Fix security bug 279380.

Add fix for -Wl,--as-needed problem when 3.1.0.13 is compiled with kerberos USE flag enabled.
Remove resource consuming PURGE method from the default squid.conf installed by 3.1.0.13 version.
Package-Manager: portage-2.1.6.13/cvs/Linux x86_64

17 files changed, 251 insertions, 1011 deletions

diff --git a/net-proxy/squid/ChangeLog b/net-proxy/squid/ChangeLog
index c22c8e46cb19..b6f4badee303 100644
--- a/net-proxy/squid/ChangeLog
+++ b/net-proxy/squid/ChangeLog
@@ -1,6 +1,27 @@
 # ChangeLog for net-proxy/squid
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.274 2009/08/16 11:01:46 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/ChangeLog,v 1.275 2009/08/22 12:57:20 mrness Exp $
+
+*squid-3.1.0.13_beta-r1 (22 Aug 2009)
+*squid-3.0.18-r1 (22 Aug 2009)
+*squid-2.7.6-r2 (22 Aug 2009)
+
+  22 Aug 2009; Alin Năstac <mrness@gentoo.org>
+  +files/squid-2.7.6-cve-2009-2855.patch,
+  -files/squid-3.0.15-adapted-zph.patch,
+  -files/squid-3.0.15-cross-compile.patch, -files/squid-3.0.15-gcc43.patch,
+  -files/squid-3.0.15-gentoo.patch, -files/squid-3.0.15-heimdal.patch,
+  +files/squid-3.0.18-cve-2009-2855.patch,
+  -files/squid-3.1.0.9_beta-gentoo.patch,
+  -files/squid-3.1.0.9_beta-invconv.patch,
+  +files/squid-3.1.0.13_beta-cve-2009-2855.patch,
+  files/squid-3.1.0.13_beta-gentoo.patch,
+  files/squid-3.1.0.13_beta-qafixes.patch, +squid-2.7.6-r2.ebuild,
+  -squid-3.0.15.ebuild, +squid-3.0.18-r1.ebuild, -squid-3.1.0.9_beta.ebuild,
+  -squid-3.1.0.13_beta.ebuild, +squid-3.1.0.13_beta-r1.ebuild:
+  Fix security bug 279380. Add fix for -Wl,--as-needed problem when 3.1.0.13
+  is compiled with kerberos USE flag enabled. Remove resource consuming PURGE
+  method from the default squid.conf installed by 3.1.0.13 version.
 
   16 Aug 2009; Alin Năstac <mrness@gentoo.org> files/squid.initd,
   files/squid.initd-logrotate, squid-2.7.6-r1.ebuild, squid-3.0.18.ebuild,
diff --git a/net-proxy/squid/Manifest b/net-proxy/squid/Manifest
index 675428e120c5..77bac8b61da0 100644
--- a/net-proxy/squid/Manifest
+++ b/net-proxy/squid/Manifest
@@ -2,24 +2,20 @@
 Hash: SHA1
 
 AUX squid-2-capability.patch 970 RMD160 01edc052d32b6531e6db93ff1addef91e193c6df SHA1 533bff849dbcbfb2d85c4a995eaea6585a593fd7 SHA256 4e0cef8fc9643e7b4922c510bf25fbd902eaeaec0846eb49a809229ab75b21c6
+AUX squid-2.7.6-cve-2009-2855.patch 1117 RMD160 4d04db9e091725eab9dfd51870ef353fcd9ddd9a SHA1 ac1e88120322b1143d06ab4efe97552aaa3e0fa8 SHA256 203a0ceb25bb99894ad0180f5676daa9c5b4c51a3d76112fa0c3e669db278e24
 AUX squid-2.7.6-gentoo.patch 13118 RMD160 5d51d90af5b85158507d231ce57aa544cc790c7d SHA1 52a95fc33a5eaecf57f95709747fb0a8b88a8c97 SHA256 5181fa5faccfeb328a0288bd711d31597ba414efcd807ac7a46630414ac0a9eb
 AUX squid-2.7.6-heimdal.patch 776 RMD160 2ced12e7682356ee2eb660d877437c3ddad6476e SHA1 3a693c2c975fe4c77ee729d8af8ef28097b11fb6 SHA256 bd0083836321c596db3fc8749152bc77d5a4bd03070d33541b7b489af59e4c25
 AUX squid-3-capability.patch 902 RMD160 40ccc1c7b39f2f877ebec5cd5e9556e0b5499af0 SHA1 436104235c71c8c9a81431fd8bbbf4da0f280ff3 SHA256 ff6fa8ee56aedc461b840295f072f7568258edc0ac48ffbeadd15ebab030e846
-AUX squid-3.0.15-adapted-zph.patch 6838 RMD160 b48cb4dddddcd4fe77fa2a4878689d5e6bad8b0c SHA1 6de99b17fa9ed55188b789d09f15e1cd9c7e6e03 SHA256 5da193601eb4a2cfde0e5118cc083ff977d1932b76badc8b935358466dea44a7
-AUX squid-3.0.15-cross-compile.patch 1234 RMD160 7e85617679c73cbe70c0992f5321304be74e59a1 SHA1 23a0eecc838ab7ee7c0acc5e5a5a1a1a95fbb7ad SHA256 315d5e6bbbf1a6868a1e09fe60697d5245cfb55356ac14c2fcfd3c91d8aab5ab
-AUX squid-3.0.15-gcc43.patch 450 RMD160 239536fc33194fccbdbdb827668eb31e4d158439 SHA1 bb597c111f17e64bec7aef38c01f7a638aaf5182 SHA256 44c9f6d3fe22bd6aeb8e18d4b81b2d38d6c049150d1bf4961c504c811c5ac7ba
-AUX squid-3.0.15-gentoo.patch 13095 RMD160 f4da4b4301dc1fb919f5d4d4798acfdcc261be76 SHA1 1441d546094631bf2f69571570afc980884324e8 SHA256 0c1ddfaf33b956e33271d4cdf86411d78d5d342a5fe339b931bcd1ca130e0db1
-AUX squid-3.0.15-heimdal.patch 780 RMD160 29d0867ff851083facaf641c297e823e687790cb SHA1 b992c97cc0418486ccd9484d55d8c556015954b5 SHA256 cea54706c71b32de608e9d733b185cf55e9468f114514ecdc228e6246dce6a83
 AUX squid-3.0.16-adapted-zph.patch 6838 RMD160 8a3aeddf48efccae072c6a4515cb188562a5bb91 SHA1 cfc842049aa81adb388e78a3aa5b9efbf6d92642 SHA256 b85e78df0e5f8e51f7da6386e502cc82965e4375d4f1f4e04504d04ad488964a
 AUX squid-3.0.16-cross-compile.patch 1234 RMD160 d4420fe001d2aa42b321f1c6d52bec542a23b29f SHA1 fd1a82814c09f77ff1cba4b0abb87be07281c325 SHA256 3ce33f078f120ee30b66f957dcb1ba427360b974f3458db2fc4261458f1f1d15
 AUX squid-3.0.16-gentoo.patch 13095 RMD160 b0ca0fad05db493358f426eb014a13c46806af63 SHA1 392cb4aa66ab3bda1f564da5945322a9dfe78e48 SHA256 3d357bfe5b8ab8ac214fed250f669f5fa1c55e091300d98dc5dcec25e328049d
 AUX squid-3.0.18-adapted-zph.patch 6951 RMD160 98fea60cf9f5a59d1c0370d391929c2fddcfdbb9 SHA1 72ee5c76ed8c9f819e9630ad0caf221fa769e1cc SHA256 41474df7c263997dcebfddfe58745eb7861eb53296241319b2f6837134f8204f
 AUX squid-3.0.18-cross-compile.patch 1234 RMD160 a810657fc4d069d2ded4c59fd7a0ca0e1f4d3bdd SHA1 3368c7d88400894ce30c23c68fa026bee4dfa187 SHA256 628193bc75e2e3cda978636cf6ece1e99f07ed825ce66a3064ec1cb99c760758
+AUX squid-3.0.18-cve-2009-2855.patch 1165 RMD160 a0d31cf6b220d9d35f73c464e2ae0fcf35861177 SHA1 1a24453aef88c3cc3249d410baa4c3dccd1a0eba SHA256 590254fb997f3a79e2d9804149eeacd83a2b81919981de269b524e1c6e4a70ff
 AUX squid-3.0.18-gentoo.patch 13095 RMD160 a051aadf18dd2a902d174ac638acb01a12a289b6 SHA1 f30fe36d7e381cc01c3964e1bd743348b90e9717 SHA256 3d4c07d499c1de4895e2a78fb0f90ff4f1d6859d0c2b92300b43a287318b0f74
-AUX squid-3.1.0.13_beta-gentoo.patch 13105 RMD160 4ebc58d130f1b591bc436a1b761362c10c70f234 SHA1 e7818cba5a2ba7f10a8cb9c1caf72a23ff37fa1e SHA256 9b6cd46932a357dab3f7f97cf7ce9d661225fa1101cefdb725e98c8883e7115e
-AUX squid-3.1.0.13_beta-qafixes.patch 1770 RMD160 bb2f7695d3da01ffcda71fe39d4dd05ce87893b4 SHA1 57e85ef56371b04566e70c256d2fded09d61195a SHA256 d0fb6ccecba23f014a4fbefae384fc938be0f7406ece5a4379ed307ff58a5e95
-AUX squid-3.1.0.9_beta-gentoo.patch 13057 RMD160 cbe92a5e2ec771e3cf73bdc59dbd644eb5cf795c SHA1 73ff615089db67f009ae5294c8d10e129283a191 SHA256 0f27ae81b045fc138710e32c85031f3c3a33050b8b459750087e952d46ade7ae
-AUX squid-3.1.0.9_beta-invconv.patch 936 RMD160 10cd99df146d79ecf87d5c423bce3594d8bb3d96 SHA1 7b31c69c4b80a4c610fdcb8531c58144aca7bf8e SHA256 c224c5bcde28006b1bf39d1407ff7324472d2ac75182c49a68cd0af46583799b
+AUX squid-3.1.0.13_beta-cve-2009-2855.patch 1159 RMD160 a45298f835852e1a3cfc793ea3a81569c24fe87b SHA1 c329b19f632652bd7f6c36e36b793ebdf8551097 SHA256 30e03878fead8aad19ce3739bddce6c42d62ea572feb6a4387393e24b92ee580
+AUX squid-3.1.0.13_beta-gentoo.patch 12746 RMD160 c231d5ff2fa0f925f040575d758d8ea145124436 SHA1 0a2b8149b88a40710b877cb68ce70451dd9654a1 SHA256 191305a90a663742ce04f2d05a8a15ee79c429906a323da18d52c90a266ff9f1
+AUX squid-3.1.0.13_beta-qafixes.patch 3996 RMD160 5987f180c321749d7b92e2e6d7c0e8aedfbc63b5 SHA1 0edd1ea0c848b4dacf5f1b55bd3e585afb0592e7 SHA256 4a2b15985716c305e2ea76acbea4cf692f7ee0ba0ef43658be171cbe039c2186
 AUX squid.confd 541 RMD160 e248f8fdc3ce732267614652f17bd88472e62b76 SHA1 995df246caffb2a74be2df3072d7ff5fbd024a9d SHA256 982d829f3862c5543af82acd4f7bb123ebe3e9d1c5eff0911f5345262811f2e1
 AUX squid.cron 143 RMD160 0706a7ad04691b9a93a2897c319008440483ba11 SHA1 6138db0eccb7320e707b8d60c2970ef684e29336 SHA256 4c9e2afe5b0bba583ce896233ea1f9262beeb1b6cf51b4adb48d5f5c03933b2f
 AUX squid.initd 2269 RMD160 b65ca980aedd37551223370d8bacae4f328d8e39 SHA1 363e4d74451f902974e080a51e6400c79863081d SHA256 580facfdc771c49460633ebd8e8ea2d736431929ee89e83c3ddea5d203178f4f
@@ -27,24 +23,21 @@ AUX squid.initd-logrotate 2162 RMD160 7e381b07e6784b4c682f8d241ab865a1a49c3171 S
 AUX squid.logrotate 101 RMD160 57f6c2461bd8948524dc08c2665593234380891e SHA1 fe8b3c43c0d327150069a65aa473302ae6c423ff SHA256 29e97214612a8656d2d2d60e20451f9e23a9550e58a7af2050bf83fb7af485f6
 AUX squid.pam 315 RMD160 afb3f1cc36ba5ef0015c40040b6d5c18485ec828 SHA1 40933fabaaa2a9cb38d57c3acb77857082c82ae5 SHA256 68ef4282f9fb8506df710d0ae16e84e991e9b138c7f1d0af922682219c7a971f
 DIST squid-2.7.STABLE6.tar.gz 1786189 RMD160 ca59583e9d938c3184a306984f034553f768e942 SHA1 0f66afca85444f7d4f49a527470ef14741904db0 SHA256 0aeb0dd601822711cf8e131d82de8bc64e918adbcfea7e834c4529895759331a
-DIST squid-3.0.14-chunk-encoding.patch.gz 7342 RMD160 c4943c2223858b209a294903917e720a4f328ab5 SHA1 ae2e280e66f44bedce1a3b4e45a62615e8b64eae SHA256 a254c0a9d802daacd159512baab98a6f6c5a3b1d6876141f23b6395e79b5f3ac
-DIST squid-3.0.STABLE15.tar.gz 2441793 RMD160 35a8715928ba916a448df9331bfb0c99feb85523 SHA1 31c1eac13c8ca3d98ccbd8f4b04f1aeb26bde433 SHA256 cdf5453dbe62a9250f90fce2770322d6b0d0c50d0a365a018d17e00383d14544
 DIST squid-3.0.STABLE16.tar.gz 2449986 RMD160 d9e019ef5c2fb26f0a16a9bfbce5fe0269360ab1 SHA1 3d0ba0e509b7939b9023f1b25cc956e4ac3c0ba1 SHA256 a50c9d1d276f59a2754f13c27468445290930c000cb1457160bfe8898620b615
 DIST squid-3.0.STABLE18.tar.gz 2451806 RMD160 58858b1b8fb2d34ce482a6001b950b0aa5c87a2c SHA1 5855ecaf6f427ec95f52848efd679ea1bdd2c304 SHA256 71e74c48a19b901d1b4dd8fcbfa15c6b510befa524929a63ecef6a9ef5699d85
 DIST squid-3.1.0.13.tar.gz 3247124 RMD160 263a42af1ff2d9a967862f77389f9bd3bd6b9b2e SHA1 bfe7ea82b67d07211ae3221920aad87424444f30 SHA256 f4e7c3933575f86072220863f38a6f8d1923ab4b8954a38e06248fc80a0dec00
-DIST squid-3.1.0.9.tar.gz 3205401 RMD160 d1f10d0e1b308c1a930442cc8ab6dcd4c78d2066 SHA1 13e5b096a075c23fff0a56d27023116716c47a71 SHA256 99084bdf18a32fbd9b3095cdbdbd1de78e3e1113ad36c6838b49acf3c799d0aa
 EBUILD squid-2.7.6-r1.ebuild 5993 RMD160 4106abd174f303e5e538bc563cdebc94ed46cbcd SHA1 ebb00af7b12445ec38e2453c49b7a210784b3ca5 SHA256 0303997e63bcf8906a189cb157cf5d455a346890448c51ce2d632d41f07efcf3
-EBUILD squid-3.0.15.ebuild 6622 RMD160 422f8679e5012cc83c5b2ffbc94f2ee4de29eaa9 SHA1 93a19944a05a9afe44472fb1e1d63261b131f2eb SHA256 0e6e8ce7461c9f95d5c9467290101770c8b2f803bbba706c3ded54aac57af51a
+EBUILD squid-2.7.6-r2.ebuild 6047 RMD160 7d430d584541fa51c9c6d9046db55913a6ac3771 SHA1 03c3a9df46cbfefca3382381505898e4f0adca8e SHA256 d9c6ad46e4e19ee2fff7bb0ba20c0187ec2832e13e891b8eeedfc5cf42cbc117
 EBUILD squid-3.0.16.ebuild 6388 RMD160 5b86c3b092be1d2c562fe80a0a1a7523ed4d0127 SHA1 0ba223321aa91b229f2bc0ecd72612193517bb98 SHA256 d7ed3f17996b1cf3aac97709301d8bc14d07075318893500d497797313fd5f5c
+EBUILD squid-3.0.18-r1.ebuild 6447 RMD160 32f22ab1489edf84b55543ed3a74c3d7b06da197 SHA1 ae826f4ccecc3a4a4aaac6a3bf02b17f9065bbf7 SHA256 abda67888ea1a48671bae50a63d5e4475fecf4098f42e834609d437519f4e0a1
 EBUILD squid-3.0.18.ebuild 6389 RMD160 bdb8f7878af2c334c17c2bf9c195c85db0b03d38 SHA1 f1963803a04cb5f67d0d864f357791848c79ce59 SHA256 51a7efd863d0f8d228fd1bf5992b606e64f7e7e26fad4f057cdc448f81d5df46
-EBUILD squid-3.1.0.13_beta.ebuild 6588 RMD160 b2c792aa6c9c5fbc7105345e861053c9db87d8d7 SHA1 2ac58c6ecb4631cef729478e88dfdc00f3abd848 SHA256 d103e27f1006f8762c9a0d6c238d584667b19f73410bd73da3653afc0158fa7b
-EBUILD squid-3.1.0.9_beta.ebuild 6605 RMD160 8e14eee3bda2029772024adf0674e2de354f9688 SHA1 e00fd1f1e0eb7ac27d284f64cfb3f11aef1963f3 SHA256 2828e348750027703c42e4127f7940daf12865c658b0550af1362fdfd9f14d88
-MISC ChangeLog 58860 RMD160 55d8fa5b38475c10cf7766b58bf65580ab65c1d6 SHA1 65b7db1666dac2ec2c1e09b0e43d7524b25b2bf4 SHA256 8c3fbb85ec85055c6c0645fbcab536c7e238cb8d38b995337b4463b89a67fc68
+EBUILD squid-3.1.0.13_beta-r1.ebuild 6638 RMD160 516a8f26627ff6cd94862831b368ab3a4bef0236 SHA1 1d7b00f0f1be808e38e7d08edb08354302d417a2 SHA256 36ab5d0b147708d55da86da85ce0c504d9e472a1a3d4a61f9b69bd9058a55e3f
+MISC ChangeLog 59889 RMD160 a4d45470104b10bebb00fd4a5e5b90b2c954b018 SHA1 15e7df929e552ebc616983d35a17ed3e67c0a669 SHA256 49a1575263109f8057e9868528183d57b032281c5ac6dc0edc315aa158597673
 MISC metadata.xml 815 RMD160 ef81660620d9fa0746bc415a7e6e6cf8a5500b98 SHA1 7a420824358267ae8c85256da092d1fba8727dcd SHA256 943b6f547b43197636ac4ec29ad23423770ec621cdb1b495306d95ab14da09ba
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.11 (GNU/Linux)
 
