www/squid: Update to 6.10

PR:		279885
Approved by:	Pavel Timofeev <timp87@gmail.com> (maintainer, implicit)

www/squid: update to 6.9

Changelog:
https://www.squid-cache.org/Versions/v6/squid-6.9-RELEASENOTES.html

PR:		278291
Approved by:	arrowd (mentor, implicit)

databases/p5-DBD-mysql: Fix for MariaDB users

Add a new variable DBD_MYSQL, use that in *_DEPENDS and add mysql to USES
where required. DBD_MYSQL will automatically set the correct DBD dependency.

In cd16748194e2 databases/p5-DBD-mysql was updated to 5.x, in 5.x the
support for MariaDB was removed and only MySQL >= 8.0 is supported.

In the 4.x releases MariaDB is still supported, according to upstream 4.x
will still be supported for a while [1], so use that for now when we detect
that MYSQL_FLAVOUR is set to mariadb. databases/p5-DBD-mysql4 was added in
d95f49cb3b54.

DBD:MariaDB would be another alternative, but migrating to it might need
more analysis than just staying with the 4.x releases of p5-DBD-mysql. This

www/squid: update to 6.8

remove patch no longer needed
add patch to remove ifdef duplicate

PR:	277672
Approved by:	maintainer, bapt (mentor)
Differential Revision:	https://reviews.freebsd.org/D44431

www/squid: Update to 6.7

Release notes:
	https://www.squid-cache.org/Versions/v6/squid-6.7-RELEASENOTES.html

PR:		277195

www/squid: Moved manpages to share/man

Approved by:	portmgr (blanket)
Sponsored by:	Rubicon Communications, LLC ("Netgate")

www/squid: update to 6.6

ChangeLog: http://www.squid-cache.org/Versions/v6/squid-6.6-RELEASENOTES.html

 * TLS ServerHello
 * Log TLS Communication Secrets
 * Ban ACL key Changes in ACLs
 * Block to-local Traffic
 * RFC 9211: HTTP Cache-Status support
 * RFC 9111: Stop treating Warning specially
 * ext_kerberos_ldap_group_acl: Support -b with -D
 * Remove Gopher Protocol Support
 * Remove Outdated Tools

PR:		275639
Reported by:	timp87@gmail.com (maintainer)

www/squid: update to 6.5 - dumps core after updating from 6.3 to 6.4

Fixed bug in 6.4 after fix CVE.

PR:		274825
Approved by:	arrowd (mentor)
MFH:		2023Q4

www/squid: Update to 6.4

Changelog:
https://github.com/squid-cache/squid/blob/7254f20cbc449119ae39bfeeced965f2c80bad75/ChangeLog

Also remove a dead mirror.

PR:			274646
Approved by:		tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D42324

www/squid: update to 6.3

Error message translation files are now part of www/squid-langpack.

Changelog: http://www.squid-cache.org/Versions/v6/squid-6.3-RELEASENOTES.html

PR:		272524

www/squid: update to 5.9

Changes:	https://github.com/squid-cache/squid/blob/4a7431df0fff6e55ed1b544be6f1ed08d6580aae/ChangeLog#L113-L117

PR:		271725
Approved by:	Pavel Timofeev (maintainer)

www/squid: update to 5.8

Changelog:
https://github.com/squid-cache/squid/blob/491933673f2492ffc7b2238ea0d5ac8308dd3160/ChangeLog#L113-L121

PR:		269999

Mk/**ldap.mk: Convert USE_LDAP to USES=ldap

Convert the USE_LDAP=yes to USES=ldap and adds the following features:

- Adds the argument USES=ldap:server to add openldap2{4|5|6}-server as
  RUN_DEPENDS
- Adds the argument USES=ldap<version> and replaces WANT_OPENLDAP_VER
- Adds OPENLDAP versions in bsd.default-versions.mk
- Adds USE_OPENLDAP/WANT_OPENLDAP_VER in Mk/bsd.sanity.mk
- Changes consumers to use the features

Reviewed by:	delphij
Approved by:	portmgr
Differential Revision: https://reviews.freebsd.org/D38233

www/squid: Update to 5.7

ReleaseNotes:	http://www.squid-cache.org/Versions/v5/squid-5.7-RELEASENOTES.html
PR:		266625
Approved by:	maintainer
MFH:		2022Q4
Security:	f9ada0b5-3d80-11ed-9330-080027f5fec9

Remove WWW entries moved into port Makefiles

Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.

