diff -rupN squid-2.5.STABLE4/CONTRIBUTORS squid-2.5.STABLE5/CONTRIBUTORS
--- squid-2.5.STABLE4/CONTRIBUTORS	Sun Jul 21 17:28:03 2002
+++ squid-2.5.STABLE5/CONTRIBUTORS	Wed Feb 18 06:35:30 2004
@@ -88,5 +88,6 @@ and ideas to make this software availabl
 	Ian Castle <ian.castle@coldcomfortfarm.net>
 	Brad Smitch <brad@comstyle.com>
 	Jerry Murdock <jmurdock@itraktech.com>
+	Glen Gibb <grg@ridley.unimelb.edu.au>
 
 	Duane Wessels <wessels@squid-cache.org>
diff -rupN squid-2.5.STABLE4/ChangeLog squid-2.5.STABLE5/ChangeLog
--- squid-2.5.STABLE4/ChangeLog	Sun Sep 14 17:44:48 2003
+++ squid-2.5.STABLE5/ChangeLog	Sun Feb 29 15:24:27 2004
@@ -1,4 +1,74 @@
+Changes to squid-2.5.STABLE5 (1 Mar 2004):
+
+	- cache.log message on "squid -k reconfigure" was slightly confusing,
+	  claiming Squid restarted when it just reread the configuration.
+	- Bug #787: digest auth never detects password changes
+	- Bug #789: login with space confuses redirector helpers
+	- Bug #791: FQDNcache discards negative responses when using
+	  internal DNS
+	- pam_auth fails on Solaris when using pam_authtok_get. Persistent
+	  PAM connections are unsafe and now disabled by default.
+	- auth_param documentation clarifications and added default realm
+	  values making only the helper program a required attribute
+	- Bug #795: German ERR_DNS_FAIL correction
+	- Bug #803: Lithuantian error messages update
+	- Bug #806: Segfault if failing to load error page
+	- Bug #812: Mozilla/Netscape plugins mime type defined (.xpi)
+	- Bug #817: maximum_object_size too large causes squid not to cache
+	- Bug #824: 100% CPU loop if external_acl combined with separate
+          authentication acl in the same http_access line
+	- squid_ldap_group updated to version 2.12 with support for ldaps://
+	  (LDAPv2 over SSL) and a numer of other improvements.
+	- Bug #799: positive_dns_ttl ignored when using internal DNS.
+	- Bug #690: Incorrect html on empty Gopher responses
+	- Bug #729: --enable-arp-acl may give warning about net/route.h
+	- Bug #14: attempts to establish connection may look like syn flood
+	  attack if the contacted server is refusing connections
+	- errorpage README files included in the distribution again showing
+	  who contributed which translation
+	- Bug #848: connect_timeout connect_timeout ends up twice the length.
+	  forward_timeout option added to address this.
+	- Bug #849: DNS log error messages should report the failed query
+	- Bug #851: DNS retransmits too often
+	- Bug #862: Very frequently repeated POST requests may cause a
+	  filedescriptor shortage due to persitent connections building up
+	- Bug #853: Sporatic segmentation faults on aborted FTP PUT requests
+	- Bug #571: Need to limit use of persistent connections when
+	  filedescriptor usage is high
+	- Bug #856: FTP/Gopher Icon URLs are unneededly complex and often
+	  does not work properly
+	- Bug #860: redirector_access does not handle "slow" acls such as
+	  "dst" or "external" requiring a external lookup.
+	- Bug #865: Persistent connection usage too high after sudden burst
+	  of traffic.
+	- Bug #867: cache_peer max-conn=.. option does not work
+	- Bug #868: refuses to start if pid_filename none is specified
+	- Bug #887: LDAP helper -Z (TLS) option does not work
+	- Bug #877: Squid doesn't follow telnet protocol on FTP control
+	  connections
+	- Bug #908: Random auth popups and account lockouts when using ntlm
+	- Support for NTLM_NEGOTIATE exchanges with ntlm helpers
+	- Bug #585: cache_peer_access fails with NTLM authentication
+	- Bug #592: always/never_direct fails with NTLM authentication
+	- wbinfo_group update for Samba-3
+	- Bug #892: helpers/ntlm_auth/SMB/ fails to compile on FreeBSD 5.0
+	- Bug #924: miss_access restricts internal and cachemgr requests
+	  even if these are local
+	- Bug #925: auth headers send by squidclient are mildly malformed
+	- Bug #922: miss_access and delay_access and several other
+	  authentication related bug fixes.
+	- Bug #909: Added ARP acl support for FreeBSD
+	- Bug #926: deny_info with http_reply_access or miss_access
+	- Bug #872: reply_body_max_size problems when using NTLM auth
+	- Bug #825: random segmentation faults when using digest auth
+	- Bug #910: Partial fix for temporary memory leaks when using NTLM
+	  auth. There is still problems if challenge reuse is enabled.
+	- ftp://anonymous@host/ now accepted without requiring a password
+	- Bug #594: several mime type updates (ftp:// related)
+	- url_regex enhanced to allow matching of %00
+
 Changes to squid-2.5.STABLE4 (15 Sep 2003):
+
 	- Lithuanian error messages added to the distribution
 	- Bug #660: segfauld if more than one custom deny_info line
 	- cache_dir disd documentation cleanup
diff -rupN squid-2.5.STABLE4/RELEASENOTES.html squid-2.5.STABLE5/RELEASENOTES.html
--- squid-2.5.STABLE4/RELEASENOTES.html	Sun Sep 14 18:37:43 2003
+++ squid-2.5.STABLE5/RELEASENOTES.html	Sun Feb 29 15:30:32 2004
@@ -1,13 +1,13 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
 <HTML>
 <HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.16">
+ <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.20">
  <TITLE>Squid 2.5 release notes</TITLE>
 </HEAD>
 <BODY>
 <H1>Squid 2.5 release notes</H1>
 
-<H2>Squid Developers</H2>$Id: release-2.5.html,v 1.1.2.20 2003/09/15 00:35:55 hno Exp $
+<H2>Squid Developers</H2>$Id: release-2.5.html,v 1.1.2.30 2004/02/29 22:24:27 hno Exp $
 <HR>
 <EM>This document contains the release notes for version 2.5 of Squid.
 Squid is a WWW Cache application developed by the National Laboratory
@@ -130,6 +130,8 @@ exacly where you want to have them in yo
 <DT><B>reference_age</B><DD><P>This has been removed - starting with Squid-2.4 this directive have had no effect and has now been fully removed to avoid confusion.</P>
 <DT><B>siteselect_timeout</B><DD><P>This has been removed - it is not referenced anywhere in the source code.</P>
 <DT><B>minimum_retry_timeout</B><DD><P>This has been removed - it is not referenced anywhere in the source code.</P>
+<DT><B>short_icon_urls</B><DD><P>New directive to enable an alternative way of referring to icons in FTP directory listings etc.</P>
+<DT><B>acl urllogin</B><DD><P>New acl type to match the login component of Internet style URLs (protocol://user:password@host/path/to/file)</P>
 </DL>
 </P>
 
@@ -138,20 +140,35 @@ exacly where you want to have them in yo
 <P>There is a few known issues and limitations in this version of Squid which we hope to correct in a later release</P>
 <P>
 <DL>
-<DT><B>Bug #592</B><DD><P>always/never_direct and NTLM authentication</P>
-<DT><B>Bug #585</B><DD><P>cache_peer_access fails with NTLM authentication</P>
-<DT><B>deny_info</B><DD><P>deny_info only works for http_access, not for the acls listen in http_reply_access </P>
-
-<DT><B>Bug #692</B><DD><P>tcp_outgoing_address using an ident ACL does not work</P>
-<DT><B>Bug #616</B><DD><P>Negative cached 404 replies with VARY header never matches</P>
-<DT><B>Bug #581</B><DD><P>acl max_user_ip and multiple authentication schemes</P>
-<DT><B>Bug #513</B><DD><P>squid -F is starting server sockets to early</P>
-<DT><B>Bug #518</B><DD><P>wb_auth fails on TRU64 and probably other 64 bit platforms</P>
-<DT><B>Bug #500</B><DD><P>delay_pools stops working on -k reconfigure</P>
-<DT><B>Bug #457</B><DD><P>does not handle swap.state corruption properly</P>
-<DT><B>Bug #426</B><DD><P>Vary: * does not work</P>
-<DT><B>Bug #410</B><DD><P>unstable if runs out of disk space</P>
-<DT><B>Bug #355</B><DD><P>diskd may appear slow on low loads</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=761">#761</A></B><DD><P>assertion failed: cbdata.c:249: "c-&gt;locks &gt; 0" when using diskd</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=910">#910</A></B><DD><P>ntlm auth_user_hash_pointer memory leak if challenge reuses are enabled</P>
+
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=779">#779</A></B><DD><P>users going above their allowed IP count no longer logged in cache.log</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=692">#692</A></B><DD><P>tcp_outgoing_address using an ident ACL does not work</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=616">#616</A></B><DD><P>Negative cached 404 replies with VARY header never matches</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=581">#581</A></B><DD><P>acl max_user_ip and multiple authentication schemes</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=528">#528</A></B><DD><P>miss_access fails on "slow" acl types such as dst.</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=513">#513</A></B><DD><P>squid -F is starting server sockets to early</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=518">#518</A></B><DD><P>wb_auth fails on TRU64 and probably other 64 bit platforms</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=500">#500</A></B><DD><P>delay_pools stops working on -k reconfigure</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=457">#457</A></B><DD><P>does not handle swap.state corruption properly</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=426">#426</A></B><DD><P>Vary: * does not work</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=410">#410</A></B><DD><P>unstable if runs out of disk space</P>
+<DT><B>Bug 
+<A HREF="http://www.squid-cache.org/bugs/show_bug.cgi?id=355">#355</A></B><DD><P>diskd may appear slow on low loads</P>
 </DL>
 </P>
 
@@ -216,6 +233,49 @@ but you may want to upgrade your configu
 from the trouble when upgrading to Squid-3 later.</LI>
 <LI>a large number of minor bugfixes. See the list of 
 <A HREF="http://www.squid-cache.org/Versions/v2/2.5/bugs/#STABLE3">squid-2.5.STABLE3 patches</A> and the 
+<A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
+</UL>
+</P>
+
+<H2><A NAME="s7">7. Key changes squid-2.5.STABLE4 to 2.5.STABLE5:</A></H2>
+
+<P>
+<UL>
+<LI>redirector interface modified to try to deal with login names
+containing spaces or other odd characters. This is accomplished
+by URL-encoding the login name before sent to redirectors. Note:
+Existing redirectors or their configuration may need to be slightly
+modified in how they process the ident column to support the new
+username format (only applies to redirectors looking into the username)</LI>
+<LI>new forward_timeout option to complement connect_timeout in
+management of timeouts while connecting to origin servers or peers</LI>
+<LI>various timeouts adjusted: connect_timeout 1 minute (was 2 minutes
+which is now forward_timeout), negative_dns_ttl 1 minute (was 5 minutes)
+and is now also used as minimum positive dns ttl, dns_timeout 2 minutes
+(was 5 minutes)</LI>
+<LI>"short_icon_urls on" can be used to simplify the URLs used for
+icons etc to avoid issues with proxy host naming and authentication
+when requesting icons.</LI>
+<LI>A new "urllogin" ACL type has been introducing allowing regex
+matches to the "login" component of Internet style URLs
+(protocol://user:password@host/path/to/file).</LI>
+<LI>Squid now respects the Telnet protocol on connections to FTP
+servers. The ftp_telnet_protocol directice can be used to revert back
+to the old incorrect implementation.</LI>
+<LI>Several NTLM related bugfixes and improvements fixing the problem
+of random auth popups and account lockouts. Support for the NEGOTIATE
+NTLM packet is also added to allow Samba-3.0.2 or later to negotiate the
+use of NTLMv2.</LI>
+<LI>Several authentication related bugfixes to allow authentication
+to work in additional acl driven directives, correct an number
+of assertion or segmentation and some memory leaks.</LI>
+<LI>The default mime.conf has been updated with many new mime types
+and a few minor corrections. In addition the download and view links
+is used more frequently to allow view/download of different ftp://
+contents regardless of their mime type assignment.</LI>
+<LI>url_regex enhanced to allow matching of %00</LI>
+<LI>a large number of minor and cosmetic bugfixes. See the list of 
+<A HREF="http://www.squid-cache.org/Versions/v2/2.5/bugs/#STABLE4">squid-2.5.STABLE4 patches</A> and the 
 <A HREF="ChangeLog">ChangeLog</A> file for details.</LI>
 </UL>
 </P>
diff -rupN squid-2.5.STABLE4/SPONSORS squid-2.5.STABLE5/SPONSORS
--- squid-2.5.STABLE4/SPONSORS	Thu Dec 20 16:37:32 2001
+++ squid-2.5.STABLE5/SPONSORS	Wed Nov 19 07:42:07 2003
@@ -33,3 +33,13 @@ SGI - http://www.sgi.com/
 
 	SGI has provided hardware donations for Squid developers.
 
+craigslist - http://www.craigslist.org/
+
+	craigslist has provided funding in recognition of the
+	vital role squid plays in their web serving architecture.
+
+webwasher AG - http://www.webwasher.com/
+
+	webwasher AG paid for improvements to Squid's iCAP client
+	implementation.  You can find the results of this work at
+	http://devel.squid-cache.org/icap/
diff -rupN squid-2.5.STABLE4/configure squid-2.5.STABLE5/configure
--- squid-2.5.STABLE4/configure	Sun Sep 14 18:37:04 2003
+++ squid-2.5.STABLE5/configure	Sun Feb 29 15:30:21 2004
@@ -1000,7 +1000,7 @@ fi
 
 # Define the identity of the package.
 PACKAGE=squid
-VERSION=2.5.STABLE4
+VERSION=2.5.STABLE5
 cat >> confdefs.h <<EOF
 #define PACKAGE "$PACKAGE"
 EOF
@@ -1051,7 +1051,7 @@ INSTALL_STRIP_PROGRAM="\${SHELL} \$(inst
 
   
 
-# From configure.in Revision: 1.251.2.50 
+# From configure.in Revision: 1.251.2.51 
 echo $ac_n "checking whether to enable maintainer-specific portions of Makefiles""... $ac_c" 1>&6
 echo "configure:1057: checking whether to enable maintainer-specific portions of Makefiles" >&5
     # Check whether --enable-maintainer-mode or --disable-maintainer-mode was given.
diff -rupN squid-2.5.STABLE4/configure.in squid-2.5.STABLE5/configure.in
--- squid-2.5.STABLE4/configure.in	Sun Sep 14 18:37:04 2003
+++ squid-2.5.STABLE5/configure.in	Sun Feb 29 15:30:21 2004
@@ -3,15 +3,15 @@ dnl  Configuration input file for Squid
 dnl
 dnl  Duane Wessels, wessels@nlanr.net, February 1996 (autoconf v2.9)
 dnl
-dnl  $Id: configure.in,v 1.251.2.50 2003/09/14 23:44:48 hno Exp $
+dnl  $Id: configure.in,v 1.251.2.51 2004/02/29 22:28:17 hno Exp $
 dnl
 dnl
 dnl
 AC_INIT(src/main.c)
 AC_CONFIG_AUX_DIR(cfgaux)
-AM_INIT_AUTOMAKE(squid, 2.5.STABLE4)
+AM_INIT_AUTOMAKE(squid, 2.5.STABLE5-CVS)
 AM_CONFIG_HEADER(include/autoconf.h)
-AC_REVISION($Revision: 1.251.2.50 $)dnl
+AC_REVISION($Revision: 1.251.2.51 $)dnl
 AC_PREFIX_DEFAULT(/usr/local/squid)
 AM_MAINTAINER_MODE
 
diff -rupN squid-2.5.STABLE4/errors/Bulgarian/README squid-2.5.STABLE5/errors/Bulgarian/README
--- squid-2.5.STABLE4/errors/Bulgarian/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Bulgarian/README	Thu Dec 30 10:36:10 1999
@@ -0,0 +1,3 @@
+Thank you to Evgeny Gechev <etg@setcom.bg> and 
+Svetlin Simeonov <simeonov@netplusdb.bg> for
+creating these error pages in Bulgarian!
diff -rupN squid-2.5.STABLE4/errors/Catalan/README squid-2.5.STABLE5/errors/Catalan/README
--- squid-2.5.STABLE4/errors/Catalan/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Catalan/README	Mon Apr  1 05:02:37 2002
@@ -0,0 +1,2 @@
+Thank you to Jordi Bruguera <jordi@dns1.grn.es> for
+creating these error pages in Catalan!
diff -rupN squid-2.5.STABLE4/errors/Czech/README squid-2.5.STABLE5/errors/Czech/README
--- squid-2.5.STABLE4/errors/Czech/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Czech/README	Sun Oct  3 23:04:27 1999
@@ -0,0 +1,2 @@
+Thank you to Jakub Nantl <Jakub.Nantl@angel.cz> and Radek Malcic
+<malcic@sdc.bno.cdrail.cz> for creating these error pages in Czech!
diff -rupN squid-2.5.STABLE4/errors/Danish/README squid-2.5.STABLE5/errors/Danish/README
--- squid-2.5.STABLE4/errors/Danish/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Danish/README	Mon Apr 12 10:57:27 1999
@@ -0,0 +1,2 @@
+Thank you to Morten S. Nielsen <mortensn@geocities.com> for
+creating these error pages in Danish!
diff -rupN squid-2.5.STABLE4/errors/Dutch/README squid-2.5.STABLE5/errors/Dutch/README
--- squid-2.5.STABLE4/errors/Dutch/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Dutch/README	Fri May 31 09:19:04 2002
@@ -0,0 +1,3 @@
+Thank you to Mark Visser <mark@cal026031.student.utwente.nl> 
+Remco van Mook and Bart Koelman for creating these error
+pages in Dutch!
diff -rupN squid-2.5.STABLE4/errors/Estonian/README squid-2.5.STABLE5/errors/Estonian/README
--- squid-2.5.STABLE4/errors/Estonian/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Estonian/README	Mon Apr 27 10:23:04 1998
@@ -0,0 +1,2 @@
+Thank you to Toomas Soome <tsoome@ut.ee> for
+creating these error pages in Estonian!
diff -rupN squid-2.5.STABLE4/errors/Finnish/README squid-2.5.STABLE5/errors/Finnish/README
--- squid-2.5.STABLE4/errors/Finnish/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Finnish/README	Thu Jun 24 14:32:35 1999
@@ -0,0 +1 @@
+Finnish translation by Panu Hällfors <panupa@iki.fi>
diff -rupN squid-2.5.STABLE4/errors/French/README squid-2.5.STABLE5/errors/French/README
--- squid-2.5.STABLE4/errors/French/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/French/README	Tue Apr 27 16:22:03 1999
@@ -0,0 +1,2 @@
+Thank you to Frank DENIS -Jedi/Sector One- <j@4u.net> for
+creating these error pages in French!
diff -rupN squid-2.5.STABLE4/errors/German/ERR_DNS_FAIL squid-2.5.STABLE5/errors/German/ERR_DNS_FAIL
--- squid-2.5.STABLE4/errors/German/ERR_DNS_FAIL	Wed Aug 28 15:08:04 2002
+++ squid-2.5.STABLE5/errors/German/ERR_DNS_FAIL	Thu Nov  6 08:24:41 2003
@@ -3,6 +3,7 @@
 <TITLE>FEHLER: Der angeforderte URL konnte nicht geholt werden</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
 </HEAD><BODY>
+<H1>FEHLER</H1>
 <H2>Der angeforderte URL konnte nicht geholt werden</H2>
 <HR noshade size="1px">
 <P>
diff -rupN squid-2.5.STABLE4/errors/German/README squid-2.5.STABLE5/errors/German/README
--- squid-2.5.STABLE4/errors/German/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/German/README	Fri Apr 24 12:35:59 1998
@@ -0,0 +1,3 @@
+Thank you to Bernd P. Ziller <bziller@BA-Stuttgart.De>,
+Jens Frank <jf@jf.kki.org>, and Anke S. <as@kki.org> for
+creating these error pages in German!
diff -rupN squid-2.5.STABLE4/errors/Hebrew/README squid-2.5.STABLE5/errors/Hebrew/README
--- squid-2.5.STABLE4/errors/Hebrew/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Hebrew/README	Thu Mar 21 10:15:51 2002
@@ -0,0 +1,2 @@
+Thank you to "yoav" <yoavb@zavit.net.il> for
+creating these error pages in Hebrew!
diff -rupN squid-2.5.STABLE4/errors/Hungarian/README squid-2.5.STABLE5/errors/Hungarian/README
--- squid-2.5.STABLE4/errors/Hungarian/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Hungarian/README	Fri Jul 31 10:24:27 1998
@@ -0,0 +1,2 @@
+Thank you to Bertold Kolics <bertold@sztaki.hu> for
+creating these error pages in Hungarian!
diff -rupN squid-2.5.STABLE4/errors/Italian/README squid-2.5.STABLE5/errors/Italian/README
--- squid-2.5.STABLE4/errors/Italian/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Italian/README	Sun Oct  3 23:04:31 1999
@@ -0,0 +1,2 @@
+Thank you to Alessio Bragadini <alessio@dsnet.it> and Marco Mesturino
+<sw_tools@beatles.cselt.it> for creating these error pages in Italian!
diff -rupN squid-2.5.STABLE4/errors/Japanese/README squid-2.5.STABLE5/errors/Japanese/README
--- squid-2.5.STABLE4/errors/Japanese/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Japanese/README	Mon Jan 11 14:32:37 1999
@@ -0,0 +1,2 @@
+Thank you to Makoto MATSUSHITA <matusita@ics.es.osaka-u.ac.jp> for
+creating these error pages in Japanese!
diff -rupN squid-2.5.STABLE4/errors/Korean/README squid-2.5.STABLE5/errors/Korean/README
--- squid-2.5.STABLE4/errors/Korean/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Korean/README	Thu Jun 10 14:18:38 1999
@@ -0,0 +1,2 @@
+Thanks to Jaeyeon Jung <jjung@cosmos.kaist.ac.kr> for creating these
+error pages in Korean!
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_ACCESS_DENIED squid-2.5.STABLE5/errors/Lithuanian/ERR_ACCESS_DENIED
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_ACCESS_DENIED	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_ACCESS_DENIED	Thu Nov  6 08:33:26 2003
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
 <TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
 </HEAD><BODY>
@@ -17,8 +17,8 @@ Gautas klaidos pranešimas:
 Priėjimas draudžiamas.
 </STRONG>
 <P>
-Priėjimo kontrolės konfiguracija šiuo metu neleidžia atsiųsti jūsų
-nurodyto puslapio. Jei manote, kad tai yra neteisinga, galite susisiekti
+Priėjimo kontrolės konfigūracija šiuo metu neleidžia atsiųsti jūsų
+nurodyto puslapio. Jei manote, kad tai yra neteisinga, galite susisiekti
 su jūsų Interneto paslaugų tiekėju.
 </UL>
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_CACHE_ACCESS_DENIED squid-2.5.STABLE5/errors/Lithuanian/ERR_CACHE_ACCESS_DENIED
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_CACHE_ACCESS_DENIED	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_CACHE_ACCESS_DENIED	Thu Nov  6 08:33:26 2003
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
 <TITLE>KLAIDA: Priėjimas prie kešo uždraustas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
 </HEAD>
@@ -7,12 +7,12 @@
 <H1>KLAIDA</H1>
 <H2>Priėjimas prie kešo uždraustas</H2>
 <HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Priėjimas prie kešo uždraustas.
@@ -20,15 +20,15 @@ Priėjimas prie kešo uždraustas.
 </UL>
 </P>
 
