diff -rupN squid-2.5.STABLE2/ChangeLog squid-2.5.STABLE3/ChangeLog
--- squid-2.5.STABLE2/ChangeLog	Mon Mar 17 11:46:45 2003
+++ squid-2.5.STABLE3/ChangeLog	Sun May 25 07:03:25 2003
@@ -1,3 +1,63 @@
+Changes to squid-2.5.STABLE3 (25 May 2003):
+
+	- Bug #573: Occational false negatives in external acl lookups
+	- Bug #577: assertion failed: cbdata.c:224: "c->y == c" when
+	  external_acl helpers crashes
+	- Bug #590: Squid may hang or behave oddly on shutdown while
+	  requests is being processed.
+	- Bug #590: external acl lookups does not deal well with queue
+	  overload
+	- cache_effective_user documentation update
+	- cache_peer documentation update for htcp and carp
+	- Bug #600: The example header_access paranoid setting is
+	  missing WWW-Authenticate
+	- Bug #605: Segmentation fault in idnsGrokReply() on certain
+	  platforms
+	- Fixes to build properly on AIX 5
+	- Bug #574: wb_group updated to version 1.1 to make group names
+	  case insensitive and correct a segfault issue in the helper
+	- SNMP mib updates to make cacheNumObjCount,
+	  cacheCurrentUnlinkRequests, cacheCurrentSwapSize and cacheClients
+	  correctly report as gauges (was reporting as counters).
+	- Woraround for --enable-ssl Kerberos issue on RedHat 9
+	- Bug #579: Close and repopen log files on "squid -k reconfigure"
+	- Bug #598: squid_ldap_auth could segfault if LDAP server is
+	  unavailable
+	- Bug #609,#612: msntauth helper fixes in dealing with large
+ 	  or non-existing allow/deny user files.
+	- Bug #620: acl ident REQUIRED matches even if the ident lookup fails
+	- Bug #432: reply_body_max_size fails with ident or proxy_auth acls
+	  and also fails to block large objects where the content-length
+	  is not known
+	- Bug #606: Basic auth looping and gets stuck at high CPU usage when
+	  multiple proxy_auth ACLs combined in one line and login fails.
+	- squid_ldap_auth updated with support for TLS and SSL
+	- Bug #623: segfault if using negated external acls in certain
+	  configurations involving other acls later on the same http_access
+	  line.
+	- Bug #622: wb_group helper update to version 1.2 to ass support for
+	  Domain-Qualified groups refering to groups in a specific domain
+	- Bug #596: logic error in poll() error management
+	- Bug #597: logic errors in error management
+	- Bug #591: segmentation fault in authentication on "squid -k debug"
+	- Bug #587: smb_auth fails on complex logins involving domain names
+	  or other odd characters
+	- Bug #558, #587: smb_auth.pl fails on complex logins involving
+          domain names or other odd characters
+	- Bug #643: external_acl fails with ttl=0 due to a change introduced
+	  by the patch for Bug #553 in 2.5.STABLE2.
+	- Bug #630: minor issues in digest authantication causing random
+	  authentication failures and incompability with many mainstream
+	  browser digest implementations due to browser qop bugs. To deal
+	  with those broken browser nonce_stricness now defaults to off,
+	  and two new digest options have been added (check_nonce_count
+	  and post_workaround) to allow workarounds to other quite bad
+	  browser bugs if needed.
+	- Bug #644: digest authentication fails on requests with one
+	  or more comma in the requested URL
+	- Bug #648: deny_info TCP_RESET not working. The fix for this also
+	  adds the ability to send redirects.
+
 Changes to squid-2.5.STABLE2 (Mars 17, 2003):
 
 	- Contrib files added back to the distribution
diff -rupN squid-2.5.STABLE2/RELEASENOTES.html squid-2.5.STABLE3/RELEASENOTES.html
--- squid-2.5.STABLE2/RELEASENOTES.html	Mon Mar 17 12:01:20 2003
+++ squid-2.5.STABLE3/RELEASENOTES.html	Sun May 25 07:06:38 2003
@@ -7,38 +7,13 @@
 <BODY>
 <H1>Squid 2.5 release notes</H1>
 
-<H2>Squid Developers</H2>$Id: release-2.5.html,v 1.1.2.9 2003/03/17 18:56:12 hno Exp $
+<H2>Squid Developers</H2>$Id: release-2.5.html,v 1.1.2.11 2003/05/19 09:03:57 hno Exp $
 <HR>
 <EM>This document contains the release notes for version 2.5 of Squid.
 Squid is a WWW Cache application developed by the National Laboratory
 for Applied Network Research and members of the Web Caching community.</EM>
 <HR>
-<H2><A NAME="s1">1. Key changes squid-2.5.STABLE1 to 2.5.STABLE2:</A></H2>
-
-<P>
-<UL>
-<LI>authentication now works in most access directives if
-first enforced in http_access</LI>
-<LI>contrib files included in the distribution again</LI>
-<LI>aufs bugfixes to address both stability and data
-corruption issues, and some aufs performance improvements.</LI>
-<LI>now possible to specify acl values with spaces in them
-via the "include file" technique</LI>
-<LI>winbind helpers updated to match Samba-2.2.7a and should
-work with Samba-2.2.6 or later (required). For compability with
-older Samba versions A new configure option --with-samba-sources=...
-has been added to allow you to specify which Samba version the
-helpers should be built for if different than the above versions.</LI>
-<LI>squid_ldap_group updated to correctly handle LDAP groups</LI>
-<LI>new experimental configure option --disable-hostname-checks to make Squid not validate that received hostnames are valid for use within HTTP. Required to participate in testbeds for international domain names etc.</LI>
-<LI>several assertion or segmentation faults corrected</LI>
-<LI>a large number of minor bugfixes. See the list of 
-<A HREF="http://www.squid-cache.org/Versions/v2/2.5/bugs/#STABLE1">squid-2.5.STABLE1 patches</A> and the 
-<A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
-</UL>
-</P>
-
-<H2><A NAME="s2">2. Key changes from squid 2.4:</A></H2>
+<H2><A NAME="s1">1. Key changes from squid 2.4:</A></H2>
 
 <P>
 <UL>
@@ -112,7 +87,7 @@ exacly where you want to have them in yo
 </UL>
 </P>
 
-<H2><A NAME="s3">3. Changes to squid.conf</A></H2>
+<H2><A NAME="s2">2. Changes to squid.conf</A></H2>
 
 <P>
 <DL>
@@ -157,14 +132,57 @@ exacly where you want to have them in yo
 </DL>
 </P>
 
-<H2><A NAME="s4">4. Known limitations</A></H2>
+<H2><A NAME="s3">3. Known issues and limitations</A></H2>
 
-<P>There is a few limitations to this version of Squid that we hope to correct in a later release</P>
+<P>There is a few limitations and issues in this version of Squid which we hope to correct in a later release</P>
 <P>
 <DL>
 <DT><B>deny_info</B><DD><P>deny_info only works for http_access, not for the acls listen in http_reply_access </P>
+<DT><B>Bug #616</B><DD><P>Negative cached 404 replies with VARY header never matches</P>
+<DT><B>Bug #592</B><DD><P>always/never_direct and NTLM authentication</P>
+<DT><B>Bug #585</B><DD><P>cache_peer_access fails with NTLM authentication</P>
+<DT><B>Bug #581</B><DD><P>acl max_user_ip and multiple authentication schemes</P>
+<DT><B>Bug #513</B><DD><P>squid -F is starting server sockets to early</P>
+<DT><B>Bug #518</B><DD><P>wb_auth fails on TRU64 and probably other 64 bit platforms</P>
+<DT><B>Bug #500</B><DD><P>delay_pools stops working on -k reconfigure</P>
+<DT><B>Bug #457</B><DD><P>does not handle swap.state corruption properly</P>
+<DT><B>Bug #426</B><DD><P>Vary: * does not work</P>
+<DT><B>Bug #410</B><DD><P>unstable if runs out of disk space</P>
+<DT><B>Bug #355</B><DD><P>diskd may appear slow on low loads</P>
+<DT><B>Bug #267</B><DD><P>Form POSTing troubles with NTLM authentication</P>
 </DL>
 </P>
+
+<H2><A NAME="s4">4. Key changes squid-2.5.STABLE1 to 2.5.STABLE2:</A></H2>
+
+<P>
+<UL>
+<LI>authentication now works in most access directives if
+first enforced in http_access</LI>
+<LI>contrib files included in the distribution again</LI>
+<LI>aufs bugfixes to address both stability and data
+corruption issues, and some aufs performance improvements.</LI>
+<LI>now possible to specify acl values with spaces in them
+via the "include file" technique</LI>
+<LI>winbind helpers updated to match Samba-2.2.7a and should
+work with Samba-2.2.6 or later (required). For compability with
+older Samba versions A new configure option --with-samba-sources=...
+has been added to allow you to specify which Samba version the
+helpers should be built for if different than the above versions.</LI>
+<LI>squid_ldap_group updated to correctly handle LDAP groups</LI>
+<LI>new experimental configure option --disable-hostname-checks to make Squid not validate that received hostnames are valid for use within HTTP. Required to participate in testbeds for international domain names etc.</LI>
+<LI>several assertion or segmentation faults corrected</LI>
+<LI>a large number of minor bugfixes. See the list of 
+<A HREF="http://www.squid-cache.org/Versions/v2/2.5/bugs/#STABLE1">squid-2.5.STABLE1 patches</A> and the 
+<A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
+</UL>
+</P>
+
+<H2><A NAME="s5">5. Key changes squid-2.5.STABLE2 to 2.5.STABLE3:</A></H2>
+
+<P>Squid-2.5.STABLE3 is a bugfix release. See the list of 
+<A HREF="http://www.squid-cache.org/Versions/v2/2.5/bugs/#STABLE2">squid-2.5.STABLE2 patches</A> and the 
+<A HREF="ChangeLog">ChangeLog</A> file for details on corrected issues.</P>
 
 </BODY>
 </HTML>
diff -rupN squid-2.5.STABLE2/configure squid-2.5.STABLE3/configure
--- squid-2.5.STABLE2/configure	Mon Mar 17 12:00:14 2003
+++ squid-2.5.STABLE3/configure	Sun May 25 07:04:25 2003
@@ -1000,7 +1000,7 @@ fi
 
 # Define the identity of the package.
 PACKAGE=squid
-VERSION=2.5.STABLE2
+VERSION=2.5.STABLE3
 cat >> confdefs.h <<EOF
 #define PACKAGE "$PACKAGE"
 EOF
@@ -1051,7 +1051,7 @@ INSTALL_STRIP_PROGRAM="\${SHELL} \$(inst
 
   
 
-# From configure.in Revision: 1.251.2.45 
+# From configure.in Revision: 1.251.2.48 
 echo $ac_n "checking whether to enable maintainer-specific portions of Makefiles""... $ac_c" 1>&6
 echo "configure:1057: checking whether to enable maintainer-specific portions of Makefiles" >&5
     # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given.
@@ -2365,6 +2365,11 @@ fi
   if test -z "$SSLLIB"; then
     SSLLIB="-lcrypto" # for MD5 routines
   fi
+    if test -d /usr/kerberos/include && test -z "$SSLLIBDIR" && test -f /usr/include/openssl/kssl.h; then
+    echo "OpenSSL depends on Kerberos"
+    SSLLIBDIR="/usr/kerberos/lib"
+    CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
+  fi
 fi
 if test -n "$SSLLIBDIR"; then
   SSLLIB="-L$SSLLIBDIR $SSLLIB"
@@ -2981,7 +2986,7 @@ case "$host" in
 esac
 
 echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6
-echo "configure:2985: checking how to run the C preprocessor" >&5
+echo "configure:2990: checking how to run the C preprocessor" >&5
 # On Suns, sometimes $CPP names a directory.
 if test -n "$CPP" && test -d "$CPP"; then
   CPP=
@@ -2996,13 +3001,13 @@ else
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp.
   cat > conftest.$ac_ext <<EOF
-#line 3000 "configure"
+#line 3005 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3006: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3011: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -3013,13 +3018,13 @@ else
   rm -rf conftest*
   CPP="${CC-cc} -E -traditional-cpp"
   cat > conftest.$ac_ext <<EOF
-#line 3017 "configure"
+#line 3022 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3023: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3028: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -3030,13 +3035,13 @@ else
   rm -rf conftest*
   CPP="${CC-cc} -nologo -E"
   cat > conftest.$ac_ext <<EOF
-#line 3034 "configure"
+#line 3039 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3040: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3045: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   :
@@ -3072,7 +3077,7 @@ echo "$ac_t""$CPP" 1>&6
 # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
 # ./install, which can be erroneously created by make from ./install.sh.
 echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
-echo "configure:3076: checking for a BSD compatible install" >&5
+echo "configure:3081: checking for a BSD compatible install" >&5
 if test -z "$INSTALL"; then
 if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -3127,7 +3132,7 @@ test -z "$INSTALL_DATA" && INSTALL_DATA=
 # Extract the first word of "ranlib", so it can be a program name with args.
 set dummy ranlib; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3131: checking for $ac_word" >&5
+echo "configure:3136: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3155,7 +3160,7 @@ else
 fi
 
 echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6
-echo "configure:3159: checking whether ln -s works" >&5
+echo "configure:3164: checking whether ln -s works" >&5
 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3178,7 +3183,7 @@ fi
 # Extract the first word of "sh", so it can be a program name with args.
 set dummy sh; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3182: checking for $ac_word" >&5
+echo "configure:3187: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_SH'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3214,7 +3219,7 @@ fi
 # Extract the first word of "false", so it can be a program name with args.
 set dummy false; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3218: checking for $ac_word" >&5
+echo "configure:3223: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_FALSE'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3250,7 +3255,7 @@ fi
 # Extract the first word of "true", so it can be a program name with args.
 set dummy true; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3254: checking for $ac_word" >&5
+echo "configure:3259: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_TRUE'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3286,7 +3291,7 @@ fi
 # Extract the first word of "rm", so it can be a program name with args.
 set dummy rm; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3290: checking for $ac_word" >&5
+echo "configure:3295: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_RM'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3322,7 +3327,7 @@ fi
 # Extract the first word of "mv", so it can be a program name with args.
 set dummy mv; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3326: checking for $ac_word" >&5
+echo "configure:3331: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_MV'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3358,7 +3363,7 @@ fi
 # Extract the first word of "mkdir", so it can be a program name with args.
 set dummy mkdir; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3362: checking for $ac_word" >&5
+echo "configure:3367: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_MKDIR'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3394,7 +3399,7 @@ fi
 # Extract the first word of "ln", so it can be a program name with args.
 set dummy ln; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3398: checking for $ac_word" >&5
+echo "configure:3403: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_LN'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3430,7 +3435,7 @@ fi
 # Extract the first word of "perl", so it can be a program name with args.
 set dummy perl; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3434: checking for $ac_word" >&5
+echo "configure:3439: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3466,7 +3471,7 @@ fi
 # Extract the first word of "ar", so it can be a program name with args.
 set dummy ar; ac_word=$2
 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:3470: checking for $ac_word" >&5
+echo "configure:3475: checking for $ac_word" >&5
 if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -3526,12 +3531,12 @@ for ac_hdr in dirent.h sys/ndir.h sys/di
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6
-echo "configure:3530: checking for $ac_hdr that defines DIR" >&5
+echo "configure:3535: checking for $ac_hdr that defines DIR" >&5
 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3535 "configure"
+#line 3540 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <$ac_hdr>
@@ -3539,7 +3544,7 @@ int main() {
 DIR *dirp = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:3543: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3548: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_header_dirent_$ac_safe=yes"
 else
@@ -3564,7 +3569,7 @@ done
 # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
 if test $ac_header_dirent = dirent.h; then
 echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6
-echo "configure:3568: checking for opendir in -ldir" >&5
+echo "configure:3573: checking for opendir in -ldir" >&5
 ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -3572,7 +3577,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-ldir  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 3576 "configure"
+#line 3581 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -3583,7 +3588,7 @@ int main() {
 opendir()
 ; return 0; }
 EOF
-if { (eval echo configure:3587: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3592: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -3605,7 +3610,7 @@ fi
 
 else
 echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6
-echo "configure:3609: checking for opendir in -lx" >&5
+echo "configure:3614: checking for opendir in -lx" >&5
 ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -3613,7 +3618,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lx  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 3617 "configure"
+#line 3622 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -3624,7 +3629,7 @@ int main() {
 opendir()
 ; return 0; }
 EOF
-if { (eval echo configure:3628: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:3633: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -3647,12 +3652,12 @@ fi
 fi
 
 echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6
-echo "configure:3651: checking for ANSI C header files" >&5
+echo "configure:3656: checking for ANSI C header files" >&5
 if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3656 "configure"
+#line 3661 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
@@ -3660,7 +3665,7 @@ else
 #include <float.h>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3664: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3669: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -3677,7 +3682,7 @@ rm -f conftest*
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 3681 "configure"
+#line 3686 "configure"
 #include "confdefs.h"
 #include <string.h>
 EOF
@@ -3695,7 +3700,7 @@ fi
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 3699 "configure"
+#line 3704 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 EOF
@@ -3716,7 +3721,7 @@ if test "$cross_compiling" = yes; then
   :
 else
   cat > conftest.$ac_ext <<EOF
-#line 3720 "configure"
+#line 3725 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -3727,7 +3732,7 @@ if (XOR (islower (i), ISLOWER (i)) || to
 exit (0); }
 
 EOF
-if { (eval echo configure:3731: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:3736: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   :
 else
@@ -3834,17 +3839,17 @@ for ac_hdr in \
 do
 ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
-echo "configure:3838: checking for $ac_hdr" >&5
+echo "configure:3843: checking for $ac_hdr" >&5
 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3843 "configure"
+#line 3848 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
 ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:3848: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:3853: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -3872,12 +3877,12 @@ done
 
 
 echo $ac_n "checking for working const""... $ac_c" 1>&6
-echo "configure:3876: checking for working const" >&5
+echo "configure:3881: checking for working const" >&5
 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 3881 "configure"
+#line 3886 "configure"
 #include "confdefs.h"
 
 int main() {
@@ -3926,7 +3931,7 @@ ccp = (char const *const *) p;
 
 ; return 0; }
 EOF
-if { (eval echo configure:3930: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3935: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_const=yes
 else
@@ -3947,14 +3952,14 @@ EOF
 fi
 
 echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6
-echo "configure:3951: checking whether byte ordering is bigendian" >&5
+echo "configure:3956: checking whether byte ordering is bigendian" >&5
 if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_cv_c_bigendian=unknown
 # See if sys/param.h defines the BYTE_ORDER macro.
 cat > conftest.$ac_ext <<EOF
-#line 3958 "configure"
+#line 3963 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -3965,11 +3970,11 @@ int main() {
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:3969: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3974: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   # It does; now see whether it defined to BIG_ENDIAN or not.
 cat > conftest.$ac_ext <<EOF
-#line 3973 "configure"
+#line 3978 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -3980,7 +3985,7 @@ int main() {
 #endif
 ; return 0; }
 EOF
-if { (eval echo configure:3984: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:3989: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_bigendian=yes
 else
@@ -4000,7 +4005,7 @@ if test "$cross_compiling" = yes; then
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4004 "configure"
+#line 4009 "configure"
 #include "confdefs.h"
 main () {
   /* Are we little or big endian?  From Harbison&Steele.  */
@@ -4013,7 +4018,7 @@ main () {
   exit (u.c[sizeof (long) - 1] == 1);
 }
 EOF
-if { (eval echo configure:4017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_bigendian=no
 else
@@ -4038,20 +4043,20 @@ fi
 
 
 echo $ac_n "checking if ANSI prototypes work""... $ac_c" 1>&6
-echo "configure:4042: checking if ANSI prototypes work" >&5
+echo "configure:4047: checking if ANSI prototypes work" >&5
 if eval "test \"`echo '$''{'ac_cv_have_ansi_prototypes'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
   cat > conftest.$ac_ext <<EOF
-#line 4048 "configure"
+#line 4053 "configure"
 #include "confdefs.h"
 int foo(char *); int foo (char *bar) {return 1;}
 int main() {
 foo("bar")
 ; return 0; }
 EOF
-if { (eval echo configure:4055: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4060: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_have_ansi_prototypes="yes"
 else
@@ -4073,13 +4078,13 @@ EOF
 fi
 
 echo $ac_n "checking for tm->tm_gmtoff""... $ac_c" 1>&6
-echo "configure:4077: checking for tm->tm_gmtoff" >&5
+echo "configure:4082: checking for tm->tm_gmtoff" >&5
 if eval "test \"`echo '$''{'ac_cv_have_tm_gmoff'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
   cat > conftest.$ac_ext <<EOF
-#line 4083 "configure"
+#line 4088 "configure"
 #include "confdefs.h"
 #include <time.h>
 #include <sys/time.h>
@@ -4088,7 +4093,7 @@ struct tm foo;
       foo.tm_gmtoff = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:4092: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4097: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_have_tm_gmoff="yes"
 else
@@ -4110,13 +4115,13 @@ EOF
 fi
 
 echo $ac_n "checking for struct mallinfo""... $ac_c" 1>&6
-echo "configure:4114: checking for struct mallinfo" >&5
+echo "configure:4119: checking for struct mallinfo" >&5
 if eval "test \"`echo '$''{'ac_cv_have_struct_mallinfo'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
   cat > conftest.$ac_ext <<EOF
-#line 4120 "configure"
+#line 4125 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if HAVE_MALLOC_H
@@ -4134,7 +4139,7 @@ struct mallinfo foo;
     foo.keepcost = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:4138: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4143: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_have_struct_mallinfo="yes"
 else
@@ -4156,13 +4161,13 @@ EOF
 fi
 
 echo $ac_n "checking for extended mallinfo""... $ac_c" 1>&6
-echo "configure:4160: checking for extended mallinfo" >&5
+echo "configure:4165: checking for extended mallinfo" >&5
 if eval "test \"`echo '$''{'ac_cv_have_ext_mallinfo'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
   cat > conftest.$ac_ext <<EOF
-#line 4166 "configure"
+#line 4171 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <malloc.h>
@@ -4171,7 +4176,7 @@ struct mallinfo foo;
       foo.mxfast = 0;
 ; return 0; }
 EOF
-if { (eval echo configure:4175: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4180: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_have_ext_mallinfo="yes"
 else
@@ -4193,13 +4198,13 @@ EOF
 fi
 
 echo $ac_n "checking for struct rusage""... $ac_c" 1>&6
-echo "configure:4197: checking for struct rusage" >&5
+echo "configure:4202: checking for struct rusage" >&5
 if eval "test \"`echo '$''{'ac_cv_have_struct_rusage'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
   cat > conftest.$ac_ext <<EOF
-#line 4203 "configure"
+#line 4208 "configure"
 #include "confdefs.h"
 