This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.

Approved by:		portmgr (tcberner)

Add WWW entries to port Makefiles

It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.

Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.

There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.

www/squid: Update to 5.6

ChangeLog: https://github.com/squid-cache/squid/blob/master/ChangeLog

PR:		264505

www/squid: update to 5.5

Changes: https://github.com/squid-cache/squid/commits/v5

PR:	263477

www/squid: Update to 5.4.1

Changelog:	https://github.com/squid-cache/squid/commits/v5

PR:		261913

www/squid: update to 5.3: New port: Google Chat plugin for libpurple

Changelog: http://www.squid-cache.org/Versions/v5/squid-5.3-RELEASENOTES.html

PR:		260927

www/{squid,squid-devel}: Remove PCRE option

This option was added in 2017 and worked as is expected at the
time. But it doesn't work any more. So remove it from squid ports.

PR:		243291
Reported by:	OlivierW
Approved by:	maintainer timeout (about modified version)

www/squid: Fix build on current with _WITH_CPU_SET_T

MFH after:	1 week

*/*: Remove redundant '-*' from CONFLICTS definitions

The conflict checks compare the patterns first against the package
names without version (as reported by "pkg query "%n"), then - if
there was no match - agsinst the full package names including the
version (as reported by "pkg query "%n-%v").

Approved by: portmgr (blanket)

www/squid: update to 4.15

- Use DISTVERSION instead of PORTVERSION

ChangeLog:
https://github.com/squid-cache/squid/pull/818/files#diff-91c5b46dc84a94604a4e4d0caed9bf85590a2eddbb12d2e8dc80badf324a9dfbR1-R16

PR:		256358
Approved by:	dbaio, garga (mentors, implicit)

One more small cleanup, forgotten yesterday.
Reported by:	lwhsu

all: Remove all other $FreeBSD keywords.

Remove # $FreeBSD$ from Makefiles.

www/squid: update to 4.14

Changes: https://github.com/squid-cache/squid/commits/v4

PR:		253378
Submitted by:	timp87 AT gmail DOT com (maintainer)

www/squid: update 4.12 -> 4.13

- https://lists.freebsd.org/pipermail/freebsd-ports/2020-August/119290.html
  mentions security issues, but no CVEs

PR:		248856
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
MFH:		2020Q3
Relnotes:	http://www.squid-cache.org/Versions/v4/changesets/
Security:	probably

www/squid: Update to 4.12 among other changes

- Update to 4.12
- Remove upstreamed patches
- Enhance rc script (thanks to Walter von Entferndt for ideas!):
-- create piddir if missing (/var/run may be a tmpfs)
-- don't wait endlessly if squid can't create a pidfile
-- define squid_group
- address GREASEd (thanks to Joshua Kinard and Juraj Lutter!)