-<P>Atsiprašau, bet jūs šiuo metu negalite vykdyti užklausimo:
+<P>Atsiprašome, bet jūs šiuo metu negalite vykdyti užklausos:
 <PRE>    %U</PRE>
 per šį serverį, kol jūs neprisistatysite.
 </P>
 
 <P>
 Jums reikia Netscape v2.0 ar naujesnio, arba Microsoft Internet
-Explorer 3.0 ar naujesnio, arba kitos HTTP/1.1 suprantančios peržiūros
-programos. Prašau susisiekti su <A HREF="mailto:%w">proxy 
+Explorer 3.0 ar naujesnio, arba kitos HTTP/1.1 suprantančios peržiūros
+programos. Prašome susisiekti su <A HREF="mailto:%w">proxy 
 administratoriumi</a>, jei jums kils sunkumai prisistatant arba 
-<A HREF="http://%h/cgi-bin/chpasswd.cgi\">pakeisti</a> savo slaptažodį.
+<A HREF="http://%h/cgi-bin/chpasswd.cgi">pakeisti</a> savo slaptažodį.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_CACHE_MGR_ACCESS_DENIED squid-2.5.STABLE5/errors/Lithuanian/ERR_CACHE_MGR_ACCESS_DENIED
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_CACHE_MGR_ACCESS_DENIED	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_CACHE_MGR_ACCESS_DENIED	Thu Nov  6 08:33:26 2003
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
 <TITLE>KLAIDA: Kešo menedžerio priėjimas uždraustas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
 </HEAD>
@@ -20,17 +20,17 @@ Kešo menedžerio priėjimas uždraustas.
 </UL>
 </P>
 
-<P>Atsiprašiau, bet jūs negalite vykdyti užklausimo:
+<P>Atsiprašome, bet jūs negalite vykdyti užklausos:
 <PRE>    %U</PRE>
 šiam kešo menedžeriui, kol jūs neprisistatysite.
 </P>
 
-<P> 
-Jums reikia Netscape v2.0 ar naujesnio, arba Microsoft Internet
-Explorer 3.0 ar naujesnio, arba kitos HTTP/1.1 suprantančios peržiūros
-programos. Prašau susisiekti su <A HREF="mailto:%w">administratoriumi</a>, 
+<P> 
+Jums reikia Netscape v2.0 ar naujesnio, arba Microsoft Internet
+Explorer 3.0 ar naujesnio, arba kitos HTTP/1.1 suprantančios peržiūros
+programos. Prašome susisiekti su <A HREF="mailto:%w">administratoriumi</a>, 
 jei jums iškilo problemos prisistatant arba, jei jūs <em>esate</em> 
-administratorius, perskaitykite Squid documentaciją dėl kešo menedžerio 
-interfeiso ir patikrinkite kešo žurnalą dėl detalesnių pranešimų apie
-klaidas.
+administratorius, perskaitykite Squid documentaciją dėl kešo menedžerio 
+interfeiso ir patikrinkite kešo žurnalą dėl detalesnių pranešimų apie
+klaidas.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_CANNOT_FORWARD squid-2.5.STABLE5/errors/Lithuanian/ERR_CANNOT_FORWARD
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_CANNOT_FORWARD	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_CANNOT_FORWARD	Thu Nov  6 08:33:26 2003
@@ -1,25 +1,25 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
-Šiuo metu negaliu persiųsti užklausimo.
+Šiuo metu negaliu persiųsti užklausos.
 </STRONG>
 </UL>
 
 <P>
-Užklausimas negali būti persiųstas į pagrindinį serverį arba kurį nors 
+Užklausa negali būti persiųsta į pagrindinį serverį arba kurį nors 
 pagalbinį proxy serverį. Pagrindinės tokios klaidos priežastys yra šios:
 <UL>
 <LI>Proxy administratorius neleidžia serveriui kurti tiesioginių 
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_CONNECT_FAIL squid-2.5.STABLE5/errors/Lithuanian/ERR_CONNECT_FAIL
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_CONNECT_FAIL	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_CONNECT_FAIL	Thu Nov  6 08:33:27 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Ryšys neveikia
@@ -23,6 +23,6 @@ Sistema atsakė:
 <PRE><I>    %E</I></PRE>
 
 <P>
-Nurodytas serveris arba tinklas yra atjungtas. 
-Pabandykite vykdyti užklausimą vėliau.
+Nurodytas serveris arba tinklas yra atjungtas. 
+Pabandykite vykdyti užklausą vėliau.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_DNS_FAIL squid-2.5.STABLE5/errors/Lithuanian/ERR_DNS_FAIL
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_DNS_FAIL	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_DNS_FAIL	Thu Nov  6 08:33:27 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
 <TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
 </HEAD><BODY>
-<H1>KLAIDA</H1>
+<H1>KLAIDA</H1>
 <H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
 <HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <BLOCKQUOTE>
 Neįmanoma nustatyti <I>%H</I> serverio IP adreso
 </BLOCKQUOTE>
@@ -30,4 +30,3 @@ Tai reiškia, kad:
  Patikrinkite, ar teisingai įvedėte adresą. 
 </PRE>
 </P>
-
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_FORWARDING_DENIED squid-2.5.STABLE5/errors/Lithuanian/ERR_FORWARDING_DENIED
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_FORWARDING_DENIED	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_FORWARDING_DENIED	Thu Nov  6 08:33:27 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Pervedimo komanda neleistina.
@@ -19,7 +19,7 @@ Pervedimo komanda neleistina.
 </UL>
 
 <P>
-Šis kešas negali perkelti jūsų užklausimo, kadangi jis bando sukurti
+Šis kešas negali perkelti jūsų užklausos, kadangi ji bando sukurti
 sibling tipo ryšius. Gal būt klientas %i yra kešas, kuris klaidingai
-sukonfiguruotas.
+sukonfigūruotas.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_DISABLED squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_DISABLED
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_DISABLED	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_DISABLED	Thu Nov  6 08:33:27 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 FTP yra atjungtas
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_FAILURE squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_FAILURE
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_FAILURE	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_FAILURE	Thu Nov  6 08:33:27 2003
@@ -1,24 +1,19 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
 <P>
 Įvyko FTP protokolo klaida
-bandant atsiusti puslapį:
+bandant atsiųsti puslapį:
 <A HREF="%U">%U</A>
 <P>
 Squid nusiuntė šią FTP komandą:
 <blockquote><strong><pre>%f</pre></strong></blockquote>
-ir gavo šį atsakymą:
+ir gavo šį atsakymą:
 <blockquote><strong><pre>%F</pre></strong></blockquote>
 <blockquote><strong><pre>%g</pre></strong></blockquote>
-<P>
-Tai gali būti sąlygota FTP adreso su pilnu keliu (kuris neatitinka
-RFC 1738 standarto). Jei taip atsitiko, tada duomenys gali būti
-rasti <A HREF="%B">%B</A> adresu.
 </P>
-
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_FORBIDDEN squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_FORBIDDEN
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_FORBIDDEN	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_FORBIDDEN	Thu Nov  6 08:33:27 2003
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Nepavyko FTP prisistatymas bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Squid nusiuntė šią FTP komandą:
+<blockquote><strong><pre>%f</pre></strong></blockquote>
+ir gavo šį atsakymą:
+<blockquote><strong><pre>%F</pre></strong></blockquote>
+<blockquote><strong><pre>%g</pre></strong></blockquote>
+</P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_NOT_FOUND squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_NOT_FOUND
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_NOT_FOUND	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_NOT_FOUND	Thu Nov  6 08:33:27 2003
@@ -0,0 +1,22 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Nepavyko atsiųsti puslapio:
+<A HREF="%U">%U</A>
+<P>
+Squid nusiuntė šią FTP komandą:
+<blockquote><strong><pre>%f</pre></strong></blockquote>
+ir gavo šį atsakymą:
+<blockquote><strong><pre>%F</pre></strong></blockquote>
+<blockquote><strong><pre>%g</pre></strong></blockquote>
+<P>
+Tai gali būti sąlygota FTP adreso su pilnu keliu (kuris neatitinka
+RFC 1738 standarto). Jei taip atsitiko, tada duomenys gali būti
+rasti <A HREF="%B">%B</A> adresu.
+</P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_PUT_CREATED squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_PUT_CREATED
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_PUT_CREATED	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_PUT_CREATED	Thu Nov  6 08:33:28 2003
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
 <TITLE>FTP PUT operacija buvo sėkminga: Failas sukurtas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
 </HEAD><BODY>
@@ -8,4 +8,3 @@
 <HR noshade size="1px">
 <P>
 </P>
-
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_PUT_ERROR squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_PUT_ERROR
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_PUT_ERROR	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_PUT_ERROR	Thu Nov  6 08:33:28 2003
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
 <TITLE>KLAIDA: FTP uploadas nepavyko</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
 </HEAD><BODY>
@@ -24,4 +24,3 @@ Tai reiškia:
 Patikrinkite kelią, teises, disko talpą ir pabandykite dar kartą.
 </PRE>
 </P>
-
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_PUT_MODIFIED squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_PUT_MODIFIED
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_PUT_MODIFIED	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_PUT_MODIFIED	Thu Nov  6 08:33:28 2003
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
 <TITLE>FTP PUT operacija sėkminga: Failas atnaujintas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
 </HEAD><BODY>
@@ -8,4 +8,3 @@
 <HR noshade size="1px">
 <P>
 </P>
-
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_UNAVAILABLE squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_UNAVAILABLE
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_FTP_UNAVAILABLE	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_FTP_UNAVAILABLE	Thu Nov  6 08:33:28 2003
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+FTP serveris buvo užimtas bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Squid nusiuntė šią FTP komandą:
+<blockquote><strong><pre>%f</pre></strong></blockquote>
+ir gavo šį atsakymą:
+<blockquote><strong><pre>%F</pre></strong></blockquote>
+<blockquote><strong><pre>%g</pre></strong></blockquote>
+</P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_INVALID_REQ squid-2.5.STABLE5/errors/Lithuanian/ERR_INVALID_REQ
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_INVALID_REQ	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_INVALID_REQ	Thu Feb 12 10:22:23 2004
@@ -1,13 +1,13 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
 <P>
-Bandant įvykdyti užklausimą:
+Bandant įvykdyti užklausą:
 <PRE>
 %R
 </PRE>
@@ -16,18 +16,18 @@ Gautas klaidos pranešimas:
 <UL>
 <LI>
 <STRONG>
-Neteisingas užklausimas
+Neteisinga užklausa
 </STRONG>
 </UL>
 
 <P>
-Dalis HTTP užklausimo yra klaidinga. Galimos problemos:
+Dalis HTTP užklausos yra klaidinga. Galimos problemos:
 <UL>
-<LI>Trūksta arba nežinomas užklausimo metodas
-<LI>Trūksta adresas
+<LI>Trūksta arba nežinomas užklausos metodas
+<LI>Trūksta adreso
 <LI>Trūksta HTTP identifikatoriaus (HTTP/1.0)
-<LI>Užklausimas per didelis
-<LI>Trūksta Content-Length parametro POST arba PUT užklausime
-<LI>Neleistinas simbolis serverio varde; underscore simboliai yra neleistini
+<LI>Užklausa per didelė
+<LI>Trūksta Content-Length parametro POST arba PUT užklausoje
+<LI>Neleistinas simbolis serverio varde; pabraukimo simboliai yra neleistini
 </UL>
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_INVALID_URL squid-2.5.STABLE5/errors/Lithuanian/ERR_INVALID_URL
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_INVALID_URL	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_INVALID_URL	Thu Nov  6 08:33:28 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
 <TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
 </HEAD><BODY>
 <H1>KLAIDA</H1>
 <H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
 <HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Klaidingas adresas
@@ -24,6 +24,6 @@ Kažkuri adreso dalis yra klaidinga. Gali
 <LI>Trūksta arba klaidingas protokolas (turetų būti `http://' ar panašus)
 <LI>Trūksta serverio vardo
 <LI>Neleistinas double-escape kodas adrese
-<LI>Neleistinas simbolis serverio varde; underscores simboliai yra neleistini
+<LI>Neleistinas simbolis serverio varde; pabraukimo simboliai yra neleistini
 </UL>
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_LIFETIME_EXP squid-2.5.STABLE5/errors/Lithuanian/ERR_LIFETIME_EXP
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_LIFETIME_EXP	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_LIFETIME_EXP	Thu Nov  6 08:33:28 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Ryšio trukmės laiko pabaiga
@@ -19,6 +19,6 @@ Ryšio trukmės laiko pabaiga
 </UL>
 
 <P>
-Squid nutraukė užklausimą, kadangi jis viršijo maksimalią
+Squid nutraukė užklausą, kadangi ji viršijo maksimalią
 ryšio trukmės reikšmę.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_NO_RELAY squid-2.5.STABLE5/errors/Lithuanian/ERR_NO_RELAY
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_NO_RELAY	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_NO_RELAY	Thu Nov  6 08:33:29 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Nėra Wais Relay
@@ -19,6 +19,6 @@ Nėra Wais Relay
 </UL>
 
 <P>
-WAIS Relay serveris yra nenurodytas šiame proxy serveryje! 
+WAIS Relay serveris yra nenurodytas šiame proxy serveryje! 
 Šauk ant (tik ne į) admino.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_ONLY_IF_CACHED_MISS squid-2.5.STABLE5/errors/Lithuanian/ERR_ONLY_IF_CACHED_MISS
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_ONLY_IF_CACHED_MISS	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_ONLY_IF_CACHED_MISS	Thu Nov  6 08:33:29 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Tinkamas dokumentas nerastas proxy serveryje ir <code>only-if-cached</code>
@@ -20,7 +20,7 @@ komanda buvo nurodyta.
 </UL>
 
 <P>
-Jūs davėte užklausimą su <code>only-if-cached</code> proxy kontrolės 
+Jūs davėte užklausą su <code>only-if-cached</code> proxy kontrolės 
 komanda. Dokumentas nerastas serveryje, <em>arba</em> jis pareikalavo
 patvirtinimo uždrausto <code>only-if-cached</code> komandos.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_READ_ERROR squid-2.5.STABLE5/errors/Lithuanian/ERR_READ_ERROR
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_READ_ERROR	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_READ_ERROR	Thu Nov  6 08:33:29 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Skaitymo klaida
@@ -23,6 +23,6 @@ Sistema atsakė:
 <PRE><I>    %E</I></PRE>
 
 <P>
-Įvyko klaida skaitant duomenis tinkle. 
-Prašau pakartoti savo užklausimą.
+Įvyko klaida skaitant duomenis tinkle. 
+Prašome pakartoti savo užklausą.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_READ_TIMEOUT squid-2.5.STABLE5/errors/Lithuanian/ERR_READ_TIMEOUT
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_READ_TIMEOUT	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_READ_TIMEOUT	Thu Nov  6 08:33:29 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Leistino skaitymo laiko pabaiga
@@ -23,6 +23,6 @@ Sistema atsakė:
 <PRE><I>    %E</I></PRE>
 
 <P>
-Klaida įvyko laukiant duomenų atsiuntimo iš tinklo. Tinklas arba serveris 
-gali būti atjungtas arba perkrautas. Prašau pakartoti jūsų užklausimą.
+Klaida įvyko laukiant duomenų atsiuntimo iš tinklo. Tinklas arba serveris 
+gali būti atjungtas arba perkrautas. Prašome pakartoti užklausą.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_SHUTTING_DOWN squid-2.5.STABLE5/errors/Lithuanian/ERR_SHUTTING_DOWN
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_SHUTTING_DOWN	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_SHUTTING_DOWN	Thu Nov  6 08:33:29 2003
@@ -0,0 +1,17 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<P>
+Šiuo metu kešas yra išjungiamas ir negali jūsų aptarnauti.
+Prašome pakartoti užklausą vėliau.
+</P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_SOCKET_FAILURE squid-2.5.STABLE5/errors/Lithuanian/ERR_SOCKET_FAILURE
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_SOCKET_FAILURE	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_SOCKET_FAILURE	Thu Nov  6 08:33:29 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Socket klaida
@@ -24,5 +24,5 @@ Sistema atsakė:
 
 <P>
 Squid negalėjo sukurti TCP socket, greičiausiai dėl per didelio apkrovimo.
-Prašau pakartoti savo užklausimą.
+Prašome pakartoti savo užklausą.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_TOO_BIG squid-2.5.STABLE5/errors/Lithuanian/ERR_TOO_BIG
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_TOO_BIG	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_TOO_BIG	Thu Nov  6 08:33:30 2003
@@ -0,0 +1,27 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
+<LI>
+<STRONG>
+Užklausa arba atsakymas yra per dideli.
+</STRONG>
+<P>
+Jei jūs vykdote POST arba PUT užklausą, jūsų užklausos dydis
+(tai, ką jūs bandote nusiųsti) yra per didelis.  Jei jūs vykdote
+GET užklausą, atsakymo dydis (tai, ką jūs bandote atsisiųsti)
+yra per didelis.  Šie apribojimai yra uždėti jūsų Interneto
+tiekėjo.  Prašome kreiptis į savo administratorių arba Interneto
+tiekėją, jei manote, kad tai neteisinga.
+</UL>
+</P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_UNSUP_REQ squid-2.5.STABLE5/errors/Lithuanian/ERR_UNSUP_REQ
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_UNSUP_REQ	Tue Aug 13 06:33:41 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_UNSUP_REQ	Thu Nov  6 08:33:30 2003
@@ -1,25 +1,24 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
-Nepalaikomas užklausos metodas ar protokolas
+Nepalaikomas užklausos metodas ir protokolas
 </STRONG>
 </UL>
 
 <P>
 Squid palaiko ne visus užklausos metodus daliai protokolų.
-Pavyzdžiui, jūs negalite vykdyti POST Gopher tipo užklausime.
+Pavyzdžiui, jūs negalite vykdyti POST Gopher tipo užklausoje.
 </P>
-
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_URN_RESOLVE squid-2.5.STABLE5/errors/Lithuanian/ERR_URN_RESOLVE
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_URN_RESOLVE	Tue Aug 13 06:33:42 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_URN_RESOLVE	Thu Nov  6 08:33:30 2003
@@ -1,5 +1,5 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
 <TITLE>KLAIDA: Nurodytas URN negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
 </HEAD><BODY>
@@ -19,5 +19,5 @@ Negaliu aptikti URN
 </UL>
 
 <P>
-Mielieji, siūlau daug nesitikėti iš URNu %T :)
+Mielieji, siūlau daug nesitikėti iš URNų %T :)
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_WRITE_ERROR squid-2.5.STABLE5/errors/Lithuanian/ERR_WRITE_ERROR
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_WRITE_ERROR	Tue Aug 13 06:33:42 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_WRITE_ERROR	Thu Nov  6 08:33:30 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Rašymo klaida
@@ -23,6 +23,6 @@ Sistema atsakė:
 <PRE><I>    %E</I></PRE>
 