-iEYEARECAAYFAkqH5yYACgkQ9A5kJBGSrstihwCgjyFHfeiggRCq4F6QIW5DNygD
-JNQAn0vUegQZhhm/R0jMs+znxqKX4QGI
-=HpBU
+iEYEARECAAYFAkqP6zwACgkQ9A5kJBGSrsv2mgCeNut3rdAxfVeamDMrPN37tbB3
+a2oAni1UFB+tmeqhTkMWE2IUTgRwPChM
+=82fw
 -----END PGP SIGNATURE-----
diff --git a/net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch b/net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch
new file mode 100644
index 000000000000..8863ffe093fc
--- /dev/null
+++ b/net-proxy/squid/files/squid-2.7.6-cve-2009-2855.patch
@@ -0,0 +1,34 @@
+diff -Nru squid-2.7.STABLE6.orig/src/HttpHeaderTools.c squid-2.7.STABLE6/src/HttpHeaderTools.c
+--- squid-2.7.STABLE6.orig/src/HttpHeaderTools.c	2008-04-02 03:00:11.000000000 +0200
++++ squid-2.7.STABLE6/src/HttpHeaderTools.c	2009-08-22 11:25:43.000000000 +0200
+@@ -239,6 +239,10 @@
+ strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos)
+ {
+     size_t len;
++    /* ',' is always enabled as field delimiter as this is required for
++     * processing merged header values properly, even if Cookie normally
++     * uses ';' as delimiter.
++     */
+     static char delim[3][8] =
+     {
+ 	"\"?,",
+@@ -261,16 +265,15 @@
+     /* find next delimiter */
+     do {
+ 	*pos += strcspn(*pos, delim[quoted]);
+-	if (**pos == del)
+-	    break;
+ 	if (**pos == '"') {
+ 	    quoted = !quoted;
+ 	    *pos += 1;
+-	}
+-	if (quoted && **pos == '\\') {
++	} else if (quoted && **pos == '\\') {
+ 	    *pos += 1;
+ 	    if (**pos)
+ 		*pos += 1;
++	} else {
++	    break;		/* Delimiter found, marking the end of this value */
+ 	}
+     } while (**pos);
+     len = *pos - *item;		/* *pos points to del or '\0' */
diff --git a/net-proxy/squid/files/squid-3.0.15-adapted-zph.patch b/net-proxy/squid/files/squid-3.0.15-adapted-zph.patch
deleted file mode 100644
index 864944a4daf9..000000000000
--- a/net-proxy/squid/files/squid-3.0.15-adapted-zph.patch
+++ /dev/null
@@ -1,202 +0,0 @@
-diff -Nru squid-3.0.STABLE15.orig/src/cf.data.pre squid-3.0.STABLE15/src/cf.data.pre
---- squid-3.0.STABLE15.orig/src/cf.data.pre	2009-05-09 10:05:05.000000000 +0000
-+++ squid-3.0.STABLE15/src/cf.data.pre	2009-05-09 10:13:39.000000000 +0000
-@@ -1133,6 +1133,60 @@
- 	making the request.
- DOC_END
- 
-+NAME: zph_tos_local
-+TYPE: int
-+DEFAULT: 0
-+LOC: Config.zph_tos_local
-+DOC_START
-+       Allows you to select a TOS/Diffserv value to mark local hits. Read above
-+       (tcp_outgoing_tos) for details/requirements about TOS.
-+       Default: 0 (disabled).
-+DOC_END
-+
-+NAME: zph_tos_peer
-+TYPE: int
-+DEFAULT: 0
-+LOC: Config.zph_tos_peer
-+DOC_START
-+       Allows you to select a TOS/Diffserv value to mark peer hits. Read above
-+       (tcp_outgoing_tos) for details/requirements about TOS.
-+       Default: 0 (disabled).
-+DOC_END
-+
-+NAME: zph_tos_parent
-+COMMENT: on|off
-+TYPE: onoff
-+LOC: Config.onoff.zph_tos_parent
-+DEFAULT: on
-+DOC_START
-+       Set this to off if you want only sibling hits to be marked.
-+       If set to on (default), parent hits are being marked too.
-+DOC_END
-+
-+NAME: zph_preserve_miss_tos
-+COMMENT: on|off
-+TYPE: onoff
-+LOC: Config.onoff.zph_preserve_miss_tos
-+DEFAULT: on
-+DOC_START
-+       If set to on (default), any HTTP response towards clients will
-+       have the TOS value of the response comming from the remote
-+       server masked with the value of zph_preserve_miss_tos_mask.
-+       For this to work correctly, you will need to patch your linux
-+       kernel with the TOS preserving ZPH patch.
-+DOC_END
-+
-+NAME: zph_preserve_miss_tos_mask
-+TYPE: int
-+DEFAULT: 255
-+LOC: Config.zph_preserve_miss_tos_mask
-+DOC_START
-+       Allows you to mask certain bits in the TOS received from the
-+       remote server, before copying the value to the TOS send towards
-+       clients.
-+       Default: 255 (TOS from server is not changed).
-+DOC_END
-+
- NAME: tcp_outgoing_address
- TYPE: acl_address
- DEFAULT: none
-diff -Nru squid-3.0.STABLE15.orig/src/client_side_reply.cc squid-3.0.STABLE15/src/client_side_reply.cc
---- squid-3.0.STABLE15.orig/src/client_side_reply.cc	2009-05-06 11:11:41.000000000 +0000
-+++ squid-3.0.STABLE15/src/client_side_reply.cc	2009-05-09 10:13:39.000000000 +0000
-@@ -48,6 +48,7 @@
- #include "ESI.h"
- #endif
- #include "MemObject.h"
-+#include "fde.h"
- #include "ACLChecklist.h"
- #include "ACL.h"
- #if DELAY_POOLS
-@@ -1550,6 +1551,11 @@
-         /* guarantee nothing has been sent yet! */
-         assert(http->out.size == 0);
-         assert(http->out.offset == 0);
-+        if (Config.zph_tos_local)
-+      	{
-+			debugs(33, 1, "ZPH hit hier.code=" << http->request->hier.code <<" TOS="<<Config.zph_tos_local);
-+	    	comm_set_tos(http->getConn()->fd,Config.zph_tos_local);
-+      	}             
-         tempBuffer.offset = reqofs;
-         tempBuffer.length = getNextNode()->readBuffer.length;
-         tempBuffer.data = getNextNode()->readBuffer.data;
-@@ -1829,6 +1835,24 @@
-     char *buf = next()->readBuffer.data;
- 
-     char *body_buf = buf;
-+    
-+    if (reqofs==0 && !logTypeIsATcpHit(http->logType))
-+    {
-+		int tos = 0;
-+		if (Config.zph_tos_peer && 
-+    	 	 (http->request->hier.code==SIBLING_HIT ||
-+			 (Config.onoff.zph_tos_parent && http->request->hier.code==PARENT_HIT)))
-+		{
-+			tos = Config.zph_tos_peer;
-+			debugs(33, 1, "ZPH: Peer hit, TOS="<<tos<<" hier.code="<<http->request->hier.code);
-+		}
-+		else if (Config.onoff.zph_preserve_miss_tos && Config.zph_preserve_miss_tos_mask)
-+		{
-+			tos = fd_table[fd].upstreamTOS & Config.zph_preserve_miss_tos_mask;
-+			debugs(33, 1, "ZPH: Preserving TOS on miss, TOS="<<tos);
-+		}
-+		comm_set_tos(fd,tos);
-+    }     
- 
-     if (buf != result.data) {
-         /* we've got to copy some data */
-diff -Nru squid-3.0.STABLE15.orig/src/fde.h squid-3.0.STABLE15/src/fde.h
---- squid-3.0.STABLE15.orig/src/fde.h	2009-05-06 11:11:41.000000000 +0000
-+++ squid-3.0.STABLE15/src/fde.h	2009-05-09 10:13:39.000000000 +0000
-@@ -106,7 +106,7 @@
-         long handle;
-     } win32;
- #endif
--
-+    unsigned char upstreamTOS;			/* see FwdState::dispatch()  */
- };
- 
- #endif /* SQUID_FDE_H */
-diff -Nru squid-3.0.STABLE15.orig/src/forward.cc squid-3.0.STABLE15/src/forward.cc
---- squid-3.0.STABLE15.orig/src/forward.cc	2009-05-06 11:11:41.000000000 +0000
-+++ squid-3.0.STABLE15/src/forward.cc	2009-05-09 10:13:39.000000000 +0000
-@@ -965,6 +965,52 @@
- 
-     netdbPingSite(request->host);
- 
-+    /* Retrieves remote server TOS value, and stores it as part of the
-+     * original client request FD object. It is later used to forward
-+     * remote server's TOS in the response to the client in case of a MISS.
-+     */
-+	fde * clientFde = &fd_table[client_fd];
-+	if (clientFde)
-+	{
-+		int tos = 1;
-+		int tos_len = sizeof(tos);
-+		clientFde->upstreamTOS = 0;
-+	    if (setsockopt(server_fd,SOL_IP,IP_RECVTOS,&tos,tos_len)==0)
-+	    {
-+	       unsigned char buf[512];
-+	       int len = 512;
-+	       if (getsockopt(server_fd,SOL_IP,IP_PKTOPTIONS,buf,(socklen_t*)&len) == 0)
-+	       {
-+	           /* Parse the PKTOPTIONS structure to locate the TOS data message
-+	            * prepared in the kernel by the ZPH incoming TCP TOS preserving
-+	            * patch.
-+	            */
-+	    	   unsigned char * p = buf;
-+	           while (p-buf < len)
-+	           {
-+	              struct cmsghdr *o = (struct cmsghdr*)p;
-+	              if (o->cmsg_len<=0)
-+	                 break;
-+	
-+	              if (o->cmsg_level == SOL_IP && o->cmsg_type == IP_TOS)
-+	              {
-+	            	  clientFde->upstreamTOS = (unsigned char)(*(int*)CMSG_DATA(o));
-+	            	  break;
-+	              }
-+	              p += CMSG_LEN(o->cmsg_len);
-+	           }
-+	       }
-+	       else
-+	       {
-+	           debugs(33, 1, "ZPH: error in getsockopt(IP_PKTOPTIONS) on FD "<<server_fd<<" "<<xstrerror());
-+	       }
-+	    }
-+	    else
-+	    {
-+	    	debugs(33, 1, "ZPH: error in setsockopt(IP_RECVTOS) on FD "<<server_fd<<" "<<xstrerror());
-+	    }
-+	}    
-+
-     if (servers && (p = servers->_peer)) {
-         p->stats.fetches++;
-         request->peer_login = p->login;
-diff -Nru squid-3.0.STABLE15.orig/src/structs.h squid-3.0.STABLE15/src/structs.h
---- squid-3.0.STABLE15.orig/src/structs.h	2009-05-09 10:05:06.000000000 +0000
-+++ squid-3.0.STABLE15/src/structs.h	2009-05-09 10:13:39.000000000 +0000
-@@ -553,6 +553,8 @@
-         int emailErrData;
-         int httpd_suppress_version_string;
-         int global_internal_static;
-+        int zph_tos_parent;
-+        int zph_preserve_miss_tos;
-         int debug_override_X;
-         int WIN32_IpAddrChangeMonitor;
-     }
-@@ -721,6 +723,9 @@
-     int sleep_after_fork;	/* microseconds */
-     time_t minimum_expiry_time;	/* seconds */
-     external_acl *externalAclHelperList;
-+    int zph_tos_local;
-+    int zph_tos_peer;
-+    int zph_preserve_miss_tos_mask;
- #if USE_SSL
- 
-     struct
diff --git a/net-proxy/squid/files/squid-3.0.15-cross-compile.patch b/net-proxy/squid/files/squid-3.0.15-cross-compile.patch
deleted file mode 100644
index 68a3fb55e321..000000000000
--- a/net-proxy/squid/files/squid-3.0.15-cross-compile.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-diff -Nru squid-3.0.STABLE15.orig/configure.in squid-3.0.STABLE15/configure.in
---- squid-3.0.STABLE15.orig/configure.in	2009-05-09 10:02:38.000000000 +0000
-+++ squid-3.0.STABLE15/configure.in	2009-05-09 10:03:20.000000000 +0000
-@@ -1820,6 +1820,10 @@
- 	;;
- esac
- 
-+dnl Define HOSTCXX
-+HOSTCXX="$build-g++"
-+AC_SUBST(HOSTCXX)
-+
- dnl Check for programs
- AC_PROG_CPP
- AC_PROG_INSTALL
-diff -Nru squid-3.0.STABLE15.orig/src/Makefile.am squid-3.0.STABLE15/src/Makefile.am
