diff -ruN squid-2.6.STABLE16/ChangeLog squid-2.6.STABLE17/ChangeLog
--- squid-2.6.STABLE16/ChangeLog	Wed Sep  5 16:06:14 2007
+++ squid-2.6.STABLE17/ChangeLog	Mon Nov 26 06:36:10 2007
@@ -1,3 +1,42 @@
+Changes to squid-2.6.STABLE17 (26 Nov 2007)
+
+	- Fix compile error with old GCC 2.x or other ANSI-C compilers before
+	  C99
+	- Mention the login= cache_peer option in release notes
+	- Fix bad cache_peer example in squid.conf
+	- Bug #2086: Fix a compile-time memory corruption error causing cf_gen
+	  to fail
+	- Bug #2048: Clarify high_memory_warning usage
+	- Reject DNS responses which result in no data
+	- Fix version number in configuration manual
+	- Move cache and request/reply_header_max_size to their proper
+	  sections
+	- Bug #2088: sbrk statistics broken when process size >2GB
+	- Move logopen() much earlier to have fatal startup errors sent to the
+	  proper syslog facility
+	- Fix HTTP/0.9 responses
+	- Correct bad example config for tos_outgoing_tos
+	- Fix grammar in description of mail_program squid.conf option
+	- Ignore Content-Length in chunked responses instead of rejecting the
+	  response as invalid
+	- Documented that http_port no longer have a default
+	- Cleanup of cache digest documentation
+	- Make aufs store rebuilding back off a little if I/O load too high
+	- Bug #2100: Respect DNS ttl=0
+	- Update udp_(incoming|outgoing)_address documentation to reflect
+	  current bahaviour.
+	- Update HTCP documentation
+	- Document the overlapping helper request format
+	- Change priority of proxy auth and extacl provided username in
+	  login=*:pass
+	- pack header entries on cache updates
+	- Make squid_db_auth reopen the database connection on each query by
+	  default
+	- Improve helper debug ouput, including the channel number
+	- Update cachePeerEntry MIB description to mention what is used as
+	  index key
+	- Import squid_radius_auth for authenticating to RADIUS
+
 Changes to squid-2.6.STABLE16 (5 Sep 2007)
 
 	- Test for sys/capability.h linux include file to avoid failing on
diff -ruN squid-2.6.STABLE16/RELEASENOTES.html squid-2.6.STABLE17/RELEASENOTES.html
--- squid-2.6.STABLE16/RELEASENOTES.html	Wed Sep  5 16:26:15 2007
+++ squid-2.6.STABLE17/RELEASENOTES.html	Mon Nov 26 06:40:06 2007
@@ -2,12 +2,12 @@
 <HTML>
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
- <TITLE>Squid 2.6.STABLE16 release notes</TITLE>
+ <TITLE>Squid 2.6.STABLE17 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 2.6.STABLE16 release notes</H1>
+<H1>Squid 2.6.STABLE17 release notes</H1>
 
-<H2>Squid Developers</H2>$Id: release-2.6.html,v 1.44.2.13 2007/09/05 22:25:23 hno Exp $
+<H2>Squid Developers</H2>$Id: release-2.6.html,v 1.44.2.15 2007/11/26 13:34:35 hno Exp $
 <HR>
 <EM>This document contains the release notes for version 2.6 of Squid.
 Squid is a WWW Cache application developed by the Web Caching community.</EM>
@@ -75,6 +75,9 @@
 <P>
 <H2><A NAME="toc21">21.</A> <A HREF="#s21">Key changes squid-2.6.STABLE15 to 2.6.STABLE16</A></H2>
 
+<P>
+<H2><A NAME="toc22">22.</A> <A HREF="#s22">Key changes squid-2.6.STABLE16 to 2.6.STABLE17</A></H2>
+
 
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Key changes from squid 2.5</A></H2>
@@ -153,7 +156,7 @@
 
 <P>
 <DL>
-<DT><B>http_port</B><DD><P>Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual.</P>
+<DT><B>http_port</B><DD><P>Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual. Also there is no longer a default port and you must include a http_port directive in your squid.conf if you want Squid to listen for http requests.</P>
 <DT><B>httpd_accel_* for transparent proxy</B><DD><P>Now implemented by the "transparent" http_port option</P>
 <DT><B>httpd_accel_* for accelerator mode</B><DD><P>Now implemented by other options and the http_port accel option. See individual directives below.</P>
 <DT><B>httpd_accel_host</B><DD><P>Replaced by defaultsite http_port option and cache_peer originserver option.</P>
@@ -207,6 +210,7 @@
 <DT><B>check_hostnames</B><DD><P>Control if Squid should check the sanity of host names before trying to look them up in DNS</P>
 <DT><B>allow_underscores</B><DD><P>Control if _ is to be considered a valid character in hostnames or not</P>
 <DT><B>cache_peer carp-load-factor</B><DD><P>Option removed. CARP now uses the weight parameter instead.</P>
+<DT><B>cache_peer login=</B><DD><P>Controls how Squid forwards login information to peer caches and servers.</P>
 </DL>
 </P>
 
@@ -737,6 +741,21 @@
 linux systems missing libcap</LI>
 <LI>More squid.conf reordering to get the dependencies between options
 sorted proper</LI>
+<LI>See also the list of 
+<A HREF="http://www.squid-cache.org/Versions/v2/2.6/changesets/SQUID_2_6_STABLE16.html">squid-2.6.STABLE16 changes</A> and the 
+<A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
+</UL>
+</P>
+
+<H2><A NAME="s22">22.</A> <A HREF="#toc22">Key changes squid-2.6.STABLE16 to 2.6.STABLE17</A></H2>
+
+<P>
+<UL>
+<LI>A temporary memory leak fixed on cache updates</LI>
+<LI>New squid_radius_auth RADIUS authentication helper</LI>
+<LI>Documentation cleanups</LI>
+<LI>Code cleanups and portability fixes</LI>
+<LI>Several minor bugfixes</LI>
 <LI>See also the list of 
 <A HREF="http://www.squid-cache.org/Versions/v2/2.6/changesets/SQUID_2_6_STABLE16.html">squid-2.6.STABLE16 changes</A> and the 
 <A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
diff -ruN squid-2.6.STABLE16/configure squid-2.6.STABLE17/configure
--- squid-2.6.STABLE16/configure	Wed Sep  5 16:25:42 2007
+++ squid-2.6.STABLE17/configure	Mon Nov 26 06:39:31 2007
@@ -1,7 +1,7 @@
 #! /bin/sh
-# From configure.in Revision: 1.416.2.20 .
+# From configure.in Revision: 1.416.2.22 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for Squid Web Proxy 2.6.STABLE16.
+# Generated by GNU Autoconf 2.61 for Squid Web Proxy 2.6.STABLE17.
 #
 # Report bugs to <http://www.squid-cache.org/bugs/>.
 #
@@ -575,8 +575,8 @@
 # Identity of this package.
 PACKAGE_NAME='Squid Web Proxy'
 PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='2.6.STABLE16'
-PACKAGE_STRING='Squid Web Proxy 2.6.STABLE16'
+PACKAGE_VERSION='2.6.STABLE17'
+PACKAGE_STRING='Squid Web Proxy 2.6.STABLE17'
 PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/'
 
 ac_default_prefix=/usr/local/squid
@@ -1314,7 +1314,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Squid Web Proxy 2.6.STABLE16 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 2.6.STABLE17 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1384,7 +1384,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Squid Web Proxy 2.6.STABLE16:";;
+     short | recursive ) echo "Configuration of Squid Web Proxy 2.6.STABLE17:";;
    esac
   cat <<\_ACEOF
 
@@ -1662,7 +1662,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Squid Web Proxy configure 2.6.STABLE16
+Squid Web Proxy configure 2.6.STABLE17
 generated by GNU Autoconf 2.61
 
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1676,7 +1676,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Squid Web Proxy $as_me 2.6.STABLE16, which was
+It was created by Squid Web Proxy $as_me 2.6.STABLE17, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
 
   $ $0 $@
@@ -2349,7 +2349,7 @@
 
 # Define the identity of the package.
  PACKAGE='squid'
- VERSION='2.6.STABLE16'
+ VERSION='2.6.STABLE17'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -26605,7 +26605,7 @@
 
 
 
-ac_config_files="$ac_config_files Makefile lib/Makefile scripts/Makefile scripts/RunCache src/Makefile src/fs/Makefile src/repl/Makefile src/auth/Makefile contrib/Makefile snmplib/Makefile icons/Makefile errors/Makefile doc/Makefile helpers/Makefile helpers/basic_auth/Makefile helpers/basic_auth/LDAP/Makefile helpers/basic_auth/MSNT/Makefile helpers/basic_auth/NCSA/Makefile helpers/basic_auth/PAM/Makefile helpers/basic_auth/SMB/Makefile helpers/basic_auth/YP/Makefile helpers/basic_auth/getpwnam/Makefile helpers/basic_auth/mswin_sspi/Makefile helpers/basic_auth/multi-domain-NTLM/Makefile helpers/basic_auth/SASL/Makefile helpers/basic_auth/POP3/Makefile helpers/basic_auth/DB/Makefile helpers/digest_auth/Makefile helpers/digest_auth/password/Makefile helpers/digest_auth/ldap/Makefile helpers/digest_auth/eDirectory/Makefile helpers/ntlm_auth/Makefile helpers/ntlm_auth/fakeauth/Makefile helpers/ntlm_auth/mswin_sspi/Makefile helpers/ntlm_auth/no_check/Makefile helpers/ntlm_auth/SMB/Makefile helpers/ntlm_auth/SMB/smbval/Makefile helpers/negotiate_auth/Makefile helpers/negotiate_auth/mswin_sspi/Makefile helpers/negotiate_auth/squid_kerb_auth/Makefile helpers/external_acl/Makefile helpers/external_acl/ip_user/Makefile helpers/external_acl/ldap_group/Makefile helpers/external_acl/mswin_lm_group/Makefile helpers/external_acl/session/Makefile helpers/external_acl/unix_group/Makefile helpers/external_acl/wbinfo_group/Makefile tools/Makefile"
+ac_config_files="$ac_config_files Makefile lib/Makefile scripts/Makefile scripts/RunCache src/Makefile src/fs/Makefile src/repl/Makefile src/auth/Makefile contrib/Makefile snmplib/Makefile icons/Makefile errors/Makefile doc/Makefile helpers/Makefile helpers/basic_auth/Makefile helpers/basic_auth/LDAP/Makefile helpers/basic_auth/MSNT/Makefile helpers/basic_auth/NCSA/Makefile helpers/basic_auth/PAM/Makefile helpers/basic_auth/SMB/Makefile helpers/basic_auth/YP/Makefile helpers/basic_auth/getpwnam/Makefile helpers/basic_auth/mswin_sspi/Makefile helpers/basic_auth/multi-domain-NTLM/Makefile helpers/basic_auth/SASL/Makefile helpers/basic_auth/POP3/Makefile helpers/basic_auth/DB/Makefile helpers/basic_auth/squid_radius_auth/Makefile helpers/digest_auth/Makefile helpers/digest_auth/password/Makefile helpers/digest_auth/ldap/Makefile helpers/digest_auth/eDirectory/Makefile helpers/ntlm_auth/Makefile helpers/ntlm_auth/fakeauth/Makefile helpers/ntlm_auth/mswin_sspi/Makefile helpers/ntlm_auth/no_check/Makefile helpers/ntlm_auth/SMB/Makefile helpers/ntlm_auth/SMB/smbval/Makefile helpers/negotiate_auth/Makefile helpers/negotiate_auth/mswin_sspi/Makefile helpers/negotiate_auth/squid_kerb_auth/Makefile helpers/external_acl/Makefile helpers/external_acl/ip_user/Makefile helpers/external_acl/ldap_group/Makefile helpers/external_acl/mswin_lm_group/Makefile helpers/external_acl/session/Makefile helpers/external_acl/unix_group/Makefile helpers/external_acl/wbinfo_group/Makefile tools/Makefile"
 
 cat >confcache <<\_ACEOF
 # This file is a shell script that caches the results of configure
@@ -27276,7 +27276,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Squid Web Proxy $as_me 2.6.STABLE16, which was
+This file was extended by Squid Web Proxy $as_me 2.6.STABLE17, which was
 generated by GNU Autoconf 2.61.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -27329,7 +27329,7 @@
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF
 ac_cs_version="\\
-Squid Web Proxy config.status 2.6.STABLE16
+Squid Web Proxy config.status 2.6.STABLE17
 configured by $0, generated by GNU Autoconf 2.61,
   with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
 
@@ -27471,6 +27471,7 @@
     "helpers/basic_auth/SASL/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/basic_auth/SASL/Makefile" ;;
     "helpers/basic_auth/POP3/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/basic_auth/POP3/Makefile" ;;
     "helpers/basic_auth/DB/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/basic_auth/DB/Makefile" ;;
+    "helpers/basic_auth/squid_radius_auth/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/basic_auth/squid_radius_auth/Makefile" ;;
     "helpers/digest_auth/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/digest_auth/Makefile" ;;
     "helpers/digest_auth/password/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/digest_auth/password/Makefile" ;;
     "helpers/digest_auth/ldap/Makefile") CONFIG_FILES="$CONFIG_FILES helpers/digest_auth/ldap/Makefile" ;;
diff -ruN squid-2.6.STABLE16/configure.in squid-2.6.STABLE17/configure.in
--- squid-2.6.STABLE16/configure.in	Wed Sep  5 16:25:42 2007
+++ squid-2.6.STABLE17/configure.in	Mon Nov 26 06:39:31 2007
@@ -1,16 +1,16 @@
 dnl
 dnl  Configuration input file for Squid
 dnl
-dnl  $Id: configure.in,v 1.416.2.20 2007/09/05 22:06:14 hno Exp $
+dnl  $Id: configure.in,v 1.416.2.22 2007/11/26 13:34:35 hno Exp $
 dnl
 dnl
 dnl
-AC_INIT(Squid Web Proxy, 2.6.STABLE16, http://www.squid-cache.org/bugs/, squid)
+AC_INIT(Squid Web Proxy, 2.6.STABLE17, http://www.squid-cache.org/bugs/, squid)
 AC_PREREQ(2.52)
 AM_CONFIG_HEADER(include/autoconf.h)
 AC_CONFIG_AUX_DIR(cfgaux)
 AM_INIT_AUTOMAKE
-AC_REVISION($Revision: 1.416.2.20 $)dnl
+AC_REVISION($Revision: 1.416.2.22 $)dnl
 AC_PREFIX_DEFAULT(/usr/local/squid)
 AM_MAINTAINER_MODE
 
