Resurrect www/junkbuster.

Fix vulnerability as described on
	http://bugs.gentoo.org/show_bug.cgi?id=88537

17 files changed, 1021 insertions, 0 deletions

diff --git a/www/junkbuster/Makefile b/www/junkbuster/Makefile
new file mode 100644
index 000000000000..f65fab48dcb4
--- /dev/null
+++ b/www/junkbuster/Makefile
@@ -0,0 +1,61 @@
+# New ports collection makefile for:	junkbuster
+# Date created:		2 May 1998
+# Whom:			Ian Struble <ian@broken.net>
+#
+# $FreeBSD$
+
+PORTNAME=	junkbuster
+PORTVERSION=	2.0.2
+PORTREVISION=	2
+CATEGORIES=	www
+MASTER_SITES=	http://f2.org/download/ \
+		http://www.junkbusters.com/ht/en/
+DISTNAME=	ijb-zlib-10
+EXTRACT_SUFX=	.tgz
+DIST_SUBDIR=	${PORTNAME}-${PORTVERSION}
+
+MAINTAINER=	edwin@mavetju.org
+COMMENT=	An HTTP proxy server that eliminates ads
+
+USE_REINPLACE=	yes
+
+ALL_TARGET=	# yes, an empty target.
+JDIR=		${PREFIX}/etc/junkbuster
+MAN1=		junkbuster.1
+SUB_FILES=	junkbuster.sh
+USE_RC_SUBR=	yes
+
+.include <bsd.port.pre.mk>
+
+.if ( ${OSVERSION} >= 500000 )
+GNUREGEXP=	's:gnu_regex.h:gnu/regex.h:'
+.else
+GNUREGEXP=	's:gnu_regex.h:gnuregex.h:'
+.endif
+
+post-patch:
+.for f in junkbstr.ini saclfile.ini sblock.ini scookie.ini sforward.ini strust.ini win32.h
+	@${REINPLACE_CMD} -e "s:`/usr/bin/printf '\r'`::" ${WRKSRC}/${f}
+.endfor
+.for f in acl.c bind.c conn.c encode.c filters.c gnu_regex.c jcc.c loaders.c parsers.c socks4.c ssplit.c win32.c
+	@${REINPLACE_CMD} -e ${GNUREGEXP} ${WRKSRC}/${f}
+.endfor
+
+do-install:
+	@${INSTALL_PROGRAM} ${WRKSRC}/junkbuster ${PREFIX}/sbin/junkbuster
+	@${MKDIR} -m 755 ${JDIR}
+	@${INSTALL_DATA} ${WRKSRC}/junkbstr.ini ${JDIR}/configfile.sample
+	@${INSTALL_DATA} ${WRKSRC}/sblock.ini ${JDIR}/blockfile.sample
+	@${INSTALL_DATA} ${WRKSRC}/saclfile.ini ${JDIR}/aclfile.sample
+	@${INSTALL_DATA} ${WRKSRC}/scookie.ini ${JDIR}/cookiefile.sample
+	@${INSTALL_DATA} ${WRKSRC}/sforward.ini ${JDIR}/forwardfile.sample
+	@${INSTALL_DATA} ${WRKSRC}/strust.ini ${JDIR}/trustfile.sample
+	@$(INSTALL_MAN) ${WRKSRC}/junkbuster.1 $(PREFIX)/man/man1/
+
+	@${INSTALL_SCRIPT} ${WRKDIR}/junkbuster.sh \
+	    ${PREFIX}/etc/rc.d/junkbuster.sh
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/www/junkbuster/distinfo b/www/junkbuster/distinfo
new file mode 100644
index 000000000000..6e5160408e1d
--- /dev/null
+++ b/www/junkbuster/distinfo
@@ -0,0 +1,3 @@
+MD5 (junkbuster-2.0.2/ijb-zlib-10.tgz) = 3c410f61eeb7e24641fc7eaf3dc5063e
+SHA256 (junkbuster-2.0.2/ijb-zlib-10.tgz) = dfc61a5d1f82c82246b44a9153dc78b1793e135f16e6d96ccb73830892ff7b9d
+SIZE (junkbuster-2.0.2/ijb-zlib-10.tgz) = 145917
diff --git a/www/junkbuster/files/junkbuster.sh.in b/www/junkbuster/files/junkbuster.sh.in
new file mode 100644
index 000000000000..7d8a7212fc55
--- /dev/null
+++ b/www/junkbuster/files/junkbuster.sh.in
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# PROVIDE: junkbuster
+# REQUIRE: NETWORKING SERVERS
+# BEFORE: DAEMON
+# KEYWORD: FreeBSD
+
+#
+# Add the following lines to /etc/rc.conf to enable junkbuster:
+# junkbuster_enable (bool):	Set to "NO" by default.