---- squid-3.0.STABLE15.orig/src/Makefile.am	2009-05-09 10:02:38.000000000 +0000
-+++ squid-3.0.STABLE15/src/Makefile.am	2009-05-09 10:03:20.000000000 +0000
-@@ -1007,6 +1007,8 @@
- 
- DEFS = @DEFS@ -DDEFAULT_CONFIG_FILE=\"$(DEFAULT_CONFIG_FILE)\"
- 
-+HOSTCXX ?= @HOSTCXX@
-+
- $(OBJS): $(top_srcdir)/include/version.h ../include/autoconf.h
- 
- snmp_core.o snmp_agent.o: ../snmplib/libsnmp.a $(top_srcdir)/include/cache_snmp.h
-@@ -1030,6 +1032,11 @@
- squid.conf.default: cf_parser.h
- 	true
- 
-+cf_gen$(EXEEXT): $(cf_gen_SOURCES) $(cf_gen_DEPENDENCIES)
-+	$(HOSTCXX) -o $@ $(srcdir)/cf_gen.cc \
-+		$(top_srcdir)/lib/util.c $(top_srcdir)/lib/assert.c \
-+		-DNDEBUG -DBUILD_HOST_TOOL ${INCLUDES}
-+
- cf_parser.h: cf.data cf_gen$(EXEEXT)
- 	./cf_gen cf.data $(srcdir)/cf.data.depend
- 
diff --git a/net-proxy/squid/files/squid-3.0.15-gcc43.patch b/net-proxy/squid/files/squid-3.0.15-gcc43.patch
deleted file mode 100644
index a9d3f1b594f8..000000000000
--- a/net-proxy/squid/files/squid-3.0.15-gcc43.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -Nru squid-3.0.STABLE15.orig/lib/util.c squid-3.0.STABLE15/lib/util.c
---- squid-3.0.STABLE15.orig/lib/util.c	2009-05-06 11:11:38.000000000 +0000
-+++ squid-3.0.STABLE15/lib/util.c	2009-05-09 10:31:41.000000000 +0000
-@@ -751,7 +751,8 @@
-     /* copy string, including terminating character */
-     sz = strlen(s) + 1;
- 
--    p = memcpy((char *)xmalloc(sz), s, sz);
-+    p = (char *)xmalloc(sz);
-+    memcpy(p, s, sz);
- 
-     PROF_stop(xstrdup);
- 
diff --git a/net-proxy/squid/files/squid-3.0.15-gentoo.patch b/net-proxy/squid/files/squid-3.0.15-gentoo.patch
deleted file mode 100644
index 2def7187d6cc..000000000000
--- a/net-proxy/squid/files/squid-3.0.15-gentoo.patch
+++ /dev/null
@@ -1,293 +0,0 @@
-diff -Nru squid-3.0.STABLE15.orig/acinclude.m4 squid-3.0.STABLE15/acinclude.m4
---- squid-3.0.STABLE15.orig/acinclude.m4	2009-05-06 11:11:25.000000000 +0000
-+++ squid-3.0.STABLE15/acinclude.m4	2009-05-09 09:54:49.000000000 +0000
-@@ -73,7 +73,7 @@
-   AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
-   AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
-     ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
--${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
-+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null
- res=$?
- rm -f conftest.*
- echo yes
-diff -Nru squid-3.0.STABLE15.orig/configure.in squid-3.0.STABLE15/configure.in
---- squid-3.0.STABLE15.orig/configure.in	2009-05-06 11:11:43.000000000 +0000
-+++ squid-3.0.STABLE15/configure.in	2009-05-09 09:54:49.000000000 +0000
-@@ -15,9 +15,9 @@
- PRESET_LDFLAGS="$LDFLAGS"
- 
- dnl Set default LDFLAGS
--if test -z "$LDFLAGS"; then
--        LDFLAGS="-g"
--fi
-+dnl if test -z "$LDFLAGS"; then
-+dnl         LDFLAGS="-g"
-+dnl fi
- 
- dnl Check for GNU cc
- AC_PROG_CC
-@@ -177,13 +177,13 @@
- dnl TODO: check if the problem will be present in any other newer MinGW release.
-     case "$host_os" in
-     mingw|mingw32)
--        SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
-+        SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
- 	;;
-     *)
--        SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
-+        SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations"
- 	;;
-     esac
--    SQUID_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
-+    SQUID_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
- else
-     SQUID_CFLAGS=
-     SQUID_CXXFLAGS=
-diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/confload.c squid-3.0.STABLE15/helpers/basic_auth/MSNT/confload.c
---- squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/confload.c	2009-05-06 11:11:32.000000000 +0000
-+++ squid-3.0.STABLE15/helpers/basic_auth/MSNT/confload.c	2009-05-09 09:54:49.000000000 +0000
-@@ -27,7 +27,7 @@
- 
- /* Path to configuration file */
- #ifndef SYSCONFDIR
--#define SYSCONFDIR "/usr/local/squid/etc"
-+#define SYSCONFDIR "/etc/squid"
- #endif
- #define CONFIGFILE   SYSCONFDIR "/msntauth.conf"
- 
-diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.0.STABLE15/helpers/basic_auth/MSNT/msntauth.conf.default
---- squid-3.0.STABLE15.orig/helpers/basic_auth/MSNT/msntauth.conf.default	2009-05-06 11:11:32.000000000 +0000
-+++ squid-3.0.STABLE15/helpers/basic_auth/MSNT/msntauth.conf.default	2009-05-09 09:54:49.000000000 +0000
-@@ -8,6 +8,6 @@
- server other_PDC	other_BDC	otherdomain
- 
- # Denied and allowed users. Comment these if not needed.
--#denyusers	/usr/local/squid/etc/msntauth.denyusers
--#allowusers	/usr/local/squid/etc/msntauth.allowusers
-+#denyusers	/etc/squid/msntauth.denyusers
-+#allowusers	/etc/squid/msntauth.allowusers
- 
-diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/Makefile.am squid-3.0.STABLE15/helpers/basic_auth/SMB/Makefile.am
---- squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/Makefile.am	2009-05-06 11:11:32.000000000 +0000
-+++ squid-3.0.STABLE15/helpers/basic_auth/SMB/Makefile.am	2009-05-09 09:54:49.000000000 +0000
-@@ -14,7 +14,7 @@
- ## FIXME: autoconf should test for the samba path.
- 
- SMB_AUTH_HELPER	= smb_auth.sh
--SAMBAPREFIX=/usr/local/samba
-+SAMBAPREFIX=/usr
- SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
- 
- libexec_SCRIPTS	= $(SMB_AUTH_HELPER)
-diff -Nru squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.0.STABLE15/helpers/basic_auth/SMB/smb_auth.sh
---- squid-3.0.STABLE15.orig/helpers/basic_auth/SMB/smb_auth.sh	2009-05-06 11:11:32.000000000 +0000
-+++ squid-3.0.STABLE15/helpers/basic_auth/SMB/smb_auth.sh	2009-05-09 09:54:49.000000000 +0000
-@@ -24,7 +24,7 @@
- read AUTHSHARE
- read AUTHFILE
- read SMBUSER
--read SMBPASS
-+read -r SMBPASS
- 
- # Find domain controller
- echo "Domain name: $DOMAINNAME"
-@@ -47,7 +47,7 @@
-   addropt=""
- fi
- echo "Query address options: $addropt"
--dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
-+dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
- echo "Domain controller IP address: $dcip"
- [ -n "$dcip" ] || exit 1
- 
-diff -Nru squid-3.0.STABLE15.orig/helpers/external_acl/session/squid_session.8 squid-3.0.STABLE15/helpers/external_acl/session/squid_session.8
---- squid-3.0.STABLE15.orig/helpers/external_acl/session/squid_session.8	2009-05-06 11:11:33.000000000 +0000
-+++ squid-3.0.STABLE15/helpers/external_acl/session/squid_session.8	2009-05-09 09:54:49.000000000 +0000
-@@ -35,7 +35,7 @@
- .P
- Configuration example using the default automatic mode
- .IP
--external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session
-+external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session
- .IP
- acl session external session
- .IP
-diff -Nru squid-3.0.STABLE15.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.0.STABLE15/helpers/external_acl/unix_group/squid_unix_group.8
---- squid-3.0.STABLE15.orig/helpers/external_acl/unix_group/squid_unix_group.8	2009-05-06 11:11:33.000000000 +0000
-+++ squid-3.0.STABLE15/helpers/external_acl/unix_group/squid_unix_group.8	2009-05-09 09:54:49.000000000 +0000
-@@ -27,7 +27,7 @@
- This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2
- matches users in group2 or group3
- .IP
--external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p
-+external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p
- .IP
- acl usergroup1 external unix_group group1
- .IP
-diff -Nru squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/do.sh
---- squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/do.sh	2009-05-06 11:11:33.000000000 +0000
-+++ squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/do.sh	2009-05-09 09:54:49.000000000 +0000
-@@ -7,7 +7,7 @@
- #
- CC=gcc
- #CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow -O2"
--CFLAGS="-Wall -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2"
-+CFLAGS="-Wall -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wshadow -O2"
- if [ "$1" = "HEIMDAL" ]; then
-   DEFINE="-DHEIMDAL -D__LITTLE_ENDIAN__"
-   INCLUDE="-I/usr/include/heimdal -Ispnegohelp"
-diff -Nru squid-3.0.STABLE15.orig/lib/libTrie/acinclude.m4 squid-3.0.STABLE15/lib/libTrie/acinclude.m4
---- squid-3.0.STABLE15.orig/lib/libTrie/acinclude.m4	2009-05-06 11:11:37.000000000 +0000
-+++ squid-3.0.STABLE15/lib/libTrie/acinclude.m4	2009-05-09 09:54:49.000000000 +0000
-@@ -9,7 +9,7 @@
-   AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
-   AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
-     ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
--${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
-+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null
- res=$?
- rm -f conftest.*
- echo yes
-diff -Nru squid-3.0.STABLE15.orig/lib/libTrie/configure.in squid-3.0.STABLE15/lib/libTrie/configure.in
---- squid-3.0.STABLE15.orig/lib/libTrie/configure.in	2009-05-06 11:11:37.000000000 +0000
-+++ squid-3.0.STABLE15/lib/libTrie/configure.in	2009-05-09 09:54:49.000000000 +0000
-@@ -58,8 +58,8 @@
- 
- dnl set useful flags
- if test "$GCC" = "yes"; then
--   TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
--   TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
-+   TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations"
-+   TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
- else
-    TRIE_CFLAGS=
-    TRIE_CXXFLAGS=
-diff -Nru squid-3.0.STABLE15.orig/src/cf.data.pre squid-3.0.STABLE15/src/cf.data.pre
---- squid-3.0.STABLE15.orig/src/cf.data.pre	2009-05-06 11:11:41.000000000 +0000
-+++ squid-3.0.STABLE15/src/cf.data.pre	2009-05-09 09:54:49.000000000 +0000
-@@ -652,6 +652,8 @@
- acl Safe_ports port 488		# gss-http
- acl Safe_ports port 591		# filemaker
- acl Safe_ports port 777		# multiling http
-+acl Safe_ports port 901		# SWAT
