Log Message:
Update squid3 pacakge to 3.5.16, fixing several security problems.
Please refer release note for other changes:
http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html

* SQUID-2016:4 - Denial of Service issue in HTTP Response processing

    http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
    aka. CVE-2016-3948

This is another of the bugs left unfixed by the SQUID-2016:2 patches.
The visible symptom is assertions about:
 "String.cc:*: 'len_ + len <65536'"

There is an attack in the wild for this one, but not as widely as for
the previous issues.

* SQUID-2016:3 - Buffer overrun issue in pinger ICMPv6 processing.

    http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
    aka. CVE-2016-3947

This bug shows up as pinger crashing with Icmp6::Recv errors. This may
affect Squid HTTP routing decisions. In some configurations, sub-optimal
routing decisions may result in serious service degradation or even
transaction failures.

All previous Squid-3 releases are affected by both these issues. See the
advisory for further details. Upgrade or patching should be considered a
high priority.

* pinger: drop capabilities on Linux

On Linux, it is now possible to install pinger helper with only
CAP_NET_RAW permissions raised instead of full setuid-root:

  (setcap cap_net_raw+ep /path/to/pinger &&
   chmod u-s /path/to/pinger) || :

Other operating systems without libcap capabilities features are not
affected by this change.

* Bug #4447: FwdState.cc:447 "serverConnection() == conn" assertion

This rather cripling bug appears after the CVE-2016-2569 patch. It
turned out to be a race condition closing connections and has now been
fully fixed.