 <P>
-Įvyko klaida bandant rašyti tinkle. 
-Prašau pakartoti savo užklausimą.
+Įvyko klaida bandant rašyti tinkle. 
+Prašome pakartoti savo užklausą.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/ERR_ZERO_SIZE_OBJECT squid-2.5.STABLE5/errors/Lithuanian/ERR_ZERO_SIZE_OBJECT
--- squid-2.5.STABLE4/errors/Lithuanian/ERR_ZERO_SIZE_OBJECT	Tue Aug 13 06:33:42 2002
+++ squid-2.5.STABLE5/errors/Lithuanian/ERR_ZERO_SIZE_OBJECT	Thu Nov  6 08:33:30 2003
@@ -1,17 +1,17 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<HTML><HEAD>
-<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
+<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1257">
+<TITLE>KLAIDA: Puslapis nurodytu adresu negali būti atsiųstas</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff; font-family:verdana,sans-serif}--></STYLE>
-</HEAD><BODY>
-<H1>KLAIDA</H1>
-<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
-<HR noshade size="1px">
-<P>
-Bandant atsiųsti puslapį:
-<A HREF="%U">%U</A>
-<P>
-Gautas klaidos pranešimas:
-<UL>
+</HEAD><BODY>
+<H1>KLAIDA</H1>
+<H2>Puslapis nurodytu adresu negali būti atsiųstas</H2>
+<HR noshade size="1px">
+<P>
+Bandant atsiųsti puslapį:
+<A HREF="%U">%U</A>
+<P>
+Gautas klaidos pranešimas:
+<UL>
 <LI>
 <STRONG>
 Atsakymas nulinis
@@ -19,5 +19,5 @@ Atsakymas nulinis
 </UL>
 
 <P>
-Squid negavo jokių duomenų šiam užklausimui.
+Squid negavo jokių duomenų šiai užklausai.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Lithuanian/README squid-2.5.STABLE5/errors/Lithuanian/README
--- squid-2.5.STABLE4/errors/Lithuanian/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Lithuanian/README	Thu Nov  6 08:33:30 2003
@@ -0,0 +1,2 @@
+Thank you to "DVM" <dvm382@takas.lt> and Nerijus Baliunas <nerijus@users.sourceforge.net>
+for creating these error pages in Lithuanian!
diff -rupN squid-2.5.STABLE4/errors/Makefile.am squid-2.5.STABLE5/errors/Makefile.am
--- squid-2.5.STABLE4/errors/Makefile.am	Sun May 25 07:47:45 2003
+++ squid-2.5.STABLE5/errors/Makefile.am	Mon Dec  1 03:12:28 2003
@@ -1,6 +1,6 @@
 ## Process this file with automake to produce Makefile.in
 #
-# $Id: Makefile.am,v 1.5.2.5 2003/05/25 13:47:45 hno Exp $
+# $Id: Makefile.am,v 1.5.2.7 2003/12/01 10:12:28 hno Exp $
 #
 
 errordir = $(datadir)/errors
@@ -39,9 +39,9 @@ LANGUAGES	= \
 		Spanish \
 		Swedish \
 		Traditional_Chinese \
-		Turkish 
+		Turkish
 
-install-data-local: 
+install-data-local:
 	@for l in $(INSTALL_LANGUAGES); do \
 		$(mkinstalldirs) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l && \
 		for f in $(srcdir)/$$l/ERR_*; do \
@@ -84,7 +84,12 @@ dist-hook:
 	    test -d $(distdir)/$$lang \
 	    || mkdir $(distdir)/$$lang \
 	    || exit 1; \
-	    cp -p $(srcdir)/$$lang/ERR_*  $(distdir)/$$lang \
+	    cp -p $(srcdir)/$$lang/ERR_* $(distdir)/$$lang \
+	    || exit 1; \
+	    if test -f $(srcdir)/$$lang/README; then \
+	      cp -p $(srcdir)/$$lang/README $(distdir)/$$lang \
 	      || exit 1; \
+	    fi; \
 	  fi; \
-	done		
+	done
+
diff -rupN squid-2.5.STABLE4/errors/Makefile.in squid-2.5.STABLE5/errors/Makefile.in
--- squid-2.5.STABLE4/errors/Makefile.in	Sun May 25 07:56:20 2003
+++ squid-2.5.STABLE5/errors/Makefile.in	Mon Dec  1 03:13:57 2003
@@ -14,7 +14,7 @@
 @SET_MAKE@
 
 #
-# $Id: Makefile.in,v 1.15.2.9 2003/05/25 13:56:20 hno Exp $
+# $Id: Makefile.in,v 1.15.2.12 2003/12/01 10:13:57 hno Exp $
 #
 
 SHELL = @SHELL@
@@ -149,7 +149,7 @@ LANGUAGES = \
 		Spanish \
 		Swedish \
 		Traditional_Chinese \
-		Turkish 
+		Turkish
 
 subdir = errors
 mkinstalldirs = $(SHELL) $(top_srcdir)/cfgaux/mkinstalldirs
@@ -271,7 +271,7 @@ uninstall-am: uninstall-info-am uninstal
 	uninstall-info-am uninstall-local
 
 
-install-data-local: 
+install-data-local:
 	@for l in $(INSTALL_LANGUAGES); do \
 		$(mkinstalldirs) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l && \
 		for f in $(srcdir)/$$l/ERR_*; do \
@@ -314,10 +314,14 @@ dist-hook:
 	    test -d $(distdir)/$$lang \
 	    || mkdir $(distdir)/$$lang \
 	    || exit 1; \
-	    cp -p $(srcdir)/$$lang/ERR_*  $(distdir)/$$lang \
+	    cp -p $(srcdir)/$$lang/ERR_* $(distdir)/$$lang \
+	    || exit 1; \
+	    if test -f $(srcdir)/$$lang/README; then \
+	      cp -p $(srcdir)/$$lang/README $(distdir)/$$lang \
 	      || exit 1; \
+	    fi; \
 	  fi; \
-	done		
+	done
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff -rupN squid-2.5.STABLE4/errors/Polish/README squid-2.5.STABLE5/errors/Polish/README
--- squid-2.5.STABLE4/errors/Polish/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Polish/README	Tue May 26 09:01:37 1998
@@ -0,0 +1,4 @@
+Thank you to Maciej Kozinski <Maciej.Kozinski@boa.uni.torun.pl>
+creating these error pages in Polish!
+
+encoding: ISO-8859-2
diff -rupN squid-2.5.STABLE4/errors/Portuguese/README squid-2.5.STABLE5/errors/Portuguese/README
--- squid-2.5.STABLE4/errors/Portuguese/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Portuguese/README	Wed Mar  4 17:00:07 1998
@@ -0,0 +1,2 @@
+Thank you to Pedro Lineu Orso <orso@pop.hsbcbamerindus.com.br> for
+creating these error pages in Portugese!
diff -rupN squid-2.5.STABLE4/errors/Romanian/README squid-2.5.STABLE5/errors/Romanian/README
--- squid-2.5.STABLE4/errors/Romanian/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Romanian/README	Thu Jan 14 16:59:12 1999
@@ -0,0 +1,2 @@
+Thank you to Iusty Pop Daniel <iusty@netcompsj.ro> for
+creating these error pages in Romanian!
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_ACCESS_DENIED squid-2.5.STABLE5/errors/Russian-1251/ERR_ACCESS_DENIED
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_ACCESS_DENIED	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_ACCESS_DENIED	Sun Dec 21 08:15:06 2003
@@ -14,10 +14,10 @@
 <UL>
 <LI>
 <STRONG>
-Äīńņóļ ēąļšåłåķ.
+Äīńņóļ ēąļšåłøķ.
 </STRONG>
 <P>
-Ķąńņšīéźą źīķņšīė’ äīńņóļą ķå äąåņ āīēģīęķīńņč āūļīėķčņü Āąų 
+Ķąńņšīéźą źīķņšīė’ äīńņóļą ķå äąøņ āīēģīęķīńņč āūļīėķčņü Āąų 
 ēąļšīń ā ķąńņī’łåå āšåģ’. Ļīęąėóéńņą, ńā’ęčņåńü ń Āąųčģ
 ļīńņąāłčźīģ óńėóć Čķņåšķåņ, åńėč Āū ń÷čņąåņå żņī ķåļšąāčėüķūģ.
 </UL>
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_CACHE_ACCESS_DENIED squid-2.5.STABLE5/errors/Russian-1251/ERR_CACHE_ACCESS_DENIED
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_CACHE_ACCESS_DENIED	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_CACHE_ACCESS_DENIED	Sun Dec 21 08:15:06 2003
@@ -1,11 +1,11 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1251">
-<TITLE>ĪŲČĮŹĄ: Äīńņóļ ź źżųó ēąļšåłåķ.</TITLE>
+<TITLE>ĪŲČĮŹĄ: Äīńņóļ ź źżųó ēąļšåłøķ.</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
 </HEAD>
 <BODY>
 <H1>ĪŲČĮŹĄ</H1>
-<H2>Äīńņóļ ź źżųó ēąļšåłåķ</H2>
+<H2>Äīńņóļ ź źżųó ēąļšåłøķ</H2>
 <HR noshade size="1px">
 <P>
 Āī āšåģ’ äīńņąāźč URL:
@@ -15,14 +15,14 @@
 <UL>
 <LI>
 <STRONG>
-Äīńņóļ ź źżųó ēąļšåłåķ
+Äīńņóļ ź źżųó ēąļšåłøķ
 </STRONG>
 </UL>
 </P>
 
 <P>Čēāčķčņå, Āū ķå ģīęåņå ēąļšīńčņü:
 <PRE>    %U</PRE>
-čē żņīćī źżųą äī ņåõ ļīš, ļīźą ķå ļšīéäåņå ąóņåķņčōčźąöčž.
+čē żņīćī źżųą äī ņåõ ļīš, ļīźą ķå ļšīéäøņå ąóņåķņčōčźąöčž.
 </P>
 
 <P>
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_CACHE_MGR_ACCESS_DENIED squid-2.5.STABLE5/errors/Russian-1251/ERR_CACHE_MGR_ACCESS_DENIED
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_CACHE_MGR_ACCESS_DENIED	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_CACHE_MGR_ACCESS_DENIED	Sun Dec 21 08:15:06 2003
@@ -1,11 +1,11 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1251">
-<TITLE>ĪŲČĮŹĄ: Äīńņóļ ź óļšąāėåķčž źżųåģ ēąļšåłåķ</TITLE>
+<TITLE>ĪŲČĮŹĄ: Äīńņóļ ź óļšąāėåķčž źżųåģ ēąļšåłøķ</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
 </HEAD>
 <BODY>
 <H1>ĪŲČĮŹĄ</H1>
-<H2>Äīńņóļ ź óļšąāėåķčž źżųåģ ēąļšåłåķ</H2>
+<H2>Äīńņóļ ź óļšąāėåķčž źżųåģ ēąļšåłøķ</H2>
 <HR noshade size="1px">
 <P>
 Āī āšåģ’ äīńņąāźč URL:
@@ -15,14 +15,14 @@
 <UL>
 <LI>
 <STRONG>
-Äīńņóļ ź óļšąāėåķčž źżųåģ ēąļšåłåķ.
+Äīńņóļ ź óļšąāėåķčž źżųåģ ēąļšåłøķ.
 </STRONG>
 </UL>
 </P>
 
 <P>Čēāčķčņå, Āū ķå ģīęåņå ēąļšīńčņü:
 <PRE>    %U</PRE>
-čē ńčńņåģū óļšąāėåķč’ źżųą äī ņåõ ļīš, ļīźą ķå ļšīéäåņå ąóņåķņčōčźąöčž.
+čē ńčńņåģū óļšąāėåķč’ źżųą äī ņåõ ļīš, ļīźą ķå ļšīéäøņå ąóņåķņčōčźąöčž.
 </P>
 
 <P>
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_CONNECT_FAIL squid-2.5.STABLE5/errors/Russian-1251/ERR_CONNECT_FAIL
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_CONNECT_FAIL	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_CONNECT_FAIL	Sun Dec 21 08:15:07 2003
@@ -23,5 +23,5 @@
 <PRE><I>    %E</I></PRE>
 
 <P>
-Óäąėåķķūé ńåšāåš ėčįī ńåņü ķå īņāå÷ąžņ. Ļīęąėóéńņą, ļīāņīščņå ēąļšīń.
+Óäąėøķķūé ńåšāåš ėčįī ńåņü ķå īņāå÷ąžņ. Ļīęąėóéńņą, ļīāņīščņå ēąļšīń.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_FTP_DISABLED squid-2.5.STABLE5/errors/Russian-1251/ERR_FTP_DISABLED
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_FTP_DISABLED	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_FTP_DISABLED	Sun Dec 21 08:15:07 2003
@@ -14,7 +14,7 @@
 <UL>
 <LI>
 <STRONG>
-Ļšīņīźīė FTP ēąļšåłåķ.
+Ļšīņīźīė FTP ēąļšåłøķ.
 </STRONG>
 </UL>
 
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_FTP_FAILURE squid-2.5.STABLE5/errors/Russian-1251/ERR_FTP_FAILURE
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_FTP_FAILURE	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_FTP_FAILURE	Sun Dec 21 08:15:07 2003
@@ -19,7 +19,7 @@
 	%F
 </STRONG></PRE>
 <P>
-Żņī ģīęåņ įūņü āūēāąķī ąäšåńīģ ń ąįńīėžņķūģ ļóņåģ (źīņīšūé ķå 
+Żņī ģīęåņ įūņü āūēāąķī ąäšåńīģ ń ąįńīėžņķūģ ļóņøģ (źīņīšūé ķå 
 ńīīņāåņńņāóåņ ńņąķäąšņó RFC 1738). Ā żņīģ ńėó÷ąå, ōąéė ģīęåņ įūņü 
 ķąéäåķ ļī ąäšåńó <A HREF="%B">%B</A>.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_FTP_PUT_MODIFIED squid-2.5.STABLE5/errors/Russian-1251/ERR_FTP_PUT_MODIFIED
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_FTP_PUT_MODIFIED	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_FTP_PUT_MODIFIED	Sun Dec 21 08:15:07 2003
@@ -1,10 +1,10 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1251">
-<TITLE>FTP PUT ēąāåšųčėń’ óńļåųķī: Ōąéė īįķīāėåķ</TITLE>
+<TITLE>FTP PUT ēąāåšųčėń’ óńļåųķī: Ōąéė īįķīāėøķ</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
 </HEAD><BODY>
 <H1>Īļåšąöč’ ēąāåšųčėąńü óńļåųķī.</H1>
-<H2>Ōąéė īįķīāėåķ.</H2>
+<H2>Ōąéė īįķīāėøķ.</H2>
 <HR noshade size="1px">
 <P>
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_INVALID_URL squid-2.5.STABLE5/errors/Russian-1251/ERR_INVALID_URL
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_INVALID_URL	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_INVALID_URL	Sun Dec 21 08:15:07 2003
@@ -25,6 +25,6 @@
 ļīõīęčé)
 <LI>Īņńóņńņāóåņ čģ’ ńåšāåšą
 <LI>Ķåźīššåźņķūé äāīéķīé óļšąāė’žłčé ńčģāīė ā URL-ļóņč
-<LI>Ķåäīļóńņčģūé ńčģāīė ā čģåķč ńåšāåšą; ļīä÷åšźčāąķč’ ķåäīļóńņčģū
+<LI>Ķåäīļóńņčģūé ńčģāīė ā čģåķč ńåšāåšą; ļīä÷øšźčāąķč’ ķåäīļóńņčģū
 </UL>
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_NO_RELAY squid-2.5.STABLE5/errors/Russian-1251/ERR_NO_RELAY
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_NO_RELAY	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_NO_RELAY	Sun Dec 21 08:15:07 2003
@@ -14,11 +14,11 @@
 <UL>
 <LI>
 <STRONG>
-Wais Relay ķå īļšåäåėåķ.
+Wais Relay ķå īļšåäåėøķ.
 </STRONG>
 </UL>
 
 <P>
-Äė’ żņīćī źżųą ķå īļšåäåėåķ ńåšāåš WAIS Relay.
+Äė’ żņīćī źżųą ķå īļšåäåėøķ ńåšāåš WAIS Relay.
  Ńīīįłčņå ąäģčķčńņšąņīšó.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/ERR_ONLY_IF_CACHED_MISS squid-2.5.STABLE5/errors/Russian-1251/ERR_ONLY_IF_CACHED_MISS
--- squid-2.5.STABLE4/errors/Russian-1251/ERR_ONLY_IF_CACHED_MISS	Wed Aug 28 15:08:10 2002
+++ squid-2.5.STABLE5/errors/Russian-1251/ERR_ONLY_IF_CACHED_MISS	Sun Dec 21 08:15:07 2003
@@ -22,5 +22,5 @@
 <P>
 Āū ļīńėąėč ēąļšīń ń äčšåźņčāīé źżų-źīķņšīė’ <code>only-if-cached</code>.
 Īįśåźņ ķå īįķąšóęåķ ā źżųå, <em>ėčįī</em> īķ ņšåįóåņ īįķīāėåķč’,
-ēąļšåłåķķīćī äčšåźņčāīé <code>only-if-cached</code>.
+ēąļšåłøķķīćī äčšåźņčāīé <code>only-if-cached</code>.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-1251/README squid-2.5.STABLE5/errors/Russian-1251/README
--- squid-2.5.STABLE4/errors/Russian-1251/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Russian-1251/README	Thu Apr 23 23:24:56 1998
@@ -0,0 +1,2 @@
+Thank you to Ilia Zadorozhko <falcon@netsy.com> for
+creating these error pages in Russian!
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_ACCESS_DENIED squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_ACCESS_DENIED
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_ACCESS_DENIED	Mon Aug 26 19:17:23 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_ACCESS_DENIED	Sun Dec 21 08:15:07 2003
@@ -18,7 +18,7 @@
 äĻÓŌÕŠ ŚĮŠŅÅŻÅĪ.
 </STRONG>
 <P>
-īĮÓŌŅĻŹĖĮ ĖĻĪŌŅĻĢŃ ÄĻÓŌÕŠĮ ĪÅ ÄĮÅŌ ×ĻŚĶĻÖĪĻÓŌÉ ×ŁŠĻĢĪÉŌŲ ÷ĮŪ 
+īĮÓŌŅĻŹĖĮ ĖĻĪŌŅĻĢŃ ÄĻÓŌÕŠĮ ĪÅ ÄĮ£Ō ×ĻŚĶĻÖĪĻÓŌÉ ×ŁŠĻĢĪÉŌŲ ÷ĮŪ 
 ŚĮŠŅĻÓ × ĪĮÓŌĻŃŻÅÅ ×ŅÅĶŃ. šĻÖĮĢÕŹÓŌĮ, Ó×ŃÖÉŌÅÓŲ Ó ÷ĮŪÉĶ
 ŠĻÓŌĮׯÉĖĻĶ ÕÓĢÕĒ éĪŌÅŅĪÅŌ, ÅÓĢÉ ÷Ł ÓŽÉŌĮÅŌÅ ÜŌĻ ĪÅŠŅĮ×ÉĢŲĪŁĶ.
 </UL>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_CACHE_ACCESS_DENIED squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_CACHE_ACCESS_DENIED
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_CACHE_ACCESS_DENIED	Mon Aug 26 19:17:23 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_CACHE_ACCESS_DENIED	Sun Dec 21 08:15:08 2003
@@ -1,12 +1,12 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <HTML><HEAD>
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=koi8-r">
-<TITLE>ļūéāėį: äĻÓŌÕŠ Ė ĖÜŪÕ ŚĮŠŅÅŻÅĪ.</TITLE>
+<TITLE>ļūéāėį: äĻÓŌÕŠ Ė ĖÜŪÕ ŚĮŠŅÅŻ£Ī.</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
 </HEAD>
 <BODY>
 <H1>ļūéāėį</H1>
-<H2>äĻÓŌÕŠ Ė ĖÜŪÕ ŚĮŠŅÅŻÅĪ</H2>
+<H2>äĻÓŌÕŠ Ė ĖÜŪÕ ŚĮŠŅÅŻ£Ī</H2>
 <HR noshade size="1px">
 <P>
 ÷Ļ ×ŅÅĶŃ ÄĻÓŌĮ×ĖÉ URL:
@@ -16,14 +16,14 @@
 <UL>
 <LI>
 <STRONG>
-äĻÓŌÕŠ Ė ĖÜŪÕ ŚĮŠŅÅŻÅĪ
+äĻÓŌÕŠ Ė ĖÜŪÕ ŚĮŠŅÅŻ£Ī
 </STRONG>
 </UL>
 </P>
 
 <P>éŚ×ÉĪÉŌÅ, ÷Ł ĪÅ ĶĻÖÅŌÅ ŚĮŠŅĻÓÉŌŲ:
 <PRE>    %U</PRE>
-ÉŚ ÜŌĻĒĻ ĖÜŪĮ ÄĻ ŌÅČ ŠĻŅ, ŠĻĖĮ ĪÅ ŠŅĻŹÄÅŌÅ ĮÕŌÅĪŌÉĘÉĖĮĆÉĄ.
+ÉŚ ÜŌĻĒĻ ĖÜŪĮ ÄĻ ŌÅČ ŠĻŅ, ŠĻĖĮ ĪÅ ŠŅĻŹÄ£ŌÅ ĮÕŌÅĪŌÉĘÉĖĮĆÉĄ.
 </P>
 