-+acl purge method PURGE
- acl CONNECT method CONNECT
- NOCOMMENT_END
- DOC_END
-@@ -685,6 +687,9 @@
- # Only allow cachemgr access from localhost
- http_access allow manager localhost
- http_access deny manager
-+# Only allow purge requests from localhost
-+http_access allow purge localhost
-+http_access deny purge
- # Deny requests to unknown ports
- http_access deny !Safe_ports
- # Deny CONNECT to other than SSL ports
-@@ -702,6 +707,9 @@
- # from where browsing should be allowed
- http_access allow localnet
- 
-+# Allow the localhost to have access by default
-+http_access allow localhost
-+
- # And finally deny all other access to this proxy
- http_access deny all
- NOCOMMENT_END
-@@ -3264,11 +3272,11 @@
- 
- NAME: cache_mgr
- TYPE: string
--DEFAULT: webmaster
-+DEFAULT: root
- LOC: Config.adminEmail
- DOC_START
- 	Email-address of local cache manager who will receive
--	mail if the cache dies.  The default is "webmaster."
-+	mail if the cache dies.  The default is "root".
- DOC_END
- 
- NAME: mail_from
-@@ -5218,6 +5226,9 @@
- 	If you disable this, it will appear as
- 
- 		X-Forwarded-For: unknown
-+NOCOMMENT_START
-+forwarded_for off
-+NOCOMMENT_END
- DOC_END
- 
- NAME: cachemgr_passwd
-diff -Nru squid-3.0.STABLE15.orig/src/debug.cc squid-3.0.STABLE15/src/debug.cc
---- squid-3.0.STABLE15.orig/src/debug.cc	2009-05-06 11:11:41.000000000 +0000
-+++ squid-3.0.STABLE15/src/debug.cc	2009-05-09 09:54:49.000000000 +0000
-@@ -465,7 +465,7 @@
- #if HAVE_SYSLOG && defined(LOG_LOCAL4)
- 
-     if (opt_syslog_enable)
--        openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility);
-+        openlog(appname, LOG_PID | LOG_NDELAY, syslog_facility);
- 
- #endif /* HAVE_SYSLOG */
- 
-diff -Nru squid-3.0.STABLE15.orig/src/defines.h squid-3.0.STABLE15/src/defines.h
---- squid-3.0.STABLE15.orig/src/defines.h	2009-05-06 11:11:41.000000000 +0000
-+++ squid-3.0.STABLE15/src/defines.h	2009-05-09 09:54:49.000000000 +0000
-@@ -218,7 +218,7 @@
- 
- /* were to look for errors if config path fails */
- #ifndef DEFAULT_SQUID_ERROR_DIR
--#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors"
-+#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English"
- #endif
- 
- /* handy to determine the #elements in a static array */
-diff -Nru squid-3.0.STABLE15.orig/src/main.cc squid-3.0.STABLE15/src/main.cc
---- squid-3.0.STABLE15.orig/src/main.cc	2009-05-06 11:11:41.000000000 +0000
-+++ squid-3.0.STABLE15/src/main.cc	2009-05-09 09:54:49.000000000 +0000
-@@ -1490,7 +1490,7 @@
-     if (*(argv[0]) == '(')
-         return;
- 
--    openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
-+    openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
- 
-     if ((pid = fork()) < 0)
-         syslog(LOG_ALERT, "fork failed: %s", xstrerror());
-@@ -1534,7 +1534,7 @@
- 
-         if ((pid = fork()) == 0) {
-             /* child */
--            openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
-+            openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
-             prog = xstrdup(argv[0]);
-             argv[0] = xstrdup("(squid)");
-             execvp(prog, argv);
-@@ -1542,7 +1542,7 @@
-         }
- 
-         /* parent */
--        openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
-+        openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
- 
-         syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid);
- 
-diff -Nru squid-3.0.STABLE15.orig/src/Makefile.am squid-3.0.STABLE15/src/Makefile.am
---- squid-3.0.STABLE15.orig/src/Makefile.am	2009-05-06 11:11:40.000000000 +0000
-+++ squid-3.0.STABLE15/src/Makefile.am	2009-05-09 09:54:49.000000000 +0000
-@@ -991,12 +991,12 @@
- DEFAULT_CONFIG_FILE     = $(sysconfdir)/squid.conf
- DEFAULT_MIME_TABLE	= $(sysconfdir)/mime.conf
- DEFAULT_DNSSERVER       = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
--DEFAULT_LOG_PREFIX	= $(localstatedir)/logs
-+DEFAULT_LOG_PREFIX	= $(localstatedir)/log/squid
- DEFAULT_CACHE_LOG       = $(DEFAULT_LOG_PREFIX)/cache.log
- DEFAULT_ACCESS_LOG      = $(DEFAULT_LOG_PREFIX)/access.log
- DEFAULT_STORE_LOG       = $(DEFAULT_LOG_PREFIX)/store.log
--DEFAULT_PID_FILE        = $(DEFAULT_LOG_PREFIX)/squid.pid
--DEFAULT_SWAP_DIR        = $(localstatedir)/cache
-+DEFAULT_PID_FILE        = $(localstatedir)/run/squid.pid
-+DEFAULT_SWAP_DIR        = $(localstatedir)/cache/squid
- DEFAULT_PINGER		= $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
- DEFAULT_UNLINKD		= $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
- DEFAULT_DISKD		= $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
diff --git a/net-proxy/squid/files/squid-3.0.15-heimdal.patch b/net-proxy/squid/files/squid-3.0.15-heimdal.patch
deleted file mode 100644
index 56a306e06942..000000000000
--- a/net-proxy/squid/files/squid-3.0.15-heimdal.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -Nru squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/Makefile.am squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/Makefile.am
---- squid-3.0.STABLE15.orig/helpers/negotiate_auth/squid_kerb_auth/Makefile.am	2009-05-06 11:11:33.000000000 +0000
-+++ squid-3.0.STABLE15/helpers/negotiate_auth/squid_kerb_auth/Makefile.am	2009-05-09 10:14:42.000000000 +0000
-@@ -18,10 +18,10 @@
- #-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS)
- 
- # HEIMDAL
--#KERBINC = -DHEIMDAL -I/usr/include/heimdal
--#KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken
-+KERBINC = -DHEIMDAL -I/usr/include/heimdal
-+KERBLIBS = -lgssapi -lkrb5 -lcom_err -lasn1 -lroken
- 
- # MIT
--KERBINC = 
--KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err
-+#KERBINC = 
-+#KERBLIBS = -lgssapi_krb5 -lkrb5 -lcom_err
- 
diff --git a/net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch b/net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch
new file mode 100644
index 000000000000..c7ac8c5d3c4e
--- /dev/null
+++ b/net-proxy/squid/files/squid-3.0.18-cve-2009-2855.patch
@@ -0,0 +1,37 @@
+diff -Nru squid-3.0.STABLE18.orig/src/HttpHeaderTools.cc squid-3.0.STABLE18/src/HttpHeaderTools.cc
+--- squid-3.0.STABLE18.orig/src/HttpHeaderTools.cc	2009-08-04 13:57:48.000000000 +0200
++++ squid-3.0.STABLE18/src/HttpHeaderTools.cc	2009-08-22 11:43:40.000000000 +0200
+@@ -246,6 +246,10 @@
+ strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos)
+ {
+     size_t len;
++    /* ',' is always enabled as field delimiter as this is required for
++     * processing merged header values properly, even if Cookie normally
++     * uses ';' as delimiter.
++    */
+     static char delim[3][8] = {
+ 			"\"?,",
+ 			"\"\\",
+@@ -273,19 +277,16 @@
+     do {
+         *pos += strcspn(*pos, delim[quoted]);
+ 
+-        if (**pos == del)
+-            break;
+-
+         if (**pos == '"') {
+             quoted = !quoted;
+             *pos += 1;
+-        }
+-
+-        if (quoted && **pos == '\\') {
++        } else if (quoted && **pos == '\\') {
+             *pos += 1;
+ 
+             if (**pos)
+                 *pos += 1;
++        } else {
++            break;		/* Delimiter found, marking the end of this value */
+         }
+     } while (**pos);
+ 
diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch
new file mode 100644
index 000000000000..5c3818c5e489
--- /dev/null
+++ b/net-proxy/squid/files/squid-3.1.0.13_beta-cve-2009-2855.patch
@@ -0,0 +1,37 @@
+diff -Nru squid-3.1.0.13.orig/src/HttpHeaderTools.cc squid-3.1.0.13/src/HttpHeaderTools.cc
+--- squid-3.1.0.13.orig/src/HttpHeaderTools.cc	2009-08-04 15:32:12.000000000 +0200
++++ squid-3.1.0.13/src/HttpHeaderTools.cc	2009-08-22 11:59:17.000000000 +0200
+@@ -229,6 +229,10 @@
+ strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos)
+ {
+     size_t len;
++    /* ',' is always enabled as field delimiter as this is required for
++     * processing merged header values properly, even if Cookie normally
++     * uses ';' as delimiter.
++    */
+     static char delim[3][8] = {
+         "\"?,",
+         "\"\\",
+@@ -256,19 +260,16 @@
+     do {
+         *pos += strcspn(*pos, delim[quoted]);
+ 
+-        if (**pos == del)
+-            break;
+-
+         if (**pos == '"') {
+             quoted = !quoted;
+             *pos += 1;
+-        }
+-
+-        if (quoted && **pos == '\\') {
++        } else if (quoted && **pos == '\\') {
+             *pos += 1;
+ 
+             if (**pos)
+                 *pos += 1;
++        } else {
++            break;		/* Delimiter found, marking the end of this value */
+         }
+     } while (**pos);
+ 
diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch
index 42ba74ac35b4..987665b272b8 100644
--- a/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch
+++ b/net-proxy/squid/files/squid-3.1.0.13_beta-gentoo.patch
@@ -1,6 +1,6 @@
 diff -Nru squid-3.1.0.13.orig/acinclude.m4 squid-3.1.0.13/acinclude.m4
 --- squid-3.1.0.13.orig/acinclude.m4	2009-08-04 15:32:06.000000000 +0200
-+++ squid-3.1.0.13/acinclude.m4	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/acinclude.m4	2009-08-22 12:05:53.000000000 +0200
 @@ -73,7 +73,7 @@
    AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
    AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
@@ -11,8 +11,8 @@ diff -Nru squid-3.1.0.13.orig/acinclude.m4 squid-3.1.0.13/acinclude.m4
  rm -f conftest.*
  echo yes
 diff -Nru squid-3.1.0.13.orig/configure.in squid-3.1.0.13/configure.in
---- squid-3.1.0.13.orig/configure.in	2009-08-06 21:08:31.000000000 +0200
-+++ squid-3.1.0.13/configure.in	2009-08-06 21:10:24.000000000 +0200
+--- squid-3.1.0.13.orig/configure.in	2009-08-22 12:05:19.000000000 +0200
++++ squid-3.1.0.13/configure.in	2009-08-22 12:05:53.000000000 +0200
 @@ -16,9 +16,9 @@
  PRESET_LDFLAGS="$LDFLAGS"
  