 #if HAVE_SYS_TIME_H
@@ -4212,7 +4217,7 @@ int main() {
 struct rusage R;
 ; return 0; }
 EOF
-if { (eval echo configure:4216: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4221: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_have_struct_rusage="yes"
 else
@@ -4234,13 +4239,13 @@ EOF
 fi
 
 echo $ac_n "checking for ip->ip_hl""... $ac_c" 1>&6
-echo "configure:4238: checking for ip->ip_hl" >&5
+echo "configure:4243: checking for ip->ip_hl" >&5
 if eval "test \"`echo '$''{'ac_cv_have_ip_hl'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
   cat > conftest.$ac_ext <<EOF
-#line 4244 "configure"
+#line 4249 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <netinet/in.h>
@@ -4259,7 +4264,7 @@ struct iphdr ip;
       ip.ip_hl= 0;
 ; return 0; }
 EOF
-if { (eval echo configure:4263: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:4268: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_have_ip_hl="yes"
 else
@@ -4281,7 +4286,7 @@ EOF
 fi
 
 echo $ac_n "checking size of void *""... $ac_c" 1>&6
-echo "configure:4285: checking size of void *" >&5
+echo "configure:4290: checking size of void *" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_void_p'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4289,7 +4294,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4293 "configure"
+#line 4298 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -4300,7 +4305,7 @@ main()
   exit(0);
 }
 EOF
-if { (eval echo configure:4304: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4309: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_void_p=`cat conftestval`
 else
@@ -4320,7 +4325,7 @@ EOF
 
 
 echo $ac_n "checking size of short""... $ac_c" 1>&6
-echo "configure:4324: checking size of short" >&5
+echo "configure:4329: checking size of short" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4328,7 +4333,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4332 "configure"
+#line 4337 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -4339,7 +4344,7 @@ main()
   exit(0);
 }
 EOF
-if { (eval echo configure:4343: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4348: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_short=`cat conftestval`
 else
@@ -4359,7 +4364,7 @@ EOF
 
 
 echo $ac_n "checking size of int""... $ac_c" 1>&6
-echo "configure:4363: checking size of int" >&5
+echo "configure:4368: checking size of int" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4367,7 +4372,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4371 "configure"
+#line 4376 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -4378,7 +4383,7 @@ main()
   exit(0);
 }
 EOF
-if { (eval echo configure:4382: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4387: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_int=`cat conftestval`
 else
@@ -4398,7 +4403,7 @@ EOF
 
 
 echo $ac_n "checking size of long""... $ac_c" 1>&6
-echo "configure:4402: checking size of long" >&5
+echo "configure:4407: checking size of long" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4406,7 +4411,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4410 "configure"
+#line 4415 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -4417,7 +4422,7 @@ main()
   exit(0);
 }
 EOF
-if { (eval echo configure:4421: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4426: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_long=`cat conftestval`
 else
@@ -4437,7 +4442,7 @@ EOF
 
 
 echo $ac_n "checking size of long long""... $ac_c" 1>&6
-echo "configure:4441: checking size of long long" >&5
+echo "configure:4446: checking size of long long" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_long_long'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4445,7 +4450,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4449 "configure"
+#line 4454 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -4456,7 +4461,7 @@ main()
   exit(0);
 }
 EOF
-if { (eval echo configure:4460: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4465: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_long_long=`cat conftestval`
 else
@@ -4476,7 +4481,7 @@ EOF
 
 
 echo $ac_n "checking size of __int64""... $ac_c" 1>&6
-echo "configure:4480: checking size of __int64" >&5
+echo "configure:4485: checking size of __int64" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof___int64'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4484,7 +4489,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4488 "configure"
+#line 4493 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4510,7 +4515,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:4514: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4519: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof___int64=`cat conftestval`
 else
@@ -4530,7 +4535,7 @@ EOF
 
 
 echo $ac_n "checking size of int16_t""... $ac_c" 1>&6
-echo "configure:4534: checking size of int16_t" >&5
+echo "configure:4539: checking size of int16_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_int16_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4538,7 +4543,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4542 "configure"
+#line 4547 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4564,7 +4569,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:4568: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4573: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_int16_t=`cat conftestval`
 else
@@ -4584,7 +4589,7 @@ EOF
 
 
 echo $ac_n "checking size of uint16_t""... $ac_c" 1>&6
-echo "configure:4588: checking size of uint16_t" >&5
+echo "configure:4593: checking size of uint16_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_uint16_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4592,7 +4597,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4596 "configure"
+#line 4601 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4618,7 +4623,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:4622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4627: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_uint16_t=`cat conftestval`
 else
@@ -4638,7 +4643,7 @@ EOF
 
 
 echo $ac_n "checking size of u_int16_t""... $ac_c" 1>&6
-echo "configure:4642: checking size of u_int16_t" >&5
+echo "configure:4647: checking size of u_int16_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_u_int16_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4646,7 +4651,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4650 "configure"
+#line 4655 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4672,7 +4677,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:4676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4681: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_u_int16_t=`cat conftestval`
 else
@@ -4692,7 +4697,7 @@ EOF
 
 
 echo $ac_n "checking size of int32_t""... $ac_c" 1>&6
-echo "configure:4696: checking size of int32_t" >&5
+echo "configure:4701: checking size of int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4700,7 +4705,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4704 "configure"
+#line 4709 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4726,7 +4731,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:4730: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4735: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_int32_t=`cat conftestval`
 else
@@ -4746,7 +4751,7 @@ EOF
 
 
 echo $ac_n "checking size of uint32_t""... $ac_c" 1>&6
-echo "configure:4750: checking size of uint32_t" >&5
+echo "configure:4755: checking size of uint32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_uint32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4754,7 +4759,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4758 "configure"
+#line 4763 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4780,7 +4785,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:4784: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_uint32_t=`cat conftestval`
 else
@@ -4800,7 +4805,7 @@ EOF
 
 
 echo $ac_n "checking size of u_int32_t""... $ac_c" 1>&6
-echo "configure:4804: checking size of u_int32_t" >&5
+echo "configure:4809: checking size of u_int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_u_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4808,7 +4813,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4812 "configure"
+#line 4817 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4834,7 +4839,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:4838: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4843: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_u_int32_t=`cat conftestval`
 else
@@ -4854,7 +4859,7 @@ EOF
 
 
 echo $ac_n "checking size of int64_t""... $ac_c" 1>&6
-echo "configure:4858: checking size of int64_t" >&5
+echo "configure:4863: checking size of int64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_int64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4862,7 +4867,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4866 "configure"
+#line 4871 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4888,7 +4893,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:4892: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4897: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_int64_t=`cat conftestval`
 else
@@ -4908,7 +4913,7 @@ EOF
 
 
 echo $ac_n "checking size of uint64_t""... $ac_c" 1>&6
-echo "configure:4912: checking size of uint64_t" >&5
+echo "configure:4917: checking size of uint64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_uint64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4916,7 +4921,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4920 "configure"
+#line 4925 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4942,7 +4947,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:4946: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:4951: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_uint64_t=`cat conftestval`
 else
@@ -4962,7 +4967,7 @@ EOF
 
 
 echo $ac_n "checking size of u_int64_t""... $ac_c" 1>&6
-echo "configure:4966: checking size of u_int64_t" >&5
+echo "configure:4971: checking size of u_int64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_u_int64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -4970,7 +4975,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 4974 "configure"
+#line 4979 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -4996,7 +5001,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:5000: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:5005: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_u_int64_t=`cat conftestval`
 else
@@ -5018,12 +5023,12 @@ EOF
 
 if test "x$ac_cv_sizeof_short" = "x2"; then
 	echo $ac_n "checking for int16_t""... $ac_c" 1>&6
-echo "configure:5022: checking for int16_t" >&5
+echo "configure:5027: checking for int16_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int16_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5027 "configure"
+#line 5032 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5067,12 +5072,12 @@ fi
 
 elif test "x$ac_cv_sizeof_int" = "x2"; then
 	echo $ac_n "checking for int16_t""... $ac_c" 1>&6
-echo "configure:5071: checking for int16_t" >&5
+echo "configure:5076: checking for int16_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int16_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5076 "configure"
+#line 5081 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5117,12 +5122,12 @@ fi
 fi
 if test "x$ac_cv_sizeof_uint16_t" = "x2"; then
 	echo $ac_n "checking for u_int16_t""... $ac_c" 1>&6
-echo "configure:5121: checking for u_int16_t" >&5
+echo "configure:5126: checking for u_int16_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int16_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5126 "configure"
+#line 5131 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5166,12 +5171,12 @@ fi
 
 elif test "x$ac_cv_sizeof_short" = "x2"; then
 	echo $ac_n "checking for u_int16_t""... $ac_c" 1>&6
-echo "configure:5170: checking for u_int16_t" >&5
+echo "configure:5175: checking for u_int16_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int16_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5175 "configure"
+#line 5180 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5215,12 +5220,12 @@ fi
 
 elif test "x$ac_cv_sizeof_int" = "x2"; then
 	echo $ac_n "checking for u_int16_t""... $ac_c" 1>&6
-echo "configure:5219: checking for u_int16_t" >&5
+echo "configure:5224: checking for u_int16_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int16_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5224 "configure"
+#line 5229 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5265,12 +5270,12 @@ fi
 fi
 if test "x$ac_cv_sizeof_int" = "x4"; then
 	echo $ac_n "checking for int32_t""... $ac_c" 1>&6
-echo "configure:5269: checking for int32_t" >&5
+echo "configure:5274: checking for int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5274 "configure"
+#line 5279 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5314,12 +5319,12 @@ fi
 
 elif "x$ac_cv_sizeof_long" = "x4"; then
 	echo $ac_n "checking for int32_t""... $ac_c" 1>&6
-echo "configure:5318: checking for int32_t" >&5
+echo "configure:5323: checking for int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5323 "configure"
+#line 5328 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5364,12 +5369,12 @@ fi
 fi
 if test "x$ac_cv_sizeof_uint32_t" = "x4"; then
 	echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6
-echo "configure:5368: checking for u_int32_t" >&5
+echo "configure:5373: checking for u_int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5373 "configure"
+#line 5378 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5413,12 +5418,12 @@ fi
 
 elif test "x$ac_cv_sizeof_int" = "x4"; then
 	echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6
-echo "configure:5417: checking for u_int32_t" >&5
+echo "configure:5422: checking for u_int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5422 "configure"
+#line 5427 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5462,12 +5467,12 @@ fi
 
 elif test "x$ac_cv_sizeof_long" = "x4"; then
 	echo $ac_n "checking for u_int32_t""... $ac_c" 1>&6
-echo "configure:5466: checking for u_int32_t" >&5
+echo "configure:5471: checking for u_int32_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int32_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5471 "configure"
+#line 5476 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5512,12 +5517,12 @@ fi
 fi
 if test "x$ac_cv_sizeof_long" = "x8"; then
 	echo $ac_n "checking for int64_t""... $ac_c" 1>&6
-echo "configure:5516: checking for int64_t" >&5
+echo "configure:5521: checking for int64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5521 "configure"
+#line 5526 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5561,12 +5566,12 @@ fi
 
 elif test "x$ac_cv_sizeof_long_long" = "x8"; then
 	echo $ac_n "checking for int64_t""... $ac_c" 1>&6
-echo "configure:5565: checking for int64_t" >&5
+echo "configure:5570: checking for int64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5570 "configure"
+#line 5575 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5610,12 +5615,12 @@ fi
 
 elif test "x$ac_cv_sizeof___int64" = "x8"; then
 	echo $ac_n "checking for int64_t""... $ac_c" 1>&6
-echo "configure:5614: checking for int64_t" >&5
+echo "configure:5619: checking for int64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5619 "configure"
+#line 5624 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5660,12 +5665,12 @@ fi
 fi
 if test "x$ac_cv_sizeof_uint64_t" = "x8"; then
 	echo $ac_n "checking for u_int64_t""... $ac_c" 1>&6
-echo "configure:5664: checking for u_int64_t" >&5
+echo "configure:5669: checking for u_int64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5669 "configure"
+#line 5674 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5709,12 +5714,12 @@ fi
 
 elif test "x$ac_cv_sizeof_long" = "x8"; then
 	echo $ac_n "checking for u_int64_t""... $ac_c" 1>&6
-echo "configure:5713: checking for u_int64_t" >&5
+echo "configure:5718: checking for u_int64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5718 "configure"
+#line 5723 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5758,12 +5763,12 @@ fi
 
 elif test "x$ac_cv_sizeof_long_long" = "x8"; then
 	echo $ac_n "checking for u_int64_t""... $ac_c" 1>&6
-echo "configure:5762: checking for u_int64_t" >&5
+echo "configure:5767: checking for u_int64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_u_int64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5767 "configure"
+#line 5772 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5807,12 +5812,12 @@ fi
 
 elif test "x$ac_cv_sizeof___int64" = "x8"; then
 	echo $ac_n "checking for int64_t""... $ac_c" 1>&6
-echo "configure:5811: checking for int64_t" >&5
+echo "configure:5816: checking for int64_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_int64_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5816 "configure"
+#line 5821 "configure"
 #include "confdefs.h"
 
 /* What a mess.. many systems have added the (now standard) bit types
@@ -5857,12 +5862,12 @@ fi
 fi
 
 echo $ac_n "checking for pid_t""... $ac_c" 1>&6
-echo "configure:5861: checking for pid_t" >&5
+echo "configure:5866: checking for pid_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5866 "configure"
+#line 5871 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -5890,12 +5895,12 @@ EOF
 fi
 
 echo $ac_n "checking for size_t""... $ac_c" 1>&6
-echo "configure:5894: checking for size_t" >&5
+echo "configure:5899: checking for size_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5899 "configure"
+#line 5904 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -5923,12 +5928,12 @@ EOF
 fi
 
 echo $ac_n "checking for ssize_t""... $ac_c" 1>&6
-echo "configure:5927: checking for ssize_t" >&5
+echo "configure:5932: checking for ssize_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5932 "configure"
+#line 5937 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -5956,12 +5961,12 @@ EOF
 fi
 
 echo $ac_n "checking for off_t""... $ac_c" 1>&6
-echo "configure:5960: checking for off_t" >&5
+echo "configure:5965: checking for off_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5965 "configure"
+#line 5970 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -5989,12 +5994,12 @@ EOF
 fi
 
 echo $ac_n "checking for mode_t""... $ac_c" 1>&6
-echo "configure:5993: checking for mode_t" >&5
+echo "configure:5998: checking for mode_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 5998 "configure"
+#line 6003 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -6022,12 +6027,12 @@ EOF
 fi
 
 echo $ac_n "checking for fd_mask""... $ac_c" 1>&6
-echo "configure:6026: checking for fd_mask" >&5
+echo "configure:6031: checking for fd_mask" >&5
 if eval "test \"`echo '$''{'ac_cv_type_fd_mask'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6031 "configure"
+#line 6036 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -6056,7 +6061,7 @@ fi
 
 
 echo $ac_n "checking size of off_t""... $ac_c" 1>&6
-echo "configure:6060: checking size of off_t" >&5
+echo "configure:6065: checking size of off_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_off_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6064,7 +6069,7 @@ else
   ac_cv_sizeof_off_t=4
 else
   cat > conftest.$ac_ext <<EOF
-#line 6068 "configure"
+#line 6073 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6090,7 +6095,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:6094: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:6099: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_off_t=`cat conftestval`
 else
@@ -6110,7 +6115,7 @@ EOF
 
 
 echo $ac_n "checking size of size_t""... $ac_c" 1>&6
-echo "configure:6114: checking size of size_t" >&5
+echo "configure:6119: checking size of size_t" >&5
 if eval "test \"`echo '$''{'ac_cv_sizeof_size_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6118,7 +6123,7 @@ else
   ac_cv_sizeof_size_t=4
 else
   cat > conftest.$ac_ext <<EOF
-#line 6122 "configure"
+#line 6127 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -6144,7 +6149,7 @@ int main()
 }
 
 EOF
-if { (eval echo configure:6148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:6153: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_sizeof_size_t=`cat conftestval`
 else
@@ -6167,19 +6172,19 @@ EOF
 # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
 # for constant arguments.  Useless!
 echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6
-echo "configure:6171: checking for working alloca.h" >&5
+echo "configure:6176: checking for working alloca.h" >&5
 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6176 "configure"
+#line 6181 "configure"
 #include "confdefs.h"
 #include <alloca.h>
 int main() {
 char *p = alloca(2 * sizeof(int));
 ; return 0; }
 EOF
-if { (eval echo configure:6183: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6188: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_header_alloca_h=yes
 else
@@ -6200,12 +6205,12 @@ EOF
 fi
 
 echo $ac_n "checking for alloca""... $ac_c" 1>&6
-echo "configure:6204: checking for alloca" >&5
+echo "configure:6209: checking for alloca" >&5
 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6209 "configure"
+#line 6214 "configure"
 #include "confdefs.h"
 
 #ifdef __GNUC__
@@ -6233,7 +6238,7 @@ int main() {
 char *p = (char *) alloca(1);
 ; return 0; }
 EOF
-if { (eval echo configure:6237: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6242: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   ac_cv_func_alloca_works=yes
 else
@@ -6265,12 +6270,12 @@ EOF
 
 
 echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6
-echo "configure:6269: checking whether alloca needs Cray hooks" >&5
+echo "configure:6274: checking whether alloca needs Cray hooks" >&5
 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6274 "configure"
+#line 6279 "configure"
 #include "confdefs.h"
 #if defined(CRAY) && ! defined(CRAY2)
 webecray
@@ -6295,12 +6300,12 @@ echo "$ac_t""$ac_cv_os_cray" 1>&6
 if test $ac_cv_os_cray = yes; then
 for ac_func in _getb67 GETB67 getb67; do
   echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:6299: checking for $ac_func" >&5
+echo "configure:6304: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 6304 "configure"
+#line 6309 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -6323,7 +6328,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:6327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6332: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -6350,7 +6355,7 @@ done
 fi
 
 echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6
-echo "configure:6354: checking stack direction for C alloca" >&5
+echo "configure:6359: checking stack direction for C alloca" >&5
 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -6358,7 +6363,7 @@ else
   ac_cv_c_stack_direction=0
 else
   cat > conftest.$ac_ext <<EOF
-#line 6362 "configure"
+#line 6367 "configure"
 #include "confdefs.h"
 find_stack_direction ()
 {
@@ -6377,7 +6382,7 @@ main ()
   exit (find_stack_direction() < 0);
 }
 EOF
-if { (eval echo configure:6381: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:6386: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_c_stack_direction=1
 else
@@ -6401,13 +6406,13 @@ fi
 
 
 echo $ac_n "checking for socklen_t""... $ac_c" 1>&6
-echo "configure:6405: checking for socklen_t" >&5
+echo "configure:6410: checking for socklen_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_socklen_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
   cat > conftest.$ac_ext <<EOF
-#line 6411 "configure"
+#line 6416 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -6438,13 +6443,13 @@ EOF
 fi
 
 echo $ac_n "checking for mtyp_t""... $ac_c" 1>&6
-echo "configure:6442: checking for mtyp_t" >&5
+echo "configure:6447: checking for mtyp_t" >&5
 if eval "test \"`echo '$''{'ac_cv_type_mtyp_t'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
   cat > conftest.$ac_ext <<EOF
-#line 6448 "configure"
+#line 6453 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/ipc.h>
@@ -6472,7 +6477,7 @@ EOF
  fi
 
 echo $ac_n "checking for main in -lnsl""... $ac_c" 1>&6
-echo "configure:6476: checking for main in -lnsl" >&5
+echo "configure:6481: checking for main in -lnsl" >&5
 ac_lib_var=`echo nsl'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6480,14 +6485,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lnsl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6484 "configure"
+#line 6489 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:6491: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6496: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6515,7 +6520,7 @@ else
 fi
 
 echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6
-echo "configure:6519: checking for main in -lsocket" >&5
+echo "configure:6524: checking for main in -lsocket" >&5
 ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6523,14 +6528,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lsocket  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6527 "configure"
+#line 6532 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:6534: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6539: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6559,13 +6564,13 @@ fi
 
 
 echo $ac_n "checking for unix domain sockets""... $ac_c" 1>&6
-echo "configure:6563: checking for unix domain sockets" >&5
+echo "configure:6568: checking for unix domain sockets" >&5
 if eval "test \"`echo '$''{'squid_cv_unixsocket'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   
     cat > conftest.$ac_ext <<EOF
-#line 6569 "configure"
+#line 6574 "configure"
 #include "confdefs.h"
 