+#				Set it to "YES" to enable junkbuster
+#
+
+. %%RC_SUBR%%
+
+name="junkbuster"
+command=%%PREFIX%%/sbin/junkbuster
+required_files=%%PREFIX%%/etc/junkbuster/configfile
+start_cmd="ijb_start"
+
+[ -z "${junkbuster_enable}" ] && junkbuster_enable="NO"
+
+ijb_start()
+{
+	cd %%PREFIX%%/etc/junkbuster
+	su -m nobody -c "%%PREFIX%%/sbin/junkbuster configfile &" >/dev/null
+	echo -n " junkbuster"
+}
+
+load_rc_config $name
+run_rc_command "$1"
+
+#case $1 in
+#start)
+#	if [ -d %%JDIR%% \
+#	     -a -x %%PREFIX%%/sbin/junkbuster \
+#	     -a -f %%JDIR%%/configfile ]; then
+#		: seems OK
+#	else
+#		echo >&2 "$0: missing files!"
+#		exit 1
+#	fi
+#	cd %%JDIR%%
+#	su -m nobody -c "%%PREFIX%%/sbin/junkbuster configfile &" \
+#	    >/dev/null \
+#	&& echo -n " junkbuster" \
+#	|| echo " junkbuster FAILED TO START"
+#	;;
+#stop)
+#	killall junkbuster && echo -n " junkbuster"
+#	;;
+#restart)
+#	$0 stop
+#	$0 start
+#	;;
+#*)
+#	echo "Usage: `basename $0` {start|stop}" >&2
+#	exit 64
+#	;;
+#esac
+#
+#exit 0
diff --git a/www/junkbuster/files/patch-aa b/www/junkbuster/files/patch-aa
new file mode 100644
index 000000000000..59a1478d4e9d
--- /dev/null
+++ b/www/junkbuster/files/patch-aa
@@ -0,0 +1,40 @@
+--- Makefile.orig	Fri Aug  4 15:40:15 2000
++++ Makefile	Fri Nov  3 12:23:48 2000
+@@ -5,20 +5,20 @@
+ 
+ # set include and library paths for the zlib compression library
+ #
+-ZLIB_INC_FLAGS=-I../zlib
+-ZLIB_LIB_FLAGS=-L ../zlib
++#ZLIB_INC_FLAGS=-I../zlib
++#ZLIB_LIB_FLAGS=-L ../zlib
+ 
+ DEFAULT_CFLAGS = -I. $(ZLIB_INC_FLAGS) $(REGEX) -DSTDC_HEADERS -DHAVE_STRING
+ 
+ PROG   = junkbuster
+ O      = o
+ RM     = rm -f
+-MORE_CFLAGS = -g
++MORE_CFLAGS =
+ LD = $(CC) $(CFLAGS) $(ZLIB_LIB)
+ LDFLAGS = -lz
+ 
+ # use this for Solaris 2.x
+-#LDFLAGS = -lnsl -lsocket -lz
++LDFLAGS += -lgnuregex
+ 
+ # use these for SunOS 4.x
+ #LDFLAGS = -nsl -lz
+@@ -63,10 +63,10 @@
+ #MORE_CFLAGS = -relax_pointers
+ #LDFLAGS = -map junkbuster.xMAP
+ 
+-CFLAGS  = $(DEFAULT_CFLAGS) $(MORE_CFLAGS)
++CFLAGS  += $(DEFAULT_CFLAGS) $(MORE_CFLAGS)
+ 
+ OBJS =	jcc.$(O) parsers.$(O) filters.$(O) loaders.$(O) bind.$(O) conn.$(O) \
+-	encode.$(O) ssplit.$(O) socks4.$(O) acl.$(O) gnu_regex.$(O) win32.$(O)
++	encode.$(O) ssplit.$(O) socks4.$(O) acl.$(O) win32.$(O)
+ 
+ $(PROG): $(OBJS)
+ 	$(LD) -o $(PROG) $(ZLIB_LIB_FLAGS) $(OBJS) $(LDFLAGS)
diff --git a/www/junkbuster/files/patch-ag b/www/junkbuster/files/patch-ag
new file mode 100644
index 000000000000..302c3f2cb915
--- /dev/null
+++ b/www/junkbuster/files/patch-ag
@@ -0,0 +1,12 @@
+--- jcc.c.orig	Fri Aug  4 14:31:14 2000
++++ jcc.c	Thu Apr 29 15:55:30 2004
+@@ -43,7 +43,8 @@
+ #endif
+ 
+ #include "jcc.h"
+-#include "zutil.h"
++#include "zlib.h"
++#define DEF_MEM_LEVEL 8
+ 
+ char *prog;
+ 
diff --git a/www/junkbuster/files/patch-ah b/www/junkbuster/files/patch-ah
new file mode 100644
index 000000000000..b8c44c2f4753
--- /dev/null
+++ b/www/junkbuster/files/patch-ah
@@ -0,0 +1,29 @@
+diff -ruN /usr/ports/www/ijb/work/ijb20/loaders.c ./loaders.c
+--- /usr/ports/www/ijb/work/ijb20/loaders.c	Mon Feb 28 02:35:10 2000
++++ ./loaders.c	Mon Feb 28 02:34:29 2000
+@@ -8,7 +8,7 @@
+ #include <stdlib.h>
+ #include <sys/types.h>
+ #include <string.h>
+-#include <malloc.h>
++#include <stdlib.h>
+ #include <errno.h>
+ #include <sys/stat.h>
+ #include <ctype.h>
+@@ -1160,7 +1160,7 @@
+ 
+ 	extern char	*acl_rcs, *bind_rcs, *conn_rcs, *encode_rcs,
+ 			*jcc_rcs, *loaders_rcs, *parsers_rcs, *filters_rcs,
+-			*socks4_rcs, *ssplit_rcs, *gnu_regex_rcs, *win32_rcs;
++			*socks4_rcs, *ssplit_rcs, *win32_rcs;
+ 
+ 	b = strsav(b, "<h2>Source versions:</h2>\n");