@@ -3193,6 +3193,7 @@
 	helpers/basic_auth/SASL/Makefile \
 	helpers/basic_auth/POP3/Makefile \
 	helpers/basic_auth/DB/Makefile \
+	helpers/basic_auth/squid_radius_auth/Makefile \
 	helpers/digest_auth/Makefile \
 	helpers/digest_auth/password/Makefile \
 	helpers/digest_auth/ldap/Makefile \
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/DB/squid_db_auth.in squid-2.6.STABLE17/helpers/basic_auth/DB/squid_db_auth.in
--- squid-2.6.STABLE16/helpers/basic_auth/DB/squid_db_auth.in	Fri Aug 31 07:47:03 2007
+++ squid-2.6.STABLE17/helpers/basic_auth/DB/squid_db_auth.in	Mon Nov 26 04:06:52 2007
@@ -21,6 +21,7 @@
 my $db_passwdcol = "password";
 my $db_cond = "enabled = 1";
 my $plaintext = 0;
+my $persist = 0;
 
 =pod
 
@@ -66,6 +67,10 @@
 
 Database contains plain-text passwords
 
+=item	B<--persist>
+
+Keep a persistent database connection open between queries. 
+
 =back
 
 =cut
@@ -79,13 +84,30 @@
 	'passwdcol=s' => \$db_passwdcol,
 	'cond=s' => \$db_cond,
 	'plaintext' => \$plaintext,
+	'persist' => \$persist,
 	);
 
-my $dbh = DBI->connect($dsn, $db_user, $db_passwd) || die ("Could not connect to $dsn\n");
+my ($_dbh, $_sth);
 
-my ($sth) = $dbh->prepare("SELECT $db_passwdcol FROM $db_table WHERE $db_usercol = ?" . ($db_cond ne "" ? " AND $db_cond" : "")) || die;
+sub close_db()
+{
+    return if !defined($_dbh);
+    $_dbh->disconnect();
+    undef $_dbh;
+    undef $_sth;
+}
 
-my $status;
+sub open_db()
+{
+    return $_sth if defined $_sth;
+    $_dbh = DBI->connect($dsn, $db_user, $db_passwd);
+    if (!defined $_dbh) {
+    	warn ("Could not connect to $dsn\n");
+	return undef;
+    }
+    $_sth = $_dbh->prepare("SELECT $db_passwdcol FROM $db_table WHERE $db_usercol = ?" . ($db_cond ne "" ? " AND $db_cond" : "")) || die;
+    return $_sth;
+}
 
 sub check_password($$)
 {
@@ -97,20 +119,34 @@
 
     return 0;
 }
+
+sub query_db($) {
+    my ($user) = @_;
+    my ($sth) = open_db() || return undef;
+    if (!$sth->execute($user)) {
+	close_db();
+	open_db() || return undef;
+	$sth->execute($user) || return undef;;
+    }
+    return $sth;
+}
+my $status;
+
 while (<>) {
     my ($user, $password) = split;
     $status = "ERR";
     $user =~ s/%(..)/pack("H*", $1)/ge;
     $password =~ s/%(..)/pack("H*", $1)/ge;
 
-    $status = "ERR internal error";
-    $sth->execute($user) || next;
+    $status = "ERR database error";
+    my $sth = query_db($user) || next;
     $status = "ERR unknown login";
-    my ($row) = $sth->fetchrow_arrayref() || next;
+    my $row = $sth->fetchrow_arrayref() || next;
     $status = "ERR login failure";
     next if (!check_password($password, @$row[0]));
     $status = "OK";
 } continue {
+    close_db() if (!$persist);
     print $status . "\n";
 }
 
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/Makefile.am squid-2.6.STABLE17/helpers/basic_auth/Makefile.am
--- squid-2.6.STABLE16/helpers/basic_auth/Makefile.am	Mon Jun 25 17:37:09 2007
+++ squid-2.6.STABLE17/helpers/basic_auth/Makefile.am	Mon Nov 26 04:18:47 2007
@@ -1,7 +1,7 @@
 #  Makefile for storage modules in the Squid Object Cache server
 #
-#  $Id: Makefile.am,v 1.6.2.2 2007/06/25 23:37:09 hno Exp $
+#  $Id: Makefile.am,v 1.6.2.3 2007/11/26 11:18:47 adrian Exp $
 #
 
-DIST_SUBDIRS	= getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi POP3 DB
+DIST_SUBDIRS	= getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi POP3 DB squid_radius_auth
 SUBDIRS		= @BASIC_AUTH_HELPERS@
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/Makefile.in squid-2.6.STABLE17/helpers/basic_auth/Makefile.in
--- squid-2.6.STABLE16/helpers/basic_auth/Makefile.in	Sun Aug 12 06:40:47 2007
+++ squid-2.6.STABLE17/helpers/basic_auth/Makefile.in	Mon Nov 26 04:23:17 2007
@@ -16,7 +16,7 @@
 
 #  Makefile for storage modules in the Squid Object Cache server
 #
-#  $Id: Makefile.in,v 1.39.2.4 2007/08/12 12:40:47 hno Exp $
+#  $Id: Makefile.in,v 1.39.2.5 2007/11/26 11:23:17 hno Exp $
 #
 srcdir = @srcdir@
 top_srcdir = @top_srcdir@
@@ -246,7 +246,7 @@
 sharedstatedir = @sharedstatedir@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
-DIST_SUBDIRS = getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi POP3 DB
+DIST_SUBDIRS = getpwnam LDAP MSNT multi-domain-NTLM NCSA PAM SMB YP SASL mswin_sspi POP3 DB squid_radius_auth
 SUBDIRS = @BASIC_AUTH_HELPERS@
 all: all-recursive
 