PR:		247397
Submitted by:	Juraj Lutter <juraj@lutter.sk>
Reworked by:	maintainer
Approved by:	maintainer
MFH:		2020Q3 (bug-fix release)
Sponsored by:	Rubicon Communications, LLC (Netgate)

www/squid: add patch to fix kerberos_ldap_group helper, fix pinger

- add patch to fix kerberos_ldap_group helper work with heimdal
- regenerate two patches to follow upstreamed versions
- fix pinger permissions

PR:		245861, 246410
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)

Bump PORTREVISION for security/nettle shlib change

www/squid: add CONFLICTS with incoming squid-devel and rework

- add delayer external acl helper to the build
- add eDirectory_userip external acl helper to the build if LDAP enabled
- add eDirectory and LDAP digest auth helpers to the build if LDAP enabled
- add DB log daemon helper to the build
- add LFS url rewrite helper to the build
- remove useless REINPLACE_CMD from post-patch
- remove DIST_SUBDIR as it's useless now
- simplify REINPLACE_CMD in post-patch-IPV6-off
- regenerate patches to make portlint happy
- reverse sort plist

PR:		246139
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)

www/squid: update 4.10 -> 4.11

PR:		245758
Submitted by:	timp87@gmail.com (maintainer)
Relnotes:	http://www.squid-cache.org/Versions/v4/squid-4.11-RELEASENOTES.html

www/squid: upgrade 4.9 -> 4.10

PR:		244026
Submitted by:	timp87@gmail.com (maintainer)
Relnotes:	http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html
Security:	http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
		http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
		http://www.squid-cache.org/Advisories/SQUID-2020_3.txt

www/squid: fix build on GCC architectures

Add --disable-strict-error-checking to CONFIGURE_ARGS for everyone. It adds
-Werror, which is against ports tree policy and causes:
Icmp6.cc: In member function 'virtual void Icmp6::SendEcho(Ip::Address&, int,
const char*, int)':
Icmp6.cc:165:72: error: converting a packed 'icmp6_hdr' pointer (alignment 1) to
a 'short unsigned int' pointer (alignment 2) may result in an unaligned pointer
value [-Werror=address-of-packed-member]
  165 |     icmp->icmp6_cksum = CheckSum((unsigned short *) icmp,
icmp6_pktsize);
      |                                                                        ^
In file included from Icmp6.h:20,
                 from Icmp6.cc:18:
/usr/include/netinet/icmp6.h:72:8: note: defined here
   72 | struct icmp6_hdr {
      |        ^~~~~~~~~
At global scope:
cc1plus: error: unrecognized command line option '-Wno-deprecated-register'
[-Werror]
cc1plus: all warnings being treated as errors

PR:		241804
Approved by:	timp87@gmail.com (maintainer), mentors (implicit approval)

Update to 4.9

Changelog: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt

PR:		241976
MFH:		2019Q4
Security:	620685d6-0aa3-11ea-9673-4c72b94353b5
Sponsored by:	Netzkommune GmbH

www/squid: Fix build with libc++ 9

PR:		240830
Submitted by:	dim
Approved by:	maintainer timeout (timp87@gmail.com, >2 weeks)

Drop the ipv6 virtual category for w* category as it is not relevant anymore

Convert to UCL & cleanup pkg-message (categories w)

Bump PORTREVISION for ports depending on the canonical version of GCC
as defined in Mk/bsd.default-versions.mk which has moved from GCC 8.3
to GCC 9.1 under most circumstances now after revision 507371.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
   c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, everything INDEX-11 shows with a dependency on lang/gcc9 now.

PR:		238330

www/squid: update to 4.8

PR:		239214
Submitted by:	timp87@gmail.com (maintainer)

Update security/nettle to 3.5.1

- Bump PORTREVISION of dependent ports for shlib change
- Fix build of devel/pijul [1]

Changes:	https://git.lysator.liu.se/nettle/nettle/blob/master/NEWS
PR:		238991
Exp-run by:	antoine
Thanks to:	tobik [1]

Switch default version of samba from 4.7 to 4.8

With hat:	portmgr

Update to 4.7

Changelog:

- Bug 4942: --with-filedescriptors does not do anything
- Bug 4928: Cannot convert non-IPv4 to IPv4
- Bug 4823: assertion failed: "lowestOffset () <= target_offset"
- Bug 4796: comm.cc !isOpen(conn->fd) assertion when rotating logs
- Fix squidclient authentication to origin servers
- Fix stack-based buffer-overflow when parsing SNMP messages
- Add support for buffer-size= to UDP logging
- TLS: When using OpenSSL, trust intermediate CAs from trusted store

PR:		237882
Submitted by:		timp87@gmail.com (maintainer)
Sponsored by:	Netzkommune GmbH

www/squid: fix build with GCC-based architectures

Add -Wno-error=stringop-truncation to CFLAGS when using GCC.

