		    -a -f ${squid_confdir}/${file}.default ]; then
+			echo "Creating ${file} from default..."
+			install -c -o root -g ${squid_group} -m 0640 \
+		    	    ${squid_confdir}/${file}.default \
+			    ${squid_confdir}/${file}
+		fi
+	done
+	;;
+*)
+	exit 64
+	;;
+esac
+exit 0

www/squid-devel/files/pkg-message.in

@@ -0,0 +1,48 @@
+     o You can find the configuration files for this package in the
+       directory %%PREFIX%%/etc/squid.
+
+     o The default cache directory is /var/squid/cache/.
+       The default log directory is /var/log/squid/.
+
+       Note:
+       You must initialize new cache directories before you can start
+       squid.  Do this by running "squid -z" as 'root' or 'squid'.
+       If your cache directories are already initialized (e.g. after an
+       upgrade of squid) you do not need to initialize them again.
+
+     o When using DiskD storage scheme remember to read documentation:
+         http://wiki.squid-cache.org/Features/DiskDaemon
+       and alter your kern.ipc defaults in /boot/loader.conf. DiskD will not
+       work reliably without this. Last recomendations were:
+
+         kern.ipc.msgmnb=8192
+         kern.ipc.msgssz=64
+         kern.ipc.msgtql=2048
+
+     o The default configuration will deny everyone but the local host and
+       local networks as defined in RFC 1918 for IPv4 and RFCs 4193 and
+       4291 for IPv6 access to the proxy service.  Edit the "http_access
+       allow/deny" directives in %%PREFIX%%/etc/squid/squid.conf
+       to suit your needs.
+
+     o If AUTH_SQL option is set, please, don't forget to install one of
+       following perl modules depending on database you like:
+         databases/p5-DBD-mysql
+         databases/p5-DBD-Pg
+         databases/p5-DBD-SQLite
+
+     To enable Squid, set squid_enable=yes in either
+     /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid
+     Please see %%PREFIX%%/etc/rc.d/squid for further details.
+
+     Note:
+     If you just updated your Squid installation from an earlier version,
+     make sure to check your Squid configuration against the 3.4 default
+     configuration file %%PREFIX%%/etc/squid/squid.conf.sample.
+     
+     %%PREFIX%%/etc/squid/squid.conf.documented is a fully annotated
+     configuration file you can consult for further reference.
+
+     Additionally, you should check your configuration by calling
+     'squid -f /path/to/squid.conf -k parse' before starting Squid.
+

www/squid-devel/files/squid.in

@@ -0,0 +1,149 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: squid
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Note:
+# Set "squid_enable=yes" in either /etc/rc.conf, /etc/rc.conf.local or
+# /etc/rc.conf.d/squid to activate Squid.
+#
+# Additional variables you can define in one of these files:
+#
+# squid_chdir:	the directory into which the rc system moves into before
+# 		starting Squid. Default: /var/squid
+#
+# squid_conf:	The configuration file that Squid should use.
+#		Default: %%PREFIX%%/etc/squid/squid.conf
+#
+# squid_fib:	The alternative routing table id that Squid should use.
+#		Default: none
+#		See setfib(1) for further details. Note that the setfib(2)
+#		system call is not available in FreeBSD versions prior to 7.1.
+#
+# squid_user:	The user id that should be used to run the Squid master
+#		process. Default: squid.
+#		Note that you probably need to define "squid_user=root" if
+#		you want to run Squid in reverse proxy setups or if you want
+#		Squid to listen on a "privileged" port < 1024.
+#
+# squid_pidfile:
+#		The name (including the full path) of the Squid
+#		master process' PID file.
+#		Default: /var/run/squid/squid.pid.
+#		You only need to change this if you changed the
+#		corresponding entry in your Squid configuration.
+#
+# squid_flags:	Additional commandline arguments for Squid you might want to
+#		use. See squid(8) for further details.
+#
+# squid_krb5_ktname:
+#		Alternative Kerberos 5 Key Table.
+#		Default: none
+
+. /etc/rc.subr
+
+name=squid
+rcvar=squid_enable
+
+# Make sure that we invoke squid with "-f ${squid_conf}"; define this
+# variable early so reload_cmd and stop_precmd pick it up:
+
+extra_commands="reload configtest"
+reload_cmd=squid_reload
+start_precmd=squid_prestart
+start_postcmd=squid_getpid
+stop_precmd=squid_prestop
+configtest_cmd=squid_configtest
+reload_precmd=squid_configtest
+restart_precmd=squid_configtest
+
+# squid(8) will not start if ${squid_conf} is not present so try
+# to catch that beforehand via ${required_files} rather than make
+# squid(8) crash.
+
+squid_load_rc_config()
+{
+	: ${squid_chdir:=/var/squid}
+	: ${squid_conf:=%%PREFIX%%/etc/squid/squid.conf}
+	: ${squid_enable:=NO}
+	: ${squid_program:=%%PREFIX%%/sbin/squid}
+	: ${squid_pidfile:=/var/run/squid/squid.pid}
+	: ${squid_user:=squid}
+
+	required_args="-f ${squid_conf}"
+	required_dirs=$chdir
+	required_files=$squid_conf
+	command_args="${required_args} ${squid_flags}"
+#	We used to need it in squid3 to match pid and proc name
+#	procname="?squid-*"
+	pidfile=$squid_pidfile
+}
+
+squid_prestart()
+{
+	# setup KRB5_KTNAME:
+	squid_krb5_ktname=${squid_krb5_ktname:-"NONE"}
+	if [ "${squid_krb5_ktname}" != "NONE" ]; then
+		export KRB5_KTNAME=${squid_krb5_ktname}
+	fi
+
+	# setup FIB tables:
+	if command -v check_namevarlist > /dev/null 2>&1; then
+		check_namevarlist fib && return 0
+	fi
+
+	${SYSCTL} net.fibs >/dev/null 2>&1 || return 0
+
+	squid_fib=${squid_fib:-"NONE"}
+	if [ "${squid_fib}" != "NONE" ]; then
+		command="setfib -F $squid_fib $command"
+	else
+		return 0
+	fi
+
+	squid_configtest
+}
+
+squid_reload()
+{
+	$command $required_args $squid_flags -k reconfigure
+}
+
+squid_configtest()
+{
+	echo "Performing sanity check on ${name} configuration."
+	if $command $required_args $squid_flags -k check; then
+		echo "Configuration for ${name} passes."
+		return 0
+	else
+		return $?
+	fi
+}
+
+squid_getpid()
+{
+	# retrieve the PID of the Squid master process explicitly here
+	# in case rc.subr was unable to determine it:
+	if [ -z "$rc_pid" ]; then
+		while ! [ -f ${pidfile} ]; do
+			sleep 1
+		done
+		read _pid _junk <${pidfile}
+		[ -z "${_pid}" ] || pid=${_pid}
+	else
+		pid=${rc_pid}
+	fi
+}
+
+squid_prestop()
+{
+	command_args="$command_args -k shutdown"
+	squid_configtest
+}
+
+load_rc_config $name
+squid_load_rc_config
+run_rc_command $1

www/squid-devel/pkg-descr

@@ -0,0 +1,5 @@
+Squid is a fully-featured HTTP/1.0 proxy which is almost (but not quite)
+HTTP/1.1 compliant. Squid offers a rich access control, authorization and
+logging environment to develop web proxy and content serving applications.
+
+WWW: http://www.squid-cache.org/