 #include <sys/types.h>
@@ -6580,7 +6585,7 @@ int main() {
 
 ; return 0; }
 EOF
-if { (eval echo configure:6584: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:6589: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   squid_cv_unixsocket=yes
 else
@@ -6604,7 +6609,7 @@ if test "x$ac_cv_enabled_dlmalloc" = "xy
   echo "skipping libmalloc check (--enable-dlmalloc specified)"
 else
   echo $ac_n "checking for main in -lgnumalloc""... $ac_c" 1>&6
-echo "configure:6608: checking for main in -lgnumalloc" >&5
+echo "configure:6613: checking for main in -lgnumalloc" >&5
 ac_lib_var=`echo gnumalloc'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6612,14 +6617,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lgnumalloc  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6616 "configure"
+#line 6621 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:6623: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6628: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6662,7 +6667,7 @@ fi
 			*)
   
 				echo $ac_n "checking for main in -lmalloc""... $ac_c" 1>&6
-echo "configure:6666: checking for main in -lmalloc" >&5
+echo "configure:6671: checking for main in -lmalloc" >&5
 ac_lib_var=`echo malloc'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6670,14 +6675,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lmalloc  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6674 "configure"
+#line 6679 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:6681: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6686: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6710,7 +6715,7 @@ fi
 fi
 
 echo $ac_n "checking for main in -lbsd""... $ac_c" 1>&6
-echo "configure:6714: checking for main in -lbsd" >&5
+echo "configure:6719: checking for main in -lbsd" >&5
 ac_lib_var=`echo bsd'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6718,14 +6723,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lbsd  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6722 "configure"
+#line 6727 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:6729: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6734: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6753,7 +6758,7 @@ else
 fi
 
 echo $ac_n "checking for main in -lregex""... $ac_c" 1>&6
-echo "configure:6757: checking for main in -lregex" >&5
+echo "configure:6762: checking for main in -lregex" >&5
 ac_lib_var=`echo regex'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6761,14 +6766,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lregex  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6765 "configure"
+#line 6770 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:6772: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6777: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6789,7 +6794,7 @@ else
 fi
 
 echo $ac_n "checking for gethostbyname in -lbind""... $ac_c" 1>&6
-echo "configure:6793: checking for gethostbyname in -lbind" >&5
+echo "configure:6798: checking for gethostbyname in -lbind" >&5
 ac_lib_var=`echo bind'_'gethostbyname | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6797,7 +6802,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lbind  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6801 "configure"
+#line 6806 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -6808,7 +6813,7 @@ int main() {
 gethostbyname()
 ; return 0; }
 EOF
-if { (eval echo configure:6812: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6817: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6842,7 +6847,7 @@ if test $ac_cv_lib_bind_gethostbyname = 
 		;;
 	*)
 		echo $ac_n "checking for inet_aton in -lresolv""... $ac_c" 1>&6
-echo "configure:6846: checking for inet_aton in -lresolv" >&5
+echo "configure:6851: checking for inet_aton in -lresolv" >&5
 ac_lib_var=`echo resolv'_'inet_aton | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6850,7 +6855,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lresolv  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6854 "configure"
+#line 6859 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -6861,7 +6866,7 @@ int main() {
 inet_aton()
 ; return 0; }
 EOF
-if { (eval echo configure:6865: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6870: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6877,7 +6882,7 @@ fi
 if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
   echo "$ac_t""yes" 1>&6
   echo $ac_n "checking for inet_aton in -l44bsd""... $ac_c" 1>&6
-echo "configure:6881: checking for inet_aton in -l44bsd" >&5
+echo "configure:6886: checking for inet_aton in -l44bsd" >&5
 ac_lib_var=`echo 44bsd'_'inet_aton | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6885,7 +6890,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-l44bsd  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6889 "configure"
+#line 6894 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -6896,7 +6901,7 @@ int main() {
 inet_aton()
 ; return 0; }
 EOF
-if { (eval echo configure:6900: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6905: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6928,7 +6933,7 @@ else
 fi
 
 		echo $ac_n "checking for main in -lresolv""... $ac_c" 1>&6
-echo "configure:6932: checking for main in -lresolv" >&5
+echo "configure:6937: checking for main in -lresolv" >&5
 ac_lib_var=`echo resolv'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6936,14 +6941,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lresolv  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6940 "configure"
+#line 6945 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:6947: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6952: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -6974,7 +6979,7 @@ fi
     esac
 fi
 echo $ac_n "checking for main in -lm""... $ac_c" 1>&6
-echo "configure:6978: checking for main in -lm" >&5
+echo "configure:6983: checking for main in -lm" >&5
 ac_lib_var=`echo m'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -6982,14 +6987,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lm  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 6986 "configure"
+#line 6991 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:6993: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:6998: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7018,7 +7023,7 @@ fi
 
 
 echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6
-echo "configure:7022: checking for crypt in -lcrypt" >&5
+echo "configure:7027: checking for crypt in -lcrypt" >&5
 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7026,7 +7031,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lcrypt  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7030 "configure"
+#line 7035 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7037,7 +7042,7 @@ int main() {
 crypt()
 ; return 0; }
 EOF
-if { (eval echo configure:7041: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7046: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7061,7 +7066,7 @@ fi
 
 if test "$with_dl" = "yes"; then
     echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6
-echo "configure:7065: checking for dlopen in -ldl" >&5
+echo "configure:7070: checking for dlopen in -ldl" >&5
 ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7069,7 +7074,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-ldl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7073 "configure"
+#line 7078 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7080,7 +7085,7 @@ int main() {
 dlopen()
 ; return 0; }
 EOF
-if { (eval echo configure:7084: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7089: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7128,7 +7133,7 @@ if test "$with_pthreads" = "yes"; then
     ;;
     esac
     echo $ac_n "checking for main in -lpthread""... $ac_c" 1>&6
-echo "configure:7132: checking for main in -lpthread" >&5
+echo "configure:7137: checking for main in -lpthread" >&5
 ac_lib_var=`echo pthread'_'main | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7136,14 +7141,14 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lpthread  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7140 "configure"
+#line 7145 "configure"
 #include "confdefs.h"
 
 int main() {
 main()
 ; return 0; }
 EOF
-if { (eval echo configure:7147: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7152: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7174,7 +7179,7 @@ fi
 
 if test "$with_aio" = "yes"; then
     echo $ac_n "checking for aio_read in -lrt""... $ac_c" 1>&6
-echo "configure:7178: checking for aio_read in -lrt" >&5
+echo "configure:7183: checking for aio_read in -lrt" >&5
 ac_lib_var=`echo rt'_'aio_read | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7182,7 +7187,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lrt  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7186 "configure"
+#line 7191 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7193,7 +7198,7 @@ int main() {
 aio_read()
 ; return 0; }
 EOF
-if { (eval echo configure:7197: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7202: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7225,7 +7230,7 @@ fi
 case "$host" in
 	*-pc-sco3.2*)
 		echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6
-echo "configure:7229: checking for strftime in -lintl" >&5
+echo "configure:7234: checking for strftime in -lintl" >&5
 ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
@@ -7233,7 +7238,7 @@ else
   ac_save_LIBS="$LIBS"
 LIBS="-lintl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 7237 "configure"
+#line 7242 "configure"
 #include "confdefs.h"
 /* Override any gcc2 internal prototype to avoid an error.  */
 /* We use char because int might match the return type of a gcc2
@@ -7244,7 +7249,7 @@ int main() {
 strftime()
 ; return 0; }
 EOF
-if { (eval echo configure:7248: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7253: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -7293,9 +7298,13 @@ case "$host" in
 	*-ibm-aix*)
 		echo "Removing -lbsd for AIX..."
 		LIBS=`echo $LIBS | sed -e s/-lbsd//`
-		echo "disabling snprintf/vsnprintf for $host"
-		ac_cv_func_snprintf=no
-		ac_cv_func_vsnprintf=no
+		case "$host" in
+			*-ibm-aix4*)
+				echo "disabling snprintf/vsnprintf for $host"
+				ac_cv_func_snprintf=no
+				ac_cv_func_vsnprintf=no
+			;;
+		esac
 		;;
 	*m88k*)
 		CFLAGS="$CFLAGS -D_SQUID_MOTOROLA_"
@@ -7431,12 +7440,12 @@ for ac_func in \
 
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7435: checking for $ac_func" >&5
+echo "configure:7444: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7440 "configure"
+#line 7449 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7459,7 +7468,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7463: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7472: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7485,7 +7494,7 @@ done
 
 
 echo $ac_n "checking if setresuid is implemented""... $ac_c" 1>&6
-echo "configure:7489: checking if setresuid is implemented" >&5
+echo "configure:7498: checking if setresuid is implemented" >&5
 if eval "test \"`echo '$''{'ac_cv_func_setresuid'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
@@ -7493,7 +7502,7 @@ else
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
   cat > conftest.$ac_ext <<EOF
-#line 7497 "configure"
+#line 7506 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -7506,7 +7515,7 @@ else
   }
   
 EOF
-if { (eval echo configure:7510: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:7519: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   ac_cv_func_setresuid="yes"
 else
@@ -7552,7 +7561,7 @@ fi
   
 if test "$IPF_TRANSPARENT" ; then
     echo $ac_n "checking if IP-Filter header files are installed""... $ac_c" 1>&6
-echo "configure:7556: checking if IP-Filter header files are installed" >&5
+echo "configure:7565: checking if IP-Filter header files are installed" >&5
     # hold on to your hats...
     if test "$ac_cv_header_ip_compat_h" = "yes" ||
         test "$ac_cv_header_ip_fil_compat_h" = "yes" ||
@@ -7593,7 +7602,7 @@ fi
 
 if test "$PF_TRANSPARENT" ; then
     echo $ac_n "checking if PF header file is installed""... $ac_c" 1>&6
-echo "configure:7597: checking if PF header file is installed" >&5
+echo "configure:7606: checking if PF header file is installed" >&5
     # hold on to your hats...
     if test "$ac_cv_header_net_pfvar_h" = "yes"; then
         PF_TRANSPARENT="yes"
@@ -7618,7 +7627,7 @@ fi
 
 if test "$LINUX_NETFILTER" ; then
     echo $ac_n "checking if Linux 2.4 kernel header files are installed""... $ac_c" 1>&6
-echo "configure:7622: checking if Linux 2.4 kernel header files are installed" >&5
+echo "configure:7631: checking if Linux 2.4 kernel header files are installed" >&5
     # hold on to your hats...
     if test "$ac_cv_header_linux_netfilter_ipv4_h" = "yes"; then
         LINUX_NETFILTER="yes"
@@ -7652,13 +7661,13 @@ if test -z "$USE_GNUREGEX" ; then
     esac
 fi
 echo $ac_n "checking if GNUregex needs to be compiled""... $ac_c" 1>&6
-echo "configure:7656: checking if GNUregex needs to be compiled" >&5
+echo "configure:7665: checking if GNUregex needs to be compiled" >&5
 if test -z "$USE_GNUREGEX"; then
 if test "$ac_cv_func_regcomp" = "no" || test "$USE_GNUREGEX" = "yes" ; then
 	USE_GNUREGEX="yes"
 else
 	cat > conftest.$ac_ext <<EOF
-#line 7662 "configure"
+#line 7671 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <regex.h>
@@ -7666,7 +7675,7 @@ int main() {
 regex_t t; regcomp(&t,"",0);
 ; return 0; }
 EOF
-if { (eval echo configure:7670: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:7679: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   USE_GNUREGEX="no"
 else
@@ -7697,12 +7706,12 @@ for ac_func in \
 
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:7701: checking for $ac_func" >&5
+echo "configure:7710: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 7706 "configure"
+#line 7715 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -7725,7 +7734,7 @@ $ac_func();
 
 ; return 0; }
 EOF
-if { (eval echo configure:7729: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:7738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -7753,12 +7762,12 @@ done
 
 
 echo $ac_n "checking Default FD_SETSIZE value""... $ac_c" 1>&6
-echo "configure:7757: checking Default FD_SETSIZE value" >&5
+echo "configure:7766: checking Default FD_SETSIZE value" >&5
 if test "$cross_compiling" = yes; then
   DEFAULT_FD_SETSIZE=256
 else
   cat > conftest.$ac_ext <<EOF
-#line 7762 "configure"
+#line 7771 "configure"
 #include "confdefs.h"
 
 #if HAVE_STDIO_H
@@ -7783,7 +7792,7 @@ main() {
 }
 
 EOF
-if { (eval echo configure:7787: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:7796: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   DEFAULT_FD_SETSIZE=`cat conftestval`
 else
@@ -7802,7 +7811,7 @@ EOF
 
 
 echo $ac_n "checking Maximum number of filedescriptors we can open""... $ac_c" 1>&6
-echo "configure:7806: checking Maximum number of filedescriptors we can open" >&5
+echo "configure:7815: checking Maximum number of filedescriptors we can open" >&5
 TLDFLAGS="$LDFLAGS"
 case $host in
 i386-unknown-freebsd*)
@@ -7814,7 +7823,7 @@ if test "$cross_compiling" = yes; then
   SQUID_MAXFD=256
 else
   cat > conftest.$ac_ext <<EOF
-#line 7818 "configure"
+#line 7827 "configure"
 #include "confdefs.h"
 
 #include <stdio.h>
@@ -7874,7 +7883,7 @@ main() {
 }
 
 EOF
-if { (eval echo configure:7878: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:7887: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   SQUID_MAXFD=`cat conftestval`
 else
@@ -7901,12 +7910,12 @@ fi
 LDFLAGS="$TLDFLAGS"
 
 echo $ac_n "checking Default UDP send buffer size""... $ac_c" 1>&6
-echo "configure:7905: checking Default UDP send buffer size" >&5
+echo "configure:7914: checking Default UDP send buffer size" >&5
 if test "$cross_compiling" = yes; then
   SQUID_UDP_SO_SNDBUF=16384
 else
   cat > conftest.$ac_ext <<EOF
-#line 7910 "configure"
+#line 7919 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -7927,7 +7936,7 @@ main ()
 }
 
 EOF
-if { (eval echo configure:7931: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:7940: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   SQUID_UDP_SO_SNDBUF=`cat conftestval`
 else
@@ -7946,12 +7955,12 @@ EOF
 
 
 echo $ac_n "checking Default UDP receive buffer size""... $ac_c" 1>&6
-echo "configure:7950: checking Default UDP receive buffer size" >&5
+echo "configure:7959: checking Default UDP receive buffer size" >&5
 if test "$cross_compiling" = yes; then
   SQUID_UDP_SO_RCVBUF=16384
 else
   cat > conftest.$ac_ext <<EOF
-#line 7955 "configure"
+#line 7964 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -7972,7 +7981,7 @@ main ()
 }
 
 EOF
-if { (eval echo configure:7976: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:7985: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   SQUID_UDP_SO_RCVBUF=`cat conftestval`
 else
@@ -7991,12 +8000,12 @@ EOF
 
 
 echo $ac_n "checking Default TCP send buffer size""... $ac_c" 1>&6
-echo "configure:7995: checking Default TCP send buffer size" >&5
+echo "configure:8004: checking Default TCP send buffer size" >&5
 if test "$cross_compiling" = yes; then
   SQUID_TCP_SO_SNDBUF=16384
 else
   cat > conftest.$ac_ext <<EOF
-#line 8000 "configure"
+#line 8009 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -8017,7 +8026,7 @@ main ()
 }
 
 EOF
-if { (eval echo configure:8021: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8030: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   SQUID_TCP_SO_SNDBUF=`cat conftestval`
 else
@@ -8036,12 +8045,12 @@ EOF
 
 
 echo $ac_n "checking Default TCP receive buffer size""... $ac_c" 1>&6
-echo "configure:8040: checking Default TCP receive buffer size" >&5
+echo "configure:8049: checking Default TCP receive buffer size" >&5
 if test "$cross_compiling" = yes; then
   SQUID_TCP_SO_RCVBUF=16384
 else
   cat > conftest.$ac_ext <<EOF
-#line 8045 "configure"
+#line 8054 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -8062,7 +8071,7 @@ main ()
 }
 
 EOF
-if { (eval echo configure:8066: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8075: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   SQUID_TCP_SO_RCVBUF=`cat conftestval`
 else
@@ -8081,19 +8090,19 @@ EOF
 
 
 echo $ac_n "checking if sys_errlist is already defined""... $ac_c" 1>&6
-echo "configure:8085: checking if sys_errlist is already defined" >&5
+echo "configure:8094: checking if sys_errlist is already defined" >&5
 if eval "test \"`echo '$''{'ac_cv_needs_sys_errlist'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8090 "configure"
+#line 8099 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 int main() {
 char *s = sys_errlist;
 ; return 0; }
 EOF
-if { (eval echo configure:8097: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8106: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_needs_sys_errlist="no"
 else
@@ -8115,16 +8124,16 @@ EOF
 fi
 
 echo $ac_n "checking for libresolv _dns_ttl_ hack""... $ac_c" 1>&6
-echo "configure:8119: checking for libresolv _dns_ttl_ hack" >&5
+echo "configure:8128: checking for libresolv _dns_ttl_ hack" >&5
 cat > conftest.$ac_ext <<EOF
-#line 8121 "configure"
+#line 8130 "configure"
 #include "confdefs.h"
 extern int _dns_ttl_;
 int main() {
 return _dns_ttl_;
 ; return 0; }
 EOF
-if { (eval echo configure:8128: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:8137: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   echo "$ac_t""yes" 1>&6
 cat >> confdefs.h <<\EOF
@@ -8140,12 +8149,12 @@ fi
 rm -f conftest*
 
 echo $ac_n "checking if inet_ntoa() actually works""... $ac_c" 1>&6
-echo "configure:8144: checking if inet_ntoa() actually works" >&5
+echo "configure:8153: checking if inet_ntoa() actually works" >&5
 if test "$cross_compiling" = yes; then
   INET_NTOA_RESULT="broken"
 else
   cat > conftest.$ac_ext <<EOF
-#line 8149 "configure"
+#line 8158 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -8164,7 +8173,7 @@ main ()
 }
 
 EOF
-if { (eval echo configure:8168: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
+if { (eval echo configure:8177: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null
 then
   INET_NTOA_RESULT=`cat conftestval`
 else
@@ -8190,9 +8199,9 @@ fi
 
 if test "$ac_cv_header_sys_statvfs_h" = "yes" ; then
 echo $ac_n "checking for working statvfs() interface""... $ac_c" 1>&6
-echo "configure:8194: checking for working statvfs() interface" >&5
+echo "configure:8203: checking for working statvfs() interface" >&5
 cat > conftest.$ac_ext <<EOF
-#line 8196 "configure"
+#line 8205 "configure"
 #include "confdefs.h"
 
 #include <stdlib.h>
@@ -8209,7 +8218,7 @@ statvfs("/tmp", &sfs);
 
 ; return 0; }
 EOF
-if { (eval echo configure:8213: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8222: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_func_statvfs=yes
 else
@@ -8229,12 +8238,12 @@ fi
 fi
 
 echo $ac_n "checking for _res.nsaddr_list""... $ac_c" 1>&6
-echo "configure:8233: checking for _res.nsaddr_list" >&5
+echo "configure:8242: checking for _res.nsaddr_list" >&5
 if eval "test \"`echo '$''{'ac_cv_have_res_nsaddr_list'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8238 "configure"
+#line 8247 "configure"
 #include "confdefs.h"
 
 #if HAVE_SYS_TYPES_H
@@ -8257,7 +8266,7 @@ int main() {
 _res.nsaddr_list[0];
 ; return 0; }
 EOF
-if { (eval echo configure:8261: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8270: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_have_res_nsaddr_list="yes"
 else
@@ -8279,12 +8288,12 @@ fi
 
 if test $ac_cv_have_res_nsaddr_list = "no" ; then
 echo $ac_n "checking for _res.ns_list""... $ac_c" 1>&6
-echo "configure:8283: checking for _res.ns_list" >&5
+echo "configure:8292: checking for _res.ns_list" >&5
 if eval "test \"`echo '$''{'ac_cv_have_res_ns_list'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 8288 "configure"
+#line 8297 "configure"
 #include "confdefs.h"
 