PR:		237276
Approved by:	timp87@gmail.com (maintainer timeout), mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D20104

Fix build under 13-CURRENT due to src commit r345982 causing a namespace
collision from sys/fcntl.h.

PR:		237353
Submitted by:	cy@
Approved by:	portmgr (blanket: build/run/packaging fix)
MFH:		2019Q2

www/squid: Fix build with GSSAPI options

In some circumstances squid's configure script cannot detect properly which
GSSAPI is being used to build with and break build.  Applied patch from
upstream ticket and also passes path of desired krb5-config to be used
during build

PR:		236959
Approved by:	maintainer timeout (2 weeks)
Obtained from:	https://bugs.squid-cache.org/show_bug.cgi?id=4933 (based on)
Sponsored by:	Rubicon Communications, LLC (Netgate)

Fix build of www/squid and www/squid-devel with clang 8

This fixes an error with a defaulted copy constructor:

../../src/security/ServerOptions.h:38:5: error: explicitly defaulted copy
constructor is implicitly deleted [-Werror,-Wdefaulted-function-deleted]
    ServerOptions(const ServerOptions &) = default;
    ^
../../src/security/ServerOptions.h:110:29: note: copy constructor of
'ServerOptions' is implicitly deleted because field 'clientCaStack' has a
deleted copy constructor
    X509_NAME_STACK_Pointer clientCaStack;
                            ^
/usr/include/c++/v1/memory:2494:3: note: copy constructor is implicitly deleted
because 'unique_ptr<stack_st_X509_NAME,
Security::ServerOptions::sk_X509_NAME_free_wrapper>' has a user-declared move
constructor
  unique_ptr(unique_ptr&& __u) noexcept
  ^

The copy constructor can instead be deleted.

Approved by:	timp87@gmail.com (maintainer)
PR:		236210
MFH:		2019Q2

www/squid: update to 4.6

PR:		236090
Submitted by:	timp87@gmail.com (maintainer)
Reported by:	ncrogers@gmail.com

www/squid: update to 4.5

PR:		234777
Submitted by:	timp87@gmail.com (maintainer)

Bump PORTREVISION for ports depending on the canonical version of GCC
defined via Mk/bsd.default-versions.mk which has moved from GCC 7.4 t
GCC 8.2 under most circumstances.

This includes ports
 - with USE_GCC=yes or USE_GCC=any,
 - with USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and
 - with USES=compiler specifying openmp, nestedfct, c11, c++0x, c++11-lang,
   c++11-lib, c++14-lang, c++17-lang, or gcc-c++11-lib
plus, as a double check, everything INDEX-11 showed depending on lang/gcc7.

PR:		231590

www/squid: Update to 4.4

While here, pet portlint

PR:		233845
Submitted by:	takefu@airport.fm
Approved by:	timp87@gmail.com (maintainer)

www/squid: fix bug in 4.3, no connections are accepted after ECONNABORTED

- without the fix, squid locks up every couple of hours, no longer
  accept(2)-ing new connections, and needs to be restarted.