@@ -45,7 +45,7 @@ diff -Nru squid-3.1.0.13.orig/configure.in squid-3.1.0.13/configure.in
      SQUID_CXXFLAGS=
 diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c
 --- squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c	2009-08-04 15:32:09.000000000 +0200
-+++ squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/helpers/basic_auth/MSNT/confload.c	2009-08-22 12:05:53.000000000 +0200
 @@ -27,7 +27,7 @@
  
  /* Path to configuration file */
@@ -57,7 +57,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.13/
  
 diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default
 --- squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default	2009-08-04 15:32:09.000000000 +0200
-+++ squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/helpers/basic_auth/MSNT/msntauth.conf.default	2009-08-22 12:05:53.000000000 +0200
 @@ -8,6 +8,6 @@
  server other_PDC	other_BDC	otherdomain
  
@@ -69,7 +69,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/MSNT/msntauth.conf.default squi
  
 diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am
 --- squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am	2009-08-04 15:32:09.000000000 +0200
-+++ squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/helpers/basic_auth/SMB/Makefile.am	2009-08-22 12:05:53.000000000 +0200
 @@ -16,7 +16,7 @@
  ## FIXME: autoconf should test for the samba path.
  
@@ -81,7 +81,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.13/
  libexec_SCRIPTS	= $(SMB_AUTH_HELPER)
 diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh
 --- squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh	2009-08-04 15:32:09.000000000 +0200
-+++ squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/helpers/basic_auth/SMB/smb_auth.sh	2009-08-22 12:05:53.000000000 +0200
 @@ -24,7 +24,7 @@
  read AUTHSHARE
  read AUTHFILE
@@ -102,7 +102,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.13/
  
 diff -Nru squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 squid-3.1.0.13/helpers/external_acl/session/squid_session.8
 --- squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8	2009-08-04 15:32:09.000000000 +0200
-+++ squid-3.1.0.13/helpers/external_acl/session/squid_session.8	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/helpers/external_acl/session/squid_session.8	2009-08-22 12:05:53.000000000 +0200
 @@ -35,7 +35,7 @@
  .P
  Configuration example using the default automatic mode
@@ -114,7 +114,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/external_acl/session/squid_session.8 squid
  .IP
 diff -Nru squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8
 --- squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8	2009-08-04 15:32:10.000000000 +0200
-+++ squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/helpers/external_acl/unix_group/squid_unix_group.8	2009-08-22 12:05:53.000000000 +0200
 @@ -27,7 +27,7 @@
  This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2
  matches users in group2 or group3
@@ -126,7 +126,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/external_acl/unix_group/squid_unix_group.8
  .IP
 diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in
 --- squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in	2009-08-04 15:32:10.000000000 +0200
-+++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in	2009-08-22 12:05:53.000000000 +0200
 @@ -17,6 +17,7 @@
  
  AC_INIT([squid_kerb_auth],[1.0.5],[markus_moeller@compuserve.com])
@@ -146,7 +146,7 @@ diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.i
    {
 diff -Nru squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 squid-3.1.0.13/lib/libTrie/acinclude.m4
 --- squid-3.1.0.13.orig/lib/libTrie/acinclude.m4	2009-08-04 15:32:11.000000000 +0200
-+++ squid-3.1.0.13/lib/libTrie/acinclude.m4	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/lib/libTrie/acinclude.m4	2009-08-22 12:05:53.000000000 +0200
 @@ -9,7 +9,7 @@
    AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
    AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
@@ -158,7 +158,7 @@ diff -Nru squid-3.1.0.13.orig/lib/libTrie/acinclude.m4 squid-3.1.0.13/lib/libTri
  echo yes
 diff -Nru squid-3.1.0.13.orig/lib/libTrie/configure.in squid-3.1.0.13/lib/libTrie/configure.in
 --- squid-3.1.0.13.orig/lib/libTrie/configure.in	2009-08-04 15:32:11.000000000 +0200
-+++ squid-3.1.0.13/lib/libTrie/configure.in	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/lib/libTrie/configure.in	2009-08-22 12:05:53.000000000 +0200
 @@ -59,8 +59,8 @@
  
  dnl set useful flags
@@ -172,27 +172,16 @@ diff -Nru squid-3.1.0.13.orig/lib/libTrie/configure.in squid-3.1.0.13/lib/libTri
     TRIE_CXXFLAGS=
 diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre
 --- squid-3.1.0.13.orig/src/cf.data.pre	2009-08-04 15:32:16.000000000 +0200
-+++ squid-3.1.0.13/src/cf.data.pre	2009-08-06 21:10:24.000000000 +0200
-@@ -708,6 +708,8 @@
++++ squid-3.1.0.13/src/cf.data.pre	2009-08-22 12:06:21.000000000 +0200
+@@ -708,6 +708,7 @@
  acl Safe_ports port 488		# gss-http
  acl Safe_ports port 591		# filemaker
  acl Safe_ports port 777		# multiling http
 +acl Safe_ports port 901		# SWAT
-+acl purge method PURGE
  acl CONNECT method CONNECT
  NOCOMMENT_END
  DOC_END
-@@ -833,6 +835,9 @@
- # Only allow cachemgr access from localhost
- http_access allow manager localhost
- http_access deny manager
-+# Only allow purge requests from localhost
-+http_access allow purge localhost
-+http_access deny purge
- # Deny requests to unknown ports
- http_access deny !Safe_ports
- # Deny CONNECT to other than SSL ports
-@@ -851,6 +856,9 @@
+@@ -851,6 +852,9 @@
  http_access allow localnet
  http_access allow localhost
  
