Log message:
Update squid to 3.5.23, including security fixes.

Changes to squid-3.5.23 (16 Dec 2016):

	- Bug 4627: fix generate-host-certificates and dynamic_cert_mem_cache_size docs
	- Bug 4620: NetBSD build error with --enable-ipf-transparent
	- Bug 4567: Strange IPv6 shown in access.log
	- Bug 4406: SIGSEV in TunnelStateData::handleConnectResponse() during \ 
reconfigure and restart
	- Bug 4174 partial: fix Write.cc:41 "!ccb->active()" assertion.
	- Bug 4169: HIT marked as MISS when If-None-Match does not match
	- Bug 4007: Hang on DNS query with dead-end CNAME
	- Bug 4004 partial: Fix segfault via Ftp::Client::readControlReply
	- Bug 3940 partial: hostHeaderVerify failures MISS when they should be HIT
	- Bug 3533: Cache still valid after HTTP/1.1 303 See Other
	- Bug 3379: Combination of If-Match and a Cache Hit result in TCP Connection Failure
	- Bug 3290: authenticate_ttl not working for digest authentication
	- Bug 2258: bypassing cache but not destroying cache entry
	- HTTP/1.1: make Vary:* objects cacheable
	- HTTP/1.1: Add registered codes entry for new 103 (Early Hints) status code
	- Support IPv6 NAT with PF for NetBSD and FreeBSD
	- TLS: Make key= before cert= an error instead of quietly hiding the issue
	- ... and some debug updates
	- ... and some build fixes
	- ... and several documentation updates

Log message:
Fix build problem with squid-ipf PKG_OPTIONS.

Log message:
Changes 3.5.22:
* HTTP: MUST ignore a [revalidation] response with an older Date header.
* Optimized/simplified buffering: Appending nothing is always possible.
* Hide OpenSSL tricks from Valgrind far-reaching initialization errors.
* Avoid segfaults when debugging section 4 at level 9.
* Bug 4302 pt2: IPFilter v5 transparent interception
* Bug 4594: build failure with clang 3.9
* Bug 4471: revalidation doesn't work when expired cached object lacks Last-Modified.
* Bug 2833: Collapse internal revalidation requests (SMP-unaware caches)
* Bug 3819: "fd >= 0" assertion in file_write() during reconfiguration
* Do not leak url_rewrite_extras and store_id_extras on reconfigure/shutdown.
* Do reset $HOME if needed after r13435. Minimize putenv() memory leaks.
* Bug 4228: ./configure bug/typo in r14394.
* Fix potential ICAP null pointer dereference after rev.14082
* Fix logged request size (%http::>st) and other size-related %codes.

Log message:
Update squid to 3.5.21.

Changes to squid-3.5.21 (08 Sep 2016):

	- Bug 4563: duplicate code in httpMakeVaryMark
	- Bug 4542: authentication credentials IP TTL updated incorrectly
	- Bug 4534: assertion failure in xcalloc when using many cache_dir
	- Bug 4428: mal-formed Cache-Control:stale-if-error header
	- Bug 3025: Proxy-Authenticate problem using ICAP server
	- Fix segfault via Ftp::Client::readControlReply()
	- Fix SSL-Bump failure results in SEGFAULT
	- HTTP/1.1: MUST always revalidate Cache-Control:no-cache responses
	- HTTP/1.1: do not allow Proxy-Connection to override Connection header
	- SSL: CN wildcard must only match a single domain component [fragment]

Log message:
Bump PKGREVISION for perl-5.24.0 for everything mentioning perl.

Log message:
Changes 3.5.20:
Assertion failed: Write.cc:38: "fd_table[conn->fd].flags.open"
Bug 4523: smblib compile fails on NetBSD
Do not make bogus recvmsg(2) calls when closing UDS sockets.
Fix SEGFAULT parsing malformed adaptation service configuration
Fixed ConnStateData::In::maybeMakeSpaceAvailable() logic.
Bug 3579: assertion failed 'MemPools[type]' from dst_as ACL
Do not allow low-level debugging to hide important/critical messages.
Bug 4485: off-by-one out-of-bounds Parser::Tokenizer::int64() read errors
Increase debug level in a peek-and-splice related debug message
Fix icons loading speed.
Fix OpenSSL detection on FreeBSD
Do not override user defined -std option
Support unified EUI format code in external_acl_type

Log message:
squid3 uses C++11 if available. Insist on C++11 if linking to libecap.

Log message:
Fix non-default, probably unusused so far, ecap option build, after
libecap move to C++11.

Log message:
Add ecap option to squid3, switched off by default.

Log message:
On NetBSD if squid-pf option enabled then also need --with-nat-devpf