Log message:
Use option "-r" instead of "-e" for ${TEST} since this is \ 
not portable to some
operating systems (eg UnixWare).

Log message:
Add official patches and bump PKGREVISION.

o 2004-03-11 15:29 (Cosmetic)
	Helper queue warnings inprecice on the number of helpers required
o 2004-03-12 10:13 (Cosmetic)
	Add pkg-config support for finding correct OpenSSL compile flags
o 2004-03-19 09:02 (Medium) "Vary: *" is ignored
o 2004-03-19 09:12 (Minor) 100% CPU usage on Linux-2.2
o 2004-03-19 09:17 (Cosmetic)
	Version number includes -CVS if autoconf is run
o 2004-03-29 09:47 (Minor)
	deny_info redirection with requested URL escaped wrongly
o 2004-03-29 10:02 (Minor) CONNECT timeout should produce a 504 or 503
o 2004-04-03 13:54 (Cosmetic)
	cache_swap_log documentation referred to swap.state by it's old
	swap.log name
o 2004-04-06 14:12 (Cosmetic)
	ntlm/auth_ntlm.c(683): warning #187: use of "=" where "==" may
	have been intended
o 2004-04-11 09:19 (Medium) rfc1035NameUnpack: Assertion (*off) < sz failed
o 2004-04-18 01:33 (Major)
	Segment violation when using a blank user name in digest authentication
o 2004-04-18 23:46 (Medium)
	assertion failed: errorpage.c:292: "mem->inmem_hi == 0"
o 2004-04-20 12:30 (Cosmetic)
	Spelling corrections in configure and squid.conf.default
o 2004-04-20 12:38 (Cosmetic)
	Clarify meaning of ERR in digest helper protocol
o 2004-04-20 12:38 (Cosmetic)
	Spelling error in Turkish ERR_DNS_FAIL
o 2004-04-24 14:10 (Minor)
	Negative cached 404 replies with VARY header never matches
o 2004-04-30 00:01 (Minor)
	range_offset_limit -1 KB rejected as invalid syntax

Log message:
Convert to buildlink3.

Log message:
mk/bsd.pkg.install.mk now automatically registers
the RCD_SCRIPTS rc.d script(s) to the PLIST.

This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.

This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)

These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)

I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.

Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
  hard-coded etc/rc.d. These need to be fixed.
- maybe  remove from mk/${OPSYS}.pkg.dist mtree specifications too.

Log message:
Make this build on NetBSD-2.0A with ipfilter-4.1.1

Log message:
PKGREVISION bump after openssl-security-fix-update to 0.9.6m.
Buildlink files: RECOMMENDED version changed to current version.

Log message:
Update squid-2.5.5 (squid 2.5.STABLE5 with two official patches).

Most of these changes from 2.5.STABLE4 to 2.5STABLE5 are already applied
in previous squid-2.5.4nb8 package.

Changes to squid-2.5.STABLE5 (1 Mar 2004):

	- cache.log message on "squid -k reconfigure" was slightly confusing,
	  claiming Squid restarted when it just reread the configuration.
	- Bug #787: digest auth never detects password changes
	- Bug #789: login with space confuses redirector helpers
	- Bug #791: FQDNcache discards negative responses when using
	  internal DNS
	- pam_auth fails on Solaris when using pam_authtok_get. Persistent
	  PAM connections are unsafe and now disabled by default.
	- auth_param documentation clarifications and added default realm
	  values making only the helper program a required attribute
	- Bug #795: German ERR_DNS_FAIL correction
	- Bug #803: Lithuantian error messages update
	- Bug #806: Segfault if failing to load error page
	- Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
	- Bug #817: maximum_object_size too large causes squid not to cache
	- Bug #824: 100% CPU loop if external_acl combined with separate
          authentication acl in the same http_access line
	- squid_ldap_group updated to version 2.12 with support for ldaps://
	  (LDAPv2 over SSL) and a numer of other improvements.
	- Bug #799: positive_dns_ttl ignored when using internal DNS.
	- Bug #690: Incorrect html on empty Gopher responses
	- Bug #729: --enable-arp-acl may give warning about net/route.h
	- Bug #14: attempts to establish connection may look like syn flood
	  attack if the contacted server is refusing connections
	- errorpage README files included in the distribution again showing
	  who contributed which translation
	- Bug #848: connect_timeout connect_timeout ends up twice the length.
	  forward_timeout option added to address this.
	- Bug #849: DNS log error messages should report the failed query
	- Bug #851: DNS retransmits too often
	- Bug #862: Very frequently repeated POST requests may cause a
	  filedescriptor shortage due to persitent connections building up
	- Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
	- Bug #571: Need to limit use of persistent connections when
	  filedescriptor usage is high
	- Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
	  does not work properly
	- Bug #860: redirector_access does not handle "slow" acls such as
	  "dst" or "external" requiring a external lookup.
	- Bug #865: Persistent connection usage too high after sudden burst
	  of traffic.
	- Bug #867: cache_peer max-conn=.. option does not work
	- Bug #868: refuses to start if pid_filename none is specified
	- Bug #887: LDAP helper -Z (TLS) option does not work
	- Bug #877: Squid doesn't follow telnet protocol on FTP control
	  connections
	- Bug #908: Random auth popups and account lockouts when using ntlm
	- Support for NTLM_NEGOTIATE exchanges with ntlm helpers
	- Bug #585: cache_peer_access fails with NTLM authentication
	- Bug #592: always/never_direct fails with NTLM authentication
	- wbinfo_group update for Samba-3
	- Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
	- Bug #924: miss_access restricts internal and cachemgr requests
	  even if these are local
	- Bug #925: auth headers send by squidclient are mildly malformed
	- Bug #922: miss_access and delay_access and several other
	  authentication related bug fixes.
	- Bug #909: Added ARP acl support for FreeBSD
	- Bug #926: deny_info with http_reply_access or miss_access
	- Bug #872: reply_body_max_size problems when using NTLM auth
	- Bug #825: random segmentation faults when using digest auth
	- Bug #910: Partial fix for temporary memory leaks when using NTLM
	  auth. There is still problems if challenge reuse is enabled.
	- ftp://anonymous@host/ now accepted without requiring a password
	- Bug #594: several mime type updates (ftp:// related)
	- url_regex enhanced to allow matching of %00