 <P>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_CACHE_MGR_ACCESS_DENIED squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_CACHE_MGR_ACCESS_DENIED
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_CACHE_MGR_ACCESS_DENIED	Mon Aug 26 19:17:23 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_CACHE_MGR_ACCESS_DENIED	Sun Dec 21 08:15:08 2003
@@ -1,12 +1,12 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <HTML><HEAD>
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=koi8-r">
-<TITLE>ļūéāėį: äĻÓŌÕŠ Ė ÕŠŅĮ×ĢÅĪÉĄ ĖÜŪÅĶ ŚĮŠŅÅŻÅĪ</TITLE>
+<TITLE>ļūéāėį: äĻÓŌÕŠ Ė ÕŠŅĮ×ĢÅĪÉĄ ĖÜŪÅĶ ŚĮŠŅÅŻ£Ī</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
 </HEAD>
 <BODY>
 <H1>ļūéāėį</H1>
-<H2>äĻÓŌÕŠ Ė ÕŠŅĮ×ĢÅĪÉĄ ĖÜŪÅĶ ŚĮŠŅÅŻÅĪ</H2>
+<H2>äĻÓŌÕŠ Ė ÕŠŅĮ×ĢÅĪÉĄ ĖÜŪÅĶ ŚĮŠŅÅŻ£Ī</H2>
 <HR noshade size="1px">
 <P>
 ÷Ļ ×ŅÅĶŃ ÄĻÓŌĮ×ĖÉ URL:
@@ -16,14 +16,14 @@
 <UL>
 <LI>
 <STRONG>
-äĻÓŌÕŠ Ė ÕŠŅĮ×ĢÅĪÉĄ ĖÜŪÅĶ ŚĮŠŅÅŻÅĪ.
+äĻÓŌÕŠ Ė ÕŠŅĮ×ĢÅĪÉĄ ĖÜŪÅĶ ŚĮŠŅÅŻ£Ī.
 </STRONG>
 </UL>
 </P>
 
 <P>éŚ×ÉĪÉŌÅ, ÷Ł ĪÅ ĶĻÖÅŌÅ ŚĮŠŅĻÓÉŌŲ:
 <PRE>    %U</PRE>
-ÉŚ ÓÉÓŌÅĶŁ ÕŠŅĮ×ĢÅĪÉŃ ĖÜŪĮ ÄĻ ŌÅČ ŠĻŅ, ŠĻĖĮ ĪÅ ŠŅĻŹÄÅŌÅ ĮÕŌÅĪŌÉĘÉĖĮĆÉĄ.
+ÉŚ ÓÉÓŌÅĶŁ ÕŠŅĮ×ĢÅĪÉŃ ĖÜŪĮ ÄĻ ŌÅČ ŠĻŅ, ŠĻĖĮ ĪÅ ŠŅĻŹÄ£ŌÅ ĮÕŌÅĪŌÉĘÉĖĮĆÉĄ.
 </P>
 
 <P>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_CONNECT_FAIL squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_CONNECT_FAIL
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_CONNECT_FAIL	Mon Aug 26 19:17:23 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_CONNECT_FAIL	Sun Dec 21 08:15:08 2003
@@ -24,5 +24,5 @@
 <PRE><I>    %E</I></PRE>
 
 <P>
-õÄĮĢÅĪĪŁŹ ÓÅŅ×ÅŅ ĢÉĀĻ ÓÅŌŲ ĪÅ ĻŌ×ÅŽĮĄŌ. šĻÖĮĢÕŹÓŌĮ, ŠĻ×ŌĻŅÉŌÅ ŚĮŠŅĻÓ.
+õÄĮĢ£ĪĪŁŹ ÓÅŅ×ÅŅ ĢÉĀĻ ÓÅŌŲ ĪÅ ĻŌ×ÅŽĮĄŌ. šĻÖĮĢÕŹÓŌĮ, ŠĻ×ŌĻŅÉŌÅ ŚĮŠŅĻÓ.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_FTP_FAILURE squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_FTP_FAILURE
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_FTP_FAILURE	Mon Aug 26 19:17:24 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_FTP_FAILURE	Sun Dec 21 08:15:08 2003
@@ -20,7 +20,7 @@
 	%F
 </STRONG></PRE>
 <P>
-üŌĻ ĶĻÖÅŌ ĀŁŌŲ ףŚ×ĮĪĻ ĮÄŅÅÓĻĶ Ó ĮĀÓĻĢĄŌĪŁĶ ŠÕŌÅĶ (ĖĻŌĻŅŁŹ ĪÅ 
+üŌĻ ĶĻÖÅŌ ĀŁŌŲ ףŚ×ĮĪĻ ĮÄŅÅÓĻĶ Ó ĮĀÓĻĢĄŌĪŁĶ ŠÕŌ£Ķ (ĖĻŌĻŅŁŹ ĪÅ 
 ÓĻĻŌ×ÅŌÓŌ×ÕÅŌ ÓŌĮĪÄĮŅŌÕ RFC 1738). ÷ ÜŌĻĶ ÓĢÕŽĮÅ, ĘĮŹĢ ĶĻÖÅŌ ĀŁŌŲ 
 ĪĮŹÄÅĪ ŠĻ ĮÄŅÅÓÕ <A HREF="%B">%B</A>.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_FTP_PUT_MODIFIED squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_FTP_PUT_MODIFIED
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_FTP_PUT_MODIFIED	Mon Aug 26 19:17:24 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_FTP_PUT_MODIFIED	Sun Dec 21 08:15:08 2003
@@ -1,11 +1,11 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <HTML><HEAD>
 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=koi8-r">
-<TITLE>FTP PUT ŚĮ×ÅŅŪÉĢÓŃ ÕÓŠÅŪĪĻ: ęĮŹĢ ĻĀĪĻ×ĢÅĪ</TITLE>
+<TITLE>FTP PUT ŚĮ×ÅŅŪÉĢÓŃ ÕÓŠÅŪĪĻ: ęĮŹĢ ĻĀĪĻ×Ģ£Ī</TITLE>
 <STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
 </HEAD><BODY>
 <H1>ļŠÅŅĮĆÉŃ ŚĮ×ÅŅŪÉĢĮÓŲ ÕÓŠÅŪĪĻ.</H1>
-<H2>ęĮŹĢ ĻĀĪĻ×ĢÅĪ.</H2>
+<H2>ęĮŹĢ ĻĀĪĻ×Ģ£Ī.</H2>
 <HR noshade size="1px">
 <P>
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_INVALID_REQ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_INVALID_REQ
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_INVALID_REQ	Mon Aug 26 19:17:24 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_INVALID_REQ	Sun Dec 21 08:15:08 2003
@@ -29,6 +29,6 @@
 <LI>ļŌÓÕŌÓŌ×ÕÅŌ HTTP ÉÄÅĪŌÉĘÉĖĮŌĻŅ (HTTP/1.0)
 <LI>śĮŠŅĻÓ ÓĢÉŪĖĻĶ ×ÅĢÉĖ
 <LI>īÅ ÕĖĮŚĮĪ Content-Length ÄĢŃ ŚĮŠŅĻÓĻ× POST ÉĢÉ PUT
-<LI>īÅÄĻŠÕÓŌÉĶŁŹ ÓÉĶ×ĻĢ × ÉĶÅĪÉ ÓÅŅ×ÅŅĮ; ŠĻÄŽÅŅĖÉ×ĮĪÉŃ ĪÅÄĻŠÕÓŌÉĶŁ
+<LI>īÅÄĻŠÕÓŌÉĶŁŹ ÓÉĶ×ĻĢ × ÉĶÅĪÉ ÓÅŅ×ÅŅĮ; ŠĻÄŽ£ŅĖÉ×ĮĪÉŃ ĪÅÄĻŠÕÓŌÉĶŁ
 </UL>
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_INVALID_URL squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_INVALID_URL
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_INVALID_URL	Mon Aug 26 19:17:24 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_INVALID_URL	Sun Dec 21 08:15:08 2003
@@ -26,6 +26,6 @@
 ŠĻČĻÖÉŹ)
 <LI>ļŌÓÕŌÓŌ×ÕÅŌ ÉĶŃ ÓÅŅ×ÅŅĮ
 <LI>īÅĖĻŅŅÅĖŌĪŁŹ Ä×ĻŹĪĻŹ ÕŠŅĮ×ĢŃĄŻÉŹ ÓÉĶ×ĻĢ × URL-ŠÕŌÉ
-<LI>īÅÄĻŠÕÓŌÉĶŁŹ ÓÉĶ×ĻĢ × ÉĶÅĪÉ ÓÅŅ×ÅŅĮ; ŠĻÄŽÅŅĖÉ×ĮĪÉŃ ĪÅÄĻŠÕÓŌÉĶŁ
+<LI>īÅÄĻŠÕÓŌÉĶŁŹ ÓÉĶ×ĻĢ × ÉĶÅĪÉ ÓÅŅ×ÅŅĮ; ŠĻÄŽ£ŅĖÉ×ĮĪÉŃ ĪÅÄĻŠÕÓŌÉĶŁ
 </UL>
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_NO_RELAY squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_NO_RELAY
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_NO_RELAY	Mon Aug 26 19:17:24 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_NO_RELAY	Sun Dec 21 08:15:09 2003
@@ -15,11 +15,11 @@
 <UL>
 <LI>
 <STRONG>
-Wais Relay ĪÅ ĻŠŅÅÄÅĢÅĪ.
+Wais Relay ĪÅ ĻŠŅÅÄÅĢ£Ī.
 </STRONG>
 </UL>
 
 <P>
-äĢŃ ÜŌĻĒĻ ĖÜŪĮ ĪÅ ĻŠŅÅÄÅĢÅĪ ÓÅŅ×ÅŅ WAIS Relay.
+äĢŃ ÜŌĻĒĻ ĖÜŪĮ ĪÅ ĻŠŅÅÄÅĢ£Ī ÓÅŅ×ÅŅ WAIS Relay.
  óĻĻĀŻÉŌÅ ĮÄĶÉĪÉÓŌŅĮŌĻŅÕ.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_ONLY_IF_CACHED_MISS squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_ONLY_IF_CACHED_MISS
--- squid-2.5.STABLE4/errors/Russian-koi8-r/ERR_ONLY_IF_CACHED_MISS	Mon Aug 26 19:17:24 2002
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/ERR_ONLY_IF_CACHED_MISS	Sun Dec 21 08:15:09 2003
@@ -23,5 +23,5 @@
 <P>
 ÷Ł ŠĻÓĢĮĢÉ ŚĮŠŅĻÓ Ó ÄÉŅÅĖŌÉ×ĻŹ ĖÜŪ-ĖĻĪŌŅĻĢŃ <code>only-if-cached</code>.
 ļĀßÅĖŌ ĪÅ ĻĀĪĮŅÕÖÅĪ × ĖÜŪÅ, <em>ĢÉĀĻ</em> ĻĪ ŌŅÅĀÕÅŌ ĻĀĪĻ×ĢÅĪÉŃ,
-ŚĮŠŅÅŻÅĪĪĻĒĻ ÄÉŅÅĖŌÉ×ĻŹ <code>only-if-cached</code>.
+ŚĮŠŅÅŻ£ĪĪĻĒĻ ÄÉŅÅĖŌÉ×ĻŹ <code>only-if-cached</code>.
 </P>
diff -rupN squid-2.5.STABLE4/errors/Russian-koi8-r/README squid-2.5.STABLE5/errors/Russian-koi8-r/README
--- squid-2.5.STABLE4/errors/Russian-koi8-r/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Russian-koi8-r/README	Fri May  8 16:09:50 1998
@@ -0,0 +1,2 @@
+Thank you to Andrew L. Davydov <davydov@okbmei.msk.su> for
+creating these error pages in Russian!
diff -rupN squid-2.5.STABLE4/errors/Serbian/README squid-2.5.STABLE5/errors/Serbian/README
--- squid-2.5.STABLE4/errors/Serbian/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Serbian/README	Sat Feb 10 19:54:22 2001
@@ -0,0 +1,4 @@
+Thank you to Zoran Verovski <Zoran@HEMOFARM.CO.YU> for
+creating these error pages in Serbian!
+
+encoding: latin-win1250
diff -rupN squid-2.5.STABLE4/errors/Simplify_Chinese/README squid-2.5.STABLE5/errors/Simplify_Chinese/README
--- squid-2.5.STABLE4/errors/Simplify_Chinese/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Simplify_Chinese/README	Tue May 16 01:06:01 2000
@@ -0,0 +1,11 @@
+This Simplify Chinese error pages is based on the 
+Erick C. Chang <erick@mail.thu.edu.tw> 's Traditional Chinese error pages.
+and suitable for SQUID 2.3 STABLE 1.
+
+I first translate these pages from Traditional Chinese to Simplify Chinese
+use a auto program. Then I check and compare with English pages to get more
+accurate result. It take me over one half of time than direct translation 
+from english. Because the technical terms are very different in two area. 
+And I also fixed some minor mistakes.
+
+Wang DaQing wdq@bigfoot.com
diff -rupN squid-2.5.STABLE4/errors/Slovak/README squid-2.5.STABLE5/errors/Slovak/README
--- squid-2.5.STABLE4/errors/Slovak/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Slovak/README	Mon Jan 11 15:57:00 1999
@@ -0,0 +1,2 @@
+Thank you to Peter Hanecak <hany@megaloman.sk> for
+creating these error pages in Slovak!
diff -rupN squid-2.5.STABLE4/errors/Spanish/README squid-2.5.STABLE5/errors/Spanish/README
--- squid-2.5.STABLE4/errors/Spanish/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Spanish/README	Mon Jul  7 01:49:55 2003
@@ -0,0 +1,3 @@
+Thanks to Javier Puche <javier.puche@rediris.es>, Roberto Lumbreras
+<rover-squid@lander.es>, Juan Nicolas Ruiz N. <nicolas@ula.ve> and
+Sergio Rua <srua@debian.org> for creating these error pages in Spanish!
diff -rupN squid-2.5.STABLE4/errors/Swedish/README squid-2.5.STABLE5/errors/Swedish/README
--- squid-2.5.STABLE4/errors/Swedish/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Swedish/README	Mon Jan 22 18:06:06 2001
@@ -0,0 +1,2 @@
+Thank you to Stefan Månsby <stefan@mansby.com> for
+creating these error pages in Swedish!
diff -rupN squid-2.5.STABLE4/errors/Traditional_Chinese/README squid-2.5.STABLE5/errors/Traditional_Chinese/README
--- squid-2.5.STABLE4/errors/Traditional_Chinese/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Traditional_Chinese/README	Mon Jan 11 13:22:42 1999
@@ -0,0 +1,2 @@
+Thank you to Erick C. Chang <erick@mail.thu.edu.tw> for
+creating these error pages in Traditional Chinese!
diff -rupN squid-2.5.STABLE4/errors/Turkish/README squid-2.5.STABLE5/errors/Turkish/README
--- squid-2.5.STABLE4/errors/Turkish/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/errors/Turkish/README	Tue Jul 14 17:14:56 1998
@@ -0,0 +1,2 @@
+Thank you to Tural KAPTAN <kaptan@kaptan.ulakbim.gov.tr> for
+creating these error pages in Turkish!
diff -rupN squid-2.5.STABLE4/helpers/basic_auth/LDAP/squid_ldap_auth.8 squid-2.5.STABLE5/helpers/basic_auth/LDAP/squid_ldap_auth.8
--- squid-2.5.STABLE4/helpers/basic_auth/LDAP/squid_ldap_auth.8	Thu May  8 14:15:55 2003
+++ squid-2.5.STABLE5/helpers/basic_auth/LDAP/squid_ldap_auth.8	Wed Feb 18 09:15:52 2004
@@ -4,9 +4,11 @@
 squid_ldap_auth - Squid LDAP authentication helper
 .
 .SH SYNOPSIS
-squid_ldap_auth -b "base DN" [-u attribute] [options] [ldap_server_name[:port]]...]
-.P
-squid_ldap_auth -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...]
+.B squid_ldap_auth
+-b "base DN" [-u attribute] [options] [ldap_server_name[:port]...]
+.br
+.B squid_ldap_auth
+-b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...]
 .
 .SH DESCRIPTION
 This helper allows Squid to connect to a LDAP directory to
@@ -135,31 +137,31 @@ For directories using the RFC2307 layout
 you need to specify is usually the base DN under where your users
 are located and the server name:
 .IP
-squid_ldap_auth -b ou=people,dc=your,dc=domain ldapserver
+squid_ldap_auth -b "ou=people,dc=your,dc=domain" ldapserver
 .P
 If you have sub-domains then you need to use a search filter approach
 to locate your user DNs as these can no longer be constructed direcly
 from the base DN and login name alone:
 .IP
-squid_ldap_auth -b dc=your,dc=domain -f uid=%s ldapserver
+squid_ldap_auth -b "dc=your,dc=domain" -f "uid=%s" ldapserver
 .P
 And similarily if you only want to allow access to users having a
 specific attribute
 .IP
-squid_ldap_auth -b dc=your,dc=domain -f (&(uid=%s)(specialattribute=value)) ldapserver
+squid_ldap_auth -b "dc=your,dc=domain" -f "(&(uid=%s)(specialattribute=value))" ldapserver
 .P
 Or if the user attribute of the user DN is "cn" instead of "uid" and
 you do not want to have to search for the users then you could use something
 like the following example for Active Directory:
 .IP
-squid_ldap_auth -u cn -b cn=Users,dc=your,dc=domain ldapserver
+squid_ldap_auth -u cn -b "cn=Users,dc=your,dc=domain" ldapserver
 .P
 If you want to search for the user DN and your directory does not allow
 anonymous searches then you must also use the -D and -w flags to specify
 a user DN and password to log in as to perform the searches, as in the
 following complex Active Directory example
 .IP
-squid_ldap_auth -p -R -b dc=your,dc=domain -D cn=squid,cn=users,dc=your,dc=domain -w secretsquidpassword -f (&(userPrincipalName=%s)(objectClass=Person)) activedirectoryserver
+squid_ldap_auth -p -R -b "dc=your,dc=domain" -D "cn=squid,cn=users,dc=your,dc=domain" -w "secretsquidpassword" -f "(&(userPrincipalName=%s)(objectClass=Person))" activedirectoryserver
 .
 .SH NOTES
 .
diff -rupN squid-2.5.STABLE4/helpers/basic_auth/LDAP/squid_ldap_auth.c squid-2.5.STABLE5/helpers/basic_auth/LDAP/squid_ldap_auth.c
--- squid-2.5.STABLE4/helpers/basic_auth/LDAP/squid_ldap_auth.c	Sat May 10 14:17:18 2003
+++ squid-2.5.STABLE5/helpers/basic_auth/LDAP/squid_ldap_auth.c	Mon Jan  5 06:12:11 2004
@@ -30,6 +30,8 @@
  * or (at your option) any later version.
  *
  * Changes:
+ * 2004-01-05: Henrik Nordstrom <hno@squid-cache.org>
+ *	       - Corrected TLS mode
  * 2003-03-01: David J N Begley
  * 	       - Support for Netscape API method of ldap over SSL
  * 	         connections
@@ -445,7 +447,7 @@ main(int argc, char **argv)
                 exit(1);
 	    }
 
-	    if ( use_tls && ( version == LDAP_VERSION3 ) && ( ldap_start_tls_s( ld, NULL, NULL ) == LDAP_SUCCESS )) {
+	    if ( use_tls && ( version == LDAP_VERSION3 ) && ( ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS )) {
                 fprintf( stderr, "Could not Activate TLS connection\n");
                 exit(1);
 	    }
diff -rupN squid-2.5.STABLE4/helpers/basic_auth/PAM/pam_auth.8 squid-2.5.STABLE5/helpers/basic_auth/PAM/pam_auth.8
--- squid-2.5.STABLE4/helpers/basic_auth/PAM/pam_auth.8	Wed May 15 06:07:13 2002
+++ squid-2.5.STABLE5/helpers/basic_auth/PAM/pam_auth.8	Thu Jan 29 06:39:22 2004
@@ -1,4 +1,4 @@
-.TH pam_auth 8 "15 May 2002" "Squid PAM Auth"
+.TH pam_auth 8 "5 Sep 2003" "Squid PAM Auth"
 .
 .SH NAME
 pam_auth - Squid PAM authentication helper
@@ -17,22 +17,18 @@ Specifies the PAM service name Squid use
 .
 .TP
 .BI "-t " TTL
-Unless the -1 option is used, this specified for how long
-the connection to the PAM database should be kept open and
-reused for new logins. Defaults to 60 seconds.
+Enables persistent PAM connections where the connection to the PAM
+database is kept open and reused for new logins. The TTL specifies
+how long the connetion will be kept open (in seconds).  Default is
+to not keep PAM connections open. Please note that the use of
+persistent PAM connections is slightly outside the PAM
+specification and may not work with all PAM configurations.
 .
 .TP
 .BI "-o"
 Do not perform the PAM account management group (account
 expiration etc)
 