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/Makefile.am squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/Makefile.am
--- squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/Makefile.am	Wed Dec 31 17:00:00 1969
+++ squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/Makefile.am	Mon Nov 26 04:18:47 2007
@@ -0,0 +1,18 @@
+#
+#  Makefile for the Squid LDAP authentication helper
+#
+#  $Id: Makefile.am,v 1.2.2.1 2007/11/26 11:18:47 adrian Exp $
+#
+#  Uncomment and customize the following to suit your needs:
+#
+
+libexec_PROGRAMS 	= squid_radius_auth
+man_MANS 		= squid_radius_auth.8
+EXTRA_DIST		= squid_radius_auth.8
+squid_radius_auth_SOURCES = \
+			squid_rad_auth.c \
+			radius.h \
+			util.c util.h
+
+LDADD			= -L$(top_builddir)/lib -lmiscutil $(SSLLIB) $(XTRA_LIBS)
+INCLUDES		= -I$(top_srcdir)/include
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/Makefile.in squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/Makefile.in
--- squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/Makefile.in	Wed Dec 31 17:00:00 1969
+++ squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/Makefile.in	Mon Nov 26 04:23:19 2007
@@ -0,0 +1,577 @@
+# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005  Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+#  Makefile for the Squid LDAP authentication helper
+#
+#  $Id: Makefile.in,v 1.6.2.2 2007/11/26 11:23:19 hno Exp $
+#
+#  Uncomment and customize the following to suit your needs:
+#
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+top_builddir = ../../..
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+INSTALL = @INSTALL@
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+libexec_PROGRAMS = squid_radius_auth$(EXEEXT)
+subdir = helpers/basic_auth/squid_radius_auth
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
+	$(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/include/autoconf.h
+CONFIG_CLEAN_FILES =
+am__installdirs = "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"
+libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
+PROGRAMS = $(libexec_PROGRAMS)
+am_squid_radius_auth_OBJECTS = squid_rad_auth.$(OBJEXT) util.$(OBJEXT)
+squid_radius_auth_OBJECTS = $(am_squid_radius_auth_OBJECTS)
+squid_radius_auth_LDADD = $(LDADD)
+am__DEPENDENCIES_1 =
+squid_radius_auth_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)/include
+depcomp = $(SHELL) $(top_srcdir)/cfgaux/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+SOURCES = $(squid_radius_auth_SOURCES)
+DIST_SOURCES = $(squid_radius_auth_SOURCES)
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMDEP_FALSE = @AMDEP_FALSE@
+AMDEP_TRUE = @AMDEP_TRUE@
+AMTAR = @AMTAR@
+AR = @AR@
+AR_R = @AR_R@
+AUTH_LIBS = @AUTH_LIBS@
+AUTH_MODULES = @AUTH_MODULES@
+AUTH_OBJS = @AUTH_OBJS@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BASIC_AUTH_HELPERS = @BASIC_AUTH_HELPERS@
+CACHE_HTTP_PORT = @CACHE_HTTP_PORT@
+CACHE_ICP_PORT = @CACHE_ICP_PORT@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CGIEXT = @CGIEXT@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CRYPTLIB = @CRYPTLIB@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DIGEST_AUTH_HELPERS = @DIGEST_AUTH_HELPERS@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+ENABLE_HTCP_FALSE = @ENABLE_HTCP_FALSE@
+ENABLE_HTCP_TRUE = @ENABLE_HTCP_TRUE@
+ENABLE_MINGW32SPECIFIC_FALSE = @ENABLE_MINGW32SPECIFIC_FALSE@
+ENABLE_MINGW32SPECIFIC_TRUE = @ENABLE_MINGW32SPECIFIC_TRUE@
+ENABLE_PINGER_FALSE = @ENABLE_PINGER_FALSE@
+ENABLE_PINGER_TRUE = @ENABLE_PINGER_TRUE@
+ENABLE_SSL_FALSE = @ENABLE_SSL_FALSE@
+ENABLE_SSL_TRUE = @ENABLE_SSL_TRUE@
+ENABLE_UNLINKD_FALSE = @ENABLE_UNLINKD_FALSE@
+ENABLE_UNLINKD_TRUE = @ENABLE_UNLINKD_TRUE@
+ENABLE_WIN32SPECIFIC_FALSE = @ENABLE_WIN32SPECIFIC_FALSE@
+ENABLE_WIN32SPECIFIC_TRUE = @ENABLE_WIN32SPECIFIC_TRUE@
+ERR_DEFAULT_LANGUAGE = @ERR_DEFAULT_LANGUAGE@
+ERR_LANGUAGES = @ERR_LANGUAGES@
+EXEEXT = @EXEEXT@
+EXTERNAL_ACL_HELPERS = @EXTERNAL_ACL_HELPERS@
+FALSE = @FALSE@
+GREP = @GREP@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LDFLAGS = @LDFLAGS@
+LIBDLMALLOC = @LIBDLMALLOC@
+LIBOBJS = @LIBOBJS@
+LIBREGEX = @LIBREGEX@
+LIBS = @LIBS@
+LIBSASL = @LIBSASL@
+LIB_DB = @LIB_DB@
+LIB_EPOLL = @LIB_EPOLL@
+LIB_LBER = @LIB_LBER@
+LIB_LDAP = @LIB_LDAP@
+LIB_MALLOC = @LIB_MALLOC@
+LN = @LN@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAINTAINER_MODE_FALSE = @MAINTAINER_MODE_FALSE@
+MAINTAINER_MODE_TRUE = @MAINTAINER_MODE_TRUE@
+MAKEINFO = @MAKEINFO@
+MAKE_LEAKFINDER_FALSE = @MAKE_LEAKFINDER_FALSE@
+MAKE_LEAKFINDER_TRUE = @MAKE_LEAKFINDER_TRUE@
+MKDIR = @MKDIR@
+MV = @MV@
+NEED_COSSDUMP_FALSE = @NEED_COSSDUMP_FALSE@
+NEED_COSSDUMP_TRUE = @NEED_COSSDUMP_TRUE@
+NEED_DISKD_FALSE = @NEED_DISKD_FALSE@
+NEED_DISKD_TRUE = @NEED_DISKD_TRUE@
+NEED_OWN_MD5_FALSE = @NEED_OWN_MD5_FALSE@
+NEED_OWN_MD5_TRUE = @NEED_OWN_MD5_TRUE@
+NEED_OWN_SNPRINTF_FALSE = @NEED_OWN_SNPRINTF_FALSE@
+NEED_OWN_SNPRINTF_TRUE = @NEED_OWN_SNPRINTF_TRUE@
+NEED_OWN_STRSEP_FALSE = @NEED_OWN_STRSEP_FALSE@
+NEED_OWN_STRSEP_TRUE = @NEED_OWN_STRSEP_TRUE@
+NEGOTIATE_AUTH_HELPERS = @NEGOTIATE_AUTH_HELPERS@
+NTLM_AUTH_HELPERS = @NTLM_AUTH_HELPERS@
+OBJEXT = @OBJEXT@
+OPT_DEFAULT_HOSTS = @OPT_DEFAULT_HOSTS@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKGCONFIG = @PKGCONFIG@
+RANLIB = @RANLIB@
+REGEXLIB = @REGEXLIB@
+REPL_LIBS = @REPL_LIBS@
+REPL_OBJS = @REPL_OBJS@
+REPL_POLICIES = @REPL_POLICIES@
+RM = @RM@
+SET_MAKE = @SET_MAKE@
+SH = @SH@
+SHELL = @SHELL@
+SNMPLIB = @SNMPLIB@
+SSLLIB = @SSLLIB@
+STORE_LIBS = @STORE_LIBS@
+STORE_MODULES = @STORE_MODULES@
+STORE_OBJS = @STORE_OBJS@
+STRIP = @STRIP@
+TRUE = @TRUE@
+USE_AIOPS_WIN32_FALSE = @USE_AIOPS_WIN32_FALSE@
+USE_AIOPS_WIN32_TRUE = @USE_AIOPS_WIN32_TRUE@
+USE_DELAY_POOLS_FALSE = @USE_DELAY_POOLS_FALSE@
+USE_DELAY_POOLS_TRUE = @USE_DELAY_POOLS_TRUE@
+USE_DEVPOLL_FALSE = @USE_DEVPOLL_FALSE@
+USE_DEVPOLL_TRUE = @USE_DEVPOLL_TRUE@
+USE_DNSSERVER_FALSE = @USE_DNSSERVER_FALSE@
+USE_DNSSERVER_TRUE = @USE_DNSSERVER_TRUE@
+USE_EPOLL_FALSE = @USE_EPOLL_FALSE@
+USE_EPOLL_TRUE = @USE_EPOLL_TRUE@
+USE_KQUEUE_FALSE = @USE_KQUEUE_FALSE@
+USE_KQUEUE_TRUE = @USE_KQUEUE_TRUE@
+USE_POLL_FALSE = @USE_POLL_FALSE@
+USE_POLL_TRUE = @USE_POLL_TRUE@
+USE_SELECT_FALSE = @USE_SELECT_FALSE@
+USE_SELECT_SIMPLE_FALSE = @USE_SELECT_SIMPLE_FALSE@
+USE_SELECT_SIMPLE_TRUE = @USE_SELECT_SIMPLE_TRUE@
+USE_SELECT_TRUE = @USE_SELECT_TRUE@
+USE_SELECT_WIN32_FALSE = @USE_SELECT_WIN32_FALSE@
+USE_SELECT_WIN32_TRUE = @USE_SELECT_WIN32_TRUE@
+USE_SNMP_FALSE = @USE_SNMP_FALSE@
+USE_SNMP_TRUE = @USE_SNMP_TRUE@
+VERSION = @VERSION@
+WIN32_PSAPI = @WIN32_PSAPI@
+XTRA_LIBS = @XTRA_LIBS@
+XTRA_OBJS = @XTRA_OBJS@
+ac_ct_CC = @ac_ct_CC@
+am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
+am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+makesnmplib = @makesnmplib@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+man_MANS = squid_radius_auth.8
+EXTRA_DIST = squid_radius_auth.8
+squid_radius_auth_SOURCES = \
+			squid_rad_auth.c \
+			radius.h \
+			util.c util.h
+
+LDADD = -L$(top_builddir)/lib -lmiscutil $(SSLLIB) $(XTRA_LIBS)
+INCLUDES = -I$(top_srcdir)/include
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign  helpers/basic_auth/squid_radius_auth/Makefile'; \
+	cd $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign  helpers/basic_auth/squid_radius_auth/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(libexecdir)" || $(mkdir_p) "$(DESTDIR)$(libexecdir)"
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  p1=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+	  if test -f $$p \
+	  ; then \
+	    f=`echo "$$p1" | sed 's,^.*/,,;$(transform);s/$$/$(EXEEXT)/'`; \
+	   echo " $(INSTALL_PROGRAM_ENV) $(libexecPROGRAMS_INSTALL) '$$p' '$(DESTDIR)$(libexecdir)/$$f'"; \
+	   $(INSTALL_PROGRAM_ENV) $(libexecPROGRAMS_INSTALL) "$$p" "$(DESTDIR)$(libexecdir)/$$f" || exit 1; \
+	  else :; fi; \
+	done
+
+uninstall-libexecPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(libexec_PROGRAMS)'; for p in $$list; do \
+	  f=`echo "$$p" | sed 's,^.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/'`; \
+	  echo " rm -f '$(DESTDIR)$(libexecdir)/$$f'"; \
+	  rm -f "$(DESTDIR)$(libexecdir)/$$f"; \
+	done
+
+clean-libexecPROGRAMS:
+	-test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS)
+squid_radius_auth$(EXEEXT): $(squid_radius_auth_OBJECTS) $(squid_radius_auth_DEPENDENCIES) 
+	@rm -f squid_radius_auth$(EXEEXT)
+	$(LINK) $(squid_radius_auth_LDFLAGS) $(squid_radius_auth_OBJECTS) $(squid_radius_auth_LDADD) $(LIBS)
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/squid_rad_auth.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/util.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c `$(CYGPATH_W) '$<'`
+uninstall-info-am:
+install-man8: $(man8_MANS) $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man8dir)" || $(mkdir_p) "$(DESTDIR)$(man8dir)"
+	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.8*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    8*) ;; \
+	    *) ext='8' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst"; \
+	done
+uninstall-man8:
+	@$(NORMAL_UNINSTALL)
+	@list='$(man8_MANS) $(dist_man8_MANS) $(nodist_man8_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.8*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    8*) ;; \
+	    *) ext='8' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f '$(DESTDIR)$(man8dir)/$$inst'"; \
+	  rm -f "$(DESTDIR)$(man8dir)/$$inst"; \
+	done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	    $$tags $$unique; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	tags=; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '    { files[$$0] = 1; } \
+	       END { for (i in files) print i; }'`; \
+	test -z "$(CTAGS_ARGS)$$tags$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$tags $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && cd $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
+	list='$(DISTFILES)'; for file in $$list; do \
+	  case $$file in \
+	    $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
+	    $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
+	  esac; \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
+	  if test "$$dir" != "$$file" && test "$$dir" != "."; then \
+	    dir="/$$dir"; \
+	    $(mkdir_p) "$(distdir)$$dir"; \
+	  else \
+	    dir=''; \
+	  fi; \
+	  if test -d $$d/$$file; then \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+	    fi; \
+	    cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+	  else \
+	    test -f $(distdir)/$$file \
+	    || cp -p $$d/$$file $(distdir)/$$file \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS) $(MANS)
+installdirs:
+	for dir in "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man8dir)"; do \
+	  test -z "$$dir" || $(mkdir_p) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libexecPROGRAMS mostlyclean-am
+
+distclean: distclean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-exec-am: install-libexecPROGRAMS
+
+install-info: install-info-am
+
+install-man: install-man8
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -rf ./$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-info-am uninstall-libexecPROGRAMS \
+	uninstall-man
+
+uninstall-man: uninstall-man8
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+	clean-libexecPROGRAMS ctags distclean distclean-compile \
+	distclean-generic distclean-tags distdir dvi dvi-am html \
+	html-am info info-am install install-am install-data \
+	install-data-am install-exec install-exec-am install-info \
+	install-info-am install-libexecPROGRAMS install-man \
+	install-man8 install-strip installcheck installcheck-am \
+	installdirs maintainer-clean maintainer-clean-generic \
+	mostlyclean mostlyclean-compile mostlyclean-generic pdf pdf-am \
+	ps ps-am tags uninstall uninstall-am uninstall-info-am \
+	uninstall-libexecPROGRAMS uninstall-man uninstall-man8
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/README squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/README
--- squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/README	Wed Dec 31 17:00:00 1969
+++ squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/README	Mon Nov 26 04:18:47 2007
@@ -0,0 +1,72 @@
+Squid_radius_auth V1.09
+
+This kit is loosely based on radtest from the Cistron-radiusd which
+again is based on Livingston sources. See COPYRIGHT for details.
+
+This authenticator is specifically made for Squid-2.5 and later.
+
+Installation:
+
+Copy the correct makefile to Makefile
+   Makefile.default = Most OS:es.
+   Makefile.solaris = SunOS5 (Solaris)
+
+cp Makefile.default Makefile   
+make clean
+make install
+
+or if you want the helper installed elsewhere than /usr/local/squid
+(the default installation path of Squid-2.5) use something like:
+
+make CONFDIR=/etc PREFIX=/usr BINDIR='${PREFIX}/libexec/squid' install
+
+Complete list of make options for tweakin the installation paths:
+
+  PREFIX   Top level installation directory (/usr/local/squid)
+  BINDIR   Where the binary is installed (PREFIX/libexec)
+  CONFDIR  Where the configuration file is installed (PREFIX/etc)
+  MANDIR   Where the manpage is installed (PREFIX/man/man8)
+  MANEXT   Manpage extension (.8)
+  DESTDIR  Root prefix for packaging
+
+
+Configuration:
+
+The RADIUS authenticator is configured using a small configuration file.
+
+The configuration file should look like this:
+# squid_rad_auth configuration file
+# MvS: 28-10-1998
+server suncone.cistron.nl
+secret testje
+
+An example can be found in etc/squid_rad_auth.conf 
+
+
+/etc/services:
+
+Modify /etc/services and add:
+radius          1812/udp
+
+Adding this is not mandatory because it used the default port 1812 anyway.
+
+Note: Some old RADIUS servers uses the unofficial port 1645, and you may
+need to override the service port used either by editing /etc/services
+or by specifying the port using the -p command line option or the port
+tag in squid_rad_auth.conf
+
+
+Test it:
+
+Start squid_rad_auth and type a username and a username. The authenticator
+returns OK if the radiusd accepted your password. In any other case you'll
+get ERR.
+
+
+Squid:
+
+Add the authenticator to squid.conf. See the instructions from squid for
+help.
+
+Marc van Selm <selm@cistron.nl>
+Henrik Nordstrom <hno@squid-cache.org>
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/radius.h squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/radius.h
--- squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/radius.h	Wed Dec 31 17:00:00 1969
+++ squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/radius.h	Mon Nov 26 04:18:47 2007
@@ -0,0 +1,196 @@
+/*
+ *
+ *	RADIUS
+ *	Remote Authentication Dial In User Service
+ *
+ *
+ *	Livingston Enterprises, Inc.
+ *	6920 Koll Center Parkway
+ *	Pleasanton, CA   94566
+ *
+ *	Copyright 1992 Livingston Enterprises, Inc.
+ *
+ *	Permission to use, copy, modify, and distribute this software for any
+ *	purpose and without fee is hereby granted, provided that this
+ *	copyright and permission notice appear on all copies and supporting
+ *	documentation, the name of Livingston Enterprises, Inc. not be used
+ *	in advertising or publicity pertaining to distribution of the
+ *	program without specific prior permission, and notice be given
+ *	in supporting documentation that copying and distribution is by
+ *	permission of Livingston Enterprises, Inc.   
+ *
+ *	Livingston Enterprises, Inc. makes no representations about
+ *	the suitability of this software for any purpose.  It is
+ *	provided "as is" without express or implied warranty.
+ *
+ */
+
+/*
+ *	@(#)radius.h	2.0  03-Aug-1996
+ */
+
+#define AUTH_VECTOR_LEN		16
+#define AUTH_PASS_LEN		16
+#define AUTH_STRING_LEN		128	/* maximum of 254 */
+
+
+typedef struct pw_auth_hdr {
+	u_char		code;
+	u_char		id;
+	u_short		length;
+	u_char		vector[AUTH_VECTOR_LEN];
+	u_char		data[2];
+} AUTH_HDR;
+
+#define AUTH_HDR_LEN			20
+#define CHAP_VALUE_LENGTH		16
+
+#define PW_AUTH_UDP_PORT		1812
+#define PW_ACCT_UDP_PORT		1813
+
+#define VENDORPEC_USR			429
+
+#define PW_TYPE_STRING			0
+#define PW_TYPE_INTEGER			1
+#define PW_TYPE_IPADDR			2
+#define PW_TYPE_DATE			3
+
+
+#define	PW_AUTHENTICATION_REQUEST	1
+#define	PW_AUTHENTICATION_ACK		2
+#define	PW_AUTHENTICATION_REJECT	3
+#define	PW_ACCOUNTING_REQUEST		4
+#define	PW_ACCOUNTING_RESPONSE		5
+#define	PW_ACCOUNTING_STATUS		6
+#define PW_PASSWORD_REQUEST		7
+#define PW_PASSWORD_ACK			8
+#define PW_PASSWORD_REJECT		9
+#define	PW_ACCOUNTING_MESSAGE		10
+#define PW_ACCESS_CHALLENGE		11
+
+#define	PW_USER_NAME			1
+#define	PW_PASSWORD			2
+#define	PW_CHAP_PASSWORD		3
+#define	PW_NAS_IP_ADDRESS		4
+#define	PW_NAS_PORT_ID			5
+#define	PW_SERVICE_TYPE			6
+#define	PW_FRAMED_PROTOCOL		7
+#define	PW_FRAMED_IP_ADDRESS		8
+#define	PW_FRAMED_IP_NETMASK		9
+#define	PW_FRAMED_ROUTING		10
+#define	PW_FILTER_ID			11
+#define	PW_FRAMED_MTU			12
+#define	PW_FRAMED_COMPRESSION		13
+#define	PW_LOGIN_IP_HOST		14
+#define	PW_LOGIN_SERVICE		15
+#define	PW_LOGIN_TCP_PORT		16
+#define PW_OLD_PASSWORD			17
+#define PW_REPLY_MESSAGE		18
+#define PW_CALLBACK_NUMBER		19
+#define PW_CALLBACK_ID			20
+#define PW_EXPIRATION			21
+#define PW_FRAMED_ROUTE			22
+#define PW_FRAMED_IPXNET		23
+#define PW_STATE			24
+#define PW_CLASS			25
+#define PW_VENDOR_SPECIFIC		26
+#define PW_SESSION_TIMEOUT		27
+#define PW_IDLE_TIMEOUT			28
+#define PW_CALLED_STATION_ID		30
+#define PW_CALLING_STATION_ID		31
+#define PW_NAS_ID			32
+#define PW_PROXY_STATE			33
+
+#define PW_ACCT_STATUS_TYPE		40
+#define PW_ACCT_DELAY_TIME		41
+#define PW_ACCT_INPUT_OCTETS		42
+#define PW_ACCT_OUTPUT_OCTETS		43
+#define PW_ACCT_SESSION_ID		44
+#define PW_ACCT_AUTHENTIC		45
+#define PW_ACCT_SESSION_TIME		46
+#define PW_ACCT_INPUT_PACKETS		47
+#define PW_ACCT_OUTPUT_PACKETS		48
+
+#define PW_CHAP_CHALLENGE		60
+#define PW_NAS_PORT_TYPE		61
+#define PW_PORT_LIMIT			62
+#define PW_CONNECT_INFO			77
+
+#define PW_HUNTGROUP_NAME		221
+#define PW_AUTHTYPE			1000
+#define PW_PREFIX			1003
+#define PW_SUFFIX			1004
+#define PW_GROUP			1005
+#define PW_CRYPT_PASSWORD		1006
+#define PW_CONNECT_RATE			1007
+#define PW_USER_CATEGORY		1029
+#define PW_GROUP_NAME			1030
+#define PW_SIMULTANEOUS_USE		1034
+#define PW_STRIP_USERNAME		1035
+#define PW_FALL_THROUGH			1036
+#define PW_ADD_PORT_TO_IP_ADDRESS	1037
+#define PW_EXEC_PROGRAM			1038
+#define PW_EXEC_PROGRAM_WAIT		1039
+#define PW_HINT				1040
+#define PAM_AUTH_ATTR			1041
+#define PW_LOGIN_TIME			1042
+
+/*
+ *	INTEGER TRANSLATIONS
+ */
+
+/*	USER TYPES	*/
+
+#define	PW_LOGIN_USER			1
+#define	PW_FRAMED_USER			2
+#define	PW_DIALBACK_LOGIN_USER		3
+#define	PW_DIALBACK_FRAMED_USER		4
+
+/*	FRAMED PROTOCOLS	*/
+
+#define	PW_PPP				1
+#define	PW_SLIP				2
+
+/*	FRAMED ROUTING VALUES	*/
+
+#define	PW_NONE				0
+#define	PW_BROADCAST			1
+#define	PW_LISTEN			2
+#define	PW_BROADCAST_LISTEN		3
+
+/*	FRAMED COMPRESSION TYPES	*/
+
+#define	PW_VAN_JACOBSEN_TCP_IP		1
+
+/*	LOGIN SERVICES	*/
+
+#define	PW_TELNET			0
+#define	PW_RLOGIN			1
+#define	PW_TCP_CLEAR			2
+#define	PW_PORTMASTER			3
+
+/*	AUTHENTICATION LEVEL	*/
+
+#define PW_AUTHTYPE_LOCAL		0
+#define PW_AUTHTYPE_SYSTEM		1
+#define PW_AUTHTYPE_SECURID		2
+#define PW_AUTHTYPE_CRYPT		3
+#define PW_AUTHTYPE_REJECT		4
+#define PW_AUTHTYPE_PAM			253
+#define PW_AUTHTYPE_ACCEPT		254
+
+/*	PORT TYPES		*/
+#define PW_NAS_PORT_ASYNC		0
+#define PW_NAS_PORT_SYNC		1
+#define PW_NAS_PORT_ISDN		2
+#define PW_NAS_PORT_ISDN_V120		3
+#define PW_NAS_PORT_ISDN_V110		4
+
+/*	STATUS TYPES	*/
+
+#define PW_STATUS_START			1
+#define PW_STATUS_STOP			2
+#define PW_STATUS_ALIVE			3
+#define PW_STATUS_ACCOUNTING_ON		7
+#define PW_STATUS_ACCOUNTING_OFF	8
+
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/squid_rad_auth.c squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/squid_rad_auth.c
--- squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/squid_rad_auth.c	Wed Dec 31 17:00:00 1969
+++ squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/squid_rad_auth.c	Mon Nov 26 04:18:47 2007
@@ -0,0 +1,575 @@
+/*
+ *      RADIUS
+ *      Remote Authentication Dial In User Service
+ *
+ *
+ *      Livingston Enterprises, Inc.
+ *      6920 Koll Center Parkway
+ *      Pleasanton, CA   94566
+ *
+ *      Copyright 1992 Livingston Enterprises, Inc.
+ *
+ *      Permission to use, copy, modify, and distribute this software for any
+ *      purpose and without fee is hereby granted, provided that this
+ *      copyright and permission notice appear on all copies and supporting
+ *      documentation, the name of Livingston Enterprises, Inc. not be used
+ *      in advertising or publicity pertaining to distribution of the
+ *      program without specific prior permission, and notice be given
+ *      in supporting documentation that copying and distribution is by
+ *      permission of Livingston Enterprises, Inc.   
+ *
+ *      Livingston Enterprises, Inc. makes no representations about
+ *      the suitability of this software for any purpose.  It is
+ *      provided "as is" without express or implied warranty.
+ *
+ * The new parts of the code is Copyright (C) 1998 R.M. van Selm <selm@cistron.nl>
+ * with modifications
+ *      Copyright (C) 2004 Henrik Nordstrom <hno@squid-cache.org>
+ *      Copyright (C) 2006 Henrik Nordstrom <hno@squid-cache.org>
+ */
+
+/* Squid_rad_auth is a RADIUS authenticator for Squid-2.5 and later.
+ * The authenticator reads a line with a user and password combination.
+ * If access is granted OK is returned. Else ERR.
+ *
+ * Squid_rad_auth-1.0 is based on modules from the Cistron-radiusd-1.5.4.
+ *
+ * Currently you should only start 1 authentificator at a time because the
+ * the ID's of the different programs can start to conflict. I'm not sure it
+ * would help anyway. I think the RADIUS server is close by and I don't think
+ * it will handle requests in parallel anyway (correct me if I'm wrong here)
+ *
+ * Marc van Selm <selm@cistron.nl>
+ * with contributions from
+ * Henrik Nordstrom <hno@squid-cache.org>
+ * and many others
+ */
+
+#include	"config.h"
+
+#if HAVE_SYS_TYPES_H
+#include	<sys/types.h>
+#endif
+#if HAVE_SYS_SOCKET_H
+#include	<sys/socket.h>
+#endif
+#if HAVE_NETINET_IN_H
+#include	<netinet/in.h>
+#endif
+#if HAVE_SYS_TIME_H
+#include	<sys/time.h>
+#endif
+#if HAVE_UNISTD_H
+#include	<unistd.h>
+#endif
+#if HAVE_FCNTL_H
+#include	<fcntl.h>
+#endif
+
+#if HAVE_CTYPE_H
+#include	<ctype.h>
+#endif
+#if HAVE_STDIO_H
+#include	<stdio.h>
+#endif
+#if HAVE_UNISTD_H
+#include	<unistd.h>
+#endif
+#if HAVE_NETDB_H
+#include	<netdb.h>
+#endif
+#if HAVE_PWD_H
+#include	<pwd.h>
+#endif
+#if HAVE_STDLIB_H
+#include	<stdlib.h>
+#endif
+#if HAVE_TIME_H
+#include	<time.h>
+#endif
+#if HAVE_STRING_H
+#include	<string.h>
+#endif
+
+#include	"md5.h"
+#include	"radius.h"
+#include	"util.h"
+
+#define MAXPWNAM	254
+#define MAXPASS		254
+#define MAXLINE         254
+
+
+static int i_send_buffer[2048];
+static int i_recv_buffer[2048];
+static char *send_buffer = (char *) i_send_buffer;
+static char *recv_buffer = (char *) i_recv_buffer;
+static int sockfd;
+static int request_id;
+static char vector[AUTH_VECTOR_LEN];
+static char secretkey[MAXPASS + 1] = "";
+static char server[MAXLINE] = "";
+static char identifier[MAXLINE] = "";
+static char svc_name[MAXLINE] = "radius";
+static int nasport = 111;
+static int nasporttype = 0;
+static u_int32_t nas_ipaddr;
+static u_int32_t auth_ipaddr;
+static int retries = 30;
+
+char *progname = "squid_rad_auth";
+int debug_flag = 0;
+
+/*
+ *    Diff two timeval, b - a
+ */
+static int
+timeval_diff(const struct timeval *a, const struct timeval *b)
+{
+    return (b->tv_sec - a->tv_sec) * 1000000 + (b->tv_usec - a->tv_usec);
+}
+
+/*
+ *    Time since a timeval
+ */
+static int
+time_since(const struct timeval *when)
+{
+    struct timeval now;
+    gettimeofday(&now, NULL);
+    return timeval_diff(when, &now);
+}
+
+/*
+ *     MD5 digest
+ */
+static void
+md5_calc(uint8_t out[16], void *in, size_t len)
+{
+    MD5_CTX ctx;
+    MD5Init(&ctx);
+    MD5Update(&ctx, in, len);
+    MD5Final(out, &ctx);
+}
+
+/*
+ *    Receive and verify the result.
+ */
+static int
+result_recv(u_int32_t host, u_short udp_port, char *buffer, int length)
+{
+    AUTH_HDR *auth;
+    int totallen;
+    unsigned char reply_digest[AUTH_VECTOR_LEN];
+    unsigned char calc_digest[AUTH_VECTOR_LEN];
+    int secretlen;
+    /* VALUE_PAIR   *req; */
+
+    auth = (AUTH_HDR *) buffer;
+    totallen = ntohs(auth->length);
+
+    if (totallen != length) {
+	fprintf(stderr,
+	    "Squid_rad_auth: Received invalid reply length from server (want %d/ got %d)\n",
+	    totallen, length);
+	return -1;
+    }
+
+    if (auth->id != request_id) {
+	/* Duplicate response of an earlier query, ignore */
+	return -1;
+    }
+
+    /* Verify the reply digest */
+    memcpy(reply_digest, auth->vector, AUTH_VECTOR_LEN);
+    memcpy(auth->vector, vector, AUTH_VECTOR_LEN);
+    secretlen = strlen(secretkey);
+    memcpy(buffer + length, secretkey, secretlen);
+    md5_calc(calc_digest, (unsigned char *) auth, length + secretlen);
+
+    if (memcmp(reply_digest, calc_digest, AUTH_VECTOR_LEN) != 0) {
+	fprintf(stderr, "Warning: Received invalid reply digest from server\n");
+	return -1;
+    }
+
+    if (auth->code != PW_AUTHENTICATION_ACK)
+	return 1;
+
+    return 0;
+}
+
+
+/*
+ *    Generate a random vector.
+ */
+static void
+random_vector(char *vector)
+{
+    int randno;
+    int i;
+
+    srand((time(0) ^ rand()) + rand());
+    for (i = 0; i < AUTH_VECTOR_LEN;) {
+	randno = rand();
+	memcpy(vector, &randno, sizeof(int));
+	vector += sizeof(int);
+	i += sizeof(int);
+    }
+}
+
+/* read the config file
+ * The format should be something like:
+ * # squid_rad_auth configuration file
+ * # MvS: 28-10-1998
+ * server suncone.cistron.nl
+ * secret testje
+ */
+static int
+rad_auth_config(const char *cfname)
+{
+    FILE *cf;
+    char line[MAXLINE];
+    int srv = 0, crt = 0;
+
+    if ((cf = fopen(cfname, "r")) == NULL) {
+	perror(cfname);
+	return -1;
+    }
+    while (fgets(line, MAXLINE, cf) != NULL) {
+	if (!memcmp(line, "server", 6))
+	    srv = sscanf(line, "server %s", server);
+	if (!memcmp(line, "secret", 6))
+	    crt = sscanf(line, "secret %s", secretkey);
+	if (!memcmp(line, "identifier", 10))
+	    sscanf(line, "identifier %s", identifier);
+       if (!memcmp(line, "service", 7))
+	    sscanf(line, "service %s", svc_name);
+       if (!memcmp(line, "port", 4))
+	    sscanf(line, "port %s", svc_name);
+    }
+    if (srv && crt)
+	return 0;
+    return -1;
+}
+
+static void
+urldecode(char *dst, const char *src, int size)
+{
+    char tmp[3];
+    tmp[2] = '\0';
+    while (*src && size > 1) {
+	if (*src == '%' && src[1] != '\0' && src[2] != '\0') {
+	    src++;
+	    tmp[0] = *src++;
+	    tmp[1] = *src++;
+	    *dst++ = strtol(tmp, NULL, 16);
+	} else {
+	    *dst++ = *src++;
+	}
+	size--;
+    }
+    *dst++ = '\0';
+}
+
+static int
+authenticate(int sockfd, const char *username, const char *passwd)
+{
+    AUTH_HDR *auth;
+    u_short total_length;
+    u_char *ptr;
+    int length;
+    char passbuf[MAXPASS];
+    u_char md5buf[256];
+    int secretlen;
+    u_char cbc[AUTH_VECTOR_LEN];
+    int i, j;
+    u_int32_t ui;
+    struct sockaddr_in saremote;
+    fd_set readfds;
+    socklen_t salen;
+    int retry = retries;
+
+    /*
+     *    Build an authentication request
+     */
+    auth = (AUTH_HDR *) send_buffer;
+    auth->code = PW_AUTHENTICATION_REQUEST;
+    auth->id = ++request_id;
+    random_vector(vector);
+    memcpy(auth->vector, vector, AUTH_VECTOR_LEN);
+    total_length = AUTH_HDR_LEN;
+    ptr = auth->data;
+
+    /*
+     *    User Name
+     */
+    *ptr++ = PW_USER_NAME;
+    length = strlen(username);
+    if (length > MAXPWNAM) {
+	length = MAXPWNAM;
+    }
+    *ptr++ = length + 2;
+    memcpy(ptr, username, length);
+    ptr += length;
+    total_length += length + 2;
+
+    /*
+     *    Password
+     */
+    length = strlen(passwd);
+    if (length > MAXPASS) {
+	length = MAXPASS;
+    }
+    memset(passbuf, 0, MAXPASS);
+    memcpy(passbuf, passwd, length);
+
+    /* 
+     * Length is rounded up to multiple of 16,
+     * and the password is encoded in blocks of 16 
+     * with cipher block chaining
+     */
+    length = ((length / AUTH_VECTOR_LEN) + 1) * AUTH_VECTOR_LEN;
+
+    *ptr++ = PW_PASSWORD;
+    *ptr++ = length + 2;
+
+    secretlen = strlen(secretkey);
+    /* Set up the Cipher block chain */
+    memcpy(cbc, auth->vector, AUTH_VECTOR_LEN);
+    for (j = 0; j < length; j += AUTH_VECTOR_LEN) {
+	/* Calculate the MD5 Digest */
+	strcpy((char *)md5buf, secretkey);
+	memcpy(md5buf + secretlen, cbc, AUTH_VECTOR_LEN);
+	md5_calc(cbc, md5buf, secretlen + AUTH_VECTOR_LEN);
+
+	/* Xor the password into the MD5 digest */
+	for (i = 0; i < AUTH_VECTOR_LEN; i++) {
+	    *ptr++ = (cbc[i] ^= passbuf[j + i]);
+	}
+    }
+    total_length += length + 2;
+
+    *ptr++ = PW_NAS_PORT_ID;
+    *ptr++ = 6;
+
+    ui = htonl(nasport);
+    memcpy(ptr, &ui, 4);
+    ptr += 4;
+    total_length += 6;
+
+    *ptr++ = PW_NAS_PORT_TYPE;
+    *ptr++ = 6;
+
+    ui = htonl(nasporttype);
+    memcpy(ptr, &ui, 4);
+    ptr += 4;
+    total_length += 6;
+
+    if (*identifier) {
+	int len = strlen(identifier);
+	*ptr++ = PW_NAS_ID;
+	*ptr++ = len + 2;
+	memcpy(ptr, identifier, len);
+	ptr += len;
+    } else {
+	*ptr++ = PW_NAS_IP_ADDRESS;
+	*ptr++ = 6;
+
+	ui = htonl(nas_ipaddr);
+	memcpy(ptr, &ui, 4);
+	ptr += 4;
+	total_length += 6;
+    }
+
+    /* Klaus Weidner <kw@w-m-p.com> changed this
+     * from htonl to htons. It might have caused
+     * you trouble or not. That depends on the byte
+     * order of your system.
+     * The symptom was that the radius server
+     * ignored the requests, because they had zero 
+     * length according to the data header.
+     */
+    auth->length = htons(total_length);
+
+    while(retry--) {
+	int time_spent;
+	struct timeval sent;
+	/*
+	 *    Send the request we've built.
+	 */
+	gettimeofday(&sent, NULL);
+	send(sockfd, (char *) auth, total_length, 0);
+	while ((time_spent = time_since(&sent)) < 1000000) {
+	    struct timeval tv;
+	    int rc, len;
+	    if (!time_spent) {
+		tv.tv_sec = 1;
+		tv.tv_usec = 0;
+	    } else {
+		tv.tv_sec = 0;
+		tv.tv_usec = 1000000 - time_spent;
+	    }
+	    FD_ZERO(&readfds);
+	    FD_SET(sockfd, &readfds);
+	    if (select(sockfd + 1, &readfds, NULL, NULL, &tv) == 0)	/* Select timeout */
+		break;
+	    salen = sizeof(saremote);
+	    len = recvfrom(sockfd, recv_buffer, sizeof(i_recv_buffer),
+		0, (struct sockaddr *) &saremote, &salen);
+
+	    if (len < 0)
+		continue;
+
+	    rc = result_recv(saremote.sin_addr.s_addr, saremote.sin_port, recv_buffer, len);
+	    if (rc == 0)
+		return 1;
+	    if (rc == 1)
+	    	return 0;
+	}
+    }
+
+    fprintf(stderr, "%s: No response from RADIUS server\n", progname);
+
+    return 0;
+}
+
+int
+main(int argc, char **argv)
+{
+    struct sockaddr_in salocal;
+    struct sockaddr_in saremote;
+    struct servent *svp;
+    u_short svc_port;
+    char username[MAXPWNAM];
+    char passwd[MAXPASS];
+    char *ptr;
+    char authstring[MAXLINE];
+    const char *cfname = NULL;
+    int err = 0;
+    socklen_t salen;
+    int c;
+
+    while ((c = getopt(argc, argv, "h:p:f:w:i:t:")) != -1) {
+	switch(c) {
+	case 'f':
+	    cfname = optarg;
+	    break;
+	case 'h':
+	    strcpy(server, optarg);
+	    break;
+	case 'p':
+	    strcpy(svc_name, optarg);
+	    break;
+	case 'w':
+	    strcpy(secretkey, optarg);
+	    break;
+	case 'i':
+	    strcpy(identifier, optarg);
+	    break;
+	case 't':
+	    retries = atoi(optarg);
+	    break;
+	}
+    }
+    /* make standard output line buffered */
+    if (setvbuf(stdout, NULL, _IOLBF, 0) != 0)
+	return 1;
+
+    if (cfname) {
+	if (rad_auth_config(cfname) < 0) {
+	    fprintf(stderr, "%s: can't open configuration file '%s'.\n", argv[0], cfname);
+	    exit(1);
+	}
+    }
+
+    if (!*server) {
+	fprintf(stderr, "%s: Server not specified\n", argv[0]);
+	exit(1);
+    }
+
+    if (!*secretkey) {
+	fprintf(stderr, "%s: Shared secret not specified\n", argv[0]);
+	exit(1);
+    }
+
+    /*
+     *    Open a connection to the server.
+     */
+    svp = getservbyname(svc_name, "udp");
+    if (svp != NULL)
+	svc_port = ntohs((u_short) svp->s_port);
+    else
+	svc_port = atoi(svc_name);
+    if (svc_port == 0)
+	svc_port = PW_AUTH_UDP_PORT;
+
+    /* Get the IP address of the authentication server */
+    if ((auth_ipaddr = get_ipaddr(server)) == 0) {
+	fprintf(stderr, "Couldn't find host %s\n", server);
+	exit(1);
+    }
+    sockfd = socket(AF_INET, SOCK_DGRAM, 0);
+    if (sockfd < 0) {
+	perror("socket");
+	exit(1);
+    }
+    memset(&saremote, 0, sizeof(saremote));
+    saremote.sin_family = AF_INET;
+    saremote.sin_addr.s_addr = htonl(auth_ipaddr);
+    saremote.sin_port = htons(svc_port);
+
+    if (connect(sockfd, (struct sockaddr *) &saremote, sizeof(saremote)) < 0) {
+	perror("connect");
+	exit(1);
+    }
+    salen = sizeof(salocal);
+    if (getsockname(sockfd, (struct sockaddr *) &salocal, &salen) < 0) {
+	perror("getsockname");
+	exit(1);
+    }
+#ifdef O_NONBLOCK
+    fcntl(sockfd, F_SETFL, fcntl(sockfd, F_GETFL, 0) | O_NONBLOCK);
+#endif
+    nas_ipaddr = ntohl(salocal.sin_addr.s_addr);
+    while (fgets(authstring, MAXLINE, stdin) != NULL) {
+	char *end;
+	/* protect me form to long lines */
+	if ((end = strchr(authstring, '\n')) == NULL) {
+	    err = 1;
+	    continue;
+	}
+	if (err) {
+	    printf("ERR\n");
+	    err = 0;
+	    continue;
+	}
+	if (strlen(authstring) > MAXLINE) {
+	    printf("ERR\n");
+	    continue;
+	}
+	/* Strip off the trailing newline */
+	*end = '\0';
+
+	/* Parse out the username and password */
+	ptr = authstring;
+	while (isspace(*ptr))
+	    ptr++;
+	if ((end = strchr(ptr, ' ')) == NULL) {
+	    printf("ERR\n");	/* No password */
+	    continue;
+	}
+	*end = '\0';
+	urldecode(username, ptr, MAXPWNAM);
+	ptr = end + 1;
+	while (isspace(*ptr))
+	    ptr++;
+	urldecode(passwd, ptr, MAXPASS);
+
+	if (authenticate(sockfd, username, passwd))
+	    printf("OK\n");
+	else
+	    printf("ERR\n");
+    }
+    close(sockfd);
+    exit(1);
+}
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/squid_radius_auth.8 squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/squid_radius_auth.8
--- squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/squid_radius_auth.8	Wed Dec 31 17:00:00 1969
+++ squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/squid_radius_auth.8	Mon Nov 26 04:18:47 2007
@@ -0,0 +1,88 @@
+.TH squid_radius_auth 8 "7 August 2004" "Squid RADIUS Auth"
+.
+.SH NAME
+squid_radius_auth - Squid RADIUS authentication helper
+.
+.SH SYNOPSIS
+.B squid_radius_auth
+-f configfile
+.br
+.B squid_radius_auth
+-h "server" [-p port] [-i identifier] -w secret
+.
+.SH DESCRIPTION
+This helper allows Squid to connect to a RADIUS server to
+validate the user name and password of Basic HTTP authentication.
+.
+.TP
+.BI "-f " "configfile "
+Specifies the path to a configuration file. See the CONFIGURATION section
+for details.
+.
+.TP
+.BI "-h " server
+Alternative method of specifying the server to connect to
+.
+.TP
+.BI "-p " port
+Specify another server port where the RADIUS server listens for requests
+if different from the default RADIUS port.  Normally not specified.
+.
+.TP
+.BI "-i " identifier
+Unique identifier identifying this Squid proxy to the RADIUS server.
+If not specified the IP address is used as to identify the proxy.
+.TP
+.BI "-w " secret
+Alternative method of specifying the shared secret. Using the
+configuration file is generally more secure and recommended.
+.
+.TP
+.BI "-t " timeout
+RADIUS request timeout. Default 10 seconds.
+.
+.SH CONFIGURATION
+The configuration specifies how the helper connects to RADIUS.
+The file contains a list of directives (one per line). Lines
+beginning with a # is ignored.
+.
+.TP
+.BI "server " radiusserver
+specifies the name or address of the RADIUS server to connect to.
+.
+.TP
+.BI "secret " somesecretstring
+specifies the shared RADIUS secret.
+.
+.TP
+.BI "identifier " nameofserver
+specifies what the proxy should identify itsels as to the RADIUS server.
+This directive is optional.
+.
+.TP
+.BI "port " portnumber
+Specifies the port number or service name where the helper should connect.
+.SH AUTHOR
+This manual page was written by 
+.I Henrik Nordstrom <hno@squid-cache.org>
+.P
+squid_radius_auth is written by 
+.I Marc van Selm <selm@cistron.nl>
+with contributions from
+.I Henrik Nordstrom <hno@squid-cache.org>
+and many others
+.
+.SH QUESTIONS
+Any questions on usage can be sent to 
+.IR "Squid Users <squid-users@squid-cache.org>" ,
+or to your favorite RADIUS list/friend if the question is more related to
+RADIUS than Squid.
+.
+.SH REPORTING BUGS
+Report bugs or bug-fixes to
+.I Squid Bugs <squid-bugs@squid-cache.org>
+or ideas for new improvements to 
+.I Squid Developers <squid-dev@squid-cache.org>
+.
+.SH "SEE ALSO"
+.BR RFC2058 " - Remote Authentication Dial In User Service (RADIUS)"
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/util.c squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/util.c
--- squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/util.c	Wed Dec 31 17:00:00 1969
+++ squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/util.c	Mon Nov 26 04:18:47 2007
@@ -0,0 +1,177 @@
+/*
+ *
+ *	RADIUS
+ *	Remote Authentication Dial In User Service
+ *
+ *
+ *	Livingston Enterprises, Inc.
+ *	6920 Koll Center Parkway
+ *	Pleasanton, CA   94566
+ *
+ *	Copyright 1992 Livingston Enterprises, Inc.
+ *	Copyright 1997 Cistron Internet Services B.V.
+ *
+ *	Permission to use, copy, modify, and distribute this software for any
+ *	purpose and without fee is hereby granted, provided that this
+ *	copyright and permission notice appear on all copies and supporting
+ *	documentation, the name of Livingston Enterprises, Inc. not be used
+ *	in advertising or publicity pertaining to distribution of the
+ *	program without specific prior permission, and notice be given
+ *	in supporting documentation that copying and distribution is by
+ *	permission of Livingston Enterprises, Inc.   
+ *
+ *	Livingston Enterprises, Inc. makes no representations about
+ *	the suitability of this software for any purpose.  It is
+ *	provided "as is" without express or implied warranty.
+ *
+ */
+
+/*
+ * util.c	Miscellanous generic functions.
+ *
+ */
+
+char util_sccsid[] =
+"@(#)util.c	1.5 Copyright 1992 Livingston Enterprises Inc\n"
+"		2.1 Copyright 1997 Cistron Internet Services B.V.";
+
+#include	"config.h"
+
+#if HAVE_SYS_TYES_H
+#include	<sys/types.h>
+#endif
+#if HAVE_SYS_SOCKET_H
+#include	<sys/socket.h>
+#endif
+#if HAVE_SYS_TIME_H
+#include	<sys/time.h>
+#endif
+#if HAVE_NETINET_IN_H
+#include	<netinet/in.h>
+#endif
+
+#if HAVE_STDIO_H
+#include	<stdio.h>
+#endif
+#if HAVE_STDLIB_H
+#include	<stdlib.h>
+#endif
+#if HAVE_NETDB_H
+#include	<netdb.h>
+#endif
+#if HAVE_PWD_H
+#include	<pwd.h>
+#endif
+#if HAVE_TIME_H
+#include	<time.h>
+#endif
+#if HAVE_CTYPE_H
+#include	<ctype.h>
+#endif
+#if HAVE_SIGNAL_H
+#include	<signal.h>
+#endif
+
+#include	"md5.h"
+#include	"util.h"
+
+/*
+ *	Check for valid IP address in standard dot notation.
+ */
+static int good_ipaddr(char *addr)
+{
+	int	dot_count;
+	int	digit_count;
+
+	dot_count = 0;
+	digit_count = 0;
+	while(*addr != '\0' && *addr != ' ') {
+		if(*addr == '.') {
+			dot_count++;
+			digit_count = 0;
+		}
+		else if(!isdigit(*addr)) {
+			dot_count = 5;
+		}
+		else {
+			digit_count++;
+			if(digit_count > 3) {
+				dot_count = 5;
+			}
+		}
+		addr++;
+	}
+	if(dot_count != 3) {
+		return(-1);
+	}
+	else {
+		return(0);
+	}
+}
+
+/*
+ *	Return an IP address in host long notation from
+ *	one supplied in standard dot notation.
+ */
+static u_int32_t ipstr2long(char *ip_str)
+{
+	char	buf[6];
+	char	*ptr;
+	int	i;
+	int	count;
+	u_int32_t	ipaddr;
+	int	cur_byte;
+
+	ipaddr = (u_int32_t)0;
+	for(i = 0;i < 4;i++) {
+		ptr = buf;
+		count = 0;
+		*ptr = '\0';
+		while(*ip_str != '.' && *ip_str != '\0' && count < 4) {
+			if(!isdigit(*ip_str)) {
+				return((u_int32_t)0);
+			}
+			*ptr++ = *ip_str++;
+			count++;
+		}
+		if(count >= 4 || count == 0) {
+			return((u_int32_t)0);
+		}
+		*ptr = '\0';
+		cur_byte = atoi(buf);
+		if(cur_byte < 0 || cur_byte > 255) {
+			return((u_int32_t)0);
+		}
+		ip_str++;
+		ipaddr = ipaddr << 8 | (u_int32_t)cur_byte;
+	}
+	return(ipaddr);
+}
+
+/*
+ *	Return an IP address in host long notation from a host
+ *	name or address in dot notation.
+ */
+u_int32_t get_ipaddr(char *host)
+{
+	struct hostent	*hp;
+
+	if(good_ipaddr(host) == 0) {
+		return(ipstr2long(host));
+	}
+	else if((hp = gethostbyname(host)) == (struct hostent *)NULL) {
+		return((u_int32_t)0);
+	}
+	return(ntohl(*(u_int32_t *)hp->h_addr));
+}
+
+
+void md5_calc(unsigned char *output, unsigned char *input, unsigned int inlen)
+{
+	MD5_CTX	context;
+
+	MD5Init(&context);
+	MD5Update(&context, input, inlen);
+	MD5Final(output, &context);
+}
+
diff -ruN squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/util.h squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/util.h
--- squid-2.6.STABLE16/helpers/basic_auth/squid_radius_auth/util.h	Wed Dec 31 17:00:00 1969
+++ squid-2.6.STABLE17/helpers/basic_auth/squid_radius_auth/util.h	Mon Nov 26 04:18:47 2007
@@ -0,0 +1,2 @@
+/* util.c */
+u_int32_t		get_ipaddr (char *);
diff -ruN squid-2.6.STABLE16/include/Array.h squid-2.6.STABLE17/include/Array.h
--- squid-2.6.STABLE16/include/Array.h	Sun Oct 23 09:20:49 2005
+++ squid-2.6.STABLE17/include/Array.h	Mon Nov 26 04:06:12 2007
@@ -1,5 +1,5 @@
 /*
- * $Id: Array.h,v 1.7 2005/10/23 15:20:49 hno Exp $
+ * $Id: Array.h,v 1.7.2.1 2007/11/26 11:06:12 adrian Exp $
  *
  * AUTHOR: Alex Rousskov
  *
@@ -50,6 +50,8 @@
 extern void arrayAppend(Array * s, void *obj);
 extern void arrayInsert(Array * s, void *obj, int position);
 extern void arrayPreAppend(Array * s, int app_count);
+extern void arrayShrink(Array *a, int new_count);
+
 