@@ -202,7 +191,7 @@ diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre
  # And finally deny all other access to this proxy
  http_access deny all
  NOCOMMENT_END
-@@ -3942,11 +3950,11 @@
+@@ -3942,11 +3946,11 @@
  
  NAME: cache_mgr
  TYPE: string
@@ -216,7 +205,7 @@ diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre
  DOC_END
  
  NAME: mail_from
-@@ -6243,7 +6251,7 @@
+@@ -6243,7 +6247,7 @@
  NAME: forwarded_for
  COMMENT: on|off|transparent|truncate|delete
  TYPE: string
@@ -227,7 +216,7 @@ diff -Nru squid-3.1.0.13.orig/src/cf.data.pre squid-3.1.0.13/src/cf.data.pre
  	If set to "on", Squid will append your client's IP address
 diff -Nru squid-3.1.0.13.orig/src/debug.cc squid-3.1.0.13/src/debug.cc
 --- squid-3.1.0.13.orig/src/debug.cc	2009-08-04 15:32:16.000000000 +0200
-+++ squid-3.1.0.13/src/debug.cc	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/src/debug.cc	2009-08-22 12:05:53.000000000 +0200
 @@ -452,7 +452,7 @@
  #if HAVE_SYSLOG && defined(LOG_LOCAL4)
  
@@ -239,7 +228,7 @@ diff -Nru squid-3.1.0.13.orig/src/debug.cc squid-3.1.0.13/src/debug.cc
  
 diff -Nru squid-3.1.0.13.orig/src/main.cc squid-3.1.0.13/src/main.cc
 --- squid-3.1.0.13.orig/src/main.cc	2009-08-04 15:32:17.000000000 +0200
-+++ squid-3.1.0.13/src/main.cc	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/src/main.cc	2009-08-22 12:05:53.000000000 +0200
 @@ -1533,7 +1533,7 @@
      if (*(argv[0]) == '(')
          return;
@@ -269,7 +258,7 @@ diff -Nru squid-3.1.0.13.orig/src/main.cc squid-3.1.0.13/src/main.cc
  
 diff -Nru squid-3.1.0.13.orig/src/Makefile.am squid-3.1.0.13/src/Makefile.am
 --- squid-3.1.0.13.orig/src/Makefile.am	2009-08-04 15:32:13.000000000 +0200
-+++ squid-3.1.0.13/src/Makefile.am	2009-08-06 21:10:24.000000000 +0200
++++ squid-3.1.0.13/src/Makefile.am	2009-08-22 12:05:53.000000000 +0200
 @@ -636,7 +636,6 @@
  