+ 	b = strsav(b, "<pre>");
+@@ -1174,7 +1174,6 @@
+ 	sprintf(buf, "%s\n", socks4_rcs    );	b = strsav(b, buf);
+ 	sprintf(buf, "%s\n", ssplit_rcs    );	b = strsav(b, buf);
+ 	sprintf(buf, "%s\n", acl_rcs       );	b = strsav(b, buf);
+-	sprintf(buf, "%s\n", gnu_regex_rcs );	b = strsav(b, buf);
+ 	sprintf(buf, "%s\n", win32_rcs     );	b = strsav(b, buf);
+ 	b = strsav(b, "</pre>");
+ 
diff --git a/www/junkbuster/files/patch-ai b/www/junkbuster/files/patch-ai
new file mode 100644
index 000000000000..d9cb3058158e
--- /dev/null
+++ b/www/junkbuster/files/patch-ai
@@ -0,0 +1,10 @@
+diff -ruN /usr/ports/www/ijb/work/ijb20/loaders.h ./loaders.h
+--- /usr/ports/www/ijb/work/ijb20/loaders.h	Wed Dec 31 21:00:00 1969
++++ ./loaders.h	Mon Feb 28 02:22:47 2000
+@@ -0,0 +1,6 @@
++#ifndef __LOADERS_H_INCLUDE__
++#define __LOADERS_H_INCLUDE__
++
++void * zalloc(int);
++
++#endif /* __LOADERS_H_INCLUDE__ */
diff --git a/www/junkbuster/files/patch-ak b/www/junkbuster/files/patch-ak
new file mode 100644
index 000000000000..4dffb57c8e7d
--- /dev/null
+++ b/www/junkbuster/files/patch-ak
@@ -0,0 +1,20 @@
+--- socks4.c.orig	Fri Aug  4 08:39:21 2000
++++ socks4.c	Thu Apr 29 15:59:20 2004
+@@ -28,6 +28,8 @@
+ 
+ #include "jcc.h"
+ 
++#define DEFAULT_FALLBACK_HTTP_PORT	80
++
+ #define SOCKS_REQUEST_GRANTED		90
+ #define SOCKS_REQUEST_REJECT		91
+ #define SOCKS_REQUEST_IDENT_FAILED	92
+@@ -60,7 +62,7 @@
+ 	unsigned char sbuf[BUFSIZ];
+ 	struct socks_op    *c = (struct socks_op    *)cbuf;
+ 	struct socks_reply *s = (struct socks_reply *)sbuf;
+-	int web_server_addr;
++	int web_server_addr = DEFAULT_FALLBACK_HTTP_PORT;
+ 	int n, csiz, sfd, target_port;
+ 	int err = 0;
+ 	char *errstr, *target_host;
diff --git a/www/junkbuster/files/patch-al b/www/junkbuster/files/patch-al
new file mode 100644
index 000000000000..5922cba56427
--- /dev/null
+++ b/www/junkbuster/files/patch-al
@@ -0,0 +1,10 @@
+--- ssplit.c.orig	Fri Aug  4 08:39:24 2000
++++ ssplit.c	Thu Apr 29 15:56:41 2004
+@@ -22,6 +22,7 @@
+  *      l = flag indicating whether to ignore leading field separators
+  */
+ 
++#include "loaders.h"
+ #include <stdlib.h>	/*  For free()		*/
+ #include <stdio.h>	/*  Required by jcc.h	*/
+ #include "gnu_regex.h"
diff --git a/www/junkbuster/files/patch-ao b/www/junkbuster/files/patch-ao
new file mode 100644
index 000000000000..58e6fdd74ead
--- /dev/null
+++ b/www/junkbuster/files/patch-ao
@@ -0,0 +1,633 @@
+Obtained from: ftp://ftp.linux.org.uk/pub/linux/rmk/ijb20.rmk.diff
+
+--- bind.c.orig	Fri Nov 30 11:25:23 2001
++++ bind.c	Fri Nov 30 11:33:46 2001
+@@ -45,6 +45,242 @@
+ long  remote_ip_long;
+ char *remote_ip_str;
+ 
++#ifdef HAVE_IPV6
++#ifdef HAVE_POLL
++/*
++ * Do we have the superiour poll() interface?
++ */
++#include <sys/poll.h>
++
++static struct pollfd	*b_pfd;
++static int		nr_fds;
++#else
++/*
++ * Argh, we've only got the select() interface.
++ */
++#include <sys/select.h>
++
++static fd_set		sfd;
++static int		max_fd;
++#endif
++
++static int add_fd(fd)
++	int fd;
++{
++#ifdef HAVE_POLL
++	struct pollfd *n;
++	int nr = nr_fds + 1;
++
++	n = realloc(b_pfd, nr * sizeof(*n));
++	if (!n)
++		return -3;
++
++	n[nr_fds].fd     = fd;
++	n[nr_fds].events = POLLIN;
++
++	b_pfd  = n;
++	nr_fds = nr;
++
++	return 0;
++#else
++	if (fd >= max_fd)
++		max_fd = fd + 1;
++	FD_SET(fd, &sfd);
++	return 0;
++#endif
++}
++
++/*
++ * Bind one port of an address family, specified by `ai'
++ */
++static int bind_one(ai)
++	struct addrinfo *ai;
++{
++	int fd, one = 1;
++
++	fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
++	if (fd == -1) {
++		/*
++		 * Is it an unsupported family or protocol?