 
 #endif /* SQUID_ARRAY_H */
diff -ruN squid-2.6.STABLE16/include/version.h squid-2.6.STABLE17/include/version.h
--- squid-2.6.STABLE16/include/version.h	Wed Sep  5 16:25:42 2007
+++ squid-2.6.STABLE17/include/version.h	Mon Nov 26 06:39:31 2007
@@ -9,5 +9,5 @@
  */
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1189031137
+#define SQUID_RELEASE_TIME 1196084366
 #endif
diff -ruN squid-2.6.STABLE16/lib/Array.c squid-2.6.STABLE17/lib/Array.c
--- squid-2.6.STABLE16/lib/Array.c	Sun Oct 23 09:20:49 2005
+++ squid-2.6.STABLE17/lib/Array.c	Mon Nov 26 04:06:12 2007
@@ -1,5 +1,5 @@
 /*
- * $Id: Array.c,v 1.8 2005/10/23 15:20:49 hno Exp $
+ * $Id: Array.c,v 1.8.2.1 2007/11/26 11:06:12 adrian Exp $
  *
  * AUTHOR: Alex Rousskov
  *
@@ -137,4 +137,12 @@
          xmalloc(a->capacity * sizeof(void *));
     /* reset, just in case */
     memset(a->items + a->count, 0, (a->capacity - a->count) * sizeof(void *));
+}
+
+void
+arrayShrink(Array *a, int new_count)
+{
+	assert(new_count < a->capacity);
+	assert(new_count >= 0);
+	a->count = new_count;
 }
diff -ruN squid-2.6.STABLE16/src/HttpHeader.c squid-2.6.STABLE17/src/HttpHeader.c
--- squid-2.6.STABLE16/src/HttpHeader.c	Mon Feb 26 15:41:46 2007
+++ squid-2.6.STABLE17/src/HttpHeader.c	Mon Nov 26 04:06:13 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpHeader.c,v 1.91.2.2 2007/02/26 22:41:46 hno Exp $
+ * $Id: HttpHeader.c,v 1.91.2.3 2007/11/26 11:06:13 adrian Exp $
  *
  * DEBUG: section 55    HTTP Header
  * AUTHOR: Alex Rousskov
@@ -380,12 +380,34 @@
     }
 }
 