 #if HAVE_SYS_TYPES_H
@@ -8307,7 +8316,7 @@ int main() {
 _res.ns_list[0].addr;
 ; return 0; }
 EOF
-if { (eval echo configure:8311: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
+if { (eval echo configure:8320: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_have_res_ns_list="yes"
 else
diff -rupN squid-2.5.STABLE2/configure.in squid-2.5.STABLE3/configure.in
--- squid-2.5.STABLE2/configure.in	Mon Mar 17 12:00:14 2003
+++ squid-2.5.STABLE3/configure.in	Sun May 25 07:04:25 2003
@@ -3,15 +3,15 @@ dnl  Configuration input file for Squid
 dnl
 dnl  Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9)
 dnl
-dnl  $Id: configure.in,v 1.251.2.45 2003/03/17 18:46:45 hno Exp $
+dnl  $Id: configure.in,v 1.251.2.48 2003/05/25 12:56:47 hno Exp $
 dnl
 dnl
 dnl
 AC_INIT(src/main.c)
 AC_CONFIG_AUX_DIR(cfgaux)
-AM_INIT_AUTOMAKE(squid, 2.5.STABLE2)
+AM_INIT_AUTOMAKE(squid, 2.5.STABLE3)
 AM_CONFIG_HEADER(include/autoconf.h)
-AC_REVISION($Revision: 1.251.2.45 $)dnl
+AC_REVISION($Revision: 1.251.2.48 $)dnl
 AC_PREFIX_DEFAULT(/usr/local/squid)
 AM_MAINTAINER_MODE
 
@@ -594,6 +594,12 @@ if test -n "$USE_OPENSSL"; then
   if test -z "$SSLLIB"; then
     SSLLIB="-lcrypto" # for MD5 routines
   fi
+  dnl This is a workaround for RedHat 9 brain damage..
+  if test -d /usr/kerberos/include && test -z "$SSLLIBDIR" && test -f /usr/include/openssl/kssl.h; then
+    echo "OpenSSL depends on Kerberos"
+    SSLLIBDIR="/usr/kerberos/lib"
+    CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include"
+  fi
 fi
 if test -n "$SSLLIBDIR"; then
   SSLLIB="-L$SSLLIBDIR $SSLLIB"
@@ -1573,13 +1579,17 @@ dnl Please change your configure script.
 	*-ibm-aix*)
 		echo "Removing -lbsd for AIX..."
 		LIBS=`echo $LIBS | sed -e s/-lbsd//`
+		case "$host" in
 dnl From: mlaster@metavillage.com (Mike Laster)
 dnl AIX 4.1.4.x does not have header files for snprintf/vsnprintf
 dnl So using the internal versions generates a load of warnings
 dnl during compile.
-		echo "disabling snprintf/vsnprintf for $host"
-		ac_cv_func_snprintf=no
-		ac_cv_func_vsnprintf=no
+			*-ibm-aix4*)
+				echo "disabling snprintf/vsnprintf for $host"
+				ac_cv_func_snprintf=no
+				ac_cv_func_vsnprintf=no
+			;;
+		esac
 		;;
 	*m88k*)
 		CFLAGS="$CFLAGS -D_SQUID_MOTOROLA_"
diff -rupN squid-2.5.STABLE2/helpers/basic_auth/LDAP/squid_ldap_auth.8 squid-2.5.STABLE3/helpers/basic_auth/LDAP/squid_ldap_auth.8
--- squid-2.5.STABLE2/helpers/basic_auth/LDAP/squid_ldap_auth.8	Fri Oct  5 16:30:38 2001
+++ squid-2.5.STABLE3/helpers/basic_auth/LDAP/squid_ldap_auth.8	Thu May  8 14:15:55 2003
@@ -1,4 +1,4 @@
-.TH squid_ldap_auth 8 "25 September 2001" "Squid LDAP Auth"
+.TH squid_ldap_auth 8 "1 Mars 2003" "Squid LDAP Auth"
 .
 .SH NAME
 squid_ldap_auth - Squid LDAP authentication helper
@@ -68,6 +68,16 @@ This to limit the damage in case someone
 Squid configuration file.
 .
 .TP
+.BI "-D " "binddn " "-W " "secretfile "
+The DN and the name of a file containing the password
+to bind as while performing searches. 
+.IP
+Less insecure version of the former parameter pair with two advantages:
+The password does not occur in the process listing, 
+and the password is not being compromised if someone gets the squid 
+configuration file without getting the secretfile.
+.
+.TP
 .BI -P
 Use a persistent LDAP connection. Normally the LDAP connection
 is only open while validating a username to preserve resources
@@ -93,12 +103,32 @@ or only to
 the base object
 .
 .TP
+.BI -H " ldapuri"
+Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries)
+.
+.TP
 .BI -h " ldapserver"
 Specify the LDAP server to connect to
 .TP
 .BI -p " ldapport"
 Specify an alternate TCP port where the ldap server is listening if
 other than the default LDAP port 389.
+.
+.TP
+.BI -Z
+Use TLS encryption
+.
+.TP
+.BI -S certpath
+Enable LDAP over SSL (requires Netscape LDAP API libraries)
+.
+.TP
+.BI -c connect_timeout
+Specify timeout used when connecting to LDAP servers (requires
+Netscape LDAP API libraries)
+.TP
+.BI -t search_timeout
+Specify time limit on LDAP search operations
 .
 .SH EXAMPLES
 For directories using the RFC2307 layout with a single domain, all
diff -rupN squid-2.5.STABLE2/helpers/basic_auth/LDAP/squid_ldap_auth.c squid-2.5.STABLE3/helpers/basic_auth/LDAP/squid_ldap_auth.c
--- squid-2.5.STABLE2/helpers/basic_auth/LDAP/squid_ldap_auth.c	Sat Mar  1 07:55:26 2003
+++ squid-2.5.STABLE3/helpers/basic_auth/LDAP/squid_ldap_auth.c	Sat May 10 14:17:18 2003
@@ -1,20 +1,28 @@
 /*
  * squid_ldap_auth: authentication via ldap for squid proxy server
  * 
- * Maintainer: Henrik Nordstrom <hno@squid-cache.org>
+ * Authors:
+ * Henrik Nordstrom
+ * hno@squid-cache.org
  *
- * Author: Glen Newton 
+ * Glen Newton 
  * glen.newton@nrc.ca
  * Advanced Services 
  * CISTI
  * National Research Council
+ *
+ * with contributions from others mentioned in the Changes section below
  * 
  * Usage: squid_ldap_auth -b basedn [-s searchscope]
  *                        [-f searchfilter] [-D binddn -w bindpasswd]
  *                        [-u attr] [-h host] [-p port] [-P] [-R] [ldap_server_name[:port]] ...
  * 
  * Dependencies: You need to get the OpenLDAP libraries
- * from http://www.openldap.org
+ * from http://www.openldap.org or another compatible LDAP C-API
+ * implementation.
+ *
+ * If you want to make a TLS enabled connection you will also need the
+ * OpenSSL libraries linked into openldap. See http://www.openssl.org/
  * 
  * License: squid_ldap_auth is free software; you can redistribute it 
  * and/or modify it under the terms of the GNU General Public License 
@@ -22,6 +30,18 @@
  * or (at your option) any later version.
  *
  * Changes:
+ * 2003-03-01: David J N Begley
+ * 	       - Support for Netscape API method of ldap over SSL
+ * 	         connections
+ * 	       - Timeout option for better recovery when using
+ * 	         multiple LDAP servers
+ * 2003-03-01: Christoph Lechleitner <lech@ibcl.at>
+ *             - Added -W option to read bindpasswd from file
+ * 2003-03-01: Juerg Michel
+ *             - Added support for ldap URI via the -H option
+ *               (requires OpenLDAP)
+ * 2001-12-12: Michael Cunningham <m.cunningham@xpedite.com>
+ *             - Added TLS support and partial ldap version 3 support. 
  * 2001-10-04: Henrik Nordstrom <hno@squid-cache.org>
  *             - Be consistent with the other helpers in how
  *               spaces are managed. If there is space characters
@@ -55,18 +75,31 @@
 
 #include "util.h"
 
-/* Change this to your search base */
-static char *basedn;
-static char *searchfilter = NULL;
-static char *binddn = NULL;
-static char *bindpasswd = NULL;
-static char *userattr = "uid";
+#define PROGRAM_NAME "squid_ldap_auth"
+
+/* Global options */
+static const char *basedn;
+static const char *searchfilter = NULL;
+static const char *binddn = NULL;
+static const char *bindpasswd = NULL;
+static const char *userattr = "uid";
 static int searchscope = LDAP_SCOPE_SUBTREE;
 static int persistent = 0;
 static int noreferrals = 0;
 static int aliasderef = LDAP_DEREF_NEVER;
+#if defined(NETSCAPE_SSL)
+static const char *sslpath = NULL;
+static int sslinit = 0;
+#endif
+static int connect_timeout = 0;
+static int timelimit = LDAP_NO_LIMIT;
 
-static int checkLDAP(LDAP * ld, char *userid, char *password);
+/* Added for TLS support and version 3 */
+static int use_tls = 0;
+static int version = -1;
+
+static int checkLDAP(LDAP * ld, const char *userid, const char *password);
+static int readSecret(const char *filename);
 
 /* Yuck.. we need to glue to different versions of the API */
 
@@ -89,7 +122,29 @@ squid_ldap_set_referrals(LDAP * ld, int 
     int *value = referrals ? LDAP_OPT_ON : LDAP_OPT_OFF;
     ldap_set_option(ld, LDAP_OPT_REFERRALS, value);
 }
-
+static void
+squid_ldap_set_timelimit(LDAP *ld, int timelimit)
+{
+    ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
+}
+static void
+squid_ldap_set_connect_timeout(LDAP *ld, int timelimit)
+{
+#if defined(LDAP_OPT_NETWORK_TIMEOUT)
+    struct timeval tv;
+    tv.tv_sec = timelimit;
+    tv.tv_usec = 0;
+    ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+#elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
+    timelimit *= 1000;
+    ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &timelimit);
+#endif
+}
+static void
+squid_ldap_memfree(char *p)
+{
+    ldap_memfree(p);
+}
 #else
 static int
 squid_ldap_errno(LDAP * ld)
@@ -109,6 +164,26 @@ squid_ldap_set_referrals(LDAP * ld, int 
     else
 	ld->ld_options &= ~LDAP_OPT_REFERRALS;
 }
+static void squid_ldap_set_timelimit(LDAP *ld, int timelimit)
+{
+    ld->ld_timelimit = timelimit;
+}
+static void
+squid_ldap_set_connect_timeout(LDAP *ld, int timelimit)
+{
+    fprintf(stderr, "Connect timeouts not supported in your LDAP library\n");
+}
+static void
+squid_ldap_memfree(char *p)
+{
+    free(p);
+}
+#endif
+
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+  #if LDAP_VENDOR_VERSION > 194
+    #define HAS_URI_SUPPORT 1
+  #endif
 #endif
 
 int
@@ -124,11 +199,13 @@ main(int argc, char **argv)
     setbuf(stdout, NULL);
 
     while (argc > 1 && argv[1][0] == '-') {
-	char *value = "";
+	const char *value = "";
 	char option = argv[1][1];
 	switch (option) {
 	case 'P':
 	case 'R':
+	case 'z':
+	case 'Z':
 	    break;
 	default:
 	    if (strlen(argv[1]) > 2) {
@@ -144,6 +221,12 @@ main(int argc, char **argv)
 	argv++;
 	argc--;
 	switch (option) {
+	case 'H':
+#if !HAS_URI_SUPPORT
+	    fprintf(stderr, "ERROR: Your LDAP library does not have URI support\n");
+	    exit(1);
+#endif
+	    /* Fall thru to -h */
 	case 'h':
 	    if (ldapServer) {
 		int len = strlen(ldapServer) + 1 + strlen(value) + 1;
@@ -172,10 +255,26 @@ main(int argc, char **argv)
 	    else if (strcmp(value, "sub") == 0)
 		searchscope = LDAP_SCOPE_SUBTREE;
 	    else {
-		fprintf(stderr, "squid_ldap_auth: ERROR: Unknown search scope '%s'\n", value);
+		fprintf(stderr, PROGRAM_NAME ": ERROR: Unknown search scope '%s'\n", value);
 		exit(1);
 	    }
 	    break;
+	case 'E':
+#if defined(NETSCAPE_SSL)
+		sslpath = value;
+		if (port == LDAP_PORT)
+		    port = LDAPS_PORT;
+#else
+		fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n");
+		exit(1);
+#endif
+		break;
+	case 'c':
+		connect_timeout = atoi(value);
+		break;
+	case 't':
+		timelimit = atoi(value);
+		break;
 	case 'a':
 	    if (strcmp(value, "never") == 0)
 		aliasderef = LDAP_DEREF_NEVER;
@@ -186,7 +285,7 @@ main(int argc, char **argv)
 	    else if (strcmp(value, "find") == 0)
 		aliasderef = LDAP_DEREF_FINDING;
 	    else {
-		fprintf(stderr, "squid_ldap_auth: ERROR: Unknown alias dereference method '%s'\n", value);
+		fprintf(stderr, PROGRAM_NAME ": ERROR: Unknown alias dereference method '%s'\n", value);
 		exit(1);
 	    }
 	    break;
@@ -196,6 +295,9 @@ main(int argc, char **argv)
 	case 'w':
 	    bindpasswd = value;
 	    break;
+	case 'W':
+	    readSecret (value);
+	    break;
 	case 'P':
 	    persistent = !persistent;
 	    break;
@@ -205,8 +307,32 @@ main(int argc, char **argv)
 	case 'R':
 	    noreferrals = !noreferrals;
 	    break;
+#ifdef LDAP_VERSION3
+	case 'v':
+	    switch( atoi(value) ) {
+	    case 2:
+		version = LDAP_VERSION2;
+		break;
+	    case 3:
+		version = LDAP_VERSION3;
+		break;
+	    default:
+		fprintf( stderr, "Protocol version should be 2 or 3\n");
+		exit(1);
+	    }
+	    break;
+	case 'Z':
+	    if ( version == LDAP_VERSION2 ) {
+		fprintf( stderr, "TLS (-Z) is incompatible with version %d\n",
+			version);
+		exit(1);
+	    }
+	    version = LDAP_VERSION3;
+	    use_tls = 1;
+	    break;
+#endif
 	default:
-	    fprintf(stderr, "squid_ldap_auth: ERROR: Unknown command line option '%c'\n", option);
+	    fprintf(stderr, PROGRAM_NAME ": ERROR: Unknown command line option '%c'\n", option);
 	    exit(1);
 	}
     }
@@ -226,24 +352,37 @@ main(int argc, char **argv)
 	argv++;
     }
     if (!ldapServer)
-	ldapServer = "localhost";
+	ldapServer = strdup("localhost");
 
     if (!basedn) {
-	fprintf(stderr, "Usage: squid_ldap_auth -b basedn [options] [ldap_server_name[:port]]...\n\n");
+	fprintf(stderr, "Usage: " PROGRAM_NAME " -b basedn [options] [ldap_server_name[:port]]...\n\n");
 	fprintf(stderr, "\t-b basedn (REQUIRED)\tbase dn under which to search\n");
 	fprintf(stderr, "\t-f filter\t\tsearch filter to locate user DN\n");
 	fprintf(stderr, "\t-u userattr\t\tusername DN attribute\n");
 	fprintf(stderr, "\t-s base|one|sub\t\tsearch scope\n");
 	fprintf(stderr, "\t-D binddn\t\tDN to bind as to perform searches\n");
 	fprintf(stderr, "\t-w bindpasswd\t\tpassword for binddn\n");
+	fprintf(stderr, "\t-W secretfile\t\tread password for binddn from file secretfile\n");
+#if HAS_URI_SUPPORT
+	fprintf(stderr, "\t-H URI\t\t\tLDAPURI (defaults to ldap://localhost)\n");
+#endif
 	fprintf(stderr, "\t-h server\t\tLDAP server (defaults to localhost)\n");
 	fprintf(stderr, "\t-p port\t\t\tLDAP server port\n");
 	fprintf(stderr, "\t-P\t\t\tpersistent LDAP connection\n");
+#if defined(NETSCAPE_SSL)
+	fprintf(stderr, "\t-E sslcertpath\t\tenable LDAP over SSL\n");
+#endif
+	fprintf(stderr, "\t-c timeout\t\tconnect timeout\n");
+	fprintf(stderr, "\t-t timelimit\t\tsearch time limit\n");
 	fprintf(stderr, "\t-R\t\t\tdo not follow referrals\n");
 	fprintf(stderr, "\t-a never|always|search|find\n\t\t\t\twhen to dereference aliases\n");
+#ifdef LDAP_VERSION3
+	fprintf(stderr, "\t-v 2|3\t\t\tLDAP version\n");
+	fprintf(stderr, "\t-Z\t\t\tTLS encrypt the LDAP connection, requires LDAP version 3\n");
+#endif
 	fprintf(stderr, "\n");
 	fprintf(stderr, "\tIf no search filter is specified, then the dn <userattr>=user,basedn\n\twill be used (same as specifying a search filter of '<userattr>=',\n\tbut quicker as as there is no need to search for the user DN)\n\n");
-	fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd options\n\n");
+	fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n");
 	exit(1);
     }
     while (fgets(buf, 256, stdin) != NULL) {
@@ -259,11 +398,59 @@ main(int argc, char **argv)
 	tryagain = 1;
       recover:
 	if (ld == NULL) {
+#if HAS_URI_SUPPORT
+	    if (strstr(ldapServer, "://") != NULL) {
+		int rc = ldap_initialize( &ld, ldapServer );
+		if( rc != LDAP_SUCCESS ) {
+		    fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer);
+		    break;
+		}
+	    } else
+#endif
+#if NETSCAPE_SSL
+	    if (sslpath) {
+		if ( !sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) {
+		    fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n",
+			    sslpath);
+		    exit(1);
+		} else {
+		    sslinit++;
+		}
+		if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) {
+		    fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n",
+			    ldapServer, port);
+		    exit(1);
+		}
+	    } else
+#endif
 	    if ((ld = ldap_init(ldapServer, port)) == NULL) {
 		fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n",
 		    ldapServer, port);
 		exit(1);
 	    }
+
+	    if (connect_timeout)
+		squid_ldap_set_connect_timeout(ld, connect_timeout);
+
+#ifdef LDAP_VERSION3
+	    if (version == -1 ) {
+                version = LDAP_VERSION2;
+	    }
+
+	    if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )
+		    != LDAP_OPT_SUCCESS )
+	    {
+                fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION %d\n",
+                        version );
+                exit(1);
+	    }
+
+	    if ( use_tls && ( version == LDAP_VERSION3 ) && ( ldap_start_tls_s( ld, NULL, NULL ) == LDAP_SUCCESS )) {
+                fprintf( stderr, "Could not Activate TLS connection\n");
+                exit(1);
+	    }
+#endif
+	    squid_ldap_set_timelimit(ld, timelimit);
 	    squid_ldap_set_referrals(ld, !noreferrals);
 	    squid_ldap_set_aliasderef(ld, aliasderef);
 	}
@@ -289,7 +476,7 @@ main(int argc, char **argv)
 }
 
 static int
-checkLDAP(LDAP * ld, char *userid, char *password)
+checkLDAP(LDAP * ld, const char *userid, const char *password)
 {
     char dn[256];
 
@@ -311,7 +498,7 @@ checkLDAP(LDAP * ld, char *userid, char 
 	if (binddn) {
 	    rc = ldap_simple_bind_s(ld, binddn, bindpasswd);
 	    if (rc != LDAP_SUCCESS) {
-		fprintf(stderr, "squid_ldap_auth: WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc));
+		fprintf(stderr, PROGRAM_NAME ": WARNING, could not bind to binddn '%s'\n", ldap_err2string(rc));
 		return 1;
 	    }
 	}
@@ -323,7 +510,15 @@ checkLDAP(LDAP * ld, char *userid, char 
 		 * are disabled.
 		 */
 	    } else {
-		fprintf(stderr, "squid_ldap_auth: WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
+		fprintf(stderr, PROGRAM_NAME ": WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
+#if defined(NETSCAPE_SSL)
+		if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) {
+		    int sslerr = PORT_GetError();
+		    fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr));
+		}
+#endif
+		ldap_msgfree(res);
+		return 1;
 	    }
 	}
 	entry = ldap_first_entry(ld, res);
@@ -333,12 +528,12 @@ checkLDAP(LDAP * ld, char *userid, char 
 	}
 	userdn = ldap_get_dn(ld, entry);
 	if (!userdn) {
-	    fprintf(stderr, "squid_ldap_auth: ERROR, could not get user DN for '%s'\n", userid);
+	    fprintf(stderr, PROGRAM_NAME ": ERROR, could not get user DN for '%s'\n", userid);
 	    ldap_msgfree(res);
 	    return 1;
 	}
 	snprintf(dn, sizeof(dn), "%s", userdn);
-	free(userdn);
+	squid_ldap_memfree(userdn);
 	ldap_msgfree(res);
     } else {
 	snprintf(dn, sizeof(dn), "%s=%s,%s", userattr, userid, basedn);
@@ -348,4 +543,39 @@ checkLDAP(LDAP * ld, char *userid, char 
 	return 1;
 
     return 0;
+}
+
+int readSecret(const char *filename)
+{
+  char  buf[BUFSIZ];
+  char  *e = NULL;
+  FILE  *f;
+  char  *passwd = NULL;
+
+  if(!(f=fopen(filename, "r"))) {
+    fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename);
+    return 1;
+  }
+
+  if( !fgets(buf, sizeof(buf)-1, f)) {
+    fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename);
+    fclose(f);
+    return 1;
+  }
+
+  /* strip whitespaces on end */
+  if((e = strrchr(buf, '\n'))) *e = 0;
+  if((e = strrchr(buf, '\r'))) *e = 0;
+
+  passwd = (char *) calloc(sizeof(char), strlen(buf)+1);
+  if (!passwd) {
+    fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); 
+    exit(1);
+  }
+  strcpy(passwd, buf);
+  bindpasswd = passwd;
+
+  fclose(f);
+
+  return 0;
 }
diff -rupN squid-2.5.STABLE2/helpers/basic_auth/MSNT/usersfile.c squid-2.5.STABLE3/helpers/basic_auth/MSNT/usersfile.c
--- squid-2.5.STABLE2/helpers/basic_auth/MSNT/usersfile.c	Sat Jul  6 14:56:07 2002
+++ squid-2.5.STABLE3/helpers/basic_auth/MSNT/usersfile.c	Tue May  6 01:55:46 2003
@@ -107,9 +107,9 @@ Read_usersfile(const char *path, usersfi
 	    uf->names = calloc(uf->Alloc, sizeof(*uf->names));
 	} else if (uf->Inuse == uf->Alloc) {
 	    uf->Alloc = uf->Alloc << 1;
-	    uf->names = realloc(uf->names, uf->Alloc);
+	    uf->names = realloc(uf->names, uf->Alloc * sizeof(*uf->names));
 	    /* zero out the newly allocated memory */
-	    memset(uf->names[uf->Alloc >> 1],
+	    memset(&uf->names[uf->Alloc >> 1],
 		'\0',
 		(uf->Alloc >> 1) * sizeof(*uf->names));
 	}
@@ -170,6 +170,9 @@ Check_forfilechange(usersfile * uf)
 