PR:		231950
Submitted by:	Mark.Martinec@ijs.si
Reviewed by:	Oleh Hushchenkov <gor@clogic.com.ua>
Approved by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
Obtained from:	https://bugs.squid-cache.org/show_bug.cgi?id=4889

www/squid: update 4.1 -> 4.3

- fix build with LibreSSL

PR:		231442
Submitted by:	timp87@gmail.com (maintainer), takefu@airport.fm
Relnotes:	http://www.squid-cache.org/Versions/v4/changesets/

Switch default version of samba to 4.7
Samba 4.6 will be discontinued in a few weeks

Reviewed by:	mat
Differential Revision:	https://reviews.freebsd.org/D16904

Bump PORTREVISION for ports depending on the canonical version of GCC
in the ports tree (via Mk/bsd.default-versions.mk and lang/gcc) which
has now moved from GCC 6 to GCC 7 by default.

This includes ports
 - featuring USE_GCC=yes or USE_GCC=any,
 - featuring USES=fortran,
 - using Mk/bsd.octave.mk which in turn features USES=fortran, and those
 - with USES=compiler specifying one of openmp, nestedfct, c11, c++0x,
   c++11-lib, c++11-lang, c++14-lang, c++17-lang, or gcc-c++11-lib.

PR:		222542

www/squid: update to 4.1

PR:		229601
Submitted by:	timp87@gmail.com (maintainer)

www/squid: Fixes security vulnerabilities

Add patches to fix CVE's:
  CVE-2018-1000024
  CVE-2018-1000027

PR:		226139
Submitted by:	Yasuhiro KIMURA <yasu@utahime.org>
Approved by:	timp87@gmail.com (maintainer)
MFH:		2018Q1
Security:	d5b6d151-1887-11e8-94f7-9c5c8e75236a

Use BROKEN_SSL

Approved by:	portmgr (blanket)

Change default version of samba from 4.4 to 4.6

Reviewed by:	mat
With hat:	portmgr
Differential Revision:	https://reviews.freebsd.org/D13529

Fix typo in previous commit

Reported by:	Yasuhiro KIMURA <yasu@utahime.org>

www/squid: Enable PCRE support

PR:		223505
Submitted by:	OlivierW <olivierw1+bugzilla-freebsd@hotmail.com> (inspired by)
Approved by:	timp87@gmail.com (maintainer)

Update www/squid to 3.5.27

PR:		221765
Submitted by:	timp87@gmail.com (maintainer)

- www/squid: Update from 3.5.25 to 3.5.26
- Changes:
 *Bug 4711: SubjectAlternativeNames is missing in some generated certificates
 *Bug 4695: squidpurge: GCC 7 build errors
 *Bug 4682: ignoring http_access deny when client-first bumping mode is used
 *Bug 4682: Fix ssl_bump "bump" action documentation
 *Bug 4653: %st lies about tunneled traffic volumes
 *Bug 4589: ssl_crtd: returning zero on failure
 *Bug 3772: message from FTP server gets mangled
 *Bug 3102: FTP directory listing drops fist character of file names
 *Add OpenSSL library details to -v output
 *... and some documentatino updates

PR:		219773
Submitted by:	timp87 at gmail.com (maintainer)
Approved by:	tz, miwi (mentors)
Differential Revision:	https://reviews.freebsd.org/D11041

- Update to 3.5.25

PR:		218343
Submitted by:	maintainer

Provide more descriptive error messages for ports failing on powerpc64.

While here, pet portlint.

Approved by:	portmgr (tier-2 blanket)

Switch default version of samba from 4.3 to 4.4

With hat:	portmgr
Differential Revision:	https://reviews.freebsd.org/D10131

- Add USES=samba to handle dependency on samba
  Valid ARGS:  build, env, lib, run (default: build,run)
- Add SAMBA_DEFAULT to bsd.default-versions.mk (default: 4.3)
- Remove obsolete samba36 ports
- Modify samba4x ports to install libsmbclient
- Convert the ports tree to USES=samba

Reviewed by:	mat
Differential Revision:	https://reviews.freebsd.org/D8919

Update to upstream version 3.5.24; retire support for FreeBSD < 10

PR:		216578
Submitted by:	timp87@gmail.com (maintainer)

www/squid: update 3.5.22 -> 3.5.23

- Spell CHOSEN_COMPILER_TYPE correctly
- Remove upstreamed patch (IPv6 + PF crash)
- Add --enable-zph-qos option to default set
  http://wiki.squid-cache.org/Features/QualityOfService

PR:		215416
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
Security:	CVE-2016-10002
Security:	CVE-2016-10003
Security:	https://vuxml.FreeBSD.org/freebsd/41f8af15-c8b9-11e6-ae1b-002590263bf5.html
MFH:		2016Q4

Mark some ports as not openssl-devel ready.