  sysconf_DATA = \
diff --git a/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch b/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch
index 510c490f21f8..12f9144018aa 100644
--- a/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch
+++ b/net-proxy/squid/files/squid-3.1.0.13_beta-qafixes.patch
@@ -41,3 +41,42 @@ diff -Nru squid-3.1.0.13.orig/src/ftp.cc squid-3.1.0.13/src/ftp.cc
              if (escaped)
                  rfc1738_unescape(user);
          }
+diff -Nru squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in
+--- squid-3.1.0.13.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in	2009-08-19 19:00:43.000000000 +0200
++++ squid-3.1.0.13/helpers/negotiate_auth/squid_kerb_auth/configure.in	2009-08-22 12:53:13.000000000 +0200
+@@ -94,7 +94,7 @@
+                        else
+                          ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null`
+                          if test "x$ac_gssapi_libs" != "x" ; then
+-                           LDFLAGS="$LDFLAGS $ac_gssapi_libs"
++                           LIBS="$LIBS $ac_gssapi_libs"
+                          else
+                            for lib in $ac_gss_libs; do
+                              AC_CHECK_LIB($lib,main)
+@@ -118,7 +118,7 @@
+                      fi
+                      ac_gssapi_libs=`krb5-config --libs gssapi 2>/dev/null`
+                      if test "x$ac_gssapi_libs" != "x" ; then
+-                         LDFLAGS="$LDFLAGS $ac_gssapi_libs"
++                         LIBS="$LIBS $ac_gssapi_libs"
+                      else
+                          for lib in $ac_gss_libs; do
+                             AC_CHECK_LIB($lib,main)
+@@ -172,7 +172,7 @@
+                              ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'`  
+                              LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2"
+                            fi
+-                           LDFLAGS="$LDFLAGS $ac_gssapi_libs"
++                           LIBS="$LIBS $ac_gssapi_libs"
+                          else
+                            for lib in $ac_gss_libs; do
+                              AC_CHECK_LIB($lib,main)
+@@ -201,7 +201,7 @@
+                            ac_libdir=`echo $ac_gssapi_libs | sed -e 's/.*-L//' | sed -e 's/ .*//'`  
+                            LDFLAGS="$LDFLAGS $w_flag$ac_libdir$w_flag_2"
+                          fi
+-                         LDFLAGS="$LDFLAGS $ac_gssapi_libs"
++                         LIBS="$LIBS $ac_gssapi_libs"
+                      else
+                          for lib in $ac_gss_libs; do
+                             AC_CHECK_LIB($lib,main)
diff --git a/net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch b/net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch
deleted file mode 100644
index 9307b26a4cbc..000000000000
--- a/net-proxy/squid/files/squid-3.1.0.9_beta-gentoo.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-diff -Nru squid-3.1.0.9.orig/acinclude.m4 squid-3.1.0.9/acinclude.m4
---- squid-3.1.0.9.orig/acinclude.m4	2009-06-26 12:35:27.000000000 +0200
-+++ squid-3.1.0.9/acinclude.m4	2009-07-14 07:49:12.000000000 +0200
-@@ -73,7 +73,7 @@
-   AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
-   AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
-     ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
--${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
-+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null
- res=$?
- rm -f conftest.*
- echo yes
-diff -Nru squid-3.1.0.9.orig/configure.in squid-3.1.0.9/configure.in
---- squid-3.1.0.9.orig/configure.in	2009-07-14 07:47:57.000000000 +0200
-+++ squid-3.1.0.9/configure.in	2009-07-14 07:51:03.000000000 +0200
-@@ -16,9 +16,9 @@
- PRESET_LDFLAGS="$LDFLAGS"
- 
- dnl Set default LDFLAGS
--if test -z "$LDFLAGS"; then
--        LDFLAGS="-g"
--fi
-+dnl if test -z "$LDFLAGS"; then
-+dnl         LDFLAGS="-g"
-+dnl fi
- 
- dnl Check for GNU cc
- AC_PROG_CC
-@@ -259,13 +259,13 @@
- dnl TODO: check if the problem will be present in any other newer MinGW release.
-     case "$host_os" in
-     mingw|mingw32)
--        SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wcomments"
-+        SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
- 	;;
-     *)
--        SQUID_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
-+        SQUID_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations"
- 	;;
-     esac
--    SQUID_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
-+    SQUID_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
- else
-     SQUID_CFLAGS=
-     SQUID_CXXFLAGS=
-diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/MSNT/confload.c squid-3.1.0.9/helpers/basic_auth/MSNT/confload.c
---- squid-3.1.0.9.orig/helpers/basic_auth/MSNT/confload.c	2009-06-26 12:35:29.000000000 +0200
-+++ squid-3.1.0.9/helpers/basic_auth/MSNT/confload.c	2009-07-14 07:49:12.000000000 +0200
-@@ -27,7 +27,7 @@
- 
- /* Path to configuration file */
- #ifndef SYSCONFDIR
--#define SYSCONFDIR "/usr/local/squid/etc"
-+#define SYSCONFDIR "/etc/squid"
- #endif
- #define CONFIGFILE   SYSCONFDIR "/msntauth.conf"
- 
-diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/MSNT/msntauth.conf.default squid-3.1.0.9/helpers/basic_auth/MSNT/msntauth.conf.default
---- squid-3.1.0.9.orig/helpers/basic_auth/MSNT/msntauth.conf.default	2009-06-26 12:35:29.000000000 +0200
-+++ squid-3.1.0.9/helpers/basic_auth/MSNT/msntauth.conf.default	2009-07-14 07:49:12.000000000 +0200
-@@ -8,6 +8,6 @@
- server other_PDC	other_BDC	otherdomain
- 
- # Denied and allowed users. Comment these if not needed.
--#denyusers	/usr/local/squid/etc/msntauth.denyusers
--#allowusers	/usr/local/squid/etc/msntauth.allowusers
-+#denyusers	/etc/squid/msntauth.denyusers
-+#allowusers	/etc/squid/msntauth.allowusers
- 
-diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/SMB/Makefile.am squid-3.1.0.9/helpers/basic_auth/SMB/Makefile.am
---- squid-3.1.0.9.orig/helpers/basic_auth/SMB/Makefile.am	2009-06-26 12:35:30.000000000 +0200
-+++ squid-3.1.0.9/helpers/basic_auth/SMB/Makefile.am	2009-07-14 07:49:12.000000000 +0200
-@@ -16,7 +16,7 @@
- ## FIXME: autoconf should test for the samba path.
- 
- SMB_AUTH_HELPER	= smb_auth.sh
--SAMBAPREFIX=/usr/local/samba
-+SAMBAPREFIX=/usr
- SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
- 
- libexec_SCRIPTS	= $(SMB_AUTH_HELPER)
-diff -Nru squid-3.1.0.9.orig/helpers/basic_auth/SMB/smb_auth.sh squid-3.1.0.9/helpers/basic_auth/SMB/smb_auth.sh
---- squid-3.1.0.9.orig/helpers/basic_auth/SMB/smb_auth.sh	2009-06-26 12:35:30.000000000 +0200
-+++ squid-3.1.0.9/helpers/basic_auth/SMB/smb_auth.sh	2009-07-14 07:49:12.000000000 +0200
-@@ -24,7 +24,7 @@
- read AUTHSHARE
- read AUTHFILE
- read SMBUSER
--read SMBPASS
-+read -r SMBPASS
- 
- # Find domain controller
- echo "Domain name: $DOMAINNAME"
-@@ -47,7 +47,7 @@
-   addropt=""
- fi
- echo "Query address options: $addropt"
--dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
-+dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
- echo "Domain controller IP address: $dcip"
- [ -n "$dcip" ] || exit 1
- 
-diff -Nru squid-3.1.0.9.orig/helpers/external_acl/session/squid_session.8 squid-3.1.0.9/helpers/external_acl/session/squid_session.8
---- squid-3.1.0.9.orig/helpers/external_acl/session/squid_session.8	2009-06-26 12:35:31.000000000 +0200
-+++ squid-3.1.0.9/helpers/external_acl/session/squid_session.8	2009-07-14 07:49:12.000000000 +0200
-@@ -35,7 +35,7 @@
- .P
- Configuration example using the default automatic mode
- .IP
--external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session
-+external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session
- .IP
- acl session external session
- .IP
-diff -Nru squid-3.1.0.9.orig/helpers/external_acl/unix_group/squid_unix_group.8 squid-3.1.0.9/helpers/external_acl/unix_group/squid_unix_group.8
---- squid-3.1.0.9.orig/helpers/external_acl/unix_group/squid_unix_group.8	2009-06-26 12:35:31.000000000 +0200
-+++ squid-3.1.0.9/helpers/external_acl/unix_group/squid_unix_group.8	2009-07-14 07:49:12.000000000 +0200
-@@ -27,7 +27,7 @@
- This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2
- matches users in group2 or group3
- .IP
--external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p
-+external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p
- .IP
- acl usergroup1 external unix_group group1
- .IP
-diff -Nru squid-3.1.0.9.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in squid-3.1.0.9/helpers/negotiate_auth/squid_kerb_auth/configure.in
---- squid-3.1.0.9.orig/helpers/negotiate_auth/squid_kerb_auth/configure.in	2009-06-26 12:35:31.000000000 +0200
-+++ squid-3.1.0.9/helpers/negotiate_auth/squid_kerb_auth/configure.in	2009-07-14 07:49:12.000000000 +0200
-@@ -17,6 +17,7 @@
- 
- AC_INIT([squid_kerb_auth],[1.0.5],[markus_moeller@compuserve.com])
- AM_INIT_AUTOMAKE(squid_kerb_auth,1.0.5)
-+AM_MAINTAINER_MODE
- AC_CONFIG_SRCDIR([squid_kerb_auth.c])
- 
- AC_PROG_CC
-@@ -531,7 +532,7 @@
- dnl set variable for use in automakefile(s)
- AM_CONDITIONAL(HAVE_SPNEGO, test x"$ac_cv_have_spnego" = x"yes" )
- 
--MY_CFLAGS="-Wall -Wextra -Werror -Wcomment -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow"
-+MY_CFLAGS="-Wall -Wextra -Wpointer-arith -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wdeclaration-after-statement -Wshadow"
- for ac_cv_my_cflag in $MY_CFLAGS; do
- echo "int main()
-   {
-diff -Nru squid-3.1.0.9.orig/lib/libTrie/acinclude.m4 squid-3.1.0.9/lib/libTrie/acinclude.m4
---- squid-3.1.0.9.orig/lib/libTrie/acinclude.m4	2009-06-26 12:35:32.000000000 +0200
-+++ squid-3.1.0.9/lib/libTrie/acinclude.m4	2009-07-14 07:49:12.000000000 +0200
-@@ -9,7 +9,7 @@
-   AC_MSG_CHECKING([whether compiler accepts -fhuge-objects])
-   AC_CACHE_VAL([ac_cv_test_checkforhugeobjects],[
-     ac_cv_test_checkforhugeobjects=`echo "int foo;" > conftest.cc
--${CXX} -Werror -fhuge-objects -c conftest.cc 2>/dev/null
-+${CXX} -fhuge-objects -c conftest.cc 2>/dev/null
- res=$?
- rm -f conftest.*
- echo yes
-diff -Nru squid-3.1.0.9.orig/lib/libTrie/configure.in squid-3.1.0.9/lib/libTrie/configure.in
---- squid-3.1.0.9.orig/lib/libTrie/configure.in	2009-06-26 12:35:32.000000000 +0200
-+++ squid-3.1.0.9/lib/libTrie/configure.in	2009-07-14 07:49:12.000000000 +0200
-@@ -59,8 +59,8 @@
- 
- dnl set useful flags
- if test "$GCC" = "yes"; then
--   TRIE_CFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations -Wcomments"
--   TRIE_CXXFLAGS="-Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments"
-+   TRIE_CFLAGS="-Wall -Wpointer-arith -Wwrite-strings -Wmissing-prototypes -Wmissing-declarations"
-+   TRIE_CXXFLAGS="-Wall -Wpointer-arith -Wwrite-strings"
- else
-    TRIE_CFLAGS=
-    TRIE_CXXFLAGS=
-diff -Nru squid-3.1.0.9.orig/src/cf.data.pre squid-3.1.0.9/src/cf.data.pre
---- squid-3.1.0.9.orig/src/cf.data.pre	2009-06-26 12:35:37.000000000 +0200
-+++ squid-3.1.0.9/src/cf.data.pre	2009-07-14 07:49:12.000000000 +0200
-@@ -685,6 +685,8 @@
- acl Safe_ports port 488		# gss-http
- acl Safe_ports port 591		# filemaker
- acl Safe_ports port 777		# multiling http
-+acl Safe_ports port 901		# SWAT
-+acl purge method PURGE
- acl CONNECT method CONNECT
- NOCOMMENT_END
- DOC_END
-@@ -804,6 +806,9 @@
- # Only allow cachemgr access from localhost
- http_access allow manager localhost
- http_access deny manager
-+# Only allow purge requests from localhost
-+http_access allow purge localhost
-+http_access deny purge
- # Deny requests to unknown ports
- http_access deny !Safe_ports
- # Deny CONNECT to other than SSL ports
-@@ -821,6 +826,9 @@
- # from where browsing should be allowed
- http_access allow localnet
- 
-+# Allow the localhost to have access by default
-+http_access allow localhost
-+
- # And finally deny all other access to this proxy
- http_access deny all
- NOCOMMENT_END
-@@ -3690,11 +3698,11 @@
- 
- NAME: cache_mgr
- TYPE: string
--DEFAULT: webmaster
-+DEFAULT: root
- LOC: Config.adminEmail
- DOC_START
- 	Email-address of local cache manager who will receive
--	mail if the cache dies.  The default is "webmaster."
-+	mail if the cache dies.  The default is "root".
- DOC_END
- 
- NAME: mail_from
-@@ -5812,7 +5820,7 @@
- NAME: forwarded_for
- COMMENT: on|off|transparent|truncate|delete
- TYPE: string
--DEFAULT: on
-+DEFAULT: delete
- LOC: opt_forwarded_for
- DOC_START
- 	If set to "on", Squid will append your client's IP address
-diff -Nru squid-3.1.0.9.orig/src/debug.cc squid-3.1.0.9/src/debug.cc
---- squid-3.1.0.9.orig/src/debug.cc	2009-06-26 12:35:38.000000000 +0200
-+++ squid-3.1.0.9/src/debug.cc	2009-07-14 07:51:54.000000000 +0200
-@@ -452,7 +452,7 @@
- #if HAVE_SYSLOG && defined(LOG_LOCAL4)
- 
-     if (Debug::log_syslog)
--        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility);
-+        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, syslog_facility);
- 
- #endif /* HAVE_SYSLOG */
- 
-diff -Nru squid-3.1.0.9.orig/src/main.cc squid-3.1.0.9/src/main.cc
---- squid-3.1.0.9.orig/src/main.cc	2009-06-26 12:35:39.000000000 +0200
-+++ squid-3.1.0.9/src/main.cc	2009-07-14 07:49:12.000000000 +0200
-@@ -1511,7 +1511,7 @@
-     if (*(argv[0]) == '(')
-         return;
- 
--    openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
-+    openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON);
- 
-     if ((pid = fork()) < 0)
-         syslog(LOG_ALERT, "fork failed: %s", xstrerror());
-@@ -1555,7 +1555,7 @@
- 
-         if ((pid = fork()) == 0) {
-             /* child */
--            openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
-+            openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON);
-             prog = xstrdup(argv[0]);
-             argv[0] = xstrdup("(squid)");
-             execvp(prog, argv);
-@@ -1563,7 +1563,7 @@
-         }
- 
-         /* parent */
--        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
-+        openlog(APP_SHORTNAME, LOG_PID | LOG_NDELAY, LOG_DAEMON);
- 
-         syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid);
- 
-diff -Nru squid-3.1.0.9.orig/src/Makefile.am squid-3.1.0.9/src/Makefile.am
---- squid-3.1.0.9.orig/src/Makefile.am	2009-06-26 12:35:33.000000000 +0200
-+++ squid-3.1.0.9/src/Makefile.am	2009-07-14 07:49:12.000000000 +0200
-@@ -629,7 +629,6 @@
- 
- sysconf_DATA = \
- 	squid.conf.default \
--	squid.conf.documented \
- 	mime.conf.default
- 
- data_DATA = \
-@@ -704,8 +703,8 @@
- DEFAULT_ACCESS_LOG      = $(DEFAULT_LOG_PREFIX)/access.log
- DEFAULT_STORE_LOG       = $(DEFAULT_LOG_PREFIX)/store.log
- DEFAULT_PID_FILE        = @DEFAULT_PIDFILE@
--DEFAULT_NETDB_FILE      = $(DEFAULT_LOG_PREFIX)/netdb.state
--DEFAULT_SWAP_DIR        = $(localstatedir)/cache
-+DEFAULT_NETDB_FILE      = $(localstatedir)/run/netdb.state
-+DEFAULT_SWAP_DIR        = $(localstatedir)/cache/squid
- DEFAULT_PINGER		= $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
- DEFAULT_UNLINKD		= $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
- DEFAULT_DISKD		= $(libexecdir)/`echo diskd | sed '$(transform);s/$$/$(EXEEXT)/'`
-@@ -739,7 +738,7 @@
- 	true
- 
- squid.conf.default: squid.conf.documented
--	$(EGREP) -v "^[#\ ]" squid.conf.documented | $(EGREP) . >squid.conf.default
-+	cp squid.conf.documented squid.conf.default
- 
- cf_parser.h: cf.data cf_gen$(EXEEXT)
- 	./cf_gen cf.data $(srcdir)/cf.data.depend
-@@ -793,8 +792,6 @@
- 	fi
- 	echo "$(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default"; \
- 	$(INSTALL_DATA) squid.conf.default $(DESTDIR)$(DEFAULT_CONFIG_FILE).default; \
--	echo "$(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented"; \
--	$(INSTALL_DATA) squid.conf.documented $(DESTDIR)$(DEFAULT_CONFIG_FILE).documented; \
- 	$(mkinstalldirs) $(DESTDIR)$(DEFAULT_LOG_PREFIX)
- 
- uninstall-local:
diff --git a/net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch b/net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch
deleted file mode 100644
index 7d487c73afc6..000000000000
--- a/net-proxy/squid/files/squid-3.1.0.9_beta-invconv.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -Nru squid-3.1.0.9.orig/src/ftp.cc squid-3.1.0.9/src/ftp.cc
---- squid-3.1.0.9.orig/src/ftp.cc	2009-06-26 12:35:38.000000000 +0200
-+++ squid-3.1.0.9/src/ftp.cc	2009-07-14 08:12:44.000000000 +0200
-@@ -526,16 +526,18 @@
- void
- FtpStateData::loginParser(const char *login, int escaped)
- {
--    char *s = NULL;
-+    const char *s = NULL;
-     debugs(9, 4, HERE << ": login='" << login << "', escaped=" << escaped);
-     debugs(9, 9, HERE << ": IN : login='" << login << "', escaped=" << escaped << ", user=" << user << ", password=" << password);
- 
-     if ((s = strchr(login, ':'))) {
--        *s = '\0';
--
-         /* if there was a username part */
-         if (s > login) {
--            xstrncpy(user, login, MAX_URL);
-+	    int len = s - login;
-+	    if (len > MAX_URL)
-+		len = MAX_URL;
-+            xstrncpy(user, login, len);
-+	    user[len] = '\0';
-             if (escaped)
-                 rfc1738_unescape(user);
-         }
diff --git a/net-proxy/squid/squid-3.1.0.9_beta.ebuild b/net-proxy/squid/squid-2.7.6-r2.ebuild
index 0752e4b30fb1..e6e8fa20249d 100644
--- a/net-proxy/squid/squid-3.1.0.9_beta.ebuild
+++ b/net-proxy/squid/squid-2.7.6-r2.ebuild
@@ -1,27 +1,32 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.9_beta.ebuild,v 1.2 2009/07/23 06:57:45 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-2.7.6-r2.ebuild,v 1.1 2009/08/22 12:57:20 mrness Exp $
 