     /* Stat the allowed users file. If it cannot be accessed, return. */
 
+    if (uf->path == NULL)
+	return;
+
     if (stat(uf->path, &ChkBuf) < 0) {
 	if (errno == ENOENT) {
 	    uf->LMT = 0;
@@ -186,6 +189,6 @@ Check_forfilechange(usersfile * uf)
     /*
      * The file changed, so re-read it.
      */
-    syslog(LOG_INFO, "Check_forchange: Reloading user list.");
+    syslog(LOG_INFO, "Check_forfilechange: Reloading user list '%s'.", uf->path);
     Read_usersfile(NULL, uf);
 }
diff -rupN squid-2.5.STABLE2/helpers/basic_auth/SMB/smb_auth.c squid-2.5.STABLE3/helpers/basic_auth/SMB/smb_auth.c
--- squid-2.5.STABLE2/helpers/basic_auth/SMB/smb_auth.c	Sun Aug 11 19:13:42 2002
+++ squid-2.5.STABLE3/helpers/basic_auth/SMB/smb_auth.c	Tue May 13 02:18:18 2003
@@ -215,6 +215,9 @@ main(int argc, char *argv[])
 	pass = s + 1;
 	domname = NULL;
 
+	rfc1738_unescape(user);
+	rfc1738_unescape(pass);
+
 	if ((s = strchr(user, '\\')) != NULL) {
 	    *s = '\0';
 	    domname = user;
@@ -236,8 +239,6 @@ main(int argc, char *argv[])
 	    (void) printf("ERR\n");
 	    continue;
 	}
-	rfc1738_unescape(user);
-	rfc1738_unescape(pass);
 	(void) fprintf(p, "%s\n", dom->name);
 	(void) fprintf(p, "%s\n", dom->passthrough);
 	(void) fprintf(p, "%s\n", dom->nmbaddr);
diff -rupN squid-2.5.STABLE2/helpers/basic_auth/multi-domain-NTLM/smb_auth.pl squid-2.5.STABLE3/helpers/basic_auth/multi-domain-NTLM/smb_auth.pl
--- squid-2.5.STABLE2/helpers/basic_auth/multi-domain-NTLM/smb_auth.pl	Sun Aug 11 19:13:47 2002
+++ squid-2.5.STABLE3/helpers/basic_auth/multi-domain-NTLM/smb_auth.pl	Sat May 17 09:38:43 2003
@@ -1,5 +1,5 @@
 #!/usr/bin/perl
-# $Id: smb_auth.pl,v 1.2.2.1 2002/08/12 01:13:47 hno Exp $
+# $Id: smb_auth.pl,v 1.2.2.2 2003/05/17 15:38:43 hno Exp $
 
 #if you define this, debugging output will be printed to STDERR.
 #$debug=1;
@@ -38,7 +38,8 @@ use Authen::Smb;
 
 $|=1;
 while (<>) {
-	if (! m;([^\\]+)(\\|/|%2f|%5c)(\S+)\s(.*); ) { #parse the line
+	chomp;
+	if (! m;^(\S+)(/|%5c)(\S+)\s(\S+)$; ) { #parse the line
 		print "ERR\n";
 		next;
 	}
diff -rupN squid-2.5.STABLE2/helpers/external_acl/winbind_group/Makefile.am squid-2.5.STABLE3/helpers/external_acl/winbind_group/Makefile.am
--- squid-2.5.STABLE2/helpers/external_acl/winbind_group/Makefile.am	Tue Feb 11 07:35:14 2003
+++ squid-2.5.STABLE3/helpers/external_acl/winbind_group/Makefile.am	Fri May 16 08:35:48 2003
@@ -1,11 +1,11 @@
 #
 #  Makefile for the wb_group external_acl helper
 #
-#  $Id: Makefile.am,v 1.2.2.3 2003/02/11 14:35:14 hno Exp $
+#  $Id: Makefile.am,v 1.2.2.4 2003/05/16 14:35:48 hno Exp $
 #
 
 libexec_PROGRAMS = wb_group
-wb_group_SOURCES = wb_check_group.c wb_common.c wbntlm.h
+wb_group_SOURCES = wb_check_group.c wb_common.c wbntlm.h wb_common.h
 EXTRA_DIST = readme.txt
 INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \
     -I$(top_srcdir)/src -I@SAMBASOURCES@
diff -rupN squid-2.5.STABLE2/helpers/external_acl/winbind_group/Makefile.in squid-2.5.STABLE3/helpers/external_acl/winbind_group/Makefile.in
--- squid-2.5.STABLE2/helpers/external_acl/winbind_group/Makefile.in	Tue Feb 11 19:02:50 2003
+++ squid-2.5.STABLE3/helpers/external_acl/winbind_group/Makefile.in	Fri May 16 18:16:14 2003
@@ -16,7 +16,7 @@
 #
 #  Makefile for the wb_group external_acl helper
 #
-#  $Id: Makefile.in,v 1.1.2.4 2003/02/12 02:02:50 hno Exp $
+#  $Id: Makefile.in,v 1.1.2.5 2003/05/17 00:16:14 hno Exp $
 #
 
 SHELL = @SHELL@
@@ -119,7 +119,7 @@ install_sh = @install_sh@
 makesnmplib = @makesnmplib@
 
 libexec_PROGRAMS = wb_group
-wb_group_SOURCES = wb_check_group.c wb_common.c wbntlm.h
+wb_group_SOURCES = wb_check_group.c wb_common.c wbntlm.h wb_common.h
 EXTRA_DIST = readme.txt
 INCLUDES = -I. -I$(top_builddir)/include -I$(top_srcdir)/include \
     -I$(top_srcdir)/src -I@SAMBASOURCES@
diff -rupN squid-2.5.STABLE2/helpers/external_acl/winbind_group/readme.txt squid-2.5.STABLE3/helpers/external_acl/winbind_group/readme.txt
--- squid-2.5.STABLE2/helpers/external_acl/winbind_group/readme.txt	Sun Sep  8 03:26:36 2002
+++ squid-2.5.STABLE3/helpers/external_acl/winbind_group/readme.txt	Sun May 11 06:51:49 2003
@@ -9,17 +9,22 @@ It reads from the standard input the dom
 and tries to match it against the groups membership of the specified
 username.
 
-For Winbindd configuration, look the Squid winbind authenticators
-instructions.
+Before compile or configure it, look at the Squid winbind authenticators
+instructions: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5
+
+When used in Windows 2000 domains, permissions compatible with pre-Windows 
+2000 servers are required. See the Q257988 Microsoft KB article for more
+details.
 
 
 ==============
 Program Syntax
 ==============
 
-wb_group [-d][-h]
+wb_group [-c][-d][-h]
 
--d enable debug mode
+-c use case insensitive compare
+-d enable debugging
 -h this message
 
 
@@ -38,12 +43,24 @@ http_access deny all
 In the previous example all validated NT users member of ProxyUsers Global 
 domain group are allowed to use the cache.
 
-Groups with spaces in name must be quoted, for example "Domain Users"
+Groups name can be specified in both domain-qualified group notation
+(DOMAIN\Groupname) or simple group name notation.
 
-NOTE: the group name comparation is case sensitive, so group name
-must be specified with same case as in the NT/2000 Domain.
+Groups with spaces in name, for example "Domain Users", must be quoted and
+the acl data ("Domain Users") must be placed into a separate file included
+by specifying "/path/to/file". The previous example will be:
 
-Refer to Squid documentation for the more details on squid.conf.
+acl ProxyUsers external NT_global_group "/usr/local/squid/etc/DomainUsers"
+
+and the DomainUsers files will contain only the following line:
+
+"Domain Users"
+
+NOTE: the standard group name comparation is case sensitive, so group name
+must be specified with same case as in the NT/2000 Domain.
+It's possible to enable not case sensitive group name comparation (-c),
+but on on some non - English locales, the results can be unexpected. 
+For details see toupper man page, BUGS section.
 
 
 =======
@@ -62,6 +79,9 @@ Test that entering no details does not r
 Test that entering an invalid username and group results in an ERR message.
 Test that entering an valid username and group results in an OK message.
 
+To check winbind functionality use wbinfo provided with Samba, 
+try -t, -g and -r options.
+
 --
 Serassio Guido
-squidnt@serassio.it
+guido.serassio@acmeconsulting.it
diff -rupN squid-2.5.STABLE2/helpers/external_acl/winbind_group/wb_check_group.c squid-2.5.STABLE3/helpers/external_acl/winbind_group/wb_check_group.c
--- squid-2.5.STABLE2/helpers/external_acl/winbind_group/wb_check_group.c	Tue Feb 11 07:35:14 2003
+++ squid-2.5.STABLE3/helpers/external_acl/winbind_group/wb_check_group.c	Sun May 11 06:51:49 2003
@@ -1,9 +1,56 @@
 /*
- * $Id: wb_check_group.c,v 1.2.2.7 2003/02/11 14:35:14 hno Exp $
+ * winbind_group: lookup group membership in a Windows NT/2000 domain
+ *
+ * (C)2002,2003 Guido Serassio - Acme Consulting S.r.l.
+ *
+ * Authors:
+ *  Guido Serassio <guido.serassio@acmeconsulting.it>
+ *  Acme Consulting S.r.l., Italy <http://www.acmeconsulting.it>
+ *
+ * With contributions from others mentioned in the change history section
+ * below.
+ *
+ * In part based on check_group by Rodrigo Albani de Campos and wbinfo
+ * from Samba Project.
+ *
+ * Dependencies: Samba 2.2.4 or later with Winbindd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ *
+ * History:
+ *
+ * Version 1.20
+ * 10-05-2003 Roberto Moreda
+ *              Added support for domain-qualified group Microsoft notation
+ *              (DOMAIN\Groupname). 
+ *            Guido Serassio
+ *              More debug info.
+ *              Updated documentation.
+ * Version 1.10
+ * 26-04-2003 Guido Serassio
+ *              Added option for case insensitive group name comparation.
+ *              More debug info.
+ *              Updated documentation.
+ * 21-03-2003 Nicolas Chaillot
+ *              Segfault bug fix (Bugzilla #574)
+ * Version 1.0
+ * 02-07-2002 Guido Serassio
+ *              Using the main function from check_group and sections
+ *              from wbinfo wrote winbind_group
  *
  * This is a helper for the external ACL interface for Squid Cache
- * Copyright (C) 2002 Guido Serassio <squidnt@serassio.it>
- * Based on previous work of Rodrigo Albani de Campos
  * 
  * It reads from the standard input the domain username and a list of
  * groups and tries to match it against the groups membership of the
@@ -12,22 +59,6 @@
  * Returns `OK' if the user belongs to a group or `ERR' otherwise, as
  * described on http://devel.squid-cache.org/external_acl/config.html
  *
- * Requires Samba 2.2.4 or later with Winbindd.
- *
- *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation; either version 2 of the License, or
- *  (at your option) any later version.
- *
- *  This program is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with this program; if not, write to the Free Software
- *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
- *
  */
 #include "wbntlm.h"
 #include "util.h"
@@ -40,15 +71,13 @@
 
 #include "nsswitch/winbind_nss_config.h"
 #include "nsswitch/winbindd_nss.h"
+#include "wb_common.h"
 
 #define BUFSIZE 8192		/* the stdin buffer size */
 char debug_enabled=0;
-char *myname;
+const char *myname;
 pid_t mypid;
-
-NSS_STATUS winbindd_request(int req_type,
-			    struct winbindd_request *request,
-			    struct winbindd_response *response);
+static int use_case_insensitive_compare=0;
 
 static char *
 strwordtok(char *buf, char **t)
@@ -96,10 +125,15 @@ strwordtok(char *buf, char **t)
 }
 
 
+static int strCaseCmp (const char *s1, const char *s2)
+{
+    while (*s1 && toupper (*s1) == toupper (*s2)) s1++, s2++;
+    return *s1 - *s2;
+}
 
 /* Convert sid to string */
 
-char * wbinfo_lookupsid(char * group, char *sid)
+static char * wbinfo_lookupsid(char * group, char *sid)
 {
     struct winbindd_request request;
     struct winbindd_response response;
@@ -117,14 +151,15 @@ char * wbinfo_lookupsid(char * group, ch
 
     /* Display response */
 
-    strcpy(group,response.data.name.name);
+    strcpy(group,response.data.name.dom_name);
+    strcat(group,"\\");
+    strcat(group,response.data.name.name);
     return group;
 }
 
-
 /* Convert gid to sid */
 
-char * wbinfo_gid_to_sid(char * sid, gid_t gid)
+static char * wbinfo_gid_to_sid(char * sid, gid_t gid)
 {
     struct winbindd_request request;
     struct winbindd_response response;
@@ -150,9 +185,21 @@ char * wbinfo_gid_to_sid(char * sid, gid
 /* returns 0 on match, -1 if no match */
 static inline int strcmparray(const char *str, const char **array)
 {
+    const char *wgroup;
+
     while (*array) {
-    	debug("Windows group: %s, Squid group: %s\n", str, *array);
-	if (strcmp(str, *array) == 0)
+	/* If the groups we want to match are specified as 'group', and
+	 * not as 'DOMAIN\group' we strip the domain from the group to
+	 * match against */
+	if (strstr(*array,"\\") == NULL) {
+	    wgroup = strstr(str,"\\") + 1;
+	    debug("Stripping domain from group name %s\n", str); 
+	} else {
+	    wgroup = str;
+	}
+	
+    	debug("Windows group: %s, Squid group: %s\n", wgroup, *array);
+	if ((use_case_insensitive_compare ? strCaseCmp(wgroup, *array) : strcmp(wgroup, *array)) == 0)
 	    return 0;
 	array++;
     }
@@ -160,7 +207,7 @@ static inline int strcmparray(const char
 }
 
 /* returns 1 on success, 0 on failure */
-int
+static int
 Valid_Groups(char *UserName, const char **UserGroups)
 {
     struct winbindd_request request;
@@ -180,14 +227,18 @@ Valid_Groups(char *UserName, const char 
 
     result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
 
-    if (result != NSS_STATUS_SUCCESS)
+    if (result != NSS_STATUS_SUCCESS) {
+    	warn("Warning: Can't enum user groups.\n");
 	return match;
+    }	
 
     for (i = 0; i < response.data.num_entries; i++) {
     	if ((wbinfo_gid_to_sid(sid, (int)((gid_t *)response.extra_data)[i])) != NULL) {
     	    debug("SID: %s\n", sid);	
-	    if (wbinfo_lookupsid(group,sid) == NULL)
+	    if (wbinfo_lookupsid(group,sid) == NULL) {
+	    	warn("Can't lookup group SID.\n");
     		break;
+    	    }
 	    if (strcmparray(group, UserGroups) == 0) {
 		match = 1;
 		break;
@@ -204,20 +255,24 @@ Valid_Groups(char *UserName, const char 
 static void
 usage(char *program)
 {
-    fprintf(stderr,"Usage: %s [-d] [-h]\n"
+    fprintf(stderr,"Usage: %s [-c] [-d] [-h]\n"
+	    	" -c      use case insensitive compare\n"
 	    	" -d      enable debugging\n"
 		" -h      this message\n",
 		program);
 }
 
-void
+static void
 process_options(int argc, char *argv[])
 {
     int opt;
 
     opterr = 0;
-    while (-1 != (opt = getopt(argc, argv, "dh"))) {
+    while (-1 != (opt = getopt(argc, argv, "cdh"))) {
 	switch (opt) {
+	case 'c':
+	    use_case_insensitive_compare = 1;
+	    break;
 	case 'd':
 	    debug_enabled = 1;
 	    break;
@@ -265,6 +320,8 @@ main (int argc, char *argv[])
 
     debug("External ACL winbindd group helper build " __DATE__ ", " __TIME__
     " starting up...\n");
+    if (use_case_insensitive_compare)
+        debug("Warning: running in case insensitive mode !!!\n");
  
     /* Main Loop */
     while (fgets (buf, BUFSIZE, stdin))
@@ -294,6 +351,11 @@ main (int argc, char *argv[])
 	for (n = 0; (group = strwordtok(NULL, &t)) != NULL; n++)
 	    groups[n] = group;
 	groups[n] = NULL;
+
+        if (NULL == username) {
+            warn("Invalid Request\n");
+            goto error;
+        }
 
 	if (Valid_Groups(username, groups)) {
 	    printf ("OK\n");
diff -rupN squid-2.5.STABLE2/helpers/external_acl/winbind_group/wb_common.c squid-2.5.STABLE3/helpers/external_acl/winbind_group/wb_common.c
--- squid-2.5.STABLE2/helpers/external_acl/winbind_group/wb_common.c	Tue Feb 11 07:35:14 2003
+++ squid-2.5.STABLE3/helpers/external_acl/winbind_group/wb_common.c	Sun May 11 06:51:49 2003
@@ -26,6 +26,7 @@
 #include "nsswitch/winbind_nss_config.h"
 #include "nsswitch/winbindd_nss.h"
 #include "config.h"
+#include "wb_common.h"
 
 
 /* Global variables.  These are effectively the client state information */
diff -rupN squid-2.5.STABLE2/helpers/external_acl/winbind_group/wb_common.h squid-2.5.STABLE3/helpers/external_acl/winbind_group/wb_common.h
--- squid-2.5.STABLE2/helpers/external_acl/winbind_group/wb_common.h	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE3/helpers/external_acl/winbind_group/wb_common.h	Sun May 11 06:51:49 2003
@@ -0,0 +1,12 @@
+/* wb_common.c */
+void free_response(struct winbindd_response *response);
+void winbind_exclude_domain(const char *domain);
+void init_request(struct winbindd_request *request, int request_type);
+void init_response(struct winbindd_response *response);
+void close_sock(void);
+int winbind_open_pipe_sock(void);
+int write_sock(void *buffer, int count);
+int read_reply(struct winbindd_response *response);
+NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request);
+NSS_STATUS winbindd_get_response(struct winbindd_response *response);
+NSS_STATUS winbindd_request(int req_type, struct winbindd_request *request, struct winbindd_response *response);
diff -rupN squid-2.5.STABLE2/helpers/external_acl/winbind_group/wbntlm.h squid-2.5.STABLE3/helpers/external_acl/winbind_group/wbntlm.h
--- squid-2.5.STABLE2/helpers/external_acl/winbind_group/wbntlm.h	Fri Jul 12 02:33:15 2002
+++ squid-2.5.STABLE3/helpers/external_acl/winbind_group/wbntlm.h	Sun May 11 06:51:49 2003
@@ -38,8 +38,8 @@
 /************* END CONFIGURATION *************/
 
 /* Debugging stuff */
-extern char *myname;
-static char *__foo;
+extern const char *myname;
+static const char *__foo;
 extern pid_t mypid;
 extern char debug_enabled;
 
diff -rupN squid-2.5.STABLE2/icons/Makefile.am squid-2.5.STABLE3/icons/Makefile.am
--- squid-2.5.STABLE2/icons/Makefile.am	Fri Feb 21 13:52:01 2003
+++ squid-2.5.STABLE3/icons/Makefile.am	Wed May 21 02:40:47 2003
@@ -1,4 +1,4 @@
-# $Id: Makefile.am,v 1.5.2.2 2003/02/21 20:52:01 hno Exp $
+# $Id: Makefile.am,v 1.5.2.3 2003/05/21 08:40:47 hno Exp $
 #
 
 ICON1	=	anthony-binhex.gif
@@ -39,12 +39,14 @@ DISTCLEANFILES = 
 $(ICON2): $(ICON1)
 
 $(ICON1):
-	@$(SHELL) "$(srcdir)/icons.shar"
-##	@$(SHELL) -c "cd $(srcdir); $(SHELL) icons.shar"
+	@if [ ! -f "$(srcdir)/$(ICON1)" ]; then \
+	    $(SHELL) "$(srcdir)/icons.shar" ; \
+	    touch -r "$(srcdir)/icons.shar" *.gif ; \
+	fi
 