And two official patches' changes.

assertion failed: helper.c:323: "srv->flags.reserved"

	synopsis	If using ntlm authentication then Squid may
			randomly abort with the above assertion
			failure if a request is aborted while Squid
			waits for a response from the domain controller
	severity	Medium
	date		2004-03-01 23:55
	bugzilla	#937
	versions	Squid-2.5.STABLE5
	platforms	All
	workaround	half_closed_connections on (the default)

squid_ldap_auth can be confused by the use of reserved characters

	synopsis	squid_ldap_auth may be confused by the use of
			reserved characters allowing the login name to
			be masqueraded in different manners possibly
			allowing the user to partially bypass certain
			per-user restrictions or confuse third party
			accounting packages.

			Note that the user can not bypass the login
			procedure as such. All he can do is to make
			the login name look different than normal.
			There is still full audit trails on who the
			user is etc.

			The patch also adds and documents a -d flag to
			both squid_ldap_auth and squid_ldap_group to
			allow for easier tracing of the operation of
			these programs if results is not what is
			expected.

	severity	Major
	date		2004-03-04 09:37
	bugzilla	#935
	versions	Squid-2.5 and earlier
	platforms	All
	configuration	configurations where squid_ldap_auth is used
			for authentication using a search filter (-f
			option) and where squid_ldap_group is not used
			to further restrict the valid usernames.
	workaround	Combine squid_ldap_auth with squid_ldap_group
			to only allow valid logins who are member of a
			certain group, or alternatively use a
			proxy_auth_regex acl to deny the use of any
			login using restricted characters.

				acl bad_login proxy_auth_regex [()\\*]
				http_access deny bad_login

Log message:
Update checksum for squid-2.5.STABLE4-errorpages.patch.
Only change was in some html text in squid/errors/Lithuanian/ERR_INVALID_REQ

Log message:
Update squid package to 2.5.4nb8; apply five official patches.

o Empty proxy_auth ACLs are silently accepted but lead to unpredictable ACL matching

synopsis	If a proxy_auth acl is incorrectly defined with no members
		then any http_access rules using this acl will give
		unpredictable results depending on the results of earlier
		acl lookups.  This patch corrects both the reason to why
		acl lookups became unpredictable and makes Squid reject
		such incorrect acl definitions.
severity	Medium
date		2004-01-15 07:44
bugzilla	#893
versions	Squid-2.5 and earlier
platforms	All
workaround	Make sure your proxy_auth acls are correctly defined.  If
		the acl should not match any users then don't declare the
		acl at all.

o Squid doesn't follow telnet protocol on FTP control connections

synopsis	Squid forgot to escape IAC characters (ascii code 255) in
		FTP requests, causing problems to access files/directories
		using this character in their name or to log in with this
		character in the login or password.
severity	Minor
date		2004-02-03 14:38
bugzilla	#877
versions	Squid-2.5 and earlier
platforms	All
workaround	Double any such characters in the input to Squid.  (%ff%ff
		instead of %ff)

o Random auth popups and account lockouts when using NTLM

synopsis	When using NTLM authentication random auth popups and
		account lockouts may be experienced.
severity	Medium
date		2004-02-11 22:12
bugzilla	#908
versions	Squid-2.5
platforms	All
workaround	It may help to configure a lot of NTLM helpers but this is
		not verified.

o squid_ldap_group -S option did not work

synopsis	The -S and -E options in squid_ldap_group v2.12 was mixed
		up, making the options somewhat hard to use.
severity	Minor
date		2004-02-09 17:10
bugzilla	#911
versions	Squid-2.5.STABLE4 + ldap_group 2.12 patch
platforms	All
workaround	Specify -E instead of -S.

o Squid stuck at 100% CPU loop in ipcache_purgelru, or segfault in the same

synopsis	The squid-2.5.STABLE4-connect_cleanup.patch was not
		entirely correct and could cause memory corruption in
		certain situations involving negative DNS replies (host not
		found etc)
severity	Major
date		2004-02-12 09:42
bugzilla	#891
versions	Squid-2.5.STABLE4-20031210 to 20040212
platforms	All

Log message:
Move WRKSRC definition away from the first paragraph in a Makefile.