++		 * Move along please.
++		 */
++		if (errno == EINVAL || errno == EPROTONOSUPPORT)
++			return -1;
++
++		/*
++		 * Ok, something else went wrong - fatal error.
++		 */
++		return -3;
++	}
++
++	setsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
++		   (char *)&one, sizeof(one));
++
++	/*
++	 * Now bind the socket.  This may fail on Linux.
++	 */
++	if (bind(fd, ai->ai_addr, ai->ai_addrlen) < 0) {
++		close(fd);
++
++		if (errno == EADDRINUSE)
++			return -2;
++		else
++			return -1;
++	}
++
++	/*
++	 * and ensure that it is listening.
++	 */
++	while (listen(fd, 5) == -1) {
++		if (errno != EINTR) {
++			close(fd);
++			return -1;
++		}
++	}
++
++	return add_fd(fd);
++}
++
++/*
++ * BIND-PORT (portnum)
++ *  if success, return file descriptor
++ *  if failure, returns -2 if address is in use, otherwise -1
++ */
++int 	bind_port (hostnam, portnum)
++char	*hostnam;
++int	 portnum;
++{
++	struct addrinfo *ai, *aip, aihint;
++	int rc, nr = 0;
++	char serv[NI_MAXSERV];
++
++	if (snprintf(serv, NI_MAXSERV, "%d", portnum) >= NI_MAXSERV)
++		return -1;
++
++	memset(&aihint, 0, sizeof(aihint));
++
++	aihint.ai_flags = AI_PASSIVE;
++	aihint.ai_family = PF_UNSPEC;
++	aihint.ai_socktype = SOCK_STREAM;
++
++	rc = getaddrinfo(hostnam, serv, &aihint, &ai);
++	if (rc)
++		return -1;
++
++	/*
++	 * Go through each entry creating a socket and trying
++	 * to bind it.  Note that on Linux, if we bind to an
++	 * IPv6 address, we can't bind to it's corresponding
++	 * IPv4 address, so we bind IPv6 first, then IPv4.
++	 * 
++	 * We classify success as being able to establish at
++	 * least one listening socket.
++	 */
++	for (aip = ai; aip; aip = aip->ai_next) {
++		if (aip->ai_family == PF_INET6) {
++			rc = bind_one(aip);
++			if (rc == 0)
++				nr++;
++		}
++	}
++
++	for (aip = ai; aip; aip = aip->ai_next) {
++		if (aip->ai_family == PF_INET) {
++			rc = bind_one(aip);
++			if (rc == 0)
++				nr++;
++		}
++	}
++
++	freeaddrinfo(ai);
++
++	if (nr != 0)
++		rc = 0;
++
++	return rc;
++}
++
++/* 
++ * ACCEPT-CONNECTION
++ * the argument, fd, is the value returned from bind_port
++ *
++ * when a connection is accepted, it returns the file descriptor
++ * for the connected port
++ */
++int	accept_connection (_fd)
++int	_fd;
++{
++	struct sockaddr_storage sa;
++	int afd, alen = sizeof(sa);
++	char host[NI_MAXHOST];
++	int rc, fd;
++
++#ifdef HAVE_POLL
++	int i;
++
++	do {
++		rc = poll(b_pfd, nr_fds, -1);
++	} while (rc == 0 || (rc == -1 && errno == EINTR));
++
++	/*
++	 * I wish we could spawn the handler here.  Alas, without
++	 * rewriting more of ijb...
++	 */
++	for (i = 0; i < nr_fds; i++)
++		if (b_pfd[i].revents)
++			break;
++
++	/*
++	 * hmm, if we ran out of fds to check, someone lied to us.
++	 */
++	if (i >= nr_fds)
++		return -1;
++
++	fd = b_pfd[i].fd;
++#else
++	fd_set rfds;
++
++	rfds = sfd;
++	do {
++		rc = select(max_fd, &rfds, NULL, NULL, NULL);
++	} while (rc == 0 || (rc == -1 && errno == EINTR));
++
++	/*
++	 * Find the first fd.  Same comment as above.
++	 */
++	for (fd = 0; fd < max_fd; fd++)
++		if (FD_ISSET(fd, &rfds))
++			break;
++
++	/*
++	 * If we found no fds, someone lied to us.