+static void
+httpHeaderRepack(HttpHeader * hdr)
+{
+    HttpHeaderPos dp = HttpHeaderInitPos;
+    HttpHeaderPos pos = HttpHeaderInitPos;
+
+    /* XXX breaks layering for now! ie, getting grubby fingers in without httpHeaderEntryGet() */
+    dp = 0;
+    pos = 0;
+    while (dp < hdr->entries.count) {
+	for (; dp < hdr->entries.count && hdr->entries.items[dp] == NULL; dp++);
+	assert(dp < hdr->entries.count);
+	hdr->entries.items[pos] = hdr->entries.items[dp];
+	if (dp != pos)
+	    hdr->entries.items[dp] = NULL;
+	pos++;
+	dp++;
+    }
+    arrayShrink(&hdr->entries, pos);
+}
+
 /* use fresh entries to replace old ones */
 void
 httpHeaderUpdate(HttpHeader * old, const HttpHeader * fresh, const HttpHeaderMask * denied_mask)
 {
     const HttpHeaderEntry *e;
     HttpHeaderPos pos = HttpHeaderInitPos;
+
     assert(old && fresh);
     assert(old != fresh);
     debug(55, 7) ("updating hdr: %p <- %p\n", old, fresh);
@@ -400,6 +422,9 @@
 	    httpHeaderDelByName(old, strBuf(e->name));
 	httpHeaderAddEntry(old, httpHeaderEntryClone(e));
     }
+
+    /* And now, repack the array to "fill in the holes" */
+    httpHeaderRepack(old);
 }
 
