Log Message:
Update squid to 3.5.23, including security fixes.

Changes to squid-3.5.23 (16 Dec 2016):

	- Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
	- Bug 4620: NetBSD build error with --enable-ipf-transparent
	- Bug 4567: Strange IPv6 shown in access.log
	- Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during \ 
reconfigure and restart
	- Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
	- Bug 4169: HIT marked as MISS when If-None-Match does not match
	- Bug 4007: Hang on DNS query with dead-end CNAME
	- Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
	- Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT
	- Bug 3533: Cache still valid after HTTP/1.1 303 See Other
	- Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
	- Bug 3290: authenticate_ttl not working for digest authentication
	- Bug 2258: bypassing cache but not destroying cache entry
	- HTTP/1.1: make Vary:* objects cacheable
	- HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
	- Support IPv6 NAT with PF for NetBSD and FreeBSD
	- TLS: Make key= before cert= an error instead of quietly hiding the issue
	- ... and some debug updates
	- ... and some build fixes
	- ... and several documentation updates