-icons.shar:
+update-icons.shar:
+	shar --no-timestamp $(ICON1) $(ICON2) > $@ 2>/dev/null || \
 	shar $(ICON1) $(ICON2) > $@
-##	shar --no-timestamp $(ICON1) $(ICON2) > $@
 
 ## DEFAULT_ICON_DIR        = $(sysconfdir)/icons
 
diff -rupN squid-2.5.STABLE2/icons/Makefile.in squid-2.5.STABLE3/icons/Makefile.in
--- squid-2.5.STABLE2/icons/Makefile.in	Fri Feb 21 14:42:41 2003
+++ squid-2.5.STABLE3/icons/Makefile.in	Wed May 21 18:15:40 2003
@@ -13,7 +13,7 @@
 
 @SET_MAKE@
 
-# $Id: Makefile.in,v 1.21.2.7 2003/02/21 21:42:41 hno Exp $
+# $Id: Makefile.in,v 1.21.2.8 2003/05/22 00:15:40 hno Exp $
 #
 
 SHELL = @SHELL@
@@ -291,9 +291,13 @@ uninstall-am: uninstall-iconDATA uninsta
 $(ICON2): $(ICON1)
 
 $(ICON1):
-	@$(SHELL) "$(srcdir)/icons.shar"
+	@if [ ! -f "$(srcdir)/$(ICON1)" ]; then \
+	    $(SHELL) "$(srcdir)/icons.shar" ; \
+	    touch -r "$(srcdir)/icons.shar" *.gif ; \
+	fi
 
-icons.shar:
+update-icons.shar:
+	shar --no-timestamp $(ICON1) $(ICON2) > $@ 2>/dev/null || \
 	shar $(ICON1) $(ICON2) > $@
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
diff -rupN squid-2.5.STABLE2/include/ntlmauth.h squid-2.5.STABLE3/include/ntlmauth.h
--- squid-2.5.STABLE2/include/ntlmauth.h	Tue Nov 13 14:12:36 2001
+++ squid-2.5.STABLE3/include/ntlmauth.h	Mon May 12 12:48:07 2003
@@ -1,5 +1,5 @@
 /*
- * $Id: ntlmauth.h,v 1.8 2001/11/13 21:12:36 hno Exp $
+ * $Id: ntlmauth.h,v 1.8.2.1 2003/05/12 18:48:07 hno Exp $
  *
  * * * * * * * * Legal stuff * * * * * * *
  *
@@ -140,7 +140,6 @@ typedef struct _ntlmhdr {
 typedef struct _ntlm_negotiate {
     char signature[8];		/* "NTLMSSP" */
     int32_t type;		/* LSWAP(0x1) */
-    ntlmhdr hdr;		/* NTLM header */
     u_int32_t flags;		/* Request flags */
     strhdr domain;		/* Domain we wish to authenticate in */
     strhdr workstation;		/* Client workstation name */
diff -rupN squid-2.5.STABLE2/include/version.h squid-2.5.STABLE3/include/version.h
--- squid-2.5.STABLE2/include/version.h	Mon Mar 17 12:00:14 2003
+++ squid-2.5.STABLE3/include/version.h	Sun May 25 07:04:25 2003
@@ -9,5 +9,5 @@
  */
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1047927592
+#define SQUID_RELEASE_TIME 1053867833
 #endif
diff -rupN squid-2.5.STABLE2/lib/rfc1035.c squid-2.5.STABLE3/lib/rfc1035.c
--- squid-2.5.STABLE2/lib/rfc1035.c	Wed Apr 10 15:33:21 2002
+++ squid-2.5.STABLE3/lib/rfc1035.c	Fri Apr 25 06:09:57 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: rfc1035.c,v 1.22.2.3 2002/04/10 21:33:21 hno Exp $
+ * $Id: rfc1035.c,v 1.22.2.4 2003/04/25 12:09:57 hno Exp $
  *
  * Low level DNS protocol routines
  * AUTHOR: Duane Wessels
@@ -345,7 +345,10 @@ rfc1035NameUnpack(const char *buf, size_
 	    *(name + (no++)) = '.';
 	}
     } while (c > 0 && no < ns);
-    *(name + no - 1) = '\0';
+    if (no)
+	*(name + no - 1) = '\0';
+    else
+	*name = '\0';
     /* make sure we didn't allow someone to overflow the name buffer */
     assert(no <= ns);
     return 0;
diff -rupN squid-2.5.STABLE2/src/HttpHeader.c squid-2.5.STABLE3/src/HttpHeader.c
--- squid-2.5.STABLE2/src/HttpHeader.c	Mon Jun 24 00:09:59 2002
+++ squid-2.5.STABLE3/src/HttpHeader.c	Sun May 11 11:30:12 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpHeader.c,v 1.74.2.4 2002/06/24 06:09:59 hno Exp $
+ * $Id: HttpHeader.c,v 1.74.2.5 2003/05/11 17:30:12 hno Exp $
  *
  * DEBUG: section 55    HTTP Header
  * AUTHOR: Alex Rousskov
@@ -229,7 +229,7 @@ static int HeaderEntryParsedCount = 0;
  * local routines
  */
 
-#define assert_eid(id) assert((id) >= 0 && (id) < HDR_ENUM_END)
+#define assert_eid(id) assert((id) < HDR_ENUM_END)
 
 static HttpHeaderEntry *httpHeaderEntryCreate(http_hdr_type id, const char *name, const char *value);
 static void httpHeaderEntryDestroy(HttpHeaderEntry * e);
@@ -330,7 +330,7 @@ httpHeaderClean(HttpHeader * hdr)
     HttpHeaderStats[hdr->owner].busyDestroyedCount += hdr->entries.count > 0;
     while ((e = httpHeaderGetEntry(hdr, &pos))) {
 	/* tmp hack to try to avoid coredumps */
-	if (e->id < 0 || e->id >= HDR_ENUM_END) {
+	if (e->id >= HDR_ENUM_END) {
 	    debug(55, 0) ("httpHeaderClean BUG: entry[%d] is invalid (%d). Ignored.\n",
 		(int) pos, e->id);
 	} else {
@@ -705,7 +705,7 @@ httpHeaderGetListMember(const HttpHeader
     int mlen = strlen(member);
 
     assert(hdr);
-    assert(id >= 0);
+    assert_eid(id);
 
     header = httpHeaderGetStrOrList(hdr, id);
 
diff -rupN squid-2.5.STABLE2/src/HttpHeaderTools.c squid-2.5.STABLE3/src/HttpHeaderTools.c
--- squid-2.5.STABLE2/src/HttpHeaderTools.c	Thu Sep  6 13:51:56 2001
+++ squid-2.5.STABLE3/src/HttpHeaderTools.c	Tue May 20 17:51:15 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpHeaderTools.c,v 1.32 2001/09/06 19:51:56 hno Exp $
+ * $Id: HttpHeaderTools.c,v 1.32.2.1 2003/05/20 23:51:15 hno Exp $
  *
  * DEBUG: section 66    HTTP Header Tools
  * AUTHOR: Alex Rousskov
@@ -244,6 +244,11 @@ int
 strListGetItem(const String * str, char del, const char **item, int *ilen, const char **pos)
 {
     size_t len;
+    char delim[2][3] =
+    {
+	{'"', del, 0},
+	{'"', '\\', 0}};
+    int quoted = 0;
     assert(str && item && pos);
     if (*pos) {
 	if (!**pos)		/* end of string */
@@ -260,9 +265,20 @@ strListGetItem(const String * str, char 
     *pos += xcountws(*pos);
     *item = *pos;		/* remember item's start */
     /* find next delimiter */
-    *pos = strchr(*item, del);
-    if (!*pos)			/* last item */
-	*pos = *item + strlen(*item);
+    do {
+	*pos += strcspn(*pos, delim[quoted]);
+	if (**pos == del)
+	    break;
+	if (**pos == '"') {
+	    quoted = !quoted;
+	    *pos += 1;
+	}
+	if (quoted && **pos == '\\') {
+	    *pos += 1;
+	    if (**pos)
+		*pos += 1;
+	}
+    } while (**pos);
     len = *pos - *item;		/* *pos points to del or '\0' */
     /* rtrim */
     while (len > 0 && xisspace((*item)[len - 1]))
diff -rupN squid-2.5.STABLE2/src/HttpReply.c squid-2.5.STABLE3/src/HttpReply.c
--- squid-2.5.STABLE2/src/HttpReply.c	Wed Oct 24 02:19:08 2001
+++ squid-2.5.STABLE3/src/HttpReply.c	Tue May  6 14:13:02 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpReply.c,v 1.49 2001/10/24 08:19:08 hno Exp $
+ * $Id: HttpReply.c,v 1.49.2.1 2003/05/06 20:13:02 hno Exp $
  *
  * DEBUG: section 58    HTTP Reply (Response)
  * AUTHOR: Alex Rousskov
@@ -82,7 +82,6 @@ httpReplyInit(HttpReply * rep)
 {
     assert(rep);
     rep->hdr_sz = 0;
-    rep->maxBodySize = 0;
     rep->pstate = psReadyToParseStartLine;
     httpBodyInit(&rep->body);
     httpHeaderInit(&rep->header, hoReply);
@@ -463,29 +462,4 @@ httpReplyBodySize(method_t method, HttpR
     else if (reply->sline.status < HTTP_OK)
 	return 0;
     return reply->content_length;
-}
-
-/*
- * Calculates the maximum size allowed for an HTTP response
- */
-void
-httpReplyBodyBuildSize(request_t * request, HttpReply * reply, dlink_list * bodylist)
-{
-    body_size *bs;
-    aclCheck_t *checklist;
-    bs = (body_size *) bodylist->head;
-    while (bs) {
-	checklist = aclChecklistCreate(bs->access_list, request, NULL);
-	checklist->reply = reply;
-	if (1 != aclCheckFast(bs->access_list, checklist)) {
-	    /* deny - skip this entry */
-	    bs = (body_size *) bs->node.next;
-	} else {
-	    /* Allow - use this entry */
-	    reply->maxBodySize = bs->maxsize;
-	    bs = NULL;
-	    debug(58, 3) ("httpReplyBodyBuildSize: Setting maxBodySize to %ld\n", (long int) reply->maxBodySize);
-	}
-	aclChecklistFree(checklist);
-    }
 }
diff -rupN squid-2.5.STABLE2/src/acl.c squid-2.5.STABLE3/src/acl.c
--- squid-2.5.STABLE2/src/acl.c	Sat Feb  8 08:53:16 2003
+++ squid-2.5.STABLE3/src/acl.c	Mon May 12 01:24:37 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.c,v 1.270.2.13 2003/02/08 15:53:16 hno Exp $
+ * $Id: acl.c,v 1.270.2.17 2003/05/12 07:24:37 hno Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -1080,7 +1080,7 @@ aclMatchUser(void *proxyauth_acl, char *
     debug(28, 8) ("Top is %p, Top->data is %s\n", Top,
 	(char *) (Top != NULL ? (Top)->data : "Unavailable"));
 
-    if (user == NULL)
+    if (user == NULL || strcmp(user, "-") == 0)
 	return 0;
 
     if (data->flags.required) {
@@ -1424,11 +1424,11 @@ aclAuthenticated(aclCheck_t * checklist)
     case AUTH_ACL_HELPER:
 	debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n");
 	checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED;
-	return 0;
+	return -1;
     case AUTH_ACL_CHALLENGE:
 	debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n");
 	checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED;
-	return 0;
+	return -1;
     default:
 	fatal("unexpected authenticateAuthenticate reply\n");
 	return -1;
@@ -1692,11 +1692,23 @@ int
 aclMatchAclList(const acl_list * list, aclCheck_t * checklist)
 {
     while (list) {
+	int answer;
+	checklist->current_acl = list->acl;
 	AclMatchedName = list->acl->name;
 	debug(28, 3) ("aclMatchAclList: checking %s%s\n",
 	    list->op ? null_string : "!", list->acl->name);
-	if (aclMatchAcl(list->acl, checklist) != list->op) {
-	    debug(28, 3) ("aclMatchAclList: returning 0\n");
+	answer = aclMatchAcl(list->acl, checklist);
+#if NOT_SURE_THIS_IS_GOOD
+	/* This will make access denied if an acl cannot be evaluated.
+	 * Normally Squid will just continue to the next rule
+	 */
+	if (answer < 0) {
+	    debug(28, 3) ("aclMatchAclList: failure. returning -1\n");
+	    return -1;
+	}
+#endif
+	if (answer != list->op) {
+	    debug(28, 3) ("aclMatchAclList: no match, returning 0\n");
 	    return 0;
 	}
 	list = list->next;
@@ -1713,16 +1725,21 @@ aclCheckCleanup(aclCheck_t * checklist)
 	cbdataUnlock(checklist->extacl_entry);
 	checklist->extacl_entry = NULL;
     }
+    checklist->current_acl = NULL;
 }
 
 int
 aclCheckFast(const acl_access * A, aclCheck_t * checklist)
 {
     allow_t allow = ACCESS_DENIED;
+    int answer;
     debug(28, 5) ("aclCheckFast: list: %p\n", A);
     while (A) {
 	allow = A->allow;
-	if (aclMatchAclList(A->acl_list, checklist)) {
+	answer = aclMatchAclList(A->acl_list, checklist);
+	if (answer) {
+	    if (answer < 0)
+		return ACCESS_DENIED;
 	    aclCheckCleanup(checklist);
 	    return allow == ACCESS_ALLOWED;
 	}
@@ -1754,6 +1771,8 @@ aclCheck(aclCheck_t * checklist)
 	debug(28, 3) ("aclCheck: checking '%s'\n", A->cfgline);
 	allow = A->allow;
 	match = aclMatchAclList(A->acl_list, checklist);
+	if (match == -1)
+	    allow = ACCESS_DENIED;
 	if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NEEDED) {
 	    checklist->state[ACL_DST_IP] = ACL_LOOKUP_PENDING;
 	    ipcache_nbgethostbyname(checklist->request->host,
@@ -1807,13 +1826,14 @@ aclCheck(aclCheck_t * checklist)
 		debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n");
 		cbdataUnlock(checklist->conn);
 		checklist->conn = NULL;
-		allow = 0;
+		allow = ACCESS_DENIED;
 		match = -1;
 	    }
 	}
 #endif
 	else if (checklist->state[ACL_EXTERNAL] == ACL_LOOKUP_NEEDED) {
-	    acl *acl = aclFindByName(AclMatchedName);
+	    acl *acl = checklist->current_acl;
+	    assert(acl->type == ACL_EXTERNAL);
 	    externalAclLookup(checklist, acl->data, aclLookupExternalDone, checklist);
 	    return;
 	}
diff -rupN squid-2.5.STABLE2/src/auth/digest/auth_digest.c squid-2.5.STABLE3/src/auth/digest/auth_digest.c
--- squid-2.5.STABLE2/src/auth/digest/auth_digest.c	Thu Feb 27 01:19:24 2003
+++ squid-2.5.STABLE3/src/auth/digest/auth_digest.c	Sun May 18 15:49:20 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: auth_digest.c,v 1.10.2.5 2003/02/27 08:19:24 robertc Exp $
+ * $Id: auth_digest.c,v 1.10.2.6 2003/05/18 21:49:20 hno Exp $
  *
  * DEBUG: section 29    Authenticator
  * AUTHOR: Robert Collins
@@ -343,17 +343,22 @@ authDigestNonceIsValid(digest_nonce_h * 
     if (!nonce)
 	return 0;
     intnc = strtol(nc, NULL, 16);
+    /* has it already been invalidated ? */
+    if (!nonce->flags.valid) {
+	debug(29, 4) ("authDigestNonceIsValid: Nonce already invalidated\n");
+	return 0;
+    }
+    /* is the nonce-count ok ? */
+    if (!digestConfig->CheckNonceCount) {
+	nonce->nc++;
+	return -1;		/* forced OK by configuration */
+    }
     if ((digestConfig->NonceStrictness && intnc != nonce->nc + 1) ||
 	intnc < nonce->nc + 1) {
 	debug(29, 4) ("authDigestNonceIsValid: Nonce count doesn't match\n");
 	nonce->flags.valid = 0;
 	return 0;
     }
-    /* has it already been invalidated ? */
-    if (!nonce->flags.valid) {
-	debug(29, 4) ("authDigestNonceIsValid: Nonce already invalidated\n");
-	return 0;
-    }
     /* seems ok */
     /* increment the nonce count - we've already checked that intnc is a
      *  valid representation for us, so we don't need the test here.
@@ -691,11 +696,44 @@ authenticateDigestAuthenticateUser(auth_
 	"squid is = '%s'\n", digest_request->response, Response);
 
     if (strcasecmp(digest_request->response, Response)) {
+	if (digestConfig->PostWorkaround && request->method != METHOD_GET) {
+	    /* Ugly workaround for certain very broken browsers using the
+	     * wrong method to calculate the request-digest on POST request.
+	     * This should be deleted once Digest authentication becomes more
+	     * widespread and such broken browsers no longer are commonly
+	     * used.
+	     */
+	    DigestCalcResponse(SESSIONKEY, authenticateDigestNonceNonceb64(digest_request->nonce),
+		digest_request->nc, digest_request->cnonce, digest_request->qop,
+		RequestMethodStr[METHOD_GET], digest_request->uri, HA2, Response);
+	    if (strcasecmp(digest_request->response, Response)) {
+		digest_request->flags.credentials_ok = 3;
+		return;
+	    } else {
+		const char *useragent = httpHeaderGetStr(&request->header, HDR_USER_AGENT);
+		static struct in_addr last_broken_addr =
+		{0};
+		if (memcmp(&last_broken_addr, &request->client_addr, sizeof(last_broken_addr)) != 0) {
+		    debug(29, 1) ("\nDigest POST bug detected from %s using '%s'. Please upgrade browser. See Bug #630 for details.\n", inet_ntoa(request->client_addr), useragent ? useragent : "-");
+		    last_broken_addr = request->client_addr;
+		}
+	    }
+	} else {
+	    digest_request->flags.credentials_ok = 3;
+	    return;
+	}
+    }
+    /* check for stale nonce */
+    if (!authDigestNonceIsValid(digest_request->nonce, digest_request->nc)) {
+	debug(29, 3) ("authenticateDigestAuthenticateuser: user '%s' validated OK but nonce stale\n",
+	    digest_user->username);
+	digest_request->flags.nonce_stale = 1;
 	digest_request->flags.credentials_ok = 3;
 	return;
     }
-    digest_request->flags.credentials_ok = 1;
     /* password was checked and did match */
+    digest_request->flags.credentials_ok = 1;
+
     debug(29, 4) ("authenticateDigestAuthenticateuser: user '%s' validated OK\n",
 	digest_user->username);
 