 /* just handy in parsing: resets and returns false */
diff -ruN squid-2.6.STABLE16/src/cf.data.pre squid-2.6.STABLE17/src/cf.data.pre
--- squid-2.6.STABLE16/src/cf.data.pre	Wed Sep  5 15:50:15 2007
+++ squid-2.6.STABLE17/src/cf.data.pre	Mon Nov 26 04:03:45 2007
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.382.2.14 2007/09/05 21:50:15 hno Exp $
+# $Id: cf.data.pre,v 1.382.2.26 2007/11/26 11:03:45 adrian Exp $
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
 # ----------------------------------------------------------
@@ -758,6 +758,10 @@
 
 	See http_access for details
 
+	NOTE: The default if no htcp_access lines are present is to
+	deny all traffic. This default may cause problems with peers
+	using the htcp or htcp-oldsquid options.
+
 #Allow HTCP queries from everyone
 htcp_access allow all
 DOC_END
@@ -831,19 +835,6 @@
 	the correct result.
 DOC_END
 
-NAME: reply_header_max_size
-COMMENT: (KB)
-TYPE: b_size_t
-DEFAULT: 20 KB
-LOC: Config.maxReplyHeaderSize
-DOC_START
-	This specifies the maximum size for HTTP headers in a reply.
-	Reply headers are usually relatively small (about 512 bytes).
-	Placing a limit on the reply header size will catch certain
-	bugs (for example with persistent connections) and possibly
-	buffer-overflow or denial-of-service attacks.
-DOC_END
-
 NAME: reply_body_max_size
 COMMENT: bytes allow|deny acl acl...
 TYPE: body_size_t
@@ -1161,7 +1152,7 @@
 
 	acl normal_service_net src 10.0.0.0/255.255.255.0
 	acl good_service_net src 10.0.1.0/255.255.255.0
-	tcp_outgoing_tos 0x00 normal_service_net 0x00
+	tcp_outgoing_tos 0x00 normal_service_net
 	tcp_outgoing_tos 0x20 good_service_net
 
 	TOS/DSCP values really only have local significance - so you should
@@ -1502,8 +1493,12 @@
 		     use 'htcp' to send HTCP, instead of ICP, queries
 		     to the neighbor.  You probably also want to
 		     set the "icp port" to 4827 instead of 3130.
+		     You must also allow this Squid htcp_access and
+		     http_access in the peer Squid configuration.
 
 		     use 'htcp-oldsquid' to send HTCP to old Squid versions
+		     You must also allow this Squid htcp_access and
+		     http_access in the peer Squid configuration.
 
 		     'originserver' causes this parent peer to be contacted as
 		     a origin server. Meant to be used in accelerator setups.
@@ -1670,7 +1665,7 @@
 	applies for hostnames which do not match domains listed here.
 
 EXAMPLE:
-	cache_peer  parent cache.foo.org 3128 3130
+	cache_peer cache.foo.org parent 3128 3130
 	neighbor_type_domain cache.foo.org sibling .com .net
 	neighbor_type_domain cache.foo.org sibling .au .de
 DOC_END
@@ -1713,26 +1708,6 @@
 NOCOMMENT_END
 DOC_END
 
-NAME: cache no_cache
-TYPE: acl_access
-DEFAULT: none
-LOC: Config.accessList.noCache
-DOC_START
-	A list of ACL elements which, if matched, cause the request to
-	not be satisfied from the cache and the reply to not be cached.
-	In other words, use this to force certain objects to never be cached.
-
-	You must use the word 'DENY' to indicate the ACL names which should
-	NOT be cached.
-
-	Default is to allow all to be cached
-NOCOMMENT_START
-#We recommend you to use the following two lines.
-acl QUERY urlpath_regex cgi-bin \?
-cache deny QUERY
-NOCOMMENT_END
-DOC_END
-
 COMMENT_START
  MEMORY CACHE OPTIONS
  -----------------------------------------------------------------------------
@@ -2545,7 +2520,7 @@
 
 	It can also return a "urlgroup" that can subsequently be matched
 	in cache_peer_access and similar ACL driven rules. An urlgroup is
-	returned by prefixing the returned url with "!urlgroup!"
+	returned by prefixing the returned URL with "!urlgroup!".
 
 	By default, a URL rewriter is not used.
 DOC_END
@@ -2569,6 +2544,12 @@
 	The number of requests each redirector helper can handle in
 	parallel. Defaults to 0 which indicates the redirector
 	is a old-style single threaded redirector.
+
+	When this directive is set to a value >= 1 then the protocol
+	used to communicate with the helper is modified to include
+	a request ID in front of the request/response. The request
+	ID from the request must be echoed back with the response
+	to that request.
 DOC_END
 
 NAME: url_rewrite_host_header redirect_rewrites_host_header
@@ -2667,31 +2648,24 @@
  -----------------------------------------------------------------------------
 COMMENT_END
 
-NAME: request_header_max_size
-COMMENT: (KB)
-TYPE: b_size_t
-DEFAULT: 20 KB
-LOC: Config.maxRequestHeaderSize
+NAME: cache no_cache
+TYPE: acl_access
+DEFAULT: none
+LOC: Config.accessList.noCache
 DOC_START
-	This specifies the maximum size for HTTP headers in a request.
-	Request headers are usually relatively small (about 512 bytes).
-	Placing a limit on the request header size will catch certain
-	bugs (for example with persistent connections) and possibly
-	buffer-overflow or denial-of-service attacks.
-DOC_END
+	A list of ACL elements which, if matched, cause the request to
+	not be satisfied from the cache and the reply to not be cached.
+	In other words, use this to force certain objects to never be cached.
 