Sponsored by:	Absolight

- Update to 3.5.22
- Switch to options helpers

PR:		212909
Submitted by:	timp87@gmail.com (maintainer)

www/squid: update 3.5.19 -> 3.5.20

- Also swap USE_OPENSSL=yes to USES=ssl

PR:		210811
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)

Remove NLS, DOCS, EXAMPLES and IPV6 from OPTIONS_DEFAULT, they are enabled by
default anyway and don't need to be listed

Approved by:	portmgr blanket

- Fix trailing whitespace in pkg-messages

Approved by:	portmgr blanket

www/squid: Fix configure errors for libssl

  - Fix building with ports' OpenSSL/LibreSSL
  - Use GSSAPI descriptions from Mk/Uses/gssapi.mk
  - Use more OPTIONS features

PR:		208584
Submitted by:	timp87@gmail.com (maintainer)
MFH:		2016Q2

Security update to 3.5.19

PR:		209334
Submitted by:	timp87@gmail.com (maintainer)
Security:	25e5205b-1447-11e6-9ead-6805ca0b3d42

Add conflicts against the new squid-devel port

Rework transparent proxy / firewall related options

PR:		203860
Submitted by:	timp87@gmail.com (maintainer)

many ports: mark broken on powerpc64

www/squid: 3.5.16 -> 3.5.17

Changes:
  http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID_3_5_17.html
  http://www.squid-cache.org/Advisories/SQUID-2016_5.txt

PR:		208939
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
MFH:		2016Q2
Security:	CVE-2016-4052, CVE-2016-4053, CVE-2016-4054

www/squid: Add all available official patches up to 14031

It fixes two annoying and long-standing problems:
- header forgery detection (using sslbump) leads to crash
- add chained certificates and signing certificate to
  peek-then-bumped connections.

PR:		207901
MFH:		2016Q2
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
Reported by:	Christophe Anselme-Moizan <christophe.anselmemoizan@orange.com>

Update to upstream version 3.5.16

PR:		208463
Submitted by:	timp87@gmail.com (maintainer)

Remove ${PORTSDIR}/ from dependencies, categories v, w, x, y, and z.

With hat:	portmgr
Sponsored by:	Absolight

www/squid: cleanup, adding patches

1. Turn ON all options that don't require external dependencies.
2. Split SMB options to more items to make it possible to compile
   squid with samba36 and samba42.*
3. Set databases/p5-DBI as a dependency for SQL option and add note
   to pkg-message about perl DBD drivers.*
4. Add fix for PF+IPv6.**
5. Require SSL option if SSL_CRTD is on.
6. Small fixes.
7. Add all available patches from upstream.

*  thanks to Alonso Cardenas Marquez!
** thanks to Orlando Bassotto!

PR:		208290
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)

www/squid: Fix crashes under heavy load

Squid 3.5.15 addresses security issues, but reports have been made that
it is unstable under load. These patches repair stability while not
requiring we downgrade to 3.5.14 which reintroduces security vulnerabilities.