++	 */
++	if (fd >= max_fd)
++		return -1;
++
++#endif
++	afd = accept(fd, (struct sockaddr *)&sa, &alen);
++	if (afd < 0)
++		return -1;
++
++	if (getnameinfo((struct sockaddr *)&sa, alen,
++			host, NI_MAXHOST,
++			NULL, 0, NI_NUMERICHOST))
++		strcpy(host, "unknown");
++
++	remote_ip_str = strdup(host);
++	remote_ip_long = 0;
++
++	return afd;
++}
++#else
++/*
++ * -------------------------------- IPv4 ----------------------------
++ */
++
++extern int atoip();
++
++
+ /*
+  * BIND-PORT (portnum)
+  *  if success, return file descriptor
+@@ -100,7 +336,6 @@
+ 	return fd;
+ }
+ 
+-
+ /* 
+  * ACCEPT-CONNECTION
+  * the argument, fd, is the value returned from bind_port
+@@ -128,3 +363,5 @@
+ 
+ 	return afd;
+ }
++#endif
++
+--- conn.c.orig	Fri Nov 30 11:25:23 2001
++++ conn.c	Fri Nov 30 11:30:30 2001
+@@ -41,6 +41,10 @@
+ #include "gnuregex.h"
+ #endif
+ 
++#ifdef HAVE_POLL
++#include <sys/poll.h>
++#endif
++
+ #include "jcc.h"
+ 
+ int
+@@ -82,14 +86,127 @@
+ 	return(inaddr.sin_addr.s_addr);
+ }
+ 
++#ifdef HAVE_IPV6
++int connect_to(char *host, int portnum, struct client_state *csp)
++{
++	struct addrinfo *ai, *aip, aihint;
++	int fd = -1, rc;
++	char serv[NI_MAXSERV];
++
++	if (snprintf(serv, NI_MAXSERV, "%d", portnum) >= NI_MAXSERV) {
++		errno = EOVERFLOW;
++		return -1;
++	}
++
++	memset(&aihint, 0, sizeof(aihint));
++
++	aihint.ai_family = PF_UNSPEC;
++	aihint.ai_socktype = SOCK_STREAM;
++
++	rc = getaddrinfo(host, serv, &aihint, &ai);
++	if (rc)
++		return -1;
++
++	/*
++	 * Go through each entry trying to connect to the host.
++	 */
++	for (aip = ai; aip; aip = aip->ai_next) {
++		int flags;
++
++		fd = socket(aip->ai_family, aip->ai_socktype, aip->ai_protocol);
++		if (fd == -1)
++			continue;
++
++#ifdef TCP_NODELAY	/* turn off TCP coalescence */
++		{
++			int mi = 1;
++			setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, (char *)&mi, sizeof(mi));
++		}
++#endif
++#if !defined(_WIN32) && !defined(__BEOS__)
++		flags = fcntl(fd, F_GETFL, 0);
++		if (flags != -1)
++			fcntl(fd, F_SETFL, flags | O_NDELAY);
++#endif
++		do {
++			rc = connect(fd, aip->ai_addr, aip->ai_addrlen);
++		} while (rc == -1 && errno == EINTR);
++
++		if (rc == -1 && errno != EINPROGRESS) {
++			close(fd);
++			fd = -1;
++			continue;
++		}
++
++		/*
++		 * Ok, the connection is in progress.
++		 */
++#if !defined(_WIN32) && !defined(__BEOS__)
++		if (flags != -1)
++			fcntl(fd, F_SETFL, flags);
++#endif
++		{
++#ifdef HAVE_POLL
++			struct pollfd pfd;
++
++			pfd.fd = fd;
++			pfd.events = POLLOUT | POLLERR | POLLHUP;
++
++			if (poll(&pfd, 1, 30000) <= 0) {
++				close(fd);
++				fd = -1;
++				continue;
++			}
++
++			if (pfd.revents & (POLLERR|POLLHUP)) {
++				close(fd);
++				fd = -1;
++				continue;
++			}
++#else
++			fd_set rfds, wfds;
++			struct timeval tv[1];
++
++			FD_ZERO(&rfds);
++			FD_ZERO(&wfds);
++			FD_SET(fd, &rfds);
++			FD_SET(fd, &wfds);
++
++			tv->tv_sec  = 30;
++			tv->tv_usec = 0;
++
++			if (select(fd + 1, &rfds, &wfds, NULL, tv) <= 0) {
++				(void) close(fd);
++				fd = -1;
++				continue;
++			}
++
++			if (FD_ISSET(fd, &rfds) && FD_ISSET(fd, &wfds)) {
++				int r = 0, l = sizeof(r);
++
++				if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &r, &l)
++				    || r) {
++					(void) close(fd);
++					fd = -1;
++					continue;
++				}
++			}
++#endif
++		}
++		break;
++	}
++