-NAME: request_body_max_size
-COMMENT: (KB)
-TYPE: b_size_t
-DEFAULT: 0 KB
-LOC: Config.maxRequestBodySize
-DOC_START
-	This specifies the maximum size for an HTTP request body.
-	In other words, the maximum size of a PUT/POST request.
-	A user who attempts to send a request with a body larger
-	than this limit receives an "Invalid Request" error message.
-	If you set this parameter to a zero (the default), there will
-	be no limit imposed.
+	You must use the word 'DENY' to indicate the ACL names which should
+	NOT be cached.
+
+	Default is to allow all to be cached
+NOCOMMENT_START
+#We recommend you to use the following two lines.
+acl QUERY urlpath_regex cgi-bin \?
+cache deny QUERY
+NOCOMMENT_END
 DOC_END
 
 NAME: refresh_pattern
@@ -2939,6 +2913,46 @@
  -----------------------------------------------------------------------------
 COMMENT_END
 
+NAME: request_header_max_size
+COMMENT: (KB)
+TYPE: b_size_t
+DEFAULT: 20 KB
+LOC: Config.maxRequestHeaderSize
+DOC_START
+	This specifies the maximum size for HTTP headers in a request.
+	Request headers are usually relatively small (about 512 bytes).
+	Placing a limit on the request header size will catch certain
+	bugs (for example with persistent connections) and possibly
+	buffer-overflow or denial-of-service attacks.
+DOC_END
+
+NAME: reply_header_max_size
+COMMENT: (KB)
+TYPE: b_size_t
+DEFAULT: 20 KB
+LOC: Config.maxReplyHeaderSize
+DOC_START
+	This specifies the maximum size for HTTP headers in a reply.
+	Reply headers are usually relatively small (about 512 bytes).
+	Placing a limit on the reply header size will catch certain
+	bugs (for example with persistent connections) and possibly
+	buffer-overflow or denial-of-service attacks.
+DOC_END
+
+NAME: request_body_max_size
+COMMENT: (KB)
+TYPE: b_size_t
+DEFAULT: 0 KB
+LOC: Config.maxRequestBodySize
+DOC_START
+	This specifies the maximum size for an HTTP request body.
+	In other words, the maximum size of a PUT/POST request.
+	A user who attempts to send a request with a body larger
+	than this limit receives an "Invalid Request" error message.
+	If you set this parameter to a zero (the default), there will
+	be no limit imposed.
+DOC_END
+
 NAME: broken_posts
 TYPE: acl_access
 DEFAULT: none
@@ -3366,9 +3380,10 @@
 LOC: Config.EmailProgram
 DOC_START
 	Email program used to send mail if the cache dies.
-	The default is "mail". The specified program must complain
+	The default is "mail". The specified program must comply
 	with the standard Unix mail syntax:
-	mail_program recipient < mailfile
+	  mail-program recipient < mailfile
+
 	Optional command line options can be specified.
 DOC_END
 
@@ -3951,8 +3966,7 @@
 DEFAULT: on
 DOC_START
 	This controls whether the server will generate a Cache Digest
-	of its contents.  By default, Cache Digest generation is
-	enabled if Squid is compiled with USE_CACHE_DIGESTS defined.
+	of its contents.
 DOC_END
 
 NAME: digest_bits_per_entry
@@ -3973,7 +3987,7 @@
 LOC: Config.digest.rebuild_period
 DEFAULT: 1 hour
 DOC_START
-	This is the number of seconds between Cache Digest rebuilds.
+	This is the wait time between Cache Digest rebuilds.
 DOC_END
 
 NAME: digest_rewrite_period
@@ -3983,8 +3997,7 @@
 LOC: Config.digest.rewrite_period
 DEFAULT: 1 hour
 DOC_START
-	This is the number of seconds between Cache Digest writes to
-	disk.
+	This is the wait time between Cache Digest writes to disk.
 DOC_END
 
 NAME: digest_swapout_chunk_size
@@ -4117,31 +4130,46 @@
 TYPE: address
 LOC:Config.Addrs.udp_incoming
 DEFAULT: 0.0.0.0
-DOC_NONE
+DOC_START
+	udp_incoming_address	is used for UDP packets received from other
+				caches.
+
+	The default behavior is to not bind to any specific address.
+
+	Only change this if you want to have all UDP queries received on
+	a specific interface/address.
+
+	NOTE: udp_incoming_address is used by the ICP, HTCP, and DNS
+	modules. Altering it will affect all of them in the same manner.
+
+	see also; udp_outgoing_address
+
+	NOTE, udp_incoming_address and udp_outgoing_address can not
+	have the same value since they both use the same port.
+DOC_END
 
 NAME: udp_outgoing_address
 TYPE: address
 LOC: Config.Addrs.udp_outgoing
 DEFAULT: 255.255.255.255
 DOC_START
-	udp_incoming_address	is used for the ICP socket receiving packets
-				from other caches.
-	udp_outgoing_address	is used for ICP packets sent out to other
+	udp_outgoing_address	is used for UDP packets sent out to other
 				caches.
 
 	The default behavior is to not bind to any specific address.
 
-	A udp_incoming_address value of 0.0.0.0 indicates Squid
-	should listen for UDP messages on all available interfaces.
-
-	If udp_outgoing_address is set to 255.255.255.255 (the default)
-	it will use the same socket as udp_incoming_address. Only
-	change this if you want to have ICP queries sent using another
-	address than where this Squid listens for ICP queries from other
+	Instead it will use the same socket as udp_incoming_address.
+	Only change this if you want to have UDP queries sent using another
+	address than where this Squid listens for UDP queries from other
 	caches.
 
+	NOTE: udp_outgoing_address is used by the ICP, HTCP, and DNS
+	modules. Altering it will affect all of them in the same manner.
+
+	see also; udp_incoming_address
+
 	NOTE, udp_incoming_address and udp_outgoing_address can not
-	have the same value since they both use port 3130.
+	have the same value since they both use the same port.
 DOC_END
 
 NAME: icp_hit_stale
@@ -5179,10 +5207,10 @@
 NAME: high_memory_warning
 TYPE: b_size_t
 LOC: Config.warnings.high_memory
-DEFAULT: 0
+DEFAULT: 0 KB
 DOC_START
 	If the memory usage (as determined by mallinfo) exceeds
-	value, Squid prints a WARNING with debug level 0 to get
+	this amount, Squid prints a WARNING with debug level 0 to get
 	the administrators attention.
 DOC_END
 
diff -ruN squid-2.6.STABLE16/src/cf_gen.c squid-2.6.STABLE17/src/cf_gen.c
--- squid-2.6.STABLE16/src/cf_gen.c	Wed Sep  5 15:50:15 2007
+++ squid-2.6.STABLE17/src/cf_gen.c	Mon Sep 17 14:24:15 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: cf_gen.c,v 1.50.2.1 2007/09/05 21:50:15 hno Exp $
+ * $Id: cf_gen.c,v 1.50.2.3 2007/09/17 20:24:15 hno Exp $
  *
  * DEBUG: none          Generate squid.conf.default and cf_parser.h
  * AUTHOR: Max Okumoto
@@ -177,12 +177,13 @@
     while ((NULL != fgets(buff, MAX_LINE, fp))) {
 	const char *type = strtok(buff, WS);
 	const char *dep;
+	Type *t;
 	if (!type || type[0] == '#')
 	    continue;
-	Type *t = (Type *) xcalloc(1, sizeof(*t));
+	t = (Type *) xcalloc(1, sizeof(*t));
 	t->name = xstrdup(type);
 	while ((dep = strtok(NULL, WS)) != NULL) {
-	    TypeDep *d = (TypeDep *) xcalloc(1, sizeof(*dep));
+	    TypeDep *d = (TypeDep *) xcalloc(1, sizeof(*d));
 	    d->name = xstrdup(dep);
 	    d->next = t->depend;
 	    t->depend = d;
diff -ruN squid-2.6.STABLE16/src/debug.c squid-2.6.STABLE17/src/debug.c
--- squid-2.6.STABLE16/src/debug.c	Sat Sep  9 06:45:06 2006
+++ squid-2.6.STABLE17/src/debug.c	Mon Oct  1 19:03:53 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: debug.c,v 1.93 2006/09/09 12:45:06 serassio Exp $
+ * $Id: debug.c,v 1.93.2.1 2007/10/02 01:03:53 hno Exp $
  *
  * DEBUG: section 0     Debug Routines
  * AUTHOR: Harvest Derived
@@ -40,9 +40,6 @@
 static const char *debugLogTime(time_t);
 static void ctx_print(void);
 #if HAVE_SYSLOG
-#ifdef LOG_LOCAL4
-static int syslog_facility = 0;
-#endif
 static void _db_print_syslog(const char *format, va_list args);
 #endif
 static void _db_print_stderr(const char *format, va_list args);
@@ -186,7 +183,7 @@
     tmpbuf[0] = '\0';
     vsnprintf(tmpbuf, BUFSIZ, format, args);
     tmpbuf[BUFSIZ - 1] = '\0';
-    syslog(_db_level == 0 ? LOG_WARNING : LOG_NOTICE, "%s", tmpbuf);
+    syslog((_db_level == 0 ? LOG_WARNING : LOG_NOTICE) | syslog_facility, "%s", tmpbuf);
 }
 #endif /* HAVE_SYSLOG */
 
@@ -401,12 +398,6 @@
 	xfree(p);
     }
     debugOpenLog(logfile);
-
-#if HAVE_SYSLOG && defined(LOG_LOCAL4)
-    if (opt_syslog_enable)
-	openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility);
-#endif /* HAVE_SYSLOG */
-
 }
 
 void
diff -ruN squid-2.6.STABLE16/src/fqdncache.c squid-2.6.STABLE17/src/fqdncache.c
--- squid-2.6.STABLE16/src/fqdncache.c	Mon May 29 18:56:11 2006
+++ squid-2.6.STABLE17/src/fqdncache.c	Mon Nov 26 03:59:09 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: fqdncache.c,v 1.156 2006/05/30 00:56:11 hno Exp $
+ * $Id: fqdncache.c,v 1.156.2.2 2007/11/26 10:59:09 adrian Exp $
  *
  * DEBUG: section 35    FQDN Cache
  * AUTHOR: Harvest Derived
@@ -211,7 +211,7 @@
     f->handlerData = NULL;
     if (cbdataValid(handlerData)) {
 	dns_error_message = f->error_message;
-	handler(f->flags.negcached ? NULL : f->names[0], handlerData);
+	handler(f->name_count ? f->names[0] : NULL, handlerData);
     }
     cbdataUnlock(handlerData);
     fqdncacheUnlockEntry(f);
@@ -316,7 +316,7 @@
 	f->error_message = xstrdup("No PTR record");
 	return f;
     }
-    if (ttl == 0 || ttl > Config.positiveDnsTtl)
+    if (ttl > Config.positiveDnsTtl)
 	ttl = Config.positiveDnsTtl;
     if (ttl < Config.negativeDnsTtl)
 	ttl = Config.negativeDnsTtl;
diff -ruN squid-2.6.STABLE16/src/fs/aufs/aiops.c squid-2.6.STABLE17/src/fs/aufs/aiops.c
--- squid-2.6.STABLE16/src/fs/aufs/aiops.c	Sat Sep 23 04:16:40 2006
+++ squid-2.6.STABLE17/src/fs/aufs/aiops.c	Mon Nov 26 03:46:16 2007
@@ -1,5 +1,5 @@
 /*
- * $Id: aiops.c,v 1.31 2006/09/23 10:16:40 serassio Exp $
+ * $Id: aiops.c,v 1.31.2.1 2007/11/26 10:46:16 adrian Exp $
  *
  * DEBUG: section 43    AIOPS
  * AUTHOR: Stewart Forster <slf@connect.com.au>
@@ -322,7 +322,7 @@
     /* Create threads and get them to sit in their wait loop */
     squidaio_thread_pool = memPoolCreate("aio_thread", sizeof(squidaio_thread_t));
     if (squidaio_nthreads == 0) {
-	int j = 16;
+	int j = THREAD_FACTOR;
 	for (i = 0; i < n_asyncufs_dirs; i++) {
 	    squidaio_nthreads += j;
 	    j = j * 2 / 3;
@@ -338,7 +338,7 @@
 #endif
     }
     if (squidaio_nthreads == 0)
-	squidaio_nthreads = 16;
+	squidaio_nthreads = THREAD_FACTOR;
     squidaio_magic1 = squidaio_nthreads * MAGIC1_FACTOR;
     squidaio_magic2 = squidaio_nthreads * MAGIC2_FACTOR;
     for (i = 0; i < squidaio_nthreads; i++) {
diff -ruN squid-2.6.STABLE16/src/fs/aufs/aiops_win32.c squid-2.6.STABLE17/src/fs/aufs/aiops_win32.c
--- squid-2.6.STABLE16/src/fs/aufs/aiops_win32.c	Sat Sep 23 04:16:40 2006
+++ squid-2.6.STABLE17/src/fs/aufs/aiops_win32.c	Mon Nov 26 03:46:16 2007
@@ -1,5 +1,5 @@
 /*
- * $Id: aiops_win32.c,v 1.3 2006/09/23 10:16:40 serassio Exp $
+ * $Id: aiops_win32.c,v 1.3.2.1 2007/11/26 10:46:16 adrian Exp $
  *
  * DEBUG: section 43    Windows AIOPS
  * AUTHOR: Stewart Forster <slf@connect.com.au>
@@ -322,7 +322,7 @@
     /* Create threads and get them to sit in their wait loop */
     squidaio_thread_pool = memPoolCreate("aio_thread", sizeof(squidaio_thread_t));
     if (squidaio_nthreads == 0) {
-	int j = 16;
+	int j = THREAD_FACTOR;
 	for (i = 0; i < n_asyncufs_dirs; i++) {
 	    squidaio_nthreads += j;
 	    j = j * 2 / 3;
@@ -338,7 +338,7 @@
 #endif
     }
     if (squidaio_nthreads == 0)
-	squidaio_nthreads = 16;
+	squidaio_nthreads = THREAD_FACTOR;
     squidaio_magic1 = squidaio_nthreads * MAGIC1_FACTOR;
     squidaio_magic2 = squidaio_nthreads * MAGIC2_FACTOR;
     for (i = 0; i < squidaio_nthreads; i++) {
diff -ruN squid-2.6.STABLE16/src/fs/aufs/store_dir_aufs.c squid-2.6.STABLE17/src/fs/aufs/store_dir_aufs.c
--- squid-2.6.STABLE16/src/fs/aufs/store_dir_aufs.c	Sat Mar  3 06:34:51 2007
+++ squid-2.6.STABLE17/src/fs/aufs/store_dir_aufs.c	Mon Nov 26 03:57:37 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: store_dir_aufs.c,v 1.67.2.1 2007/03/03 13:34:51 hno Exp $
+ * $Id: store_dir_aufs.c,v 1.67.2.2 2007/11/26 10:57:37 adrian Exp $
  *
  * DEBUG: section 47    Store Directory Routines
  * AUTHOR: Duane Wessels
@@ -1551,6 +1551,8 @@
 	    break;		/* no more objects */
 	removed++;
 	storeRelease(e);
+	if (aioQueueSize() > MAGIC2)
+	    break;
     }
     walker->Done(walker);
     debug(47, (removed ? 2 : 3)) ("storeAufsDirMaintain: %s removed %d/%d f=%.03f max_scan=%d\n",
diff -ruN squid-2.6.STABLE16/src/globals.h squid-2.6.STABLE17/src/globals.h
--- squid-2.6.STABLE16/src/globals.h	Thu Jan 18 17:19:26 2007
+++ squid-2.6.STABLE17/src/globals.h	Mon Oct  1 19:03:53 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: globals.h,v 1.123 2007/01/19 00:19:26 hno Exp $
+ * $Id: globals.h,v 1.123.2.1 2007/10/02 01:03:53 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -178,5 +178,8 @@
 #endif
 extern int opt_parse_cfg_only;	/* 0 */
 extern int n_coss_dirs;		/* 0 */
+#ifdef LOG_LOCAL4
+extern int syslog_facility;	/* LOG_LOCAL4 */
+#endif
 