PR:		207762
Approved by:	maintainer
MFH:		2016Q1

www/squid: update 3.5.14 -> 3.5.15

Changes:
* Bug 3870 assertion failed: String.cc: 'len_ + len <65536' in ESI::CustomParser
* Fix multiple assertion on String overflows
* Fix unit test errors on MacOS
* Better handling of huge response headers. Fewer incorrect "Bug #3279" messages
* Log noise reduction for eCAP

PR:		207454
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
Security:	https://vuxml.FreeBSD.org/freebsd/660ebbf5-daeb-11e5-b2bd-002590263bf5.html
X-MFH-With:	r406625, r409148

www/squid: update 3.5.13 -> 3.5.14

PR:		207294
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
Security:	CVE-2016-2390
Security:	https://vuxml.FreeBSD.org/freebsd/56562efb-d5e4-11e5-b2bd-002590263bf5.html
X-MFH-Note:	MFH not required, only 3.5.13 in ports/head is vulnerable

Bump versions to chase Nettle shared library update

www/squid: update 3.5.12 -> 3.5.13

Changes:
* Bug 4397: DragonFly BSD, POSIX shared memory is implemented as filepath
* Bug 4387: Kerberos build errors on Solaris
* TLS: Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
* TLS: Complete certificate chains using external intermediate certificates
* Avoid memory leaks when an X.509 certificate validator is used with SslBump
* Fix connection retry and fallback after failed server TLS connections
* Fix GnuTLS detection via pkg-config
* Fix startup crash with a misconfigured (too-small) shared memory cache
* ... and some documentation updates

PR:             206127
Submitted by:   Pavel Timofeev <timp87@gmail.com> (maintainer)

www/squid: Heimdal option build fixes

- Fix squid build with Heimdal from ports.
- Additionally fix squid build with base Heimdal when Heimdal from ports
  is installed.

PR:		205461
Reported by:	dewayne@heuristicsystems.com.au
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
MFH:		2016Q1 (build fix blanket)

Update to 3.5.12

PR:		204913
Submitted by:	<timp87@gmail.com> (maintainer)

www/squid: update 3.5.10 -> 3.5.11

- Regen patches for new release and for portlint
- Drop creating/deleting /var/run/squid in the rc script as this duplicates
  handling it in the pkg-plist

Changes:
* Bug 3574: crashes on reconfigure and startup
* Bug 4347: compile errors with LibreSSL 2.3
* Bug 4281: copy-paste typos in src/tools.cc
* Bug 4279: No response from proxy for FTP-download of non-existing file
* Bug 4188: Bumping intercepted SSL connections does not work on Solaris
* Fix incorrect authentication headers on cache digest requests
* Fix connection stats, including %<lp, missing for persistent connections
* Fix invalid memory access issues in SBuf
* Avoid errors when parsing manager ACL in old squid.conf

PR:		204217
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
Tested by:	ncrogers@gmail.com

Update to 3.5.10

PR:		203501
Submitted by:	<timp87@gmail.com> (maintainer)

rc.d/squid: Check the config before starting, reloading, or restarting.

www/squid: security update and build fix

- security update 3.5.8 -> 3.5.9 [1]
- Fix TP_IPF build on FreeBSD 9 [2]

PR:		203186 [1]
PR:		202950 [2]
Approved by:	Pavel Timofeev <timp87@gmail.com> (maintainer) [1]
Security:	d3a98c2d-5da1-11e5-9909-002590263bf5
MFH:		2015Q3
X-MFH-With:	r391555, r392222, r393602, r396106, r396185, r397215

Rather than produce a warning message that IPv6 is not supported
under ipfilter 4 (FreeBSD 9) every tenth time, reduce the message
to one in a million. This has the effect of displaying the message
at or shortly after startup with a reminder every blue moon.

PR:		202950

Fix TP_IPF build.

www/squid: update 3.5.7 -> 3.5.8

PR:		202826
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)
Approved by:	feld (mentor)

www/squid: update 3.5.6 -> 3.5.7

- Fix build with ecap by clang
- Get rid of useless and always empty /var/squid/logs
- Rework patches to make portlint a bit happier

PR:		202053
Submitted by:	Pavel Timofeev <timp87@gmail.com> (maintainer)