++	freeaddrinfo(ai);
+ 
++	return fd;
++}
++
++#else
+ int
+ connect_to(char *host, int portnum, struct client_state *csp)
+ {
+ 	struct sockaddr_in inaddr;
+ 	int	fd, addr;
+-	fd_set wfds;
+-	struct timeval tv[1];
+ 	int	flags;
+ 	struct access_control_addr src[1], dst[1];
+ 
+@@ -122,23 +239,19 @@
+ 	}
+ 
+ #ifdef TCP_NODELAY
+-{	/* turn off TCP coalescence */
+-	int	mi = 1;
+-	setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (char * ) &mi, sizeof (int));
+-}
++	{	/* turn off TCP coalescence */
++		int	mi = 1;
++		setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (char * ) &mi, sizeof (int));
++	}
+ #endif
+-
+-#ifndef _WIN32
+-#ifndef __BEOS__
++#if !defined(_WIN32) && !defined(__BEOS__)
+ 	if ((flags = fcntl(fd, F_GETFL, 0)) != -1) {
+ 		flags |= O_NDELAY;
+ 		fcntl(fd, F_SETFL, flags);
+ 	}
+ #endif
+-#endif
+ 
+ 	while (connect(fd, (struct sockaddr *) & inaddr, sizeof inaddr) == -1) {
+-
+ #ifdef _WIN32
+ 		if (errno == WSAEINPROGRESS)
+ #else
+@@ -154,25 +267,59 @@
+ 		}
+ 	}
+ 
+-#ifndef _WIN32
+-#ifndef __BEOS__
++#if !defined(_WIN32) && !defined(__BEOS__)
+ 	if (flags != -1) {
+ 		flags &= ~O_NDELAY;
+ 		fcntl(fd, F_SETFL, flags);
+ 	}
+ #endif
+-#endif
+ 
+-	/* wait for connection to complete */
+-	FD_ZERO(&wfds);
+-	FD_SET(fd, &wfds);
++	{
++#ifdef HAVE_POLL
++		struct pollfd pfd;
++
++		pfd.fd = fd;
++		pfd.events = POLLOUT | POLLERR | POLLHUP;
++
++		if (poll(&pfd, 1, 30000) <= 0) {
++			close(fd);
++			return -1;
++		}
+ 
+-	tv->tv_sec  = 30;
+-	tv->tv_usec = 0;
++		if (pfd.revents & (POLLERR|POLLHUP)) {
++			close(fd);
++			return -1;
++		}
++#else
++		fd_set rfds, wfds;
++		struct timeval tv[1];
+ 
+-	if (select(fd + 1, NULL, &wfds, NULL, tv) <= 0) {
+-		(void) close(fd);
+-		return(-1);
++		/* wait for connection to complete */
++		FD_ZERO(&rfds);
++		FD_ZERO(&wfds);
++		FD_SET(fd, &rfds);
++		FD_SET(fd, &wfds);
++
++		tv->tv_sec  = 30;
++		tv->tv_usec = 0;
++
++		if (select(fd + 1, &rfds, &wfds, NULL, tv) <= 0) {
++			(void) close(fd);
++			return(-1);
++		}
++
++		if (FD_ISSET(fd, &rfds) && FD_ISSET(fd, &wfds)) {
++			int r = 0, l = sizeof(r);
++
++			if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &r, &l)
++			    || r) {
++				(void) close(fd);
++				fd = -1;
++			}
++		}
++#endif
+ 	}
++
+ 	return(fd);
+ }
++#endif
+--- jcc.c.orig	Fri Nov 30 11:25:24 2001
++++ jcc.c	Fri Nov 30 11:30:30 2001
+@@ -32,9 +32,13 @@
+ #include <OS.h>		/* declarations for threads and stuff. */
+ #endif
+ 
++#ifdef HAVE_POLL
++#include <sys/poll.h>
++#else
+ #ifndef FD_ZERO
+ #include <select.h>
+ #endif
++#endif
+ 
+ #endif
+ 
+@@ -640,7 +644,26 @@
+ 
+ 	server_body = 0;
+ 
++#ifdef HAVE_POLL
++	fds[0].fd = csp->cfd;
++	fds[0].events = POLLIN|POLLHUP;
++	fds[1].fd = csp->sfd;
++	fds[1].events = POLLIN|POLLHUP;
++#endif
++
+ 	for(;;) {
++#ifdef HAVE_POLL
++		n = poll(fds, 2, -1);
++
++		if (n < 0) {
++			fprintf(logfp, "%s: poll() failed!: ", prog);
++			fperror(logfp, "");
++			return;
++		}
++
++#define IS_CLIENT()	(fds[0].revents & POLLIN)
++#define IS_SERVER()	(fds[1].revents & POLLIN)
++#else
+ 		FD_ZERO(&rfds);
+ 
+ 		FD_SET(csp->cfd, &rfds);
+@@ -653,12 +676,14 @@
+ 			fperror(logfp, "");
+ 			return;
+ 		}
+-
++#define IS_CLIENT()	FD_ISSET(csp->cfd, &rfds)
++#define IS_SERVER()	FD_ISSET(csp->sfd, &rfds)
++#endif
+ 		/* this is the body of the browser's request
+ 		 * just read it and write it.