@@ -714,13 +752,13 @@ authenticateDigestDirection(auth_user_re
     case 0:			/* not checked */
 	return -1;
     case 1:			/* checked & ok */
-	if (authDigestNonceIsStale(digest_request->nonce))
-	    /* send stale response to the client agent */
-	    return -2;
 	return 0;
     case 2:			/* partway through checking. */
 	return -1;
     case 3:			/* authentication process failed. */
+	if (digest_request->flags.nonce_stale)
+	    /* nonce is stale, send new challenge */
+	    return 1;
 	return -2;
     }
     return -2;
@@ -787,9 +825,9 @@ authenticateDigestFixHeader(auth_user_re
     digest_request_h *digest_request;
     int stale = 0;
     digest_nonce_h *nonce = authenticateDigestNonceNew();
-    if (auth_user_request && auth_user_request->scheme_data && authDigestAuthenticated(auth_user_request)) {
+    if (auth_user_request && auth_user_request->scheme_data) {
 	digest_request = auth_user_request->scheme_data;
-	stale = authDigestNonceIsStale(digest_request->nonce);
+	stale = digest_request->flags.nonce_stale;
     }
     if (digestConfig->authenticate) {
 	debug(29, 9) ("authenticateFixHeader: Sending type:%d header: 'Digest realm=\"%s\", nonce=\"%s\", qop=\"%s\", stale=%s\n", type, digestConfig->digestAuthRealm, authenticateDigestNonceNonceb64(nonce), QOP_AUTH, stale ? "true" : "false");
@@ -915,8 +953,10 @@ authDigestParse(authScheme * scheme, int
 	digestConfig->noncemaxduration = 30 * 60;
 	/* 50 requests */
 	digestConfig->noncemaxuses = 50;
-	/* strict nonce count behaviour */
-	digestConfig->NonceStrictness = 1;
+	/* Not strict nonce count behaviour */
+	digestConfig->NonceStrictness = 0;
+	/* Verify nonce count */
+	digestConfig->CheckNonceCount = 1;
     }
     digestConfig = scheme->scheme_data;
     if (strcasecmp(param_str, "program") == 0) {
@@ -936,6 +976,10 @@ authDigestParse(authScheme * scheme, int
 	parse_int(&digestConfig->noncemaxuses);
     } else if (strcasecmp(param_str, "nonce_strictness") == 0) {
 	parse_onoff(&digestConfig->NonceStrictness);
+    } else if (strcasecmp(param_str, "check_nonce_count") == 0) {
+	parse_onoff(&digestConfig->CheckNonceCount);
+    } else if (strcasecmp(param_str, "post_workaround") == 0) {
+	parse_onoff(&digestConfig->PostWorkaround);
     } else {
 	debug(28, 0) ("unrecognised digest auth scheme parameter '%s'\n", param_str);
     }
@@ -1184,7 +1228,7 @@ authenticateDigestDecodeAuth(auth_user_r
     }
     /* now the nonce */
     nonce = authenticateDigestNonceFindNonce(digest_request->nonceb64);
-    if ((nonce == NULL) || !(authDigestNonceIsValid(nonce, digest_request->nc))) {
+    if (!nonce) {
 	/* we couldn't find a matching nonce! */
 	debug(29, 4) ("authenticateDigestDecode: Unexpected or invalid nonce recieved\n");
 	authDigestLogUsername(auth_user_request, username);
diff -rupN squid-2.5.STABLE2/src/auth/digest/auth_digest.h squid-2.5.STABLE3/src/auth/digest/auth_digest.h
--- squid-2.5.STABLE2/src/auth/digest/auth_digest.h	Thu Feb 27 01:19:24 2003
+++ squid-2.5.STABLE3/src/auth/digest/auth_digest.h	Sun May 18 15:49:20 2003
@@ -42,7 +42,8 @@ struct _digest_request_h {
     char *response;
     struct {
 	unsigned int authinfo_sent:1;
-	unsigned int credentials_ok:2;	/*0=unchecked,1=ok,2=failed */
+	unsigned int credentials_ok:2;	/*0=unchecked,1=ok,2=helper,3=failed */
+	unsigned int nonce_stale:1;
     } flags;
     digest_nonce_h *nonce;
 };
@@ -81,6 +82,8 @@ struct _auth_digest_config {
     time_t noncemaxduration;
     int noncemaxuses;
     int NonceStrictness;
+    int CheckNonceCount;
+    int PostWorkaround;
 };
 
 typedef struct _auth_digest_config auth_digest_config;
diff -rupN squid-2.5.STABLE2/src/authenticate.c squid-2.5.STABLE3/src/authenticate.c
--- squid-2.5.STABLE2/src/authenticate.c	Tue Feb  4 16:31:42 2003
+++ squid-2.5.STABLE3/src/authenticate.c	Sun May 18 15:49:19 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: authenticate.c,v 1.36.2.8 2003/02/04 23:31:42 robertc Exp $
+ * $Id: authenticate.c,v 1.36.2.10 2003/05/18 21:49:19 hno Exp $
  *
  * DEBUG: section 29    Authenticator
  * AUTHOR: Duane Wessels
@@ -489,7 +489,7 @@ authenticateAuthenticate(auth_user_reque
     }
     /* we have a proxy auth header and as far as we know this connection has
      * not had bungled connection oriented authentication happen on it. */
-    debug(28, 9) ("authenticateAuthenticate: header %s.\n", proxy_auth);
+    debug(28, 9) ("authenticateAuthenticate: header %s.\n", proxy_auth ? proxy_auth : NULL);
     if (*auth_user_request == NULL) {
 	debug(28, 9) ("authenticateAuthenticate: This is a new checklist test on FD:%d\n",
 	    conn ? conn->fd : -1);
@@ -538,6 +538,12 @@ authenticateAuthenticate(auth_user_reque
 	    conn, headertype);
 	switch (authenticateDirection(*auth_user_request)) {
 	case 1:
+	    if (!request->auth_user_request) {
+		/* lock the user for the request structure link */
+		authenticateAuthUserRequestLock(*auth_user_request);
+		request->auth_user_request = *auth_user_request;
+	    }
+	    /* fallthrough to -2 */
 	case -2:
 	    /* this ACL check is finished. Unlock. */
 	    authenticateAuthUserRequestUnlock(*auth_user_request);
diff -rupN squid-2.5.STABLE2/src/cf.data.pre squid-2.5.STABLE3/src/cf.data.pre
--- squid-2.5.STABLE2/src/cf.data.pre	Tue Feb  4 22:27:50 2003
+++ squid-2.5.STABLE3/src/cf.data.pre	Wed May 21 08:34:38 2003
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.245.2.36 2003/02/05 05:27:50 hno Exp $
+# $Id: cf.data.pre,v 1.245.2.43 2003/05/21 14:34:38 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -274,6 +274,8 @@ DOC_START
 		     digest-url=url
 		     allow-miss
 		     max-conn
+		     htcp
+		     carp-load-factor
 
 		     use 'proxy-only' to specify that objects fetched
 		     from this cache should not be saved locally.
@@ -363,7 +365,17 @@ DOC_START
 		     use 'max-conn' to limit the amount of connections Squid
 		     may open to this peer.
 
-	NOTE: non-ICP neighbors must be specified as 'parent'.
+		     use 'htcp' to send HTCP, instead of ICP, queries
+		     to the neighbor.  You probably also want to
+		     set the "icp port" to 4827 instead of 3130.
+
+		     use 'carp-load-factor=f' to define a parent
+		     cache as one participating in a CARP array.
+		     The 'f' values for all CARP parents must add
+		     up to 1.0.
+		 
+
+	NOTE: non-ICP/HTCP neighbors must be specified as 'parent'.
 DOC_END
 
 NAME: cache_peer_domain cache_host_domain
@@ -1339,10 +1351,21 @@ DOC_START
 	used.
 
 	"nonce_strictness" on|off
-	Determines if squid requires increment-by-1 behaviour for
-	nonce counts (on - the default), or strictly incrementing
-	(off - for use when useragents generate nonce counts that
-	occasionally miss 1 (ie, 1,2,4,6)).
+	Determines if squid requires strict increment-by-1 behaviour
+	for nonce counts, or just incrementing (off - for use when
+	useragents generate nonce counts that occasionally miss 1
+	(ie, 1,2,4,6)). Default off.
+
+	"check_nonce_count" on|off
+	This directive if set to off can disable the nonce count check
+	completely to work around buggy digest qop implementations in
+	certain mainstream browser versions. Default on to check the
+	nonce count to protect from authentication replay attacks.
+
+	"post_workaround" on|off
+	This is a workaround to certain buggy browsers who sends
+	an incorrect request digest in POST requests when reusing
+	the same nonce as aquired earlier on a GET request.
 
 	=== NTLM scheme options follow ===
 
@@ -2260,7 +2283,7 @@ DOC_START
 	partial responses and give them out as hits.  You should NOT
 	use this option if you have downstream caches.
 
-	WARNING: A maximum size larger than the size of squid's error messages
+	WARNING: A maximum size smaller than the size of squid's error messages
 	will cause an infinite loop and crash squid. Ensure that the smallest
 	non-zero value you use is greater that the maximum header size plus
 	the size of your largest error page.
@@ -2296,15 +2319,19 @@ DEFAULT: none
 LOC: Config.effectiveGroup
 DOC_START
 
-	If the cache is run as root, it will change its effective/real
+	If you start Squid as root, it will change its effective/real
 	UID/GID to the UID/GID specified below.  The default is to
-	change to UID to nobody and GID to the default group of nobody.
-
-	If Squid is not started as root, the default is to keep the
-	current UID/GID, and only the GID can be changed to any of
-	the groups the user starting Squid is member of.  Note that if
-	Squid is not started as root then you cannot set http_port to
-	a value lower than 1024.
+	change to UID to nobody.  If you define cache_effective_user,
+	but not cache_effective_group, Squid sets the GID the
+	effective user's default group ID (taken from the password
+	file).
+
+	If Squid is not started as root, the cache_effective_user
+	value is ignored and the GID value is unchanged by default.
+	However, you can make Squid change its GID to another group
+	that the process owner is a member of.  Note that if Squid
+	is not started as root then you cannot set http_port to a
+	value lower than 1024.
 DOC_END
 
 
@@ -2585,6 +2612,7 @@ LOC: Config.denyInfoList
 DEFAULT: none
 DOC_START
 	Usage:   deny_info err_page_name acl
+	or       deny_info http://... acl
 	Example: deny_info ERR_CUSTOM_ACCESS_DENIED bad_guys
 
 	This can be used to return a ERR_ page for requests which
@@ -2595,6 +2623,10 @@ DOC_START
 	You may use ERR_ pages that come with Squid or create your own pages
 	and put them into the configured errors/ directory.
 
+	Alternatively you can specify an error URL. The browsers will then
+	get redirected (302) to the specified URL. %s in the redirection
+	URL will be replaced by the requested URL.
+
 	Alternatively you can tell Squid to reset the TCP connection
 	by specifying TCP_RESET.
 DOC_END
@@ -2991,6 +3023,7 @@ DOC_START
 
 		header_access Allow allow all
 		header_access Authorization allow all
+		header_access WWW-Authenticate allow all
 		header_access Cache-Control allow all
 		header_access Content-Encoding allow all
 		header_access Content-Length allow all
diff -rupN squid-2.5.STABLE2/src/client_side.c squid-2.5.STABLE3/src/client_side.c
--- squid-2.5.STABLE2/src/client_side.c	Wed Feb 19 16:39:12 2003
+++ squid-2.5.STABLE3/src/client_side.c	Sat May 24 05:08:41 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.c,v 1.561.2.33 2003/02/19 23:39:12 hno Exp $
+ * $Id: client_side.c,v 1.561.2.36 2003/05/24 11:08:41 robertc Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -124,7 +124,7 @@ static int clientHierarchical(clientHttp
 static int clientCheckContentLength(request_t * r);
 static DEFER httpAcceptDefer;
 static log_type clientProcessRequest2(clientHttpRequest * http);
-static int clientReplyBodyTooLarge(HttpReply *, ssize_t clen);
+static int clientReplyBodyTooLarge(clientHttpRequest *, ssize_t clen);
 static int clientRequestBodyTooLarge(int clen);
 static void clientProcessBody(ConnStateData * conn);
 
@@ -816,7 +816,8 @@ httpRequestFree(void *data)
 	    http->al.headers.request = xstrdup(mb.buf);
 	    http->al.hier = request->hier;
 	    if (request->auth_user_request) {
-		http->al.cache.authuser = xstrdup(authenticateUserRequestUsername(request->auth_user_request));
+		if (authenticateUserRequestUsername(request->auth_user_request))
+		    http->al.cache.authuser = xstrdup(authenticateUserRequestUsername(request->auth_user_request));
 		authenticateAuthUserRequestUnlock(request->auth_user_request);
 		request->auth_user_request = NULL;
 	    }
@@ -1806,14 +1807,39 @@ clientPackMoreRanges(clientHttpRequest *
     return i->debt_size > 0;
 }
 
+/*
+ * Calculates the maximum size allowed for an HTTP response
+ */
+static void
+clientMaxBodySize(request_t * request, clientHttpRequest * http, HttpReply * reply)
+{
+    body_size *bs;
+    aclCheck_t *checklist;
+    bs = (body_size *) Config.ReplyBodySize.head;
+    while (bs) {
+	checklist = clientAclChecklistCreate(bs->access_list, http);
+	checklist->reply = reply;
+	if (1 != aclCheckFast(bs->access_list, checklist)) {
+	    /* deny - skip this entry */
+	    bs = (body_size *) bs->node.next;
+	} else {
+	    /* Allow - use this entry */
+	    http->maxBodySize = bs->maxsize;
+	    bs = NULL;
+	    debug(58, 3) ("httpReplyBodyBuildSize: Setting maxBodySize to %ld\n", (long int) http->maxBodySize);
+	}
+	aclChecklistFree(checklist);
+    }
+}
+
 static int
-clientReplyBodyTooLarge(HttpReply * rep, ssize_t clen)
+clientReplyBodyTooLarge(clientHttpRequest * http, ssize_t clen)
 {
-    if (0 == rep->maxBodySize)
+    if (0 == http->maxBodySize)
 	return 0;		/* disabled */
     if (clen < 0)
 	return 0;		/* unknown */
-    if (clen > rep->maxBodySize)
+    if (clen > http->maxBodySize)
 	return 1;		/* too large */
     return 0;
 }
@@ -1857,7 +1883,6 @@ clientAlwaysAllowResponse(http_status sl
     }
 }
 
-
 /*
  * accepts chunk of a http message in buf, parses prefix, filters headers and
  * such, writes processed message to the client's socket
@@ -1918,8 +1943,8 @@ clientSendMoreData(void *data, char *buf
 	if (rep) {
 	    aclCheck_t *ch;
 	    int rv;
-	    httpReplyBodyBuildSize(http->request, rep, &Config.ReplyBodySize);
-	    if (clientReplyBodyTooLarge(rep, rep->content_length)) {
+	    clientMaxBodySize(http->request, http, rep);
+	    if (clientReplyBodyTooLarge(http, rep->content_length)) {
 		ErrorState *err = errorCon(ERR_TOO_BIG, HTTP_FORBIDDEN);
 		err->request = requestLink(http->request);
 		storeUnregister(http->sc, http->entry, http);
@@ -2172,7 +2197,8 @@ clientWriteComplete(int fd, char *bufnot
 	} else {
 	    comm_close(fd);
 	}
-    } else if (clientReplyBodyTooLarge(entry->mem_obj->reply, http->out.offset)) {
+    } else if (clientReplyBodyTooLarge(http, http->out.offset - 4096)) {
+	/* 4096 is a margin for the HTTP headers included in out.offset */
 	comm_close(fd);
     } else {
 	/* More data will be coming from primary server; register with 
@@ -3101,6 +3127,7 @@ clientReadBody(request_t * request, char
     debug(33, 2) ("clientReadBody: start fd=%d body_size=%lu in.offset=%ld cb=%p req=%p\n", conn->fd, (unsigned long int) conn->body.size_left, (long int) conn->in.offset, callback, request);
     conn->body.callback = callback;
     conn->body.cbdata = cbdata;
+    cbdataLock(conn->body.cbdata);
     conn->body.buf = buf;
     conn->body.bufsize = size;
     conn->body.request = requestLink(request);
@@ -3116,6 +3143,7 @@ clientProcessBody(ConnStateData * conn)
     void *cbdata = conn->body.cbdata;
     CBCB *callback = conn->body.callback;
     request_t *request = conn->body.request;
+    int valid;
     /* Note: request is null while eating "aborted" transfers */
     debug(33, 2) ("clientProcessBody: start fd=%d body_size=%lu in.offset=%ld cb=%p req=%p\n", conn->fd, (unsigned long int) conn->body.size_left, (long int) conn->in.offset, callback, request);
     if (conn->in.offset) {
@@ -3141,15 +3169,19 @@ clientProcessBody(ConnStateData * conn)
 	if (conn->body.size_left <= 0 && request != NULL)
 	    request->body_connection = NULL;
 	/* Remove clientReadBody arguments (the call is completed) */
+	valid = cbdataValid(conn->body.cbdata);
 	conn->body.request = NULL;
 	conn->body.callback = NULL;
+	cbdataUnlock(conn->body.cbdata);
+	conn->body.cbdata = NULL;
 	conn->body.buf = NULL;
 	conn->body.bufsize = 0;
 	/* Remember that we have touched the body, not restartable */
 	if (request != NULL)
 	    request->flags.body_sent = 1;
 	/* Invoke callback function */
-	callback(buf, size, cbdata);
+	if (valid)
+	    callback(buf, size, cbdata);
 	if (request != NULL)
 	    requestUnlink(request);	/* Linked in clientReadBody */
 	debug(33, 2) ("clientProcessBody: end fd=%d size=%d body_size=%lu in.offset=%ld cb=%p req=%p\n", conn->fd, size, (unsigned long int) conn->body.size_left, (long int) conn->in.offset, callback, request);
@@ -3159,7 +3191,7 @@ clientProcessBody(ConnStateData * conn)
 /* A dummy handler that throws away a request-body */
 static char bodyAbortBuf[SQUID_TCP_SO_RCVBUF];
 static void
-clientReadBodyAbortHandler(char *buf, size_t size, void *data)
+clientReadBodyAbortHandler(char *buf, ssize_t size, void *data)
 {
     ConnStateData *conn = (ConnStateData *) data;
     debug(33, 2) ("clientReadBodyAbortHandler: fd=%d body_size=%lu in.offset=%ld\n", conn->fd, (unsigned long int) conn->body.size_left, (long int) conn->in.offset);
@@ -3169,6 +3201,7 @@ clientReadBodyAbortHandler(char *buf, si
 	conn->body.buf = bodyAbortBuf;
 	conn->body.bufsize = sizeof(bodyAbortBuf);
 	conn->body.cbdata = data;
+	cbdataLock(conn->body.cbdata);
     }
 }
 
@@ -3180,6 +3213,7 @@ clientAbortBody(request_t * request)
     char *buf;
     CBCB *callback;
     void *cbdata;
+    int valid;
     request->body_connection = NULL;
     if (!conn || conn->body.size_left <= 0)
 	return 0;		/* No body to abort */
@@ -3187,12 +3221,15 @@ clientAbortBody(request_t * request)
 	buf = conn->body.buf;
 	callback = conn->body.callback;
 	cbdata = conn->body.cbdata;
+	valid = cbdataValid(cbdata);
 	assert(request == conn->body.request);
 	conn->body.buf = NULL;
 	conn->body.callback = NULL;
+	cbdataUnlock(conn->body.cbdata);
 	conn->body.cbdata = NULL;
 	conn->body.request = NULL;
-	callback(buf, -1, cbdata);	/* Signal abort to clientReadBody caller */
+	if (valid)
+	    callback(buf, -1, cbdata);	/* Signal abort to clientReadBody caller */
 	requestUnlink(request);
     }
     clientReadBodyAbortHandler(NULL, -1, conn);		/* Install abort handler */
diff -rupN squid-2.5.STABLE2/src/comm_select.c squid-2.5.STABLE3/src/comm_select.c
--- squid-2.5.STABLE2/src/comm_select.c	Fri Mar  7 15:50:08 2003
+++ squid-2.5.STABLE3/src/comm_select.c	Sun May 11 11:30:13 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: comm_select.c,v 1.53.2.5 2003/03/07 22:50:08 hno Exp $
+ * $Id: comm_select.c,v 1.53.2.7 2003/05/11 17:30:13 hno Exp $
  *
  * DEBUG: section 5     Socket Functions
  *
@@ -314,10 +314,10 @@ comm_poll(int msec)
 #endif
     PF *hdl = NULL;
     int fd;
-    int i;
-    int maxfd;
-    unsigned long nfds;
-    unsigned long npending;
+    unsigned int i;
+    unsigned int maxfd;
+    unsigned int nfds;
+    unsigned int npending;
     int num;
     int callicp = 0, callhttp = 0;
     int calldns = 0;
@@ -388,7 +388,7 @@ comm_poll(int msec)
 	    statCounter.syscalls.polls++;
 	    num = poll(pfds, nfds, msec);
 	    statCounter.select_loops++;
-	    if (num >= 0 || npending >= 0)
+	    if (num >= 0 || npending > 0)
 		break;
 	    if (ignoreErrno(errno))
 		continue;
@@ -397,14 +397,14 @@ comm_poll(int msec)
 	    return COMM_ERROR;
 	    /* NOTREACHED */
 	}
-	debug(5, num ? 5 : 8) ("comm_poll: %d+%ld FDs ready\n", num, npending);
+	debug(5, num ? 5 : 8) ("comm_poll: %d+%u FDs ready\n", num, npending);
 	statHistCount(&statCounter.select_fds_hist, num);
 	/* Check timeout handlers ONCE each second. */
 	if (squid_curtime > last_timeout) {
 	    last_timeout = squid_curtime;
 	    checkTimeouts();
 	}
-	if (num == 0 && npending == 0)
+	if (num <= 0 && npending == 0)
 	    continue;
 	/* scan each socket but the accept socket. Poll this 
 	 * more frequently to minimize losses due to the 5 connect 
diff -rupN squid-2.5.STABLE2/src/errorpage.c squid-2.5.STABLE3/src/errorpage.c
--- squid-2.5.STABLE2/src/errorpage.c	Fri Sep 20 04:28:53 2002
+++ squid-2.5.STABLE3/src/errorpage.c	Wed May 21 08:34:38 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: errorpage.c,v 1.167.2.6 2002/09/20 10:28:53 hno Exp $
+ * $Id: errorpage.c,v 1.167.2.7 2003/05/21 14:34:38 hno Exp $
  *
  * DEBUG: section 4     Error Generation
  * AUTHOR: Duane Wessels
@@ -121,9 +121,11 @@ errorInitialize(void)
 	    /* dynamic */
 	    ErrorDynamicPageInfo *info = ErrorDynamicPages.items[i - ERR_MAX];
 	    assert(info && info->id == i && info->page_name);
-	    error_text[i] = errorLoadText(info->page_name);
+	    if (strchr(info->page_name, ':') == NULL) {
+		/* Not on redirected errors... */
+		error_text[i] = errorLoadText(info->page_name);
+	    }
 	}
-	assert(error_text[i]);
     }
 }
 
@@ -212,13 +214,32 @@ errorDynamicPageInfoDestroy(ErrorDynamic
     xfree(info);
 }
 