-.TP
-.BI "-1"
-Specifies "One shot" mode, where a new PAM connection will
-be opened for each new user. This is how PAM is normally
-used and may be required by some backend databases.
-The default is to reuse the PAM connection to maximize
-performance. (see -t above)
 .
 .SH CONFIGURATION
 .
@@ -48,7 +44,9 @@ management groups to verify the password
 .P
 For details on how to configure PAM services, see the PAM
 documentation for your system. This manual does not cover PAM
-configuration details.
+configuration details. The existing PAM service definitions for
+other applications on your system is also a good source for examples
+on how to configure a PAM service.
 .
 .SH NOTES
 .
@@ -76,7 +74,7 @@ Squid pam_auth and this manual is writte
 .I Henrik Nordstrom <hno@squid-cache.org>
 .
 .SH COPYRIGHT
-Squid pam_auth and this manual is Copyright 1999,2002
+Squid pam_auth and this manual is Copyright 1999,2002,2003
 Henrik Nordstrom <hno@squid-cache.org>
 .
 .SH QUESTIONS
diff -rupN squid-2.5.STABLE4/helpers/basic_auth/PAM/pam_auth.c squid-2.5.STABLE5/helpers/basic_auth/PAM/pam_auth.c
--- squid-2.5.STABLE4/helpers/basic_auth/PAM/pam_auth.c	Thu Oct 10 21:06:01 2002
+++ squid-2.5.STABLE5/helpers/basic_auth/PAM/pam_auth.c	Wed Nov  5 11:15:06 2003
@@ -1,8 +1,8 @@
 /*
- * $Id: pam_auth.c,v 1.3.2.6 2002/10/11 03:06:01 wessels Exp $
+ * $Id: pam_auth.c,v 1.3.2.9 2003/11/05 18:15:06 hno Exp $
  *
  * PAM authenticator module for Squid.
- * Copyright (C) 1999,2002 Henrik Nordstrom <hno@squid-cache.org>
+ * Copyright (C) 1999,2002,2003 Henrik Nordstrom <hno@squid-cache.org>
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
@@ -37,6 +37,15 @@
  *
  * Change Log:
  *
+ *   Version 2.2, 2003-11-05
+ *      One shot mode is now the default mode of operation
+ *      with persistent PAM connections enabled by -t option.
+ *      Support for clearing the PAM_AUTHTOK attribute on
+ *      persistent PAM connections.
+ *
+ *   Version 2.1, 2002-08-12
+ *      Squid-2.5 support (URL encoded login, password strings)
+ *
  *   Version 2.0, 2002-01-07
  *      One shot mode, command line options
  *	man page
@@ -76,7 +85,7 @@
 
 /* The default TTL */
 #ifndef DEFAULT_SQUID_PAM_TTL
-#define DEFAULT_SQUID_PAM_TTL 60
+#define DEFAULT_SQUID_PAM_TTL 0
 #endif
 
 static char *password = NULL;	/* Workaround for Solaris 2.6 brokenness */
@@ -221,6 +230,7 @@ start:
 	    }
 	    pamh_created = time(NULL);
 	}
+	/* Authentication */
 	retval = PAM_SUCCESS;
 	if (ttl != 0) {
 	    if (retval == PAM_SUCCESS)
@@ -238,7 +248,15 @@ start:
 error:
 	    fprintf(stdout, "ERR\n");
 	}
-	if (ttl == 0) {
+	/* cleanup */
+	retval = PAM_SUCCESS;
+#ifdef PAM_AUTHTOK
+	if (ttl != 0) {
+	    if (retval == PAM_SUCCESS)
+		retval = pam_set_item(pamh, PAM_AUTHTOK, NULL);
+	}
+#endif
+	if (ttl == 0 || retval != PAM_SUCCESS) {
 	    retval = pam_end(pamh, retval);
 	    if (retval != PAM_SUCCESS) {
 		fprintf(stderr, "WARNING: failed to release PAM authenticator\n");
diff -rupN squid-2.5.STABLE4/helpers/external_acl/ldap_group/ChangeLog squid-2.5.STABLE5/helpers/external_acl/ldap_group/ChangeLog
--- squid-2.5.STABLE4/helpers/external_acl/ldap_group/ChangeLog	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/helpers/external_acl/ldap_group/ChangeLog	Mon Jan  5 06:12:12 2004
@@ -0,0 +1,177 @@
+Version 2.13
+
+2003-01-05 Henrik Nordstrom <hno@squid-cache.org>
+	Corrected TLS mode (-Z)
+
+Version 2.12
+
+2003-03-01 Christoph Lechleitner <lech@ibcl.at>
+        Added -W option to read bindpasswd from file, 
+        e.g. from /etc/ldap.secret
+
+2003-03-01 Juerg Michel
+
+	Added support for ldap URI via the -H option
+
+Version 2.11
+
+2003-01-31 Henrik Nordstrom <hno@marasystems.com>
+
+	Packaged as a distribution, with Makefile, README
+	and INSTALL
+
+	Corrected the squid.conf examples in the manpage and
+	some spelling in the same
+
+	Separated the changelog/history to a separate
+	ChangeLog file (this file)
+
+2003-01-27 Henrik Nordstrom <hno@marasystems.com>
+
+	Cleaned up error messages shown when a nonexisting
+	user tries to log in
+
+Version 2.10
+
+2003-01-07 Jon Kinred
+
+	Fixed user search mode (-F/-u) when -g is not used
+
+Version 2.9
+
+2003-01-03 Henrik Nordstrom <hno@marasystems.com>
+
+	Fixed missing string termination on ldap_escape_vale,
+	and corrected build problem with LDAPv2 libraries
+
+Version 2.8
+
+2002-11-27 Henrik Nordstrom <hno@marasystems.com>
+
+	Replacement for ldap_build_filter. Also changed
+	the % codes to %u (user) and %g (group) which
+	is a bit more intuitive.
+
+2002-11-21 Gerard Eviston
+
+	Fix ldap_search_s error management. This fixes
+	a core dump if there is a LDAP search filter
+	syntax error (possibly caused by malformed input).
+
+Version 2.7
+
+2002-10-22: Henrik Nordstrom <hno@marasystems.com>
+
+	strwordtok bugfix
+
+Version 2.6
+
+2002-09-21: Gerard Eviston
+
+	-S option to strip NT domain names from
+	login names
+
+Version 2.5
+
+2002-09-09: Henrik Nordstrom <hno@marasystems.com>
+
+	Added support for user DN lookups
+	(-u -B -F options)
+
+Version 2.4
+
+2002-09-06: Henrik Nordstrom <hno@marasystems.com>
+
+	Many bugfixes in connection management
+
+	-g option added, and added support
+	for multiple groups. Prior versions
+	only supported one group and an optional
+	group base RDN
+
+Version 2.3
+
+2002-09-04: Henrik Nordstrom <hno@marasystems.com>
+
+	Minor cleanups
+
+Version 2.2
+
+2002-09-04: Henrik Nordstrom <hno@marasystems.com>
+
+	Merged changes from squid_ldap_auth.c
+	- TLS support (Michael Cunningham)
+	- -p option to specify port
+		
+	Documented the % codes to use in -f
+
+Version 2.1
+
+2002-08-21: Henrik Nordstrom <hno@marasystems.com>
+
+	Support groups or usernames having spaces
+
+Version 2.0
+
+2002-01-22: Henrik Nordstrom <hno@marasystems.com>
+
+	Added optional third query argument for search RDN
+
+2002-01-22: Henrik Nordstrom <hno@marasystems.com>
+
+	Removed unused options, and fully changed name
+	to squid_ldap_match.
+
+Version 1.0
+
+2001-07-17: Flavio Pescuma <flavio@marasystems.com>
+
+	Using the main function from squid_ldap_auth
+	wrote squid_ldap_match. This program replaces 
+	the %a and %v (ldapfilter.conf) from the filter 
+	template supplied with -f with the two arguments 
+	sent by squid. Returns OK if the ldap_search 
+	using the composed filter succeeds.
+
+Changes from squid_ldap_auth.c:
+
+2001-12-12: Michael Cunningham <m.cunningham@xpedite.com>
+
+	- Added TLS support and partial ldap version 3 support. 
+
+2001-09-05: Henrik Nordstrom <hno@squid-cache.org>
+
+	- Added ability to specify another default LDAP port to
+	  connect to. Persistent connections moved to -P
+
+2001-05-02: Henrik Nordstrom <hno@squid-cache.org>
+
+	- Support newer OpenLDAP 2.x libraries using the
+	  revised Internet Draft API which unfortunately
+	  is not backwards compatible with RFC1823..
+
+2001-04-15: Henrik Nordstrom <hno@squid-cache.org>
+
+	- Added command line option for basedn
+
+	- Added the ability to search for the user DN
+
+2001-04-16: Henrik Nordstrom <hno@squid-cache.org>
+
+	- Added -D binddn -w bindpasswd.
+
+2001-04-17: Henrik Nordstrom <hno@squid-cache.org>
+
+	- Added -R to disable referrals
+
+	- Added -a to control alias dereferencing
+
+2001-04-17: Henrik Nordstrom <hno@squid-cache.org>
+
+	- Added -u, DN username attribute name
+
+2001-04-18: Henrik Nordstrom <hno@squid-cache.org>
+
+	- Allow full filter specifications in -f
+
+-- END --
diff -rupN squid-2.5.STABLE4/helpers/external_acl/ldap_group/Makefile.in squid-2.5.STABLE5/helpers/external_acl/ldap_group/Makefile.in
--- squid-2.5.STABLE4/helpers/external_acl/ldap_group/Makefile.in	Tue Feb 11 19:02:43 2003
+++ squid-2.5.STABLE5/helpers/external_acl/ldap_group/Makefile.in	Wed Nov 19 17:43:41 2003
@@ -16,7 +16,7 @@
 #
 #  Makefile for the Squid LDAP authentication helper
 #
-#  $Id: Makefile.in,v 1.1.2.5 2003/02/12 02:02:43 hno Exp $
+#  $Id: Makefile.in,v 1.1.2.6 2003/11/20 00:43:41 hno Exp $
 #
 #  Uncomment and customize the following to suit your needs:
 #
@@ -155,7 +155,7 @@ DIST_SOURCES = $(squid_ldap_group_SOURCE
 
 NROFF = nroff
 MANS = $(man_MANS)
-DIST_COMMON = Makefile.am Makefile.in
+DIST_COMMON = README ChangeLog Makefile.am Makefile.in
 SOURCES = $(squid_ldap_group_SOURCES)
 
 all: all-am
diff -rupN squid-2.5.STABLE4/helpers/external_acl/ldap_group/README squid-2.5.STABLE5/helpers/external_acl/ldap_group/README
--- squid-2.5.STABLE4/helpers/external_acl/ldap_group/README	Wed Dec 31 17:00:00 1969
+++ squid-2.5.STABLE5/helpers/external_acl/ldap_group/README	Wed Nov 19 17:41:37 2003
@@ -0,0 +1,10 @@
+This program is a LDAP group helper for Squid.
+
+See the included manpage for documentation.
+
+  nroff -man squid_ldap_group.8 | less
+
+See INSTALL for installation instructions
+
+The latest version of this program can always be found from
+MARA Systems at http://marasystems.com/download/LDAP_Group/
diff -rupN squid-2.5.STABLE4/helpers/external_acl/ldap_group/squid_ldap_group.8 squid-2.5.STABLE5/helpers/external_acl/ldap_group/squid_ldap_group.8
--- squid-2.5.STABLE4/helpers/external_acl/ldap_group/squid_ldap_group.8	Wed Nov 27 16:42:22 2002
+++ squid-2.5.STABLE5/helpers/external_acl/ldap_group/squid_ldap_group.8	Wed Nov 19 17:41:37 2003
@@ -1,17 +1,17 @@
-.TH squid_ldap_group 8 "7 September 2002" "Squid LDAP Match"
+.TH squid_ldap_group 8 "1 Mars 2003" "Squid LDAP Group"
 .
 .SH NAME
 squid_ldap_group - Squid LDAP external acl group helper
 .
 .SH SYNOPSIS
-squid_ldap_group -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...]
+squid_ldap_group -b "base DN" -f "LDAP search filter" [options] [ldap_server_name[:port]...|URI]
 .
 .SH DESCRIPTION
 This helper allows Squid to connect to a LDAP directory to
 authorize users via LDAP groups.
 .P
 The program operates by searching with a search filter based
-on the users login name and requested group, and if a match
+on the users user name and requested group, and if a match
 is found it is determined that the user belongs to the group.
 .
 .TP
@@ -25,7 +25,7 @@ Specifies the base DN under which the us
 .TP
 .B "-g"
 Specifies that the first query argument sent to the helper by Squid is
-a extension to the basedn and will be temporarily added infront of the
+a extension to the basedn and will be temporarily added in front of the
 global basedn for this query.
 .
 .TP
@@ -33,7 +33,7 @@ global basedn for this query.
 LDAP search filter used to search the LDAP directory for any
 matching group memberships.
 .BR
-In the filter %u will be replaced by the user login name (or DN if
+In the filter %u will be replaced by the user name (or DN if
 the -F or -u options are used) and %g by the requested group name.
 .
 .TP
@@ -41,13 +41,13 @@ the -F or -u options are used) and %g by
 LDAP search filter used to search the LDAP directory for any
 matching users.
 .BR
-In the filter %s will be replaced by the user login name. If % is to be
+In the filter %s will be replaced by the user name. If % is to be
 included literally in the filter then use %%.
 .
 .TP
 .BI "-u " attr
-LDAP attribute used to construct the user DN from the login name and
-base dn.
+LDAP attribute used to construct the user DN from the user name and
+base dn without needing to search for the user.
 .
 .TP
 .BI "-s " base|one|sub
@@ -72,10 +72,20 @@ in case someone could get hold of a copy
 extracts the password used from a process listing.
 .
 .TP
+.BI "-D " "binddn " "-W " "secretfile "
+The DN and the name of a file containing the password
+to bind as while performing searches. 
+.IP
+Less insecure version of the former parameter pair with two advantages:
+The password does not occur in the process listing, 
+and the password is not being compromised if someone gets the squid 
+configuration file without getting the secretfile.
+.
+.TP
 .BI -P
 Use a persistent LDAP connection. Normally the LDAP connection
-is only open while validating a username to preserve resources
-at the LDAP server. This option causes the LDAP connection to
+is only open while verifying a users group membership to preserve
+resources at the LDAP server. This option causes the LDAP connection to
 be kept open, allowing it to be reused for further user
 validations. Recommended for larger installations.
 .
@@ -97,6 +107,10 @@ or only to
 the base object
 .
 .TP
+.BI -H " ldapuri"
+Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries)
+.
+.TP
 .BI -h " ldapserver"
 Specify the LDAP server to connect to
 .TP
@@ -105,8 +119,24 @@ Specify an alternate TCP port where the 
 other than the default LDAP port 389.
 .
 .TP
+.BI -Z
+Use TLS encryption
+.
+.TP
+.BI -E certpath
+Enable LDAP over SSL (requires Netscape LDAP API libraries)
+.
+.TP
+.BI -c connect_timeout
+Specify timeout used when connecting to LDAP servers (requires
+Netscape LDAP API libraries)
+.TP
+.BI -t search_timeout
+Specify time limit on LDAP search operations
+.
+.TP
 .BI -S
-Strip NT domain name component from usernames (/ or \\ separated)
+Strip NT domain name component from user names (/ or \\ separated)
 .
 .SH SQUID CONFIGURATION
 .
@@ -117,15 +147,15 @@ squid.conf.
 .nf
 external_acl_type ldap_group %LOGIN /path/to/squid_ldap_group ...
 .br
-acl group1 ldap_group Group1
+acl group1 external ldap_group Group1
 .br
-acl group2 ldap_gorup Group2
+acl group2 external ldap_group Group2
 .fi
 .ft
 .
 .SH NOTES
 .
-When constructing search filters it is strongly recommended to test the filter
+When constructing search filters it is recommended to first test the filter
 using ldapsearch before you attempt to use squid_ldap_group. This to verify
 that the filter matches what you expect.
 .
@@ -141,7 +171,7 @@ based on prior work in squid_ldap_auth b
 .I Glen Newton <glen.newton@nrc.ca>
 .
 .SH KNOWN LIMITATIONS
-Max 16 occurances of %s in the -u argument is supported.
+Max 16 occurrences of %s in the -u argument is supported.
 .
 .SH QUESTIONS
 Any questions on usage can be sent to 
diff -rupN squid-2.5.STABLE4/helpers/external_acl/ldap_group/squid_ldap_group.c squid-2.5.STABLE5/helpers/external_acl/ldap_group/squid_ldap_group.c
--- squid-2.5.STABLE4/helpers/external_acl/ldap_group/squid_ldap_group.c	Sat Jan 11 06:07:08 2003
+++ squid-2.5.STABLE5/helpers/external_acl/ldap_group/squid_ldap_group.c	Mon Feb  9 10:04:56 2004
@@ -13,8 +13,7 @@
  *  Henrik Nordstrom <hno@marasystems.com>
  *  MARA Systems AB, Sweden <http://www.marasystems.com>
  *
- * With contributions from others mentioned in the change histor section
- * below.
+ * With contributions from others mentioned in the ChangeLog file
  *
  * In part based on squid_ldap_auth by Glen Newton and Henrik Nordstrom.
  *
@@ -32,93 +31,6 @@
  * and/or modify it under the terms of the GNU General Public License 
  * as published by the Free Software Foundation; either version 2, 
  * or (at your option) any later version.
- *
- * History:
- *
- * Version 2.10
- * 2003-01-07 Jon Kinred
- *		Fixed user search mode (-F/-u) when -g is not used
- * Version 2.9
- * 2003-01-03 Henrik Nordstrom <hno@marasystems.com>
- *		Fixed missing string termination on ldap_escape_vale,
- *		and corrected build problem with LDAPv2 libraries
- * Version 2.8
- * 2002-11-27 Henrik Nordstrom <hno@marasystems.com>
- * 		Replacement for ldap_build_filter. Also changed
- * 		the % codes to %u (user) and %g (group) which
- * 		is a bit more intuitive.
- * 2002-11-21 Gerard Eviston
- * 		Fix ldap_search_s error management. This fixes
- * 		a core dump if there is a LDAP search filter
- * 		syntax error (possibly caused by malformed input).
- * Version 2.7
- * 2002-10-22: Henrik Nordstrom <hno@marasystems.com>
- * 		strwordtok bugfix
- * Version 2.6
- * 2002-09-21: Gerard Eviston
- * 		-S option to strip NT domain names from
- * 		login names
- * Version 2.5
- * 2002-09-09: Henrik Nordstrom <hno@marasystems.com>
- * 		Added support for user DN lookups
- * 		(-u -B -F options)
- * Version 2.4
- * 2002-09-06: Henrik Nordstrom <hno@marasystems.com>
- * 		Many bugfixes in connection management
- * 		-g option added, and added support
- * 		for multiple groups. Prior versions
- * 		only supported one group and an optional
- * 		group base RDN
- * Version 2.3
- * 2002-09-04: Henrik Nordstrom <hno@marasystems.com>
- *              Minor cleanups
- * Version 2.2
- * 2002-09-04: Henrik Nordstrom <hno@marasystems.com>
- *              Merged changes from squid_ldap_auth.c
- *              - TLS support (Michael Cunningham)
- *              - -p option to specify port
- *              Documented the % codes to use in -f
- * Version 2.1
- * 2002-08-21: Henrik Nordstrom <hno@marasystems.com>
- *              Support groups or usernames having spaces
- * Version 2.0
- * 2002-01-22: Henrik Nordstrom <hno@marasystems.com>
- *              Added optional third query argument for search RDN
- * 2002-01-22: Henrik Nordstrom <hno@marasystems.com>
- *              Removed unused options, and fully changed name
- *              to squid_ldap_group.
- * Version 1.0
- * 2001-07-17: Flavio Pescuma <flavio@marasystems.com>
- *              Using the main function from squid_ldap_auth
- *              wrote squid_ldap_group. This program replaces 
- *              the %a and %v (ldapfilter.conf) from the filter 
- *              template supplied with -f with the two arguments 
- *              sent by squid. Returns OK if the ldap_search 
- *              using the composed filter succeeds.
- *
- * Changes from squid_ldap_auth.c:
- *
- * 2001-12-12: Michael Cunningham <m.cunningham@xpedite.com>
- *             - Added TLS support and partial ldap version 3 support. 
- * 2001-09-05: Henrik Nordstrom <hno@squid-cache.org>
- *             - Added ability to specify another default LDAP port to
- *               connect to. Persistent connections moved to -P
- * 2001-05-02: Henrik Nordstrom <hno@squid-cache.org>
- *             - Support newer OpenLDAP 2.x libraries using the
- *               revised Internet Draft API which unfortunately
- *               is not backwards compatible with RFC1823..
- * 2001-04-15: Henrik Nordstrom <hno@squid-cache.org>
- *             - Added command line option for basedn
- *             - Added the ability to search for the user DN
- * 2001-04-16: Henrik Nordstrom <hno@squid-cache.org>
- *             - Added -D binddn -w bindpasswd.
- * 2001-04-17: Henrik Nordstrom <hno@squid-cache.org>
- *             - Added -R to disable referrals
- *             - Added -a to control alias dereferencing
- * 2001-04-17: Henrik Nordstrom <hno@squid-cache.org>
- *             - Added -u, DN username attribute name
- * 2001-04-18: Henrik Nordstrom <hno@squid-cache.org>
- *             - Allow full filter specifications in -f
  */
 