+ 		 */
+ 
+-		if(FD_ISSET(csp->cfd, &rfds)) {
++		if(IS_CLIENT()) {
+ 
+ 			n = read_socket(csp->cfd, buf, sizeof(buf));
+ 
+@@ -679,7 +704,7 @@
+ 		 * otherwise it's the body
+ 		 */
+ 
+-		if(FD_ISSET(csp->sfd, &rfds)) {
++		if(IS_SERVER()) {
+ 
+ 			n = read_socket(csp->sfd, buf, sizeof(buf));
+ 
+--- jcc.h.orig	Fri Nov 30 11:25:24 2001
++++ jcc.h	Fri Nov 30 11:37:12 2001
+@@ -339,6 +339,7 @@
+ extern void client_cookie_adder(struct client_state *csp);
+ extern void client_xtra_adder(struct client_state *csp);
+ extern void client_x_forwarded_adder(struct client_state *csp);
++extern void server_conn_close_adder(struct client_state *csp);
+ 
+ /* interceptors from filters.c
+ */
+--- parsers.c.orig	Fri Nov 30 11:25:24 2001
++++ parsers.c	Fri Nov 30 11:30:30 2001
+@@ -32,6 +32,7 @@
+ 	{ "cookie:",		 7,	client_send_cookie	},
+ 	{ "x-forwarded-for:",	16,	client_x_forwarded	},
+ 	{ "proxy-connection:",	17,	crumble			},
++	{ "keep-alive:",	11,	crumble			},
+ /*	{ "if-modified-since:", 18,	crumble			}, */
+ 	{ NULL,			 0,	NULL			}
+ };
+@@ -57,6 +58,7 @@
+ };
+ 
+ void (*add_server_headers[])() = {
++	server_conn_close_adder,	/* for http/1.1 */
+ 	NULL
+ };
+ 
+@@ -608,6 +610,12 @@
+ 	if(csp->accept_server_cookie == 0) return(crumble(v, s, csp));
+ 
+ 	return(strdup(s));
++}
++
++void server_conn_close_adder(struct client_state *csp)
++{
++	char *p = strsav(NULL, "Connection: close");
++	enlist(csp->headers, p);
+ }
+ 
+ /* case insensitive string comparison */
+--- socks4.c.orig	Fri Nov 30 11:25:25 2001
++++ socks4.c	Fri Nov 30 11:30:31 2001
+@@ -11,6 +11,7 @@
+ 
+ 
+ #include <stdio.h>
++#include <string.h>
+ #include <sys/types.h>
+ #include <errno.h>
+ 
+@@ -112,6 +113,8 @@
+ 		strcpy(((char *)cbuf) + csiz, http->host);
+ 		csiz = n;
+ 		break;
++	default:
++		return -1; /* oops */
+ 	}
+ 
+ 	c->vn         = 4;
diff --git a/www/junkbuster/files/patch-filters.c b/www/junkbuster/files/patch-filters.c
new file mode 100644
index 000000000000..e9f4da414714
--- /dev/null
+++ b/www/junkbuster/files/patch-filters.c
@@ -0,0 +1,11 @@
+--- filters.c.orig	Wed Dec 21 09:29:35 2005
++++ filters.c	Wed Dec 21 09:30:24 2005
+@@ -581,7 +581,7 @@
+ ij_untrusted_url(struct http_request *http, struct client_state *csp)
+ {
+ 	int n;
+-	char *hostport, *path, *p, *v[9];
++	char *hostport, *path, *referrer, *p, *v[9];
+ 	char buf[BUFSIZ];
+ 	struct url_spec **tl, *t;
+ 
diff --git a/www/junkbuster/files/patch-jcc.c b/www/junkbuster/files/patch-jcc.c
new file mode 100644
index 000000000000..ae80b57ac806
--- /dev/null
+++ b/www/junkbuster/files/patch-jcc.c
@@ -0,0 +1,75 @@
+--- jcc.c.orig	Sun Sep 23 10:38:37 2001
++++ jcc.c	Sun Sep 23 10:39:23 2001
+@@ -100,9 +100,27 @@
+ 
+ char DEFAULT_USER_AGENT[] ="User-Agent: Mozilla/3.01Gold (Macintosh; I; 68K)";
+ 
++char BLANKGIF[] = "HTTP/1.0 200 OK\r\n" 
++                  "Content-type: image/gif\r\n\r\n" 
++                  "GIF89a\001\000\001\000\200\000\000\377\377\377\000\000" 
++                  "\000!\371\004\001\000\000\000\000,\000\000\000\000\001" 
++                  "\000\001\000\000\002\002D\001\000;"; 
++
++char JBGIF[] = "HTTP/1.0 200 OK\r\n"
++                  "Content-type: image/gif\r\n\r\n"
++                  "GIF89aD\000\013\000\360\000\000\000\000\000\377\377\377!"
