Log message:
Fix buidling when IPF is turned on

Log message:
Changes 3.4.11:
* cachemgr.cgi: memory leak in request parser
* Fix typo on commStartSslClose
* Fix SQUID_CC_REQUIRE_ARGUMENT autoconf macro
* Bug 3760: squidclient ignores --disable-ipv6
* Bug 3664: ssl_crtd fails to build on OpenSolaris/OpenIndiana/Solaris 11
* Bug 3754: configure doesnt detect IPFilter 5.1.2 system headers
* Bug 4164: SEGFAULT when %W formating code used in errorpages
* Deleting first fs left psstate->servers pointing to uninitialized memory
* Maintenance: check release notes on packaging
* Bug 4057: Avoid on-exit crashes when adaptation is enabled.

Log message:
Changes 3.4.10:
* Fix bootstrap.sh dependency on SPONSORS.list
* HTTP/2: Support 421 (Misdirected Request) status code
* Alternate-Protocol is a hop-by-hop header
* Bug 4148: external_acl_type header format does not accept the new libformat syntax
* Bug 4033: Rebuild corrupted ssl_db/size file
* Bug 3902: Docs: external_acl_type cache hash key
* Bug 4145: squid_endian.h compile errors with OpenBSD 5.6
* Fix segmentation fault in ACLUrlPathStrategy::match

Log message:
Changes 3.4.9:
* Fix man(8)/man(1) page syntax
* Source Maintenance: bump astyle version to 2.03
* Bug 4093: source-maintenance.sh bad perl -i option
* Bug 4102: sslbump cert contains only a dot character in key usage extension
* kerberos_ldap_group/cert_tool: Remove ksh dependency
* ext_kerberos_ldap_group_acl: Fix regression typo in 3.4.7
* Bug 3803: ident leaks memory on failure
* Bug 4024: Bad host/IP ::1 when using IPv4-only environment
* Bug 4093: source-maintenance.sh errors and warnings due to wrong tools/options
* CBDATA: log memory leak situations when --enable-debug-cbdata
* Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
* SourceFormat Enforcement

Log message:
Update squid to 3.4.8, a security release resolving several vulnerability
issues found in the prior Squid releases.

The major changes to be aware of:

* CVE-2014-6270 : SQUID-2014:3 Buffer overflow in SNMP processing

  http://www.squid-cache.org/Advisories/SQUID-2014_3.txt

This vulnerability allows any client who is allowed to send SNMP
packets to the proxy to perform a denial of service attack on Squid.

The issue came to light as the result of active 0-day attacks. Since
publication several other attack sightings have been reported.

* CVE-2014-7141 and CVE-2014-7142 : SQUID-2014:4

  http://www.squid-cache.org/Advisories/SQUID-2014_4.txt

These vulnerabilities allow a remote attack server to trigger DoS or
information leakage by sending various malformed ICMP and ICMPv6
packets to the Squid pinger helper.
The worst-case DoS scenario is a rarity, a more common impact will be
general service degradation for high-performance systems relying on
the pinger for realtime network measurement.

 All users of Squid are urged to upgrade to this release as soon as
possible.

 See the ChangeLog for the full list of changes in this and earlier
 releases.

Please refer to the release notes at
http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html
when you are ready to make the switch to Squid-3.4

Upgrade tip:
  "squid -k parse" is starting to display even more
   useful hints about squid.conf changes.

Log message:
Get "/etc/rc.d/squid status" and "/etc/rc.d/squid restart" \ 
to work again
under NetBSD (and other platforms using "/etc/rc.subr"?).

Bump package revision because of this fix.

Log message:
Changes 3.4.7:
kerberos_ldap_group: Fix 'error during setup of Kerberos credential cache'
Ignore Range headers with unidentifiable byte-range values
Use v3 for fake certificate if we add _any_ certificate extension.
Fix regression in rev.13156
Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
Enable compile-time override for MAXTCPLISTENPORTS
ntlm_sspi_auth: fix various build errors
negotiate_wrapper: vfork is not portable
Windows: fix iphlpapi.h include case-sensitivity
Windows: correct libsspwin32 API for SSP_LogonUser()
negotiate_sspi_auth: Portability fixes for MinGW
ext_lm_group_acl: portability fixes for MinGW
SourceFormat Enforcement
Bug 4080: worker hangs when client identd is not responding
Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC.
Reduce cache_effective_user was leaking $HOME memory

Log message:
Changes 3.4.6:
Docs: external_acl_type documentation lies for cache=n option
Non https connectiona on SSL-bump enabled port may stuck
Do not leak implicit ACLs during reconfigure.
Assure that when LruMap::memLimit_ is set to 0 no entries stored on LruMap
Portability: use 64-bit for X-Cache-Age header
Windows: fix various libip build issues
Windows: rename TcpLogger::connect
Windows: rename ConnOpener::connect
Change order of BSD-specific network includes so that they are properly picked up
Do not leak ex_data for SSL state that survived reconfigure.
Do not register the same Cache Manager action more than once
Fix leaked TcpAcceptor job on reconfiguration
Fix leak of ACLs related to adaptation access rules
Bug 4056: assertion MemPools[type] from netdbExchangeStart()
Bug 4065: round-robin neighbor selection with unequal weights
Bug 4050: Segfault in CommSelectEngine::checkEvents on helper response
Fix segfault setting up server SSL connnection
Regression: segfault logging with %tg format specifier
SourceFormat Enforcement

Log message:
configure fails to detect <netinet/ip_icmp.h> presense on FreeBSD 10.
Work around it.

Log message:
Bump for perl-5.20.0.
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.