 EAPI="2"
 
-inherit eutils pam toolchain-funcs
+inherit eutils pam toolchain-funcs autotools
 
-RESTRICT="test" # check if test works in next bump
+#lame archive versioning scheme..
+S_PMV="${PV%%.*}"
+S_PV="${PV%.*}"
+S_PL="${PV##*.}"
+S_PL="${S_PL/_rc/-RC}"
+S_PP="${PN}-${S_PV}.STABLE${S_PL}"
 
 DESCRIPTION="A full-featured web proxy cache"
 HOMEPAGE="http://www.squid-cache.org/"
-SRC_URI="http://www.squid-cache.org/Versions/v3/3.1/${P/_beta}.tar.gz"
+SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz"
 
 LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
-IUSE="caps ipv6 pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate \
+IUSE="caps pam ldap samba sasl kerberos nis ssl snmp selinux logrotate \
 	mysql postgres sqlite \
 	zero-penalty-hit \
 	pf-transparent ipf-transparent kqueue \
-	elibc_uclibc kernel_linux epoll"
+	elibc_uclibc kernel_linux +epoll"
 
-COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
+DEPEND="caps? ( >=sys-libs/libcap-2.16 )
 	pam? ( virtual/pam )
 	ldap? ( net-nds/openldap )
 	kerberos? ( || ( app-crypt/mit-krb5 app-crypt/heimdal ) )
@@ -31,50 +36,39 @@ COMMON_DEPEND="caps? ( >=sys-libs/libcap-2.16 )
 	!x86-fbsd? ( logrotate? ( app-admin/logrotate ) )
 	>=sys-libs/db-4
 	dev-lang/perl"
-DEPEND="${COMMON_DEPEND}
-	sys-devel/automake
-	sys-devel/autoconf
-	sys-devel/libtool"
-RDEPEND="${COMMON_DEPEND}
+RDEPEND="${DEPEND}
 	samba? ( net-fs/samba )
 	mysql? ( dev-perl/DBD-mysql )
 	postgres? ( dev-perl/DBD-Pg )
 	sqlite? ( dev-perl/DBD-SQLite )"
 
-S="${WORKDIR}/${P/_beta}"
+S="${WORKDIR}/${S_PP}"
 
 pkg_setup() {
-	if grep -qs '^[[:space:]]*cache_dir[[:space:]]\+coss' "${ROOT}"etc/squid/squid.conf; then
-		eerror "coss store IO has been disabled by upstream due to stability issues!"
-		eerror "If you want to install this version, switch the store type to something else"
-		eerror "before attempting to install this version again."
-
-		die "/etc/squid/squid.conf: cache_dir use a disabled store type"
+	if use zero-penalty-hit; then
+		ewarn "This version supports natively IP TOS/Priority mangling,"
+		ewarn "but it does not support zph_preserve_miss_tos."
+		ewarn "If you need that, please use >=${CATEGORY}/${PN}-3 ."
 	fi
-
 	enewgroup squid 31
 	enewuser squid 31 -1 /var/cache/squid squid
 }
 
 src_prepare() {
-	epatch "${FILESDIR}"/${PN}-3-capability.patch
+	epatch "${FILESDIR}"/${PN}-2-capability.patch
+	epatch "${FILESDIR}"/${P}-cve-2009-2855.patch
 	epatch "${FILESDIR}"/${P}-gentoo.patch
-	epatch "${FILESDIR}"/${P}-invconv.patch
-
-	# eautoreconf breaks lib/libLtdl/libtool script
-	./bootstrap.sh || die "autoreconf failed"
+	has_version app-crypt/mit-krb5 || epatch "${FILESDIR}"/${P}-heimdal.patch
+	eautoreconf
 }
 
 src_configure() {
-	local myconf=""
-
 	local basic_modules="getpwnam,NCSA,MSNT"
 	use samba && basic_modules="SMB,multi-domain-NTLM,${basic_modules}"
 	use ldap && basic_modules="LDAP,${basic_modules}"
 	use pam && basic_modules="PAM,${basic_modules}"
 	use sasl && basic_modules="SASL,${basic_modules}"
 	use nis && ! use elibc_uclibc && basic_modules="YP,${basic_modules}"
-	use radius && basic_modules="squid_radius_auth,${basic_modules}"
 	if use mysql || use postgres || use sqlite ; then
 		basic_modules="DB,${basic_modules}"
 	fi
@@ -84,19 +78,21 @@ src_configure() {
 	use ldap && ext_helpers="ldap_group,${ext_helpers}"
 
 	local ntlm_helpers="fakeauth"
-	use samba && ntlm_helpers="smb_lm,${ntlm_helpers}"
+	use samba && ntlm_helpers="SMB,${ntlm_helpers}"
 
 	local negotiate_helpers=
-	if use kerberos; then
-		negotiate_helpers="squid_kerb_auth"
-		has_version app-crypt/mit-krb5 \
-			&& myconf="--enable-mit --disable-heimdal" \
-			|| myconf="--disable-mit --enable-heimdal"
-	fi
+	use kerberos && local negotiate_helpers="squid_kerb_auth"
 
-	# coss support has been disabled
-	# If it is re-enabled again, make sure you don't enable it for elibc_uclibc (#61175)
-	myconf="${myconf} --enable-storeio=ufs,diskd,aufs"
+	local myconf=""
+
+	# Support for uclibc #61175
+	if use elibc_uclibc; then
+		myconf="${myconf} --enable-storeio=ufs,diskd,aufs,null"
+		myconf="${myconf} --disable-async-io"
+	else
+		myconf="${myconf} --enable-storeio=ufs,diskd,coss,aufs,null"
+		myconf="${myconf} --enable-async-io"
+	fi
 
 	if use kernel_linux; then
 		myconf="${myconf} --enable-linux-netfilter
@@ -117,33 +113,33 @@ src_configure() {
 		--libexecdir=/usr/libexec/squid \
 		--localstatedir=/var \
 		--datadir=/usr/share/squid \
-		--with-logdir=/var/log/squid \
-		--with-default-user=squid \
-		--enable-auth="basic,digest,negotiate,ntlm" \
+		--enable-auth="basic,digest,ntlm,negotiate" \
 		--enable-removal-policies="lru,heap" \
 		--enable-digest-auth-helpers="password" \
 		--enable-basic-auth-helpers="${basic_modules}" \
 		--enable-external-acl-helpers="${ext_helpers}" \
 		--enable-ntlm-auth-helpers="${ntlm_helpers}" \
 		--enable-negotiate-auth-helpers="${negotiate_helpers}" \
+		--enable-ident-lookups \
 		--enable-useragent-log \
 		--enable-cache-digests \
 		--enable-delay-pools \
 		--enable-referer-log \
 		--enable-arp-acl \
+		--with-pthreads \
 		--with-large-files \
-		--with-filedescriptors=8192 \
+		--enable-htcp \
+		--enable-carp \
+		--enable-follow-x-forwarded-for \
+		--with-maxfd=8192 \
 		$(use_enable caps) \
-		$(use_enable ipv6) \
 		$(use_enable snmp) \
 		$(use_enable ssl) \
-		$(use_enable icap-client) \
-		$(use_enable zero-penalty-hit zph-qos) \
 		${myconf} || die "econf failed"
 }
 
 src_install() {
-	emake DESTDIR="${D}" install || die "emake install failed"
+	make DESTDIR="${D}" install || die "make install failed"
 
 	# need suid root for looking into /etc/shadow
 	fowners root:squid /usr/libexec/squid/ncsa_auth
@@ -191,9 +187,4 @@ pkg_postinst() {
 	echo
 	ewarn "Squid can be configured to run in transparent mode like this:"
 	ewarn "   ${HILITE}http_port internal-addr:3128 transparent${NORMAL}"
-	if use zero-penalty-hit; then
-		echo
-		ewarn "In order for zph_preserve_miss_tos to work, you will have to alter your kernel"
-		ewarn "with the patch that can be found on http://zph.bratcheda.org site."
-	fi
 }
diff --git a/net-proxy/squid/squid-3.0.15.ebuild b/net-proxy/squid/squid-3.0.18-r1.ebuild
index 6b82995acf16..77d1b9e2e8d5 100644
--- a/net-proxy/squid/squid-3.0.15.ebuild
+++ b/net-proxy/squid/squid-3.0.18-r1.ebuild
@@ -1,10 +1,10 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.0.15.ebuild,v 1.8 2009/07/05 19:49:49 maekke Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.0.18-r1.ebuild,v 1.1 2009/08/22 12:57:20 mrness Exp $
 
 EAPI="2"
 
-inherit eutils pam toolchain-funcs autotools linux-info
+inherit eutils pam toolchain-funcs autotools
 
 # lame archive versioning scheme..
 S_PMV="${PV%%.*}"
@@ -16,17 +16,16 @@ RESTRICT="test" # check if test works in next bump
 
 DESCRIPTION="A full-featured web proxy cache"
 HOMEPAGE="http://www.squid-cache.org/"
-SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz
-	mirror://gentoo/${PN}-3.0.14-chunk-encoding.patch.gz"
+SRC_URI="http://www.squid-cache.org/Versions/v${S_PMV}/${S_PV}/${S_PP}.tar.gz"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ~ppc ppc64 sparc x86 ~x86-fbsd"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
 IUSE="caps pam ldap samba sasl kerberos nis radius ssl snmp selinux icap-client logrotate \
 	mysql postgres sqlite \
 	zero-penalty-hit \
 	pf-transparent ipf-transparent kqueue \
-	elibc_uclibc kernel_linux epoll"
+	elibc_uclibc kernel_linux +epoll"
 
 DEPEND="caps? ( >=sys-libs/libcap-2.16 )
 	pam? ( virtual/pam )
@@ -61,12 +60,10 @@ pkg_setup() {
 
 src_prepare() {
 	epatch "${FILESDIR}"/${PN}-3-capability.patch
+	epatch "${FILESDIR}"/${P}-cve-2009-2855.patch
 	epatch "${FILESDIR}"/${P}-gentoo.patch
-	epatch "${FILESDIR}"/${P}-gcc43.patch
 	epatch "${FILESDIR}"/${P}-cross-compile.patch
-	epatch "${WORKDIR}"/${PN}-3.0.14-chunk-encoding.patch
 	use zero-penalty-hit && epatch "${FILESDIR}"/${P}-adapted-zph.patch
-	has_version app-crypt/mit-krb5 || epatch "${FILESDIR}"/${P}-heimdal.patch
 
 	eautoreconf
 }
diff --git a/net-proxy/squid/squid-3.1.0.13_beta.ebuild b/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild
index ce520ae81ce2..4639df2dfb41 100644
--- a/net-proxy/squid/squid-3.1.0.13_beta.ebuild
+++ b/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.13_beta.ebuild,v 1.2 2009/08/16 11:01:46 mrness Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/squid/squid-3.1.0.13_beta-r1.ebuild,v 1.1 2009/08/22 12:57:20 mrness Exp $
 
 EAPI="2"
 
@@ -57,6 +57,7 @@ pkg_setup() {
 
 src_prepare() {
 	epatch "${FILESDIR}"/${PN}-3-capability.patch
+	epatch "${FILESDIR}"/${P}-cve-2009-2855.patch
 	epatch "${FILESDIR}"/${P}-gentoo.patch
 	epatch "${FILESDIR}"/${P}-qafixes.patch