 #include <stdio.h>
@@ -126,8 +38,10 @@
 #include <stdlib.h>
 #include <ctype.h>
 #include <lber.h>
-#include <ldap_cdefs.h>
 #include <ldap.h>
+#if defined(LDAP_OPT_NETWORK_TIMEOUT)
+#include <sys/time.h>
+#endif
 
 #define PROGRAM_NAME "squid_ldap_group"
 
@@ -145,6 +59,12 @@ static int persistent = 0;
 static int noreferrals = 0;
 static int debug = 0;
 static int aliasderef = LDAP_DEREF_NEVER;
+#if defined(NETSCAPE_SSL)
+static char *sslpath = NULL;
+static int sslinit = 0;
+#endif
+static int connect_timeout = 0;
+static int timelimit = LDAP_NO_LIMIT;
 
 #ifdef LDAP_VERSION3
 /* Added for TLS support and version 3 */
@@ -154,6 +74,8 @@ static int version = -1;
 
 static int searchLDAP(LDAP * ld, char *group, char *user, char *extension_dn);
 
+static int readSecret(char *filename);
+
 /* Yuck.. we need to glue to different versions of the API */
 
 #if defined(LDAP_API_VERSION) && LDAP_API_VERSION > 1823
@@ -175,6 +97,24 @@ squid_ldap_set_referrals(LDAP * ld, int 
     int *value = referrals ? LDAP_OPT_ON : LDAP_OPT_OFF;
     ldap_set_option(ld, LDAP_OPT_REFERRALS, value);
 }
+static void
+squid_ldap_set_timelimit(LDAP *ld, int timelimit)
+{
+    ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
+}
+static void
+squid_ldap_set_connect_timeout(LDAP *ld, int timelimit)
+{
+#if defined(LDAP_OPT_NETWORK_TIMEOUT)
+    struct timeval tv;
+    tv.tv_sec = timelimit;
+    tv.tv_usec = 0;
+    ldap_set_option(ld, LDAP_OPT_NETWORK_TIMEOUT, &tv);
+#elif defined(LDAP_X_OPT_CONNECT_TIMEOUT)
+    timelimit *= 1000;
+    ldap_set_option(ld, LDAP_X_OPT_CONNECT_TIMEOUT, &timelimit);
+#endif
+}
 static void 
 squid_ldap_memfree(char *p)
 {
@@ -199,6 +139,16 @@ squid_ldap_set_referrals(LDAP * ld, int 
     else
 	ld->ld_options &= ~LDAP_OPT_REFERRALS;
 }
+static void
+squid_ldap_set_timelimit(LDAP *ld, int timelimit)
+{
+    ld->ld_timelimit = timelimit;
+}
+static void
+squid_ldap_set_connect_timeout(LDAP *ld, int timelimit)
+{
+    fprintf(stderr, "Connect timeouts not supported in your LDAP library\n");
+}
 static void 
 squid_ldap_memfree(char *p)
 {
@@ -206,6 +156,12 @@ squid_ldap_memfree(char *p)
 }
 #endif
 
+#ifdef LDAP_API_FEATURE_X_OPENLDAP
+  #if LDAP_VENDOR_VERSION > 194
+    #define HAS_URI_SUPPORT 1
+  #endif
+#endif
+
 static char *
 strwordtok(char *buf, char **t)
 {
@@ -254,7 +210,7 @@ strwordtok(char *buf, char **t)
 int
 main(int argc, char **argv)
 {
-    char buf[256];
+    char buf[8192];
     char *user, *group, *extension_dn = NULL;
     char *ldapServer = NULL;
     LDAP *ld = NULL;
@@ -290,6 +246,12 @@ main(int argc, char **argv)
 	argv++;
 	argc--;
 	switch (option) {
+	case 'H':
+#if !HAS_URI_SUPPORT
+	    fprintf(stderr, "ERROR: Your LDAP library does not have URI support\n");
+	    exit(1);
+#endif
+	    /* Fall thru to -h */
 	case 'h':
 	    if (ldapServer) {
 		int len = strlen(ldapServer) + 1 + strlen(value) + 1;
@@ -301,7 +263,6 @@ main(int argc, char **argv)
 		ldapServer = strdup(value);
 	    }
 	    break;
-
 	case 'b':
 	    basedn = value;
 	    break;
@@ -329,6 +290,22 @@ main(int argc, char **argv)
 		exit(1);
 	    }
 	    break;
+	case 'E':
+#if defined(NETSCAPE_SSL)
+	    sslpath = value;
+	    if (port == LDAP_PORT)
+		port = LDAPS_PORT;
+#else
+	    fprintf(stderr, PROGRAM_NAME " ERROR: -E unsupported with this LDAP library\n");
+	    exit(1);
+#endif
+	    break;
+	case 'c':
+	    connect_timeout = atoi(value);
+	    break;
+	case 't':
+	    timelimit = atoi(value);
+	    break;
 	case 'a':
 	    if (strcmp(value, "never") == 0)
 		aliasderef = LDAP_DEREF_NEVER;
@@ -349,6 +326,9 @@ main(int argc, char **argv)
 	case 'w':
 	    bindpasswd = value;
 	    break;
+	case 'W':
+	    readSecret (value);
+	    break;
 	case 'P':
 	    persistent = !persistent;
 	    break;
@@ -424,17 +404,28 @@ main(int argc, char **argv)
 	fprintf(stderr, "\t-s base|one|sub\t\tsearch scope\n");
 	fprintf(stderr, "\t-D binddn\t\tDN to bind as to perform searches\n");
 	fprintf(stderr, "\t-w bindpasswd\t\tpassword for binddn\n");
+	fprintf(stderr, "\t-W secretfile\t\tread password for binddn from file secretfile\n");
+#if HAS_URI_SUPPORT
+	fprintf(stderr, "\t-H URI\t\t\tLDAPURI (defaults to ldap://localhost)\n");
+#endif
 	fprintf(stderr, "\t-h server\t\tLDAP server (defaults to localhost)\n");
 	fprintf(stderr, "\t-p port\t\t\tLDAP server port (defaults to %d)\n", LDAP_PORT);
 	fprintf(stderr, "\t-P\t\t\tpersistent LDAP connection\n");
+#if defined(NETSCAPE_SSL)
+	fprintf(stderr, "\t-E sslcertpath\t\tenable LDAP over SSL\n");
+#endif
+	fprintf(stderr, "\t-c timeout\t\tconnect timeout\n");
+	fprintf(stderr, "\t-t timelimit\t\tsearch time limit\n");
 	fprintf(stderr, "\t-R\t\t\tdo not follow referrals\n");
 	fprintf(stderr, "\t-a never|always|search|find\n\t\t\t\twhen to dereference aliases\n");
-	fprintf(stderr, "\t-v 1|2\t\t\tLDAP version\n");
+#ifdef LDAP_VERSION3
+	fprintf(stderr, "\t-v 2|3\t\t\tLDAP version\n");
 	fprintf(stderr, "\t-Z\t\t\tTLS encrypt the LDAP connection, requires\n\t\t\t\tLDAP version 3\n");
+#endif
 	fprintf(stderr, "\t-g\t\t\tfirst query parameter is base DN extension\n\t\t\t\tfor this query\n");
 	fprintf(stderr, "\t-S\t\t\tStrip NT domain from usernames\n");
 	fprintf(stderr, "\n");
-	fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd options\n\n");
+	fprintf(stderr, "\tIf you need to bind as a user to perform searches then use the\n\t-D binddn -w bindpasswd or -D binddn -W secretfile options\n\n");
 	exit(1);
     }
     while (fgets(buf, 256, stdin) != NULL) {
@@ -455,11 +446,39 @@ main(int argc, char **argv)
 
 	  recover:
 	    if (ld == NULL) {
+#if HAS_URI_SUPPORT
+	    	if (strstr(ldapServer, "://") != NULL) {
+		    rc = ldap_initialize( &ld, ldapServer );
+		    if( rc != LDAP_SUCCESS ) {
+			fprintf(stderr, "\nUnable to connect to LDAPURI:%s\n", ldapServer);
+			break;
+		    }
+	    	} else
+#endif
+#if NETSCAPE_SSL
+		if (sslpath) {
+		    if ( !sslinit && (ldapssl_client_init(sslpath, NULL) != LDAP_SUCCESS)) {
+			fprintf(stderr, "\nUnable to initialise SSL with cert path %s\n",
+				sslpath);
+			exit(1);
+		    } else {
+			sslinit++;
+		    }
+		    if ((ld = ldapssl_init(ldapServer, port, 1)) == NULL) {
+			fprintf(stderr, "\nUnable to connect to SSL LDAP server: %s port:%d\n",
+				ldapServer, port);
+			exit(1);
+		    }
+		} else
+#endif
 		if ((ld = ldap_init(ldapServer, port)) == NULL) {
-		    fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n",
-			ldapServer, port);
+		    fprintf(stderr, "\nUnable to connect to LDAP server:%s port:%d\n",ldapServer, port);
 		    break;
 		}
+
+		if (connect_timeout)
+		    squid_ldap_set_connect_timeout(ld, connect_timeout);
+
 #ifdef LDAP_VERSION3
 		if (version == -1) {
 		    version = LDAP_VERSION2;
@@ -472,13 +491,14 @@ main(int argc, char **argv)
 		    ld = NULL;
 		    break;
 		}
-		if (use_tls && (version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) == LDAP_SUCCESS)) {
+		if (use_tls && (version == LDAP_VERSION3) && (ldap_start_tls_s(ld, NULL, NULL) != LDAP_SUCCESS)) {
 		    fprintf(stderr, "Could not Activate TLS connection\n");
 		    ldap_unbind(ld);
 		    ld = NULL;
 		    break;
 		}
 #endif
+		squid_ldap_set_timelimit(ld, timelimit);
 		squid_ldap_set_referrals(ld, !noreferrals);
 		squid_ldap_set_aliasderef(ld, aliasderef);
 		if (binddn && bindpasswd && *binddn && *bindpasswd) {
@@ -622,7 +642,7 @@ searchLDAPGroup(LDAP * ld, char *group, 
     }
 
     if (debug)
-	fprintf(stderr, "filter %s\n", filter);
+	fprintf(stderr, "group filter '%s', searchbase '%s'\n", filter, searchbase);
 
     rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 1, &res);
     if (rc != LDAP_SUCCESS) {
@@ -632,6 +652,12 @@ searchLDAPGroup(LDAP * ld, char *group, 
 	     */
 	} else {
 	    fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
+#if defined(NETSCAPE_SSL)
+	    if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) {
+		int sslerr = PORT_GetError();
+		fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr));
+	    }
+#endif
 	    ldap_msgfree(res);
 	    return 1;
 	}
@@ -664,7 +690,7 @@ searchLDAP(LDAP *ld, char *group, char *
 	ldap_escape_value(escaped_login, sizeof(escaped_login), login);
 	snprintf(filter, sizeof(filter), usersearchfilter, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login, escaped_login);
 	if (debug)
-	    fprintf(stderr, "user filter %s\n", filter);
+	    fprintf(stderr, "user filter '%s', searchbase '%s'\n", filter, searchbase);
 	rc = ldap_search_s(ld, searchbase, searchscope, filter, NULL, 1, &res);
 	if (rc != LDAP_SUCCESS) {
 	    if (noreferrals && rc == LDAP_PARTIAL_RESULTS) {
@@ -673,13 +699,19 @@ searchLDAP(LDAP *ld, char *group, char *
 		 */
 	    } else {
 		fprintf(stderr, PROGRAM_NAME " WARNING, LDAP search error '%s'\n", ldap_err2string(rc));
+#if defined(NETSCAPE_SSL)
+		if (sslpath && ((rc == LDAP_SERVER_DOWN) || (rc == LDAP_CONNECT_ERROR))) {
+		    int sslerr = PORT_GetError();
+		    fprintf(stderr, PROGRAM_NAME ": WARNING, SSL error %d (%s)\n", sslerr, ldapssl_err2string(sslerr));
+		}
+#endif
 		ldap_msgfree(res);
 		return 1;
 	    }
 	}
 	entry = ldap_first_entry(ld, res);
 	if (!entry) {
-	    fprintf(stderr, PROGRAM_NAME " WARNING, User '%s' not found\n", filter);
+	    fprintf(stderr, PROGRAM_NAME " WARNING, User '%s' not found in '%s'\n", login, searchbase);
 	    ldap_msgfree(res);
 	    return 1;
 	}
@@ -698,4 +730,38 @@ searchLDAP(LDAP *ld, char *group, char *
     } else {
 	return searchLDAPGroup(ld, group, login, extension_dn);
     }
+}
+
+
+int readSecret(char *filename)
+{
+  char  buf[BUFSIZ];
+  char  *e=0;
+  FILE  *f;
+
+  if(!(f=fopen(filename, "r"))) {
+    fprintf(stderr, PROGRAM_NAME " ERROR: Can not read secret file %s\n", filename);
+    return 1;
+  }
+
+  if( !fgets(buf, sizeof(buf)-1, f)) {
+    fprintf(stderr, PROGRAM_NAME " ERROR: Secret file %s is empty\n", filename);
+    fclose(f);
+    return 1;
+  }
+
+  /* strip whitespaces on end */
+  if((e = strrchr(buf, '\n'))) *e = 0;
+  if((e = strrchr(buf, '\r'))) *e = 0;
+
+  bindpasswd = (char *) calloc(sizeof(char), strlen(buf)+1);
+  if (bindpasswd) {
+    strcpy(bindpasswd, buf);
+  } else {
+    fprintf(stderr, PROGRAM_NAME " ERROR: can not allocate memory\n"); 
+  }
+
+  fclose(f);
+
+  return 0;
 }
diff -rupN squid-2.5.STABLE4/helpers/external_acl/wbinfo_group/wbinfo_group.pl squid-2.5.STABLE5/helpers/external_acl/wbinfo_group/wbinfo_group.pl
--- squid-2.5.STABLE4/helpers/external_acl/wbinfo_group/wbinfo_group.pl	Fri Jul 12 02:33:14 2002
+++ squid-2.5.STABLE5/helpers/external_acl/wbinfo_group/wbinfo_group.pl	Tue Feb 17 15:37:51 2004
@@ -34,7 +34,7 @@ sub check {
         local($user, $group) = @_;
         $groupSID = `wbinfo -n "$group"`;
         chop  $groupSID;
-        $groupGID = `wbinfo -Y $groupSID`;
+        $groupGID = `wbinfo -Y "$groupSID"`;
         chop $groupGID;
         &debug( "User:  -$user-\nGroup: -$group-\nSID:   -$groupSID-\nGID:   -$groupGID-");
         return 'OK' if(`wbinfo -r \Q$user\E` =~ /^$groupGID$/m);
diff -rupN squid-2.5.STABLE4/helpers/ntlm_auth/SMB/smbval/rfcnb-util.c squid-2.5.STABLE5/helpers/ntlm_auth/SMB/smbval/rfcnb-util.c
--- squid-2.5.STABLE4/helpers/ntlm_auth/SMB/smbval/rfcnb-util.c	Sun Jan  7 16:36:49 2001
+++ squid-2.5.STABLE5/helpers/ntlm_auth/SMB/smbval/rfcnb-util.c	Tue Feb 17 16:09:56 2004
@@ -24,7 +24,6 @@
  */
 
 #include <string.h>
-#include <malloc.h>
 
 #include "std-includes.h"
 #include "rfcnb-priv.h"
diff -rupN squid-2.5.STABLE4/helpers/ntlm_auth/SMB/smbval/session.c squid-2.5.STABLE5/helpers/ntlm_auth/SMB/smbval/session.c
--- squid-2.5.STABLE4/helpers/ntlm_auth/SMB/smbval/session.c	Tue Oct 30 14:43:13 2001
+++ squid-2.5.STABLE5/helpers/ntlm_auth/SMB/smbval/session.c	Tue Feb 17 16:09:56 2004
@@ -23,7 +23,6 @@
  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */
 
-#include <malloc.h>
 #include <string.h>
 #include <stdlib.h>
 
diff -rupN squid-2.5.STABLE4/helpers/ntlm_auth/SMB/smbval/smblib-util.c squid-2.5.STABLE5/helpers/ntlm_auth/SMB/smbval/smblib-util.c
--- squid-2.5.STABLE4/helpers/ntlm_auth/SMB/smbval/smblib-util.c	Sun Jan  7 16:36:50 2001
+++ squid-2.5.STABLE5/helpers/ntlm_auth/SMB/smbval/smblib-util.c	Tue Feb 17 16:09:56 2004
@@ -24,7 +24,6 @@
  */
 
 #include "smblib-priv.h"
-#include <malloc.h>
 #include <string.h>
 
 #include "rfcnb.h"
diff -rupN squid-2.5.STABLE4/helpers/ntlm_auth/SMB/smbval/smblib.c squid-2.5.STABLE5/helpers/ntlm_auth/SMB/smbval/smblib.c
--- squid-2.5.STABLE4/helpers/ntlm_auth/SMB/smbval/smblib.c	Wed Nov 28 01:02:00 2001
+++ squid-2.5.STABLE5/helpers/ntlm_auth/SMB/smbval/smblib.c	Tue Feb 17 16:09:56 2004
@@ -25,7 +25,6 @@
  */
 
 #include "config.h"
-#include <malloc.h>
 #include <ctype.h>
 #include <string.h>
 
diff -rupN squid-2.5.STABLE4/include/rfc1035.h squid-2.5.STABLE5/include/rfc1035.h
--- squid-2.5.STABLE4/include/rfc1035.h	Mon Oct  8 10:18:31 2001
+++ squid-2.5.STABLE5/include/rfc1035.h	Wed Dec 17 18:04:22 2003
@@ -1,5 +1,5 @@
 /*
- * $Id: rfc1035.h,v 1.6 2001/10/08 16:18:31 hno Exp $
+ * $Id: rfc1035.h,v 1.6.2.1 2003/12/18 01:04:22 robertc Exp $
  *
  * AUTHOR: Duane Wessels
  *
@@ -46,7 +46,7 @@
 #endif
 
 /* rfc1035 - DNS */
-#define RFC1035_MAXHOSTNAMESZ 128
+#define RFC1035_MAXHOSTNAMESZ 250
 typedef struct _rfc1035_rr rfc1035_rr;
 struct _rfc1035_rr {
     char name[RFC1035_MAXHOSTNAMESZ];
diff -rupN squid-2.5.STABLE4/include/version.h squid-2.5.STABLE5/include/version.h
--- squid-2.5.STABLE4/include/version.h	Sun Sep 14 18:37:04 2003
+++ squid-2.5.STABLE5/include/version.h	Sun Feb 29 15:30:21 2004
@@ -9,5 +9,5 @@
  */
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1063586207
+#define SQUID_RELEASE_TIME 1078093818
 #endif
diff -rupN squid-2.5.STABLE4/lib/rfc1738.c squid-2.5.STABLE5/lib/rfc1738.c
--- squid-2.5.STABLE4/lib/rfc1738.c	Wed Jun 18 17:53:34 2003
+++ squid-2.5.STABLE5/lib/rfc1738.c	Thu Dec 18 23:11:20 2003
@@ -1,5 +1,5 @@
 /*
- * $Id: rfc1738.c,v 1.23.2.1 2003/06/18 23:53:34 hno Exp $
+ * $Id: rfc1738.c,v 1.23.2.2 2003/12/19 06:11:20 wessels Exp $
  *
  * DEBUG: 
  * AUTHOR: Harvest Derived
@@ -195,6 +195,10 @@ rfc1738_unescape(char *s)
 	    continue;
 	}
 	if (s[j + 1] && s[j + 2]) {
+	    if (s[j + 1] == '0' && s[j + 2] == '0') {	/* %00 case */
+		j += 2;
+		continue;
+	    }
 	    hexnum[0] = s[j + 1];
 	    hexnum[1] = s[j + 2];
 	    hexnum[2] = '\0';
diff -rupN squid-2.5.STABLE4/lib/rfc2617.c squid-2.5.STABLE5/lib/rfc2617.c
--- squid-2.5.STABLE4/lib/rfc2617.c	Wed Oct 17 07:30:50 2001
+++ squid-2.5.STABLE5/lib/rfc2617.c	Tue Sep 23 10:05:41 2003
@@ -13,7 +13,7 @@
 
 
 /*
- * $Id: rfc2617.c,v 1.5 2001/10/17 13:30:50 hno Exp $
+ * $Id: rfc2617.c,v 1.5.2.1 2003/09/23 16:05:41 hno Exp $
  *
  * DEBUG:
  * AUTHOR: RFC 2617 & Robert Collins
@@ -79,11 +79,16 @@ CvtBin(const HASHHEX Hex, HASH Bin)
     unsigned char j;
 
     for (i = 0; i < HASHHEXLEN; i++) {
+	unsigned char n;
 	j = Hex[i];
 	if (('0' <= j) && (j <= '9'))
-	    Bin[i / 2] |= ((j - '0') << ((i % 2 == 0) ? 4 : 0));
+	    n = j - '0';
 	else
-	    Bin[i / 2] |= ((j - 'a' + 10) << ((i % 2 == 0) ? 4 : 0));
+	    n = j - 'a' + 10;
+	if (i % 2 == 0)
+	    Bin[i / 2] = n << 4;
+	else
+	    Bin[i / 2] |= n;
     }
     Bin[HASHLEN] = '\0';
 }
diff -rupN squid-2.5.STABLE4/lib/splay.c squid-2.5.STABLE5/lib/splay.c
--- squid-2.5.STABLE4/lib/splay.c	Sun Oct  3 23:04:52 1999
+++ squid-2.5.STABLE5/lib/splay.c	Thu Jan 15 00:38:35 2004
@@ -1,5 +1,5 @@
 /*
- * $Id: splay.c,v 1.12 1999/10/04 05:04:52 wessels Exp $
+ * $Id: splay.c,v 1.12.4.1 2004/01/15 07:38:35 hno Exp $
  */
 