++                  "\371\004\001\000\000\001\000,\000\000\000\000D\000\013\000"
++                  "\000\002a\214\217\251\313\355\277\000\200G&K\025\316hC\037"
++                  "\200\234\230Y\2309\235S\230\266\206\372J\253<\3131\253\271"
++                  "\270\215\342\254\013\203\371\202\264\334P\207\332\020o\266"
++                  "N\215I\332=\211\312\3513\266:\026AK)\364\370\365aobr\305"
++                  "\372\003S\275\274k2\354\254z\347?\335\274x\306^9\374\276"
++                  "\037Q\000\000;";
++
+ int debug           = 0;
+ int multi_threaded  = 1;
+ int hideConsole     = 0;
++int tinygif         = 0;
+ 
+ char *logfile = NULL;
+ FILE *logfp;
+@@ -351,6 +369,9 @@
+ 	struct http_request *http;
+ 	char *iob_buf;
+ 	int iob_len;
++ 	char *my_image_regexp = ".*(\\.gif|\\.jpe?g|\\gif$|\\jpe?g$)";
++ 	regex_t my_regexp;
++ 	int errcode;
+ 
+ 
+ 	http = csp->http;
+@@ -493,7 +514,21 @@
+ 				prog, http->hostport, http->path);
+ 		}
+ 
+-		write_socket(csp->cfd, p, strlen(p));
++		if (tinygif > 0) {
++		  errcode = regcomp(&my_regexp, my_image_regexp,
++				    (REG_EXTENDED|REG_NOSUB|REG_ICASE));
++		  
++		  if (regexec( &my_regexp, http->path, 0, NULL, 0) == 0) {
++		    if (tinygif == 1)
++		      write_socket(csp->cfd, BLANKGIF, sizeof(BLANKGIF)-1);
++		    else
++		      write_socket(csp->cfd, JBGIF, sizeof(JBGIF)-1);
++		  } else {
++		    write_socket(csp->cfd, p, strlen(p));
++		  }
++		  regfree( &my_regexp );
++		} else
++		  write_socket(csp->cfd, p, strlen(p));
+ 
+ 		if(DEBUG(LOG)) fwrite(p, strlen(p), 1, logfp);
+ 
+@@ -926,6 +961,11 @@
+ 
+ 			if(strcmp(cmd, "debug") == 0) {
+ 				debug |= atoi(arg);
++				continue;
++			}
++
++			if(strcmp(cmd, "tinygif") == 0) {
++				tinygif = atoi(arg);
+ 				continue;
+ 			}
+ 
diff --git a/www/junkbuster/files/patch-junkbstr.ini b/www/junkbuster/files/patch-junkbstr.ini
new file mode 100644
index 000000000000..11fb5242a4ed
--- /dev/null
+++ b/www/junkbuster/files/patch-junkbstr.ini
@@ -0,0 +1,11 @@
+--- junkbstr.ini.orig	Fri Oct 30 22:58:48 1998
++++ junkbstr.ini	Sat Mar 11 11:45:45 2000
+@@ -126,3 +126,8 @@
+ # debugging output "in order" for easy reading.
+ #
+ #single-threaded
++
++# tinygif allows you to change the appearance of blocked images
++# tinygif              0       # Show a "broken icon"
++# tinygif              1       # Show a GIF of one transparent pixel
++# tinygif              2       # Show a GIF with the word "JUNKBUSTER"
diff --git a/www/junkbuster/files/patch-junkbuster.1 b/www/junkbuster/files/patch-junkbuster.1
new file mode 100644
index 000000000000..59ae67838fb2
--- /dev/null
+++ b/www/junkbuster/files/patch-junkbuster.1
@@ -0,0 +1,20 @@
+--- junkbuster.1.orig	Fri Oct 30 22:58:48 1998
++++ junkbuster.1	Sat Mar 11 11:49:54 2000
+@@ -215,6 +215,17 @@
+ In version 1.3 and later
+ the blockfile and cookiefile are checked for changes before each request.
+ .TP
++tinygif \fIN\fP
++Set appearance of blocked GIFs. You can select one of the following
++values:
++.br
++.br
++\h'-\w"0 = "u'0 = Show a ``broken icon'' in the browser
++.br
++\h'-\w"1 = "u'1 = Show a one pixel transparent GIF
++.br
++\h'-\w"2 = "u'2 = Show a GIF with the word ``JUNKBUSTER'' in it
++.TP
+ .\" anchor: o_w wafer
+ \fI-w NAME=VALUE\fP (Old) wafer \fINAME=VALUE\fP (New)
+ Specifies a pair to be sent as a cookie with every request
diff --git a/www/junkbuster/pkg-descr b/www/junkbuster/pkg-descr
new file mode 100644
index 000000000000..b26e0be3db54
--- /dev/null
+++ b/www/junkbuster/pkg-descr
@@ -0,0 +1,12 @@
+This is a port of The Internet Junkbuster Proxy(TM).  An excelent way
+to enhance your privacy while browsing the web.  And it also happens
+to do a great job of filtering out all those annoying banner ads!
+
+This modified version allows one to specify appearance of blocked GIFs.
+It can automatically compress text/html and text/plain documents for clients
+which support Accept-Encoding: gzip (e.g. Netscape 4.7, Internet Explorer 5,
+Lynx 2.8.3) to save downstream modem/network bandwidth.  It uses the zlib
+compression library to perform on-the-fly compression of HTML documents.
+
+WWW: http://www.junkbusters.com/ht/en/ijb.html
+     http://f2.org/products/ijb-zlib/
diff --git a/www/junkbuster/pkg-message b/www/junkbuster/pkg-message
new file mode 100644
index 000000000000..7b77094a19e6
--- /dev/null
+++ b/www/junkbuster/pkg-message
@@ -0,0 +1,3 @@
+Please, review the samples of the configuration files (in
+/usr/local/etc/junkbuster/) and create your own config files. Read
+the junkbuster man-page (man junkbuster) for even more information.
diff --git a/www/junkbuster/pkg-plist b/www/junkbuster/pkg-plist
new file mode 100644
index 000000000000..93f33faaca73
--- /dev/null
+++ b/www/junkbuster/pkg-plist
@@ -0,0 +1,9 @@
+sbin/junkbuster
+etc/junkbuster/aclfile.sample
+etc/junkbuster/blockfile.sample
+etc/junkbuster/cookiefile.sample
+etc/junkbuster/configfile.sample
+etc/junkbuster/forwardfile.sample
+etc/junkbuster/trustfile.sample
+etc/rc.d/junkbuster.sh
+@unexec rmdir %D/etc/junkbuster || true 2>/dev/null