+static int
+errorPageId(const char *page_name)
+{
+    int i;
+    for (i = 0; i < ERR_MAX; i++) {
+	if (strcmp(err_type_str[i], page_name) == 0)
+	    return i;
+    }
+    for (i = 0; i < ErrorDynamicPages.count; i++) {
+	if (strcmp(((ErrorDynamicPageInfo *) ErrorDynamicPages.items[i - ERR_MAX])->page_name, page_name) == 0)
+	    return i + ERR_MAX;
+    }
+    return ERR_NONE;
+}
+
 int
 errorReservePageId(const char *page_name)
 {
-    ErrorDynamicPageInfo *info =
-    errorDynamicPageInfoCreate(ERR_MAX + ErrorDynamicPages.count, page_name);
-    stackPush(&ErrorDynamicPages, info);
-    return info->id;
+    ErrorDynamicPageInfo *info;
+    int id = errorPageId(page_name);
+    if (id == ERR_NONE) {
+	info = errorDynamicPageInfoCreate(ERR_MAX + ErrorDynamicPages.count, page_name);
+	stackPush(&ErrorDynamicPages, info);
+	id = info->id;
+    }
+    return id;
 }
 
 static const char *
@@ -579,23 +600,32 @@ HttpReply *
 errorBuildReply(ErrorState * err)
 {
     HttpReply *rep = httpReplyCreate();
-    MemBuf content = errorBuildContent(err);
+    const char *name = errorPageName(err->page_id);
     http_version_t version;
     /* no LMT for error pages; error pages expire immediately */
     httpBuildVersion(&version, 1, 0);
-    httpReplySetHeaders(rep, version, err->http_status, NULL, "text/html", content.size, 0, squid_curtime);
-    /*
-     * include some information for downstream caches. Implicit
-     * replaceable content. This isn't quite sufficient. xerrno is not
-     * necessarily meaningful to another system, so we really should
-     * expand it. Additionally, we should identify ourselves. Someone
-     * might want to know. Someone _will_ want to know OTOH, the first
-     * X-CACHE-MISS entry should tell us who.
-     */
-    httpHeaderPutStrf(&rep->header, HDR_X_SQUID_ERROR, "%s %d",
-	errorPageName(err->page_id), err->xerrno);
-    httpBodySet(&rep->body, &content);
-    /* do not memBufClean() the content, it was absorbed by httpBody */
+    if (strchr(name, ':')) {
+	/* Redirection */
+	char *quoted_url = rfc1738_escape_part(errorConvert('u', err));
+	httpReplySetHeaders(rep, version, HTTP_MOVED_TEMPORARILY, NULL, "text/html", 0, 0, squid_curtime);
+	httpHeaderPutStrf(&rep->header, HDR_LOCATION, name, quoted_url);
+	httpHeaderPutStrf(&rep->header, HDR_X_SQUID_ERROR, "%d %s\n", err->http_status, "Access Denied");
+    } else {
+	MemBuf content = errorBuildContent(err);
+	httpReplySetHeaders(rep, version, err->http_status, NULL, "text/html", content.size, 0, squid_curtime);
+	/*
+	 * include some information for downstream caches. Implicit
+	 * replaceable content. This isn't quite sufficient. xerrno is not
+	 * necessarily meaningful to another system, so we really should
+	 * expand it. Additionally, we should identify ourselves. Someone
+	 * might want to know. Someone _will_ want to know OTOH, the first
+	 * X-CACHE-MISS entry should tell us who.
+	 */
+	httpHeaderPutStrf(&rep->header, HDR_X_SQUID_ERROR, "%s %d",
+	    name, err->xerrno);
+	httpBodySet(&rep->body, &content);
+	/* do not memBufClean() the content, it was absorbed by httpBody */
+    }
     return rep;
 }
 
diff -rupN squid-2.5.STABLE2/src/external_acl.c squid-2.5.STABLE3/src/external_acl.c
--- squid-2.5.STABLE2/src/external_acl.c	Thu Feb 27 01:18:04 2003
+++ squid-2.5.STABLE3/src/external_acl.c	Sat May 17 12:35:25 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: external_acl.c,v 1.1.2.19 2003/02/27 08:18:04 hno Exp $
+ * $Id: external_acl.c,v 1.1.2.25 2003/05/17 18:35:25 hno Exp $
  *
  * DEBUG: section 82    External ACL
  * AUTHOR: Henrik Nordstrom, MARA Systems AB
@@ -397,44 +397,50 @@ int
 aclMatchExternal(void *data, aclCheck_t * ch)
 {
     int result;
-    external_acl_entry *entry;
+    external_acl_entry *entry = NULL;
     external_acl_data *acl = data;
     const char *key = "";
     debug(82, 9) ("aclMatchExternal: acl=\"%s\"\n", acl->def->name);
-    entry = ch->extacl_entry;
+    if (ch->extacl_entry) {
+	entry = ch->extacl_entry;
+	if (!cbdataValid(entry))
+	    entry = NULL;
+	cbdataUnlock(ch->extacl_entry);
+	ch->extacl_entry = NULL;
+    }
+    if (acl->def->require_auth) {
+	int ti;
+	/* Make sure the user is authenticated */
+	if ((ti = aclAuthenticated(ch)) != 1) {
+	    debug(82, 2) ("aclMatchExternal: %s user not authenticated (%d)\n", acl->def->name, ti);
+	    return ti;
+	}
+    }
+    key = makeExternalAclKey(ch, acl);
+    ch->auth_user_request = NULL;
     if (entry) {
-	if (cbdataValid(entry) && entry->def == acl->def &&
-	    strcmp(entry->hash.key, key) == 0) {
-	    /* Ours, use it.. */
-	} else {
-	    /* Not valid, or not ours.. get rid of it */
+	if (entry->def != acl->def || strcmp(entry->hash.key, key) != 0) {
+	    /* Not ours.. get rid of it */
 	    cbdataUnlock(ch->extacl_entry);
 	    ch->extacl_entry = NULL;
 	    entry = NULL;
 	}
     }
     if (!entry) {
-	if (acl->def->require_auth) {
-	    int ti;
-	    /* Make sure the user is authenticated */
-	    if ((ti = aclAuthenticated(ch)) != 1) {
-		debug(82, 2) ("aclMatchExternal: %s user not authenticated (%d)\n", acl->def->name, ti);
-		return ti;
-	    }
-	}
-	key = makeExternalAclKey(ch, acl);
 	entry = hash_lookup(acl->def->cache, key);
 	if (entry && external_acl_entry_expired(acl->def, entry)) {
 	    /* Expired entry, ignore */
 	    debug(82, 2) ("external_acl_cache_lookup: '%s' = expired\n", key);
 	    entry = NULL;
 	}
-	ch->auth_user_request = NULL;
     }
-    if (!entry) {
+    if (!entry || entry->result == -1) {
 	debug(82, 2) ("aclMatchExternal: %s(\"%s\") = lookup needed\n", acl->def->name, key);
-	ch->state[ACL_EXTERNAL] = ACL_LOOKUP_NEEDED;
-	return 0;
+	if (acl->def->helper->stats.queue_size >= acl->def->helper->n_running)
+	    debug(82, 1) ("aclMatchExternal: '%s' queue overload. Request rejected.\n", acl->def->name);
+	else
+	    ch->state[ACL_EXTERNAL] = ACL_LOOKUP_NEEDED;
+	return -1;
     }
     external_acl_cache_touch(acl->def, entry);
     result = entry->result;
@@ -684,7 +690,7 @@ externalAclHandleReply(void *data, char 
     char *t;
     char *user = NULL;
     char *error = NULL;
-    external_acl_entry *entry;
+    external_acl_entry *entry = NULL;
 
     debug(82, 2) ("externalAclHandleReply: reply=\"%s\"\n", reply);
 
@@ -709,13 +715,11 @@ externalAclHandleReply(void *data, char 
 	if (reply)
 	    entry = external_acl_cache_add(state->def, state->key, result, user, error);
 	else {
-	    entry = hash_lookup(state->def->cache, state->key);
-	    if (entry)
-		external_acl_cache_delete(state->def, entry);
+	    external_acl_entry *oldentry = hash_lookup(state->def->cache, state->key);
+	    if (oldentry)
+		external_acl_cache_delete(state->def, oldentry);
 	}
-    } else
-	entry = NULL;
-
+    }
     do {
 	cbdataUnlock(state->def);
 	state->def = NULL;
diff -rupN squid-2.5.STABLE2/src/ftp.c squid-2.5.STABLE3/src/ftp.c
--- squid-2.5.STABLE2/src/ftp.c	Sat Feb  1 06:30:04 2003
+++ squid-2.5.STABLE3/src/ftp.c	Sun May 11 11:30:13 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ftp.c,v 1.316.2.8 2003/02/01 13:30:04 hno Exp $
+ * $Id: ftp.c,v 1.316.2.9 2003/05/11 17:30:13 hno Exp $
  *
  * DEBUG: section 9     File Transfer Protocol (FTP)
  * AUTHOR: Harvest Derived
@@ -2239,7 +2239,7 @@ ftpReadTransferDone(FtpStateData * ftpSt
 
 /* This will be called when there is data available to put */
 static void
-ftpRequestBody(char *buf, size_t size, void *data)
+ftpRequestBody(char *buf, ssize_t size, void *data)
 {
     FtpStateData *ftpState = (FtpStateData *) data;
     debug(9, 3) ("ftpRequestBody: buf=%p size=%d ftpState=%p\n", buf, (int) size, data);
@@ -2249,7 +2249,7 @@ ftpRequestBody(char *buf, size_t size, v
 	comm_write(ftpState->data.fd, buf, size, ftpDataWriteCallback, data, NULL);
     } else if (size < 0) {
 	/* Error */
-	debug(9, 1) ("ftpRequestBody: request aborted");
+	debug(9, 1) ("ftpRequestBody: request aborted\n");
 	ftpFailed(ftpState, ERR_READ_ERROR);
     } else if (size == 0) {
 	/* End of transfer */
diff -rupN squid-2.5.STABLE2/src/htcp.c squid-2.5.STABLE3/src/htcp.c
--- squid-2.5.STABLE2/src/htcp.c	Thu Jan  2 16:24:58 2003
+++ squid-2.5.STABLE3/src/htcp.c	Sun May 11 11:30:13 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: htcp.c,v 1.38.2.2 2003/01/02 23:24:58 wessels Exp $
+ * $Id: htcp.c,v 1.38.2.3 2003/05/11 17:30:13 hno Exp $
  *
  * DEBUG: section 31    Hypertext Caching Protocol
  * AUTHOR: Duane Wesssels
@@ -362,7 +362,7 @@ static char *
 htcpBuildPacket(htcpStuff * stuff, ssize_t * len)
 {
     size_t buflen = 8192;
-    size_t s;
+    ssize_t s;
     ssize_t off = 0;
     size_t hdr_sz = sizeof(htcpHeader);
     htcpHeader hdr;
diff -rupN squid-2.5.STABLE2/src/http.c squid-2.5.STABLE3/src/http.c
--- squid-2.5.STABLE2/src/http.c	Sat Sep  7 16:52:10 2002
+++ squid-2.5.STABLE3/src/http.c	Sun May 11 11:30:13 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: http.c,v 1.384.2.3 2002/09/07 22:52:10 hno Exp $
+ * $Id: http.c,v 1.384.2.4 2003/05/11 17:30:13 hno Exp $
  *
  * DEBUG: section 11    Hypertext Transfer Protocol (HTTP)
  * AUTHOR: Harvest Derived
@@ -1079,7 +1079,7 @@ httpSendRequestEntryDone(int fd, void *d
 }
 
 static void
-httpRequestBodyHandler(char *buf, size_t size, void *data)
+httpRequestBodyHandler(char *buf, ssize_t size, void *data)
 {
     HttpStateData *httpState = (HttpStateData *) data;
     if (size > 0) {
diff -rupN squid-2.5.STABLE2/src/main.c squid-2.5.STABLE3/src/main.c
--- squid-2.5.STABLE2/src/main.c	Wed Jan 29 15:33:49 2003
+++ squid-2.5.STABLE3/src/main.c	Mon May  5 18:24:14 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: main.c,v 1.345.2.8 2003/01/29 22:33:49 hno Exp $
+ * $Id: main.c,v 1.345.2.10 2003/05/06 00:24:14 hno Exp $
  *
  * DEBUG: section 1     Startup and Main Loop
  * AUTHOR: Harvest Derived
@@ -352,6 +352,10 @@ mainReconfigure(void)
     authenticateShutdown();
     externalAclShutdown();
     storeDirCloseSwapLogs();
+    storeLogClose();
+    accessLogClose();
+    useragentLogClose();
+    refererCloseLog();
     errorClean();
     enter_suid();		/* root to read config file */
     parseConfigFile(ConfigFile);
@@ -362,6 +366,10 @@ mainReconfigure(void)
     fqdncache_restart();	/* sigh, fqdncache too */
     parseEtcHosts();
     errorInitialize();		/* reload error pages */
+    accessLogInit();
+    storeLogOpen();
+    useragentOpenLog();
+    refererOpenLog();
 #if USE_DNSSERVERS
     dnsInit();
 #else
@@ -726,13 +734,6 @@ main(int argc, char **argv)
 	    do_shutdown = 0;
 	    shutting_down = 1;
 	    serverConnectionsClose();
-#if USE_DNSSERVERS
-	    dnsShutdown();
-#else
-	    idnsShutdown();
-#endif
-	    redirectShutdown();
-	    externalAclShutdown();
 	    eventAdd("SquidShutdown", SquidShutdown, NULL, (double) (wait + 1), 1);
 	}
 	eventRun();
@@ -950,6 +951,13 @@ static void
 SquidShutdown(void *unused)
 {
     debug(1, 1) ("Shutting down...\n");
+#if USE_DNSSERVERS
+    dnsShutdown();
+#else
+    idnsShutdown();
+#endif
+    redirectShutdown();
+    externalAclShutdown();
     icpConnectionClose();
 #if USE_HTCP
     htcpSocketClose();
diff -rupN squid-2.5.STABLE2/src/mib.txt squid-2.5.STABLE3/src/mib.txt
--- squid-2.5.STABLE2/src/mib.txt	Wed Feb 12 11:52:44 2003
+++ squid-2.5.STABLE3/src/mib.txt	Fri May  2 03:48:42 2003
@@ -2,7 +2,7 @@
 
 SQUID-MIB DEFINITIONS ::= BEGIN
 --
--- $Id: mib.txt,v 1.25.4.1 2003/02/12 18:52:44 hno Exp $
+-- $Id: mib.txt,v 1.25.4.2 2003/05/02 09:48:42 hno Exp $
 --
 
 IMPORTS
@@ -212,7 +212,7 @@ squid MODULE-IDENTITY
         ::= { cacheSysPerf 6 }
 
 	cacheNumObjCount OBJECT-TYPE
-                SYNTAX Counter32
+                SYNTAX Gauge32
 		MAX-ACCESS read-only
                 STATUS  current
                 DESCRIPTION
@@ -228,7 +228,7 @@ squid MODULE-IDENTITY
         ::= { cacheSysPerf 8 }
 
         cacheCurrentUnlinkRequests OBJECT-TYPE
-                SYNTAX Counter32
+                SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
 		DESCRIPTION
@@ -366,7 +366,7 @@ squid MODULE-IDENTITY
         ::= { cacheProtoAggregateStats 13 }
 
 	cacheCurrentSwapSize OBJECT-TYPE
-                SYNTAX Counter32
+                SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
 		DESCRIPTION
@@ -374,7 +374,7 @@ squid MODULE-IDENTITY
         ::= { cacheProtoAggregateStats 14 }
 
        cacheClients OBJECT-TYPE
-                SYNTAX Counter32
+                SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
 		DESCRIPTION
diff -rupN squid-2.5.STABLE2/src/protos.h squid-2.5.STABLE3/src/protos.h
--- squid-2.5.STABLE2/src/protos.h	Thu Jan  2 16:10:46 2003
+++ squid-2.5.STABLE3/src/protos.h	Tue May  6 14:13:02 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: protos.h,v 1.420.2.17 2003/01/02 23:10:46 wessels Exp $
+ * $Id: protos.h,v 1.420.2.18 2003/05/06 20:13:02 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -509,7 +509,6 @@ extern time_t httpReplyExpires(const Htt
 extern int httpReplyHasCc(const HttpReply * rep, http_hdr_cc_type type);
 extern void httpRedirectReply(HttpReply *, http_status, const char *);
 extern int httpReplyBodySize(method_t, HttpReply *);
-extern void httpReplyBodyBuildSize(request_t *, HttpReply *, dlink_list *);
 
 /* Http Request */
 extern request_t *requestCreate(method_t, protocol_t, const char *urlpath);
diff -rupN squid-2.5.STABLE2/src/snmp_agent.c squid-2.5.STABLE3/src/snmp_agent.c
--- squid-2.5.STABLE2/src/snmp_agent.c	Wed Oct 24 00:16:17 2001
+++ squid-2.5.STABLE3/src/snmp_agent.c	Fri May  2 03:48:43 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: snmp_agent.c,v 1.83 2001/10/24 06:16:17 hno Exp $
+ * $Id: snmp_agent.c,v 1.83.2.1 2003/05/02 09:48:43 hno Exp $
  *
  * DEBUG: section 49     SNMP Interface
  * AUTHOR: Kostas Anagnostakis
@@ -285,7 +285,7 @@ snmp_prfSysFn(variable_list * Var, snint
     case PERF_SYS_CURUNLREQ:
 	Answer = snmp_var_new_integer(Var->name, Var->name_length,
 	    (snint) statCounter.unlink.requests,
-	    SMI_COUNTER32);
+	    SMI_GAUGE32);
 	break;
     case PERF_SYS_CURUNUSED_FD:
 	Answer = snmp_var_new_integer(Var->name, Var->name_length,
@@ -300,7 +300,7 @@ snmp_prfSysFn(variable_list * Var, snint
     case PERF_SYS_NUMOBJCNT:
 	Answer = snmp_var_new_integer(Var->name, Var->name_length,
 	    (snint) memInUse(MEM_STOREENTRY),
-	    SMI_COUNTER32);
+	    SMI_GAUGE32);
 	break;
     default:
 	*ErrP = SNMP_ERR_NOSUCHNAME;
@@ -390,12 +390,12 @@ snmp_prfProtoFn(variable_list * Var, sni
 	case PERF_PROTOSTAT_AGGR_CURSWAP:
 	    Answer = snmp_var_new_integer(Var->name, Var->name_length,
 		(snint) store_swap_size,
-		SMI_COUNTER32);
+		SMI_GAUGE32);
 	    break;
 	case PERF_PROTOSTAT_AGGR_CLIENTS:
 	    Answer = snmp_var_new_integer(Var->name, Var->name_length,
 		(snint) statCounter.client_http.clients,
-		SMI_COUNTER32);
+		SMI_GAUGE32);
 	    break;
 	default:
 	    *ErrP = SNMP_ERR_NOSUCHNAME;
diff -rupN squid-2.5.STABLE2/src/structs.h squid-2.5.STABLE3/src/structs.h
--- squid-2.5.STABLE2/src/structs.h	Mon Jan 20 17:06:39 2003
+++ squid-2.5.STABLE3/src/structs.h	Sat May 10 16:17:44 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.408.2.9 2003/01/21 00:06:39 wessels Exp $
+ * $Id: structs.h,v 1.408.2.11 2003/05/10 22:17:44 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -296,6 +296,7 @@ struct _aclCheck_t {
     PF *callback;
     void *callback_data;
     external_acl_entry *extacl_entry;
+    acl *current_acl;		/* private, used by aclCheck */
 };
 
 struct _wordlist {
@@ -959,7 +960,6 @@ struct _HttpReply {
     HttpStatusLine sline;
     HttpHeader header;
     HttpBody body;		/* for small constant memory-resident text bodies only */
-    size_t maxBodySize;
 };
 
 struct _http_state_flags {
@@ -1083,6 +1083,7 @@ struct _clientHttpRequest {
 	char *location;
     } redirect;
     dlink_node active;
+    size_t maxBodySize;
 };
 
 struct _ConnStateData {
diff -rupN squid-2.5.STABLE2/src/tools.c squid-2.5.STABLE3/src/tools.c
--- squid-2.5.STABLE2/src/tools.c	Fri Feb  7 19:31:10 2003
+++ squid-2.5.STABLE3/src/tools.c	Tue Apr 29 10:09:40 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: tools.c,v 1.213.2.5 2003/02/08 02:31:10 robertc Exp $
+ * $Id: tools.c,v 1.213.2.6 2003/04/29 16:09:40 hno Exp $
  *
  * DEBUG: section 21    Misc Functions
  * AUTHOR: Harvest Derived
@@ -205,6 +205,8 @@ rusage_maxrss(struct rusage *r)
 #elif defined(_SQUID_SGI_)
     return r->ru_maxrss;
 #elif defined(_SQUID_OSF_)
+    return r->ru_maxrss;
+#elif defined(_SQUID_AIX_)
     return r->ru_maxrss;
 #elif defined(BSD4_4)
     return r->ru_maxrss;
diff -rupN squid-2.5.STABLE2/src/typedefs.h squid-2.5.STABLE3/src/typedefs.h
--- squid-2.5.STABLE2/src/typedefs.h	Sun Jun 23 07:53:46 2002
+++ squid-2.5.STABLE3/src/typedefs.h	Sun May 11 11:30:13 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: typedefs.h,v 1.132.2.1 2002/06/23 13:53:46 hno Exp $
+ * $Id: typedefs.h,v 1.132.2.2 2003/05/11 17:30:13 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -234,7 +234,7 @@ typedef void UH(void *data, wordlist *);
 typedef int DEFER(int fd, void *data);
 typedef int READ_HANDLER(int, char *, int);
 typedef int WRITE_HANDLER(int, const char *, int);
-typedef void CBCB(char *buf, size_t size, void *data);
+typedef void CBCB(char *buf, ssize_t size, void *data);
 
 typedef void STIOCB(void *their_data, int errflag, storeIOState *);
 typedef void STFNCB(void *their_data, int errflag, storeIOState *);