 #include "config.h"
@@ -53,8 +53,10 @@ splay_splay(const void *data, splayNode 
     splayNode *l;
     splayNode *r;
     splayNode *y;
-    if (top == NULL)
+    if (top == NULL) {
+	splayLastResult = -1;
 	return top;
+    }
     N.left = N.right = NULL;
     l = r = &N;
 
diff -rupN squid-2.5.STABLE4/src/HttpMsg.c squid-2.5.STABLE5/src/HttpMsg.c
--- squid-2.5.STABLE4/src/HttpMsg.c	Thu Jan 11 17:37:14 2001
+++ squid-2.5.STABLE5/src/HttpMsg.c	Mon Jan 19 10:46:40 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpMsg.c,v 1.10 2001/01/12 00:37:14 wessels Exp $
+ * $Id: HttpMsg.c,v 1.10.2.2 2004/01/19 17:46:40 hno Exp $
  *
  * DEBUG: section 74    HTTP Message
  * AUTHOR: Alex Rousskov
@@ -91,6 +91,7 @@ httpMsgIsolateHeaders(const char **parse
 int
 httpMsgIsPersistent(http_version_t http_ver, const HttpHeader * hdr)
 {
+#if WHEN_SQUID_IS_HTTP1_1
     if ((http_ver.major >= 1) && (http_ver.minor >= 1)) {
 	/*
 	 * for modern versions of HTTP: persistent unless there is
@@ -98,6 +99,9 @@ httpMsgIsPersistent(http_version_t http_
 	 */
 	return !httpHeaderHasConnDir(hdr, "close");
     } else {
+#else
+    {
+#endif
 	/*
 	 * Persistent connections in Netscape 3.x are allegedly broken,
 	 * return false if it is a browser connection.  If there is a
diff -rupN squid-2.5.STABLE4/src/acl.c squid-2.5.STABLE5/src/acl.c
--- squid-2.5.STABLE4/src/acl.c	Mon May 12 01:24:37 2003
+++ squid-2.5.STABLE5/src/acl.c	Fri Feb 27 09:36:35 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.c,v 1.270.2.17 2003/05/12 07:24:37 hno Exp $
+ * $Id: acl.c,v 1.270.2.27 2004/02/27 16:36:35 wessels Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -178,6 +178,8 @@ aclStrToType(const char *s)
 	return ACL_MAX_USER_IP;
     if (!strcmp(s, "external"))
 	return ACL_EXTERNAL;
+    if (!strcmp(s, "urllogin"))
+	return ACL_URLLOGIN;
     return ACL_NONE;
 }
 
@@ -252,6 +254,8 @@ aclTypeToStr(squid_acl type)
 	return "max_user_ip";
     if (type == ACL_EXTERNAL)
 	return "external";
+    if (type == ACL_URLLOGIN)
+	return "urllogin";
     return "ERROR";
 }
 
@@ -622,25 +626,28 @@ aclParseUserList(void **current)
     splayNode *Top = NULL;
 
     debug(28, 2) ("aclParseUserList: parsing user list\n");
+    t = strtokFile();
+    if (!t) {
+	debug(28, 2) ("aclParseUserList: No data defined\n");
+	return;
+    }
+    debug(28, 5) ("aclParseUserList: First token is %s\n", t);
     if (*current == NULL) {
 	debug(28, 3) ("aclParseUserList: current is null. Creating\n");
 	*current = memAllocate(MEM_ACL_USER_DATA);
     }
     data = *current;
     Top = data->names;
-    if ((t = strtokFile())) {
-	debug(28, 5) ("aclParseUserList: First token is %s\n", t);
-	if (strcmp("-i", t) == 0) {
-	    debug(28, 5) ("aclParseUserList: Going case-insensitive\n");
-	    data->flags.case_insensitive = 1;
-	} else if (strcmp("REQUIRED", t) == 0) {
-	    debug(28, 5) ("aclParseUserList: REQUIRED-type enabled\n");
-	    data->flags.required = 1;
-	} else {
-	    if (data->flags.case_insensitive)
-		Tolower(t);
-	    Top = splay_insert(xstrdup(t), Top, (SPLAYCMP *) strcmp);
-	}
+    if (strcmp("-i", t) == 0) {
+	debug(28, 5) ("aclParseUserList: Going case-insensitive\n");
+	data->flags.case_insensitive = 1;
+    } else if (strcmp("REQUIRED", t) == 0) {
+	debug(28, 5) ("aclParseUserList: REQUIRED-type enabled\n");
+	data->flags.required = 1;
+    } else {
+	if (data->flags.case_insensitive)
+	    Tolower(t);
+	Top = splay_insert(xstrdup(t), Top, (SPLAYCMP *) strcmp);
     }
     debug(28, 3) ("aclParseUserList: Case-insensitive-switch is %d\n",
 	data->flags.case_insensitive);
@@ -737,6 +744,7 @@ aclParseAclLine(acl ** head)
 	aclParseTimeSpec(&A->data);
 	break;
     case ACL_URL_REGEX:
+    case ACL_URLLOGIN:
     case ACL_URLPATH_REGEX:
     case ACL_BROWSER:
     case ACL_REFERER_REGEX:
@@ -1413,12 +1421,16 @@ aclAuthenticated(aclCheck_t * checklist)
 #endif
     }
     /* get authed here */
-    /* Note: this fills in checklist->auth_user_request when applicable */
+    /* Note: this fills in checklist->auth_user_request when applicable (auth incomplete) */
     switch (authenticateTryToAuthenticateAndSetAuthUser(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) {
     case AUTH_ACL_CANNOT_AUTHENTICATE:
 	debug(28, 4) ("aclMatchAcl: returning  0 user authenticated but not authorised.\n");
 	return 0;
     case AUTH_AUTHENTICATED:
+	if (checklist->auth_user_request) {
+	    authenticateAuthUserRequestUnlock(checklist->auth_user_request);
+	    checklist->auth_user_request = NULL;
+	}
 	return 1;
 	break;
     case AUTH_ACL_HELPER:
@@ -1464,6 +1476,7 @@ aclMatchAcl(acl * ae, aclCheck_t * check
     case ACL_URLPATH_REGEX:
     case ACL_URL_PORT:
     case ACL_URL_REGEX:
+    case ACL_URLLOGIN:
 	/* These ACL types require checklist->request */
 	if (NULL == r) {
 	    debug(28, 1) ("WARNING: '%s' ACL is used but there is no"
@@ -1567,6 +1580,12 @@ aclMatchAcl(acl * ae, aclCheck_t * check
 	k = aclMatchRegex(ae->data, esc_buf);
 	safe_free(esc_buf);
 	return k;
+    case ACL_URLLOGIN:
+	esc_buf = xstrdup(r->login);
+	rfc1738_unescape(esc_buf);
+	k = aclMatchRegex(ae->data, esc_buf);
+	safe_free(esc_buf);
+	return k;
 	/* NOTREACHED */
     case ACL_MAXCONN:
 	k = clientdbEstablished(checklist->src_addr, 0);
@@ -1618,17 +1637,15 @@ aclMatchAcl(acl * ae, aclCheck_t * check
     case ACL_PROXY_AUTH_REGEX:
 	if ((ti = aclAuthenticated(checklist)) != 1)
 	    return ti;
-	ti = aclMatchProxyAuth(ae->data, checklist->auth_user_request,
+	ti = aclMatchProxyAuth(ae->data, r->auth_user_request,
 	    checklist, ae->type);
-	checklist->auth_user_request = NULL;
 	return ti;
 	/* NOTREACHED */
     case ACL_MAX_USER_IP:
 	if ((ti = aclAuthenticated(checklist)) != 1)
 	    return ti;
-	ti = aclMatchUserMaxIP(ae->data, checklist->auth_user_request,
+	ti = aclMatchUserMaxIP(ae->data, r->auth_user_request,
 	    checklist->src_addr);
-	checklist->auth_user_request = NULL;
 	return ti;
 	/* NOTREACHED */
 #if SQUID_SNMP
@@ -1725,6 +1742,30 @@ aclCheckCleanup(aclCheck_t * checklist)
 	cbdataUnlock(checklist->extacl_entry);
 	checklist->extacl_entry = NULL;
     }
+    /* During reconfigure or if authentication is used in aclCheckFast without
+     * first being authenticated in http_access we can end up not finishing call
+     * sequences into the auth code. In such case we must make sure to forget
+     * the authentication state completely
+     */
+    if (checklist->auth_user_request) {
+	authenticateAuthUserRequestUnlock(checklist->auth_user_request);
+	checklist->auth_user_request = NULL;
+	if (checklist->request) {
+	    if (checklist->request->auth_user_request) {
+		authenticateAuthUserRequestUnlock(checklist->request->auth_user_request);
+		checklist->request->auth_user_request = NULL;
+	    }
+	}
+	/* it might have been connection based */
+	if (checklist->conn) {
+	    if (checklist->conn->auth_user_request) {
+		authenticateAuthUserRequestUnlock(checklist->conn->auth_user_request);
+		checklist->conn->auth_user_request = NULL;
+	    }
+	    assert(checklist->request);
+	    checklist->conn->auth_type = AUTH_BROKEN;
+	}
+    }
     checklist->current_acl = NULL;
 }
 
@@ -1875,6 +1916,10 @@ aclChecklistFree(aclCheck_t * checklist)
 	cbdataUnlock(checklist->access_list);
 	checklist->access_list = NULL;
     }
+    if (checklist->callback_data) {
+	cbdataUnlock(checklist->callback_data);
+	checklist->callback_data = NULL;
+    }
     aclCheckCleanup(checklist);
     cbdataFree(checklist);
 }
@@ -1883,16 +1928,7 @@ static void
 aclCheckCallback(aclCheck_t * checklist, allow_t answer)
 {
     debug(28, 3) ("aclCheckCallback: answer=%d\n", answer);
-    /* During reconfigure, we can end up not finishing call sequences into the auth code */
-    if (checklist->auth_user_request) {
-	/* the checklist lock */
-	authenticateAuthUserRequestUnlock(checklist->auth_user_request);
-	/* it might have been connection based */
-	assert(checklist->conn);
-	checklist->conn->auth_user_request = NULL;
-	checklist->conn->auth_type = AUTH_BROKEN;
-	checklist->auth_user_request = NULL;
-    }
+    aclCheckCleanup(checklist);
     if (cbdataValid(checklist->callback_data))
 	checklist->callback(answer, checklist->callback_data);
     cbdataUnlock(checklist->callback_data);
@@ -1968,11 +2004,14 @@ aclLookupProxyAuthDone(void *data, char 
 	 * restart the whole process */
 	/* OR the connection was closed, there's no way to continue */
 	authenticateAuthUserRequestUnlock(checklist->auth_user_request);
+	checklist->auth_user_request = NULL;
 	if (checklist->conn) {
-	    checklist->conn->auth_user_request = NULL;
+	    if (checklist->conn->auth_user_request) {
+		authenticateAuthUserRequestUnlock(checklist->conn->auth_user_request);
+		checklist->conn->auth_user_request = NULL;
+	    }
 	    checklist->conn->auth_type = AUTH_BROKEN;
 	}
-	checklist->auth_user_request = NULL;
     }
     aclCheck(checklist);
 }
@@ -2114,6 +2153,7 @@ aclDestroyAcls(acl ** head)
 #endif
 	case ACL_PROXY_AUTH_REGEX:
 	case ACL_URL_REGEX:
+	case ACL_URLLOGIN:
 	case ACL_URLPATH_REGEX:
 	case ACL_BROWSER:
 	case ACL_REFERER_REGEX:
@@ -2529,6 +2569,7 @@ aclDumpGeneric(const acl * a)
 	return aclDumpTimeSpecList(a->data);
     case ACL_PROXY_AUTH_REGEX:
     case ACL_URL_REGEX:
+    case ACL_URLLOGIN:
     case ACL_URLPATH_REGEX:
     case ACL_BROWSER:
     case ACL_REFERER_REGEX:
@@ -2623,9 +2664,12 @@ aclPurgeMethodInUse(acl_access * a)
 #include <sys/ioctl.h>
 #else
 #include <net/if_dl.h>
-#endif
 #include <net/route.h>
+#endif
 #include <net/if.h>
+#ifdef _SQUID_FREEBSD__
+#include <net/if_arp.h>
+#endif
 #if HAVE_NETINET_IF_ETHER_H
 #include <netinet/if_ether.h>
 #endif
@@ -2846,6 +2890,81 @@ aclMatchArp(void *dataptr, struct in_add
 	    inet_ntoa(c), splayLastResult ? "NOT found" : "found");
 	return (0 == splayLastResult);
     }
+#elif defined(_SQUID_FREEBSD_)
+    struct arpreq arpReq;
+    struct sockaddr_in ipAddr;
+    unsigned char ifbuffer[sizeof(struct ifreq) * 64];
+    struct ifconf ifc;
+    struct ifreq *ifr;
+    int offset;
+    splayNode **Top = dataptr;
+
+    int mib[6];
+    size_t needed;
+    char *lim, *buf, *next;
+    struct rt_msghdr *rtm;
+    struct sockaddr_inarp *sin;
+    struct sockaddr_dl *sdl;
+
+    /*
+     * Set up structures for ARP lookup with blank interface name
+     */
+    ipAddr.sin_family = AF_INET;
+    ipAddr.sin_port = 0;
+    ipAddr.sin_addr = c;
+    memset(&arpReq, '\0', sizeof(arpReq));
+    xmemcpy(&arpReq.arp_pa, &ipAddr, sizeof(struct sockaddr_in));
+
+    /* Query ARP table */
+    mib[0] = CTL_NET;
+    mib[1] = PF_ROUTE;
+    mib[2] = 0;
+    mib[3] = AF_INET;
+    mib[4] = NET_RT_FLAGS;
+    mib[5] = RTF_LLINFO;
+    if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0) {
+	debug(28, 0) ("Can't estimate ARP table size!\n");
+	return 0;
+    }
+    if ((buf = xmalloc(needed)) == NULL) {
+	debug(28, 0) ("Can't allocate temporary ARP table!\n");
+	return 0;
+    }
+    if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0) {
+	debug(28, 0) ("Can't retrieve ARP table!\n");
+	xfree(buf);
+	return 0;
+    }
+    lim = buf + needed;
+    for (next = buf; next < lim; next += rtm->rtm_msglen) {
+	rtm = (struct rt_msghdr *) next;
+	sin = (struct sockaddr_inarp *) (rtm + 1);
+	/*sdl = (struct sockaddr_dl *) (sin + 1); */
+#define ROUNDUP(a) \
+        ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
+	(char *) sdl = (char *) sin + ROUNDUP(sin->sin_len);
+	if (c.s_addr == sin->sin_addr.s_addr) {
+	    if (sdl->sdl_alen) {
+		arpReq.arp_ha.sa_len = sizeof(struct sockaddr);
+		arpReq.arp_ha.sa_family = AF_UNSPEC;
+		memcpy(arpReq.arp_ha.sa_data, LLADDR(sdl), sdl->sdl_alen);
+	    }
+	}
+    }
+    xfree(buf);
+    if (arpReq.arp_ha.sa_data[0] == 0 && arpReq.arp_ha.sa_data[1] == 0 &&
+	arpReq.arp_ha.sa_data[2] == 0 && arpReq.arp_ha.sa_data[3] == 0 &&
+	arpReq.arp_ha.sa_data[4] == 0 && arpReq.arp_ha.sa_data[5] == 0)
+	return 0;
+    debug(28, 4) ("Got address %02x:%02x:%02x:%02x:%02x:%02x\n",
+	arpReq.arp_ha.sa_data[0] & 0xff, arpReq.arp_ha.sa_data[1] & 0xff,
+	arpReq.arp_ha.sa_data[2] & 0xff, arpReq.arp_ha.sa_data[3] & 0xff,
+	arpReq.arp_ha.sa_data[4] & 0xff, arpReq.arp_ha.sa_data[5] & 0xff);
+    /* Do lookup */
+    *Top = splay_splay(&arpReq.arp_ha.sa_data, *Top, aclArpCompare);
+    debug(28, 3) ("aclMatchArp: '%s' %s\n",
+	inet_ntoa(c), splayLastResult ? "NOT found" : "found");
+    return (0 == splayLastResult);
 #else
     WRITE ME;
 #endif
@@ -2869,6 +2988,21 @@ aclArpCompare(const void *a, const void 
     if (d1[2] != d2[2])
 	return (d1[2] > d2[2]) ? 1 : -1;
 #elif defined(_SQUID_SOLARIS_)
+    const unsigned char *d1 = a;
+    const unsigned char *d2 = b;
+    if (d1[0] != d2[0])
+	return (d1[0] > d2[0]) ? 1 : -1;
+    if (d1[1] != d2[1])
+	return (d1[1] > d2[1]) ? 1 : -1;
+    if (d1[2] != d2[2])
+	return (d1[2] > d2[2]) ? 1 : -1;
+    if (d1[3] != d2[3])
+	return (d1[3] > d2[3]) ? 1 : -1;
+    if (d1[4] != d2[4])
+	return (d1[4] > d2[4]) ? 1 : -1;
+    if (d1[5] != d2[5])
+	return (d1[5] > d2[5]) ? 1 : -1;
+#elif defined(_SQUID_FREEBSD_)
     const unsigned char *d1 = a;
     const unsigned char *d2 = b;
     if (d1[0] != d2[0])
diff -rupN squid-2.5.STABLE4/src/auth/basic/auth_basic.c squid-2.5.STABLE5/src/auth/basic/auth_basic.c
--- squid-2.5.STABLE4/src/auth/basic/auth_basic.c	Sun Aug 10 12:53:38 2003
+++ squid-2.5.STABLE5/src/auth/basic/auth_basic.c	Wed Feb 18 10:50:51 2004
@@ -1,5 +1,5 @@
 /*
- * $Id: auth_basic.c,v 1.14.2.3 2003/08/10 18:53:38 hno Exp $
+ * $Id: auth_basic.c,v 1.14.2.5 2004/02/18 17:50:51 hno Exp $
  *
  * DEBUG: section 29    Authenticator
  * AUTHOR: Duane Wessels
@@ -43,6 +43,10 @@
 static void
 authenticateStateFree(authenticateStateData * r)
 {
+    if (r->auth_user_request) {
+	authenticateAuthUserRequestUnlock(r->auth_user_request);
+	r->auth_user_request = NULL;
+    }
     cbdataFree(r);
 }
 
@@ -321,6 +325,7 @@ authBasicParse(authScheme * scheme, int 
 	scheme->scheme_data = xmalloc(sizeof(auth_basic_config));
 	memset(scheme->scheme_data, 0, sizeof(auth_basic_config));
 	basicConfig = scheme->scheme_data;
+	basicConfig->basicAuthRealm = xstrdup("Squid proxy-caching web server");
 	basicConfig->authenticateChildren = 5;
 	basicConfig->credentialsTTL = 2 * 60 * 60;	/* two hours */
     }
@@ -583,7 +588,6 @@ authenticateBasicStart(auth_user_request
 	/* save the details */
 	node->next = basic_auth->auth_queue;
 	basic_auth->auth_queue = node;
-	node->auth_user_request = auth_user_request;
 	node->handler = handler;
 	node->data = data;
 	cbdataLock(data);
@@ -594,6 +598,7 @@ authenticateBasicStart(auth_user_request
 	cbdataLock(data);
 	r->data = data;
 	r->auth_user_request = auth_user_request;
+	authenticateAuthUserRequestLock(r->auth_user_request);
 	/* mark the user as haveing verification in progress */
 	basic_auth->flags.credentials_ok = 2;
 	xstrncpy(user, rfc1738_escape(basic_auth->username), sizeof(user));
diff -rupN squid-2.5.STABLE4/src/auth/basic/auth_basic.h squid-2.5.STABLE5/src/auth/basic/auth_basic.h
--- squid-2.5.STABLE4/src/auth/basic/auth_basic.h	Wed Oct 17 06:41:50 2001
+++ squid-2.5.STABLE5/src/auth/basic/auth_basic.h	Wed Feb 18 10:50:51 2004
@@ -21,7 +21,6 @@ typedef struct _auth_basic_queue_node au
 /* queue of auth requests waiting for verification to occur */
 struct _auth_basic_queue_node {
     auth_basic_queue_node *next;
-    auth_user_request_t *auth_user_request;
     RH *handler;
     void *data;
 };
diff -rupN squid-2.5.STABLE4/src/auth/digest/auth_digest.c squid-2.5.STABLE5/src/auth/digest/auth_digest.c
--- squid-2.5.STABLE4/src/auth/digest/auth_digest.c	Sun Aug 10 01:31:33 2003
+++ squid-2.5.STABLE5/src/auth/digest/auth_digest.c	Thu Feb 19 05:28:01 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: auth_digest.c,v 1.10.2.7 2003/08/10 07:31:33 hno Exp $
+ * $Id: auth_digest.c,v 1.10.2.11 2004/02/19 12:28:01 hno Exp $
  *
  * DEBUG: section 29    Authenticator
  * AUTHOR: Robert Collins
@@ -47,6 +47,10 @@ extern AUTHSSETUP authSchemeSetup_digest
 static void
 authenticateStateFree(authenticateStateData * r)
 {
+    if (r->auth_user_request) {
+	authenticateAuthUserRequestUnlock(r->auth_user_request);
+	r->auth_user_request = NULL;
+    }
     cbdataFree(r);
 }
 