 #endif /* SQUID_GLOBALS_H */
diff -ruN squid-2.6.STABLE16/src/helper.c squid-2.6.STABLE17/src/helper.c
--- squid-2.6.STABLE16/src/helper.c	Sat Jun  2 18:40:32 2007
+++ squid-2.6.STABLE17/src/helper.c	Mon Nov 26 04:07:27 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: helper.c,v 1.62.2.3 2007/06/03 00:40:32 hno Exp $
+ * $Id: helper.c,v 1.62.2.4 2007/11/26 11:07:27 adrian Exp $
  *
  * DEBUG: section 84    Helper process maintenance
  * AUTHOR: Harvest Derived?
@@ -1026,7 +1026,7 @@
 {
     helper *hlp = srv->parent;
     helper_request **ptr = NULL;
-    int slot;
+    int slot = -1;
     if (!cbdataValid(r->data)) {
 	debug(84, 1) ("helperDispatch: invalid callback data\n");
 	helperRequestFree(r);
@@ -1057,8 +1057,8 @@
 	    helperDispatch_done,	/* Handler */
 	    srv);
     }
-    debug(84, 5) ("helperDispatch: Request sent to %s #%d, %d bytes\n",
-	hlp->id_name, srv->index + 1, (int) strlen(r->buf));
+    debug(84, 5) ("helperDispatch: Request sent to %s #%d[%d], %d bytes\n",
+	hlp->id_name, srv->index + 1, slot, (int) strlen(r->buf));
     srv->stats.uses++;
     hlp->stats.requests++;
 }
diff -ruN squid-2.6.STABLE16/src/http.c squid-2.6.STABLE17/src/http.c
--- squid-2.6.STABLE16/src/http.c	Sat Jul 21 15:05:55 2007
+++ squid-2.6.STABLE17/src/http.c	Mon Nov 26 04:04:30 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: http.c,v 1.419.2.8 2007/07/21 21:05:55 hno Exp $
+ * $Id: http.c,v 1.419.2.11 2007/11/26 11:04:30 adrian Exp $
  *
  * DEBUG: section 11    Hypertext Transfer Protocol (HTTP)
  * AUTHOR: Harvest Derived
@@ -432,7 +432,7 @@
 	debug(11, 3) ("httpProcessReplyHeader: Non-HTTP-compliant header: '%s'\n", httpState->reply_hdr.buf);
 	httpState->reply_hdr_state += 2;
 	httpState->chunk_size = -1;	/* Terminated by EOF */
-	memBufClean(&httpState->reply_hdr);
+	httpState->reply_hdr.size = old_size;
 	httpBuildVersion(&reply->sline.version, 0, 9);
 	reply->sline.status = HTTP_INVALID_HEADER;
 	ctx_exit(ctx);
@@ -506,8 +506,8 @@
 	stringClean(&tr);
 	if (httpState->flags.chunked && reply->content_length >= 0) {
 	    /* Can't have a content-length in chunked encoding */
-	    reply->sline.status = HTTP_INVALID_HEADER;
-	    return done;
+	    reply->content_length = -1;
+	    httpHeaderDelById(&reply->header, HDR_CONTENT_LENGTH);
 	}
     }
     if (!httpState->flags.chunked) {
@@ -956,6 +956,8 @@
 		    httpHeaderPutTime(&reply->header, HDR_DATE, squid_curtime);
 		    mb = httpReplyPack(reply);
 		    storeAppend(entry, mb.buf, mb.size);
+		    storeAppend(entry, httpState->reply_hdr.buf, httpState->reply_hdr.size);
+		    memBufClean(&httpState->reply_hdr);
 		    httpReplyReset(reply);
 		    httpReplyParse(reply, mb.buf, mb.size);
 		    memBufClean(&mb);
@@ -1254,10 +1256,10 @@
 	    /* Special mode, to pass the username to the upstream cache */
 	    char loginbuf[256];
 	    const char *username = "-";
-	    if (orig_request->auth_user_request)
-		username = authenticateUserRequestUsername(orig_request->auth_user_request);
-	    else if (orig_request->extacl_user)
+	    if (orig_request->extacl_user)
 		username = orig_request->extacl_user;
+	    else if (orig_request->auth_user_request)
+		username = authenticateUserRequestUsername(orig_request->auth_user_request);
 	    snprintf(loginbuf, sizeof(loginbuf), "%s%s", username, orig_request->peer_login + 1);
 	    httpHeaderPutStrf(hdr_out, HDR_PROXY_AUTHORIZATION, "Basic %s",
 		base64_encode(loginbuf));
diff -ruN squid-2.6.STABLE16/src/ipcache.c squid-2.6.STABLE17/src/ipcache.c
--- squid-2.6.STABLE16/src/ipcache.c	Fri Aug 31 07:46:25 2007
+++ squid-2.6.STABLE17/src/ipcache.c	Mon Nov 26 03:59:09 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ipcache.c,v 1.245.2.1 2007/08/31 13:46:25 hno Exp $
+ * $Id: ipcache.c,v 1.245.2.3 2007/11/26 10:59:09 adrian Exp $
  *
  * DEBUG: section 14    IP Cache
  * AUTHOR: Harvest Derived
@@ -223,7 +223,7 @@
     i->handlerData = NULL;
     if (cbdataValid(handlerData)) {
 	dns_error_message = i->error_message;
-	handler(i->flags.negcached ? NULL : &i->addrs, handlerData);
+	handler(i->addrs.count ? &i->addrs : NULL, handlerData);
     }
     cbdataUnlock(handlerData);
     ipcacheUnlockEntry(i);
@@ -369,7 +369,7 @@
 	i->addrs.count = (unsigned char) na;
     else
 	i->addrs.count = 255;
-    if (ttl == 0 || ttl > Config.positiveDnsTtl)
+    if (ttl > Config.positiveDnsTtl)
 	ttl = Config.positiveDnsTtl;
     if (ttl < Config.negativeDnsTtl)
 	ttl = Config.negativeDnsTtl;
diff -ruN squid-2.6.STABLE16/src/main.c squid-2.6.STABLE17/src/main.c
--- squid-2.6.STABLE16/src/main.c	Fri Aug 31 07:52:10 2007
+++ squid-2.6.STABLE17/src/main.c	Mon Nov 26 03:47:23 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: main.c,v 1.393.2.4 2007/08/31 13:52:10 hno Exp $
+ * $Id: main.c,v 1.393.2.6 2007/11/26 10:47:23 adrian Exp $
  *
  * DEBUG: section 1     Startup and Main Loop
  * AUTHOR: Harvest Derived
@@ -710,6 +710,10 @@
 #endif
     mainParseOptions(argc, argv);
 
+#if HAVE_SYSLOG && defined(LOG_LOCAL4)
+    openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, syslog_facility);
+#endif
+
 #if defined(USE_WIN32_SERVICE) && defined(_SQUID_WIN32_)
     if (opt_install_service) {
 	WIN32_InstallService();
@@ -972,14 +976,12 @@
     int nullfd;
     if (*(argv[0]) == '(')
 	return;
-    openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
     if ((pid = fork()) < 0)
 	syslog(LOG_ALERT, "fork failed: %s", xstrerror());
     else if (pid > 0)
 	exit(0);
     if (setsid() < 0)
 	syslog(LOG_ALERT, "setsid failed: %s", xstrerror());
-    closelog();
 #ifdef TIOCNOTTY
     if ((i = open("/dev/tty", O_RDWR | O_TEXT)) >= 0) {
 	ioctl(i, TIOCNOTTY, NULL);
@@ -1008,7 +1010,6 @@
 	mainStartScript(argv[0]);
 	if ((pid = fork()) == 0) {
 	    /* child */
-	    openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
 	    prog = xstrdup(argv[0]);
 	    argv[0] = xstrdup("(squid)");
 	    execvp(prog, argv);
@@ -1016,7 +1017,6 @@
 	    exit(1);
 	}
 	/* parent */
-	openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
 	syslog(LOG_NOTICE, "Squid Parent: child process %d started", pid);
 	time(&start);
 	squid_signal(SIGINT, SIG_IGN, SA_RESTART);
diff -ruN squid-2.6.STABLE16/src/mib.txt squid-2.6.STABLE17/src/mib.txt
--- squid-2.6.STABLE16/src/mib.txt	Fri Aug 31 08:08:52 2007
+++ squid-2.6.STABLE17/src/mib.txt	Mon Nov 26 04:08:30 2007
@@ -2,7 +2,7 @@
 
 SQUID-MIB DEFINITIONS ::= BEGIN
 --
--- $Id: mib.txt,v 1.30.2.1 2007/08/31 14:08:52 hno Exp $
+-- $Id: mib.txt,v 1.30.2.2 2007/11/26 11:08:30 adrian Exp $
 --
 
 IMPORTS
@@ -715,7 +715,7 @@
 		MAX-ACCESS not-accessible
 		STATUS current
 		DESCRIPTION
-			" An entry in cachePeerTable "
+			" cache_peer indexed by IP address "
 		INDEX 	{ cachePeerAddr }
 	::= { cachePeerTable 1 }
 
@@ -724,7 +724,7 @@
 		MAX-ACCESS not-accessible
 		STATUS current
 		DESCRIPTION
-			" An entry in cachePeerTable "
+			" cache_peer indexed by position in squid.conf "
 		INDEX 	{ cachePeerIndex }
 	::= { cachePeerTable 2 }
 
diff -ruN squid-2.6.STABLE16/src/stat.c squid-2.6.STABLE17/src/stat.c
--- squid-2.6.STABLE16/src/stat.c	Wed Nov  1 13:58:52 2006
+++ squid-2.6.STABLE17/src/stat.c	Fri Sep 21 08:48:37 2007
@@ -1,6 +1,6 @@
 
 /*
- * $Id: stat.c,v 1.377 2006/11/01 20:58:52 wessels Exp $
+ * $Id: stat.c,v 1.377.2.1 2007/09/21 14:48:37 hno Exp $
  *
  * DEBUG: section 18    Cache Manager Statistics
  * AUTHOR: Harvest Derived
@@ -598,8 +598,8 @@
     storeAppendPrintf(sentry, "\tCPU Usage, 60 minute avg:\t%.2f%%\n",
 	statCPUUsage(60));
 #if HAVE_SBRK
-    storeAppendPrintf(sentry, "\tProcess Data Segment Size via sbrk(): %d KB\n",
-	(int) (((char *) sbrk(0) - (char *) sbrk_start) >> 10));
+    storeAppendPrintf(sentry, "\tProcess Data Segment Size via sbrk(): %lu KB\n",
+	(unsigned long) (((char *) sbrk(0) - (char *) sbrk_start) >> 10));
 #endif
     storeAppendPrintf(sentry, "\tMaximum Resident Size: %d KB\n",
 	rusage_maxrss(&rusage));