@@ -523,8 +527,10 @@ authDigestRequestDelete(digest_request_h
 static void
 authDigestAURequestFree(auth_user_request_t * auth_user_request)
 {
-    if (auth_user_request->scheme_data != NULL)
+    if (auth_user_request->scheme_data != NULL) {
 	authDigestRequestDelete((digest_request_h *) auth_user_request->scheme_data);
+	auth_user_request->scheme_data = NULL;
+    }
 }
 
 static digest_request_h *
@@ -695,7 +701,13 @@ authenticateDigestAuthenticateUser(auth_
     debug(29, 9) ("\nResponse = '%s'\n"
 	"squid is = '%s'\n", digest_request->response, Response);
 
-    if (strcasecmp(digest_request->response, Response)) {
+    if (strcasecmp(digest_request->response, Response) != 0) {
+	if (!digest_request->flags.helper_queried) {
+	    /* Query the helper in case the password has changed */
+	    digest_request->flags.helper_queried = 1;
+	    digest_request->flags.credentials_ok = 2;
+	    return;
+	}
 	if (digestConfig->PostWorkaround && request->method != METHOD_GET) {
 	    /* Ugly workaround for certain very broken browsers using the
 	     * wrong method to calculate the request-digest on POST request.
@@ -952,6 +964,7 @@ authDigestParse(authScheme * scheme, int
 	memset(scheme->scheme_data, 0, sizeof(auth_digest_config));
 	digestConfig = scheme->scheme_data;
 	digestConfig->authenticateChildren = 5;
+	digestConfig->digestAuthRealm = xstrdup("Squid proxy-caching web server");
 	/* 5 minutes */
 	digestConfig->nonceGCInterval = 5 * 60;
 	/* 30 minutes */
@@ -962,6 +975,7 @@ authDigestParse(authScheme * scheme, int
 	digestConfig->NonceStrictness = 0;
 	/* Verify nonce count */
 	digestConfig->CheckNonceCount = 1;
+	digestConfig->PostWorkaround = 0;
     }
     digestConfig = scheme->scheme_data;
     if (strcasecmp(param_str, "program") == 0) {
@@ -1394,6 +1408,7 @@ authenticateDigestStart(auth_user_reques
     cbdataLock(data);
     r->data = data;
     r->auth_user_request = auth_user_request;
+    authenticateAuthUserRequestLock(r->auth_user_request);
     snprintf(buf, 8192, "\"%s\":\"%s\"\n", digest_user->username, digest_request->realm);
     helperSubmit(digestauthenticators, buf, authenticateDigestHandleReply, r);
 }
diff -rupN squid-2.5.STABLE4/src/auth/digest/auth_digest.h squid-2.5.STABLE5/src/auth/digest/auth_digest.h
--- squid-2.5.STABLE4/src/auth/digest/auth_digest.h	Sun May 18 15:49:20 2003
+++ squid-2.5.STABLE5/src/auth/digest/auth_digest.h	Tue Sep 23 10:05:42 2003
@@ -44,6 +44,7 @@ struct _digest_request_h {
 	unsigned int authinfo_sent:1;
 	unsigned int credentials_ok:2;	/*0=unchecked,1=ok,2=helper,3=failed */
 	unsigned int nonce_stale:1;
+	unsigned int helper_queried:1;
     } flags;
     digest_nonce_h *nonce;
 };
diff -rupN squid-2.5.STABLE4/src/auth/ntlm/auth_ntlm.c squid-2.5.STABLE5/src/auth/ntlm/auth_ntlm.c
--- squid-2.5.STABLE4/src/auth/ntlm/auth_ntlm.c	Tue Feb  4 16:17:26 2003
+++ squid-2.5.STABLE5/src/auth/ntlm/auth_ntlm.c	Tue Feb 24 10:11:52 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: auth_ntlm.c,v 1.17.2.4 2003/02/04 23:17:26 robertc Exp $
+ * $Id: auth_ntlm.c,v 1.17.2.9 2004/02/24 17:11:52 hno Exp $
  *
  * DEBUG: section 29    NTLM Authenticator
  * AUTHOR: Robert Collins
@@ -46,6 +46,8 @@ extern AUTHSSETUP authSchemeSetup_ntlm;
 static void
 authenticateStateFree(authenticateStateData * r)
 {
+    authenticateAuthUserRequestUnlock(r->auth_user_request);
+    r->auth_user_request = NULL;
     cbdataFree(r);
 }
 
@@ -74,7 +76,7 @@ static AUTHSSHUTDOWN authNTLMDone;
 
 /* helper callbacks to handle per server state data */
 static HLPSAVAIL authenticateNTLMHelperServerAvailable;
-static HLPSONEQ authenticateNTLMHelperServerOnEmpty;
+static HLPSRESET authenticateNTLMHelperServerReset;
 
 static statefulhelper *ntlmauthenticators = NULL;
 
@@ -148,10 +150,11 @@ authNTLMCfgDump(StoreEntry * entry, cons
 	storeAppendPrintf(entry, " %s", list->key);
 	list = list->next;
     }
-    storeAppendPrintf(entry, "\n%s %s children %d\n%s %s max_challenge_reuses %d\n%s %s max_challenge_lifetime %d seconds\n",
+    storeAppendPrintf(entry, "\n%s %s children %d\n%s %s max_challenge_reuses %d\n%s %s max_challenge_lifetime %d seconds\n%s %s use_ntlm_negotiate %s\n",
 	name, "ntlm", config->authenticateChildren,
 	name, "ntlm", config->challengeuses,
-	name, "ntlm", (int) config->challengelifetime);
+	name, "ntlm", (int) config->challengelifetime,
+	name, "ntlm", config->use_ntlm_negotiate ? "on" : "off");
 
 }
 
@@ -167,6 +170,7 @@ authNTLMParse(authScheme * scheme, int n
 	ntlmConfig->authenticateChildren = 5;
 	ntlmConfig->challengeuses = 0;
 	ntlmConfig->challengelifetime = 60;
+	ntlmConfig->use_ntlm_negotiate = 0;
     }
     ntlmConfig = scheme->scheme_data;
     if (strcasecmp(param_str, "program") == 0) {
@@ -180,6 +184,8 @@ authNTLMParse(authScheme * scheme, int n
 	parse_int(&ntlmConfig->challengeuses);
     } else if (strcasecmp(param_str, "max_challenge_lifetime") == 0) {
 	parse_time_t(&ntlmConfig->challengelifetime);
+    } else if (strcasecmp(param_str, "use_ntlm_negotiate") == 0) {
+	parse_onoff(&ntlmConfig->use_ntlm_negotiate);
     } else {
 	debug(28, 0) ("unrecognised ntlm auth scheme parameter '%s'\n", param_str);
     }
@@ -191,8 +197,13 @@ authNTLMParse(authScheme * scheme, int n
      * state will be preserved.  Caveats: this should be a post-parse
      * test, but that can wait for the modular parser to be integrated.
      */
-    if (ntlmConfig->authenticate)
+    if (ntlmConfig->authenticate && Config.onoff.pipeline_prefetch != 0)
 	Config.onoff.pipeline_prefetch = 0;
+
+    if (ntlmConfig->use_ntlm_negotiate && ntlmConfig->challengeuses > 0) {
+	debug(28, 1) ("challenge reuses incompatible with use_ntlm_negotiate. Disabling challenge reuse\n");
+	ntlmConfig->challengeuses = 0;
+    }
 }
 
 
@@ -237,15 +248,17 @@ authNTLMInit(authScheme * scheme)
 	authntlm_initialised = 1;
 	if (ntlmauthenticators == NULL)
 	    ntlmauthenticators = helperStatefulCreate("ntlmauthenticator");
-	if (!proxy_auth_cache)
-	    proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
-	assert(proxy_auth_cache);
+	if (ntlmConfig->challengeuses) {
+	    if (!proxy_auth_cache)
+		proxy_auth_cache = hash_create((HASHCMP *) strcmp, 7921, hash_string);
+	    assert(proxy_auth_cache);
+	}
 	ntlmauthenticators->cmdline = ntlmConfig->authenticate;
 	ntlmauthenticators->n_to_start = ntlmConfig->authenticateChildren;
 	ntlmauthenticators->ipc_type = IPC_TCP_SOCKET;
 	ntlmauthenticators->datapool = ntlm_helper_state_pool;
 	ntlmauthenticators->IsAvailable = authenticateNTLMHelperServerAvailable;
-	ntlmauthenticators->OnEmptyQueue = authenticateNTLMHelperServerOnEmpty;
+	ntlmauthenticators->Reset = authenticateNTLMHelperServerReset;
 	helperStatefulOpenServers(ntlmauthenticators);
 	/*
 	 * TODO: In here send the initial YR to preinitialise the
@@ -364,7 +377,7 @@ authNTLMRequestFree(ntlm_request_t * ntl
 	xfree(ntlm_request->authchallenge);
     if (ntlm_request->ntlmauthenticate)
 	xfree(ntlm_request->ntlmauthenticate);
-    if (ntlm_request->authserver != NULL && ntlm_request->authserver_deferred) {
+    if (ntlm_request->authserver != NULL) {
 	debug(29, 9) ("authenticateNTLMRequestFree: releasing server '%p'\n", ntlm_request->authserver);
 	helperStatefulReleaseServer(ntlm_request->authserver);
 	ntlm_request->authserver = NULL;
@@ -407,11 +420,32 @@ authenticateNTLMFreeUser(auth_user_t * a
     auth_user->scheme_data = NULL;
 }
 
-static stateful_helper_callback_t
-authenticateNTLMHandleplaceholder(void *data, void *lastserver, char *reply)
+/* clear the NTLM helper of being reserved for future requests */
+static void
+authenticateNTLMReleaseServer(ntlm_request_t * ntlm_request)
+{
+    helper_stateful_server *server = ntlm_request->authserver;
+    debug(29, 9) ("authenticateNTLMReleaseServer: releasing server '%p'\n", server);
+    ntlm_request->authserver = NULL;
+    helperStatefulReleaseServer(server);
+}
+
+/* clear the NTLM helper of being reserved for future requests */
+static void
+authenticateNTLMResetServer(ntlm_request_t * ntlm_request)
+{
+    helper_stateful_server *server = ntlm_request->authserver;
+    ntlm_helper_state_t *helperstate = helperStatefulServerGetData(server);
+    debug(29, 9) ("authenticateNTLMReleaseServer: releasing server '%p'\n", server);
+    ntlm_request->authserver = NULL;
+    helperstate->starve = 1;
+    helperStatefulReleaseServer(server);
+}
+
+static void
+authenticateNTLMHandleplaceholder(void *data, void *srv, char *reply)
 {
     authenticateStateData *r = data;
-    stateful_helper_callback_t result = S_HELPER_UNKNOWN;
     int valid;
     /* we should only be called for placeholder requests - which have no reply string */
     assert(reply == NULL);
@@ -419,37 +453,36 @@ authenticateNTLMHandleplaceholder(void *
     /* standard callback stuff */
     valid = cbdataValid(r->data);
     if (!valid) {
-	debug(29, 1) ("AuthenticateNTLMHandlePlacheholder: invalid callback data.\n");
-	return result;
+	debug(29, 2) ("AuthenticateNTLMHandlePlacheholder: invalid callback data.\n");
+	helperStatefulReleaseServer(srv);
+	return;
     }
     /* call authenticateNTLMStart to retry this request */
     debug(29, 9) ("authenticateNTLMHandleplaceholder: calling authenticateNTLMStart\n");
+    helperStatefulReleaseServer(srv);
     authenticateNTLMStart(r->auth_user_request, r->handler, r->data);
     cbdataUnlock(r->data);
     authenticateStateFree(r);
-    return result;
 }
 
-static stateful_helper_callback_t
-authenticateNTLMHandleReply(void *data, void *lastserver, char *reply)
+static void
+authenticateNTLMHandleReply(void *data, void *srv, char *reply)
 {
     authenticateStateData *r = data;
     ntlm_helper_state_t *helperstate;
     int valid;
-    stateful_helper_callback_t result = S_HELPER_UNKNOWN;
-    char *t = NULL;
     auth_user_request_t *auth_user_request;
     auth_user_t *auth_user;
     ntlm_user_t *ntlm_user;
     ntlm_request_t *ntlm_request;
-    debug(29, 9) ("authenticateNTLMHandleReply: Helper: '%p' {%s}\n", lastserver, reply ? reply : "<NULL>");
+    debug(29, 9) ("authenticateNTLMHandleReply: Helper: '%p' {%s}\n", srv, reply ? reply : "<NULL>");
     valid = cbdataValid(r->data);
     if (!valid) {
-	debug(29, 1) ("AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '%p'.\n", lastserver);
+	debug(29, 2) ("AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '%p'.\n", srv);
 	cbdataUnlock(r->data);
 	authenticateStateFree(r);
-	debug(29, 9) ("NTLM HandleReply, telling stateful helper : %d\n", S_HELPER_RELEASE);
-	return S_HELPER_RELEASE;
+	helperStatefulReleaseServer(srv);
+	return;
     }
     if (!reply) {
 	/*
@@ -458,48 +491,40 @@ authenticateNTLMHandleReply(void *data, 
 	 */
 	fatal("authenticateNTLMHandleReply: called with no result string\n");
     }
+    assert(r->auth_user_request != NULL);
+    assert(r->auth_user_request->auth_user->auth_type == AUTH_NTLM);
+    auth_user_request = r->auth_user_request;
+    ntlm_request = auth_user_request->scheme_data;
+    assert(ntlm_request != NULL);
+
     /* seperate out the useful data */
     if (strncasecmp(reply, "TT ", 3) == 0) {
 	reply += 3;
 	/* we have been given a Challenge */
 	/* we should check we weren't given an empty challenge */
 	/* copy the challenge to the state data */
-	helperstate = helperStatefulServerGetData(lastserver);
+	helperstate = helperStatefulServerGetData(srv);
 	if (helperstate == NULL)
 	    fatal("lost NTLM helper state! quitting\n");
 	helperstate->challenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5);
-	helperstate->challengeuses = 0;
 	helperstate->renewed = squid_curtime;
 	/* and we satisfy the request that happended on the refresh boundary */
 	/* note this code is now in two places FIXME */
-	assert(r->auth_user_request != NULL);
-	assert(r->auth_user_request->auth_user->auth_type == AUTH_NTLM);
-	auth_user_request = r->auth_user_request;
-	ntlm_request = auth_user_request->scheme_data;
-	assert(ntlm_request != NULL);
-	result = S_HELPER_DEFER;
-	/* reserve the server for future authentication */
-	ntlm_request->authserver_deferred = 1;
-	debug(29, 9) ("authenticateNTLMHandleReply: helper '%p'\n", lastserver);
 	assert(ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE);
-	ntlm_request->authserver = lastserver;
+	ntlm_request->authserver = srv;
 	ntlm_request->authchallenge = xstrndup(reply, NTLM_CHALLENGE_SZ + 5);
+	helperstate->challengeuses = 1;
     } else if (strncasecmp(reply, "AF ", 3) == 0) {
 	/* we're finished, release the helper */
 	reply += 3;
-	assert(r->auth_user_request != NULL);
-	assert(r->auth_user_request->auth_user->auth_type == AUTH_NTLM);
-	auth_user_request = r->auth_user_request;
-	assert(auth_user_request->scheme_data != NULL);
-	ntlm_request = auth_user_request->scheme_data;
 	auth_user = auth_user_request->auth_user;
 	ntlm_user = auth_user_request->auth_user->scheme_data;
 	assert(ntlm_user != NULL);
-	result = S_HELPER_RELEASE;
 	/* we only expect OK when finishing the handshake */
 	assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE);
 	ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ);
 	ntlm_request->authserver = NULL;
+	helperStatefulReleaseServer(srv);
 #ifdef NTLM_FAIL_OPEN
     } else if (strncasecmp(reply, "LD ", 3) == 0) {
 	/* This is a variant of BH, which rather than deny access
@@ -512,44 +537,22 @@ authenticateNTLMHandleReply(void *data, 
 	 * case */
 	/* AF code: mark user as authenticated */
 	reply += 3;
-	assert(r->auth_user_request != NULL);
-	assert(r->auth_user_request->auth_user->auth_type == AUTH_NTLM);
-	auth_user_request = r->auth_user_request;
-	assert(auth_user_request->scheme_data != NULL);
-	ntlm_request = auth_user_request->scheme_data;
 	auth_user = auth_user_request->auth_user;
 	ntlm_user = auth_user_request->auth_user->scheme_data;
 	assert(ntlm_user != NULL);
-	result = S_HELPER_RELEASE;
 	/* we only expect LD when finishing the handshake */
 	assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE);
 	ntlm_user->username = xstrndup(reply, MAX_LOGIN_SZ);
 	helperstate = helperStatefulServerGetData(ntlm_request->authserver);
-	ntlm_request->authserver = NULL;
 	/* BH code: mark helper as broken */
-	/* mark it for starving */
-	helperstate->starve = 1;
+	authenticateNTLMResetServer(ntlm_request);
+	debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply);
 #endif
     } else if (strncasecmp(reply, "NA ", 3) == 0) {
-	/* TODO: only work with auth_user here if it exists */
-	assert(r->auth_user_request != NULL);
-	assert(r->auth_user_request->auth_user->auth_type == AUTH_NTLM);
-	auth_user_request = r->auth_user_request;
-	auth_user = auth_user_request->auth_user;
-	assert(auth_user != NULL);
-	ntlm_user = auth_user->scheme_data;
-	ntlm_request = auth_user_request->scheme_data;
-	assert((ntlm_user != NULL) && (ntlm_request != NULL));
 	/* todo: action of Negotiate state on error */
-	result = S_HELPER_RELEASE;	/*some error has occured. no more requests */
-	ntlm_request->authserver = NULL;
-	debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply);
 	ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
-	if ((t = strchr(reply, ' ')))	/* strip after a space */
-	    *t = '\0';
-    } else if (strncasecmp(reply, "NA", 2) == 0) {
-	/* NTLM Helper protocol violation! */
-	fatal("NTLM Helper returned invalid response \"NA\" - a error message MUST be attached\n");
+	authenticateNTLMResetServer(ntlm_request);
+	debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply);
     } else if (strncasecmp(reply, "BH ", 3) == 0) {
 	/* TODO kick off a refresh process. This can occur after a YR or after
 	 * a KK. If after a YR release the helper and resubmit the request via 
@@ -564,57 +567,31 @@ authenticateNTLMHandleReply(void *data, 
 	ntlm_user = auth_user->scheme_data;
 	ntlm_request = auth_user_request->scheme_data;
 	assert((ntlm_user != NULL) && (ntlm_request != NULL));
-	result = S_HELPER_RELEASE;	/*some error has occured. no more requests for 
-					 * this helper */
-	assert(ntlm_request->authserver ? ntlm_request->authserver == lastserver : 1);
+	assert(!ntlm_request->authserver || ntlm_request->authserver == srv);
 	helperstate = helperStatefulServerGetData(ntlm_request->authserver);
-	ntlm_request->authserver = NULL;
+	authenticateNTLMResetServer(ntlm_request);
 	if (ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE) {
 	    /* The helper broke on YR. It automatically
 	     * resets */
-	    debug(29, 1) ("authenticateNTLMHandleReply: Error obtaining challenge from helper: %p. Error returned '%s'\n", lastserver, reply);
-	    /* mark it for starving */
-	    helperstate->starve = 1;
+	    debug(29, 1) ("authenticateNTLMHandleReply: Error obtaining challenge from helper: %p. Error returned '%s'\n", srv, reply);
 	    /* resubmit the request. This helper is currently busy, so we will get
 	     * a different one. Our auth state stays the same */
 	    authenticateNTLMStart(auth_user_request, r->handler, r->data);
 	    /* don't call the callback */
 	    cbdataUnlock(r->data);
 	    authenticateStateFree(r);
-	    debug(29, 9) ("NTLM HandleReply, telling stateful helper : %d\n", result);
-	    return result;
+	    return;
+	} else {
+	    /* the helper broke on a KK */
+	    debug(29, 1) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply);
+	    ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
 	}
-	/* the helper broke on a KK */
-	/* first the standard KK stuff */
-	debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply);
-	if ((t = strchr(reply, ' ')))	/* strip after a space */
-	    *t = '\0';
-	/* now we mark the helper for resetting. */
-	helperstate->starve = 1;
-	ntlm_request->auth_state = AUTHENTICATE_STATE_FAILED;
     } else {
-	/* TODO: only work with auth_user here if it exists */
-	/* TODO: take the request state into consideration */
-	assert(r->auth_user_request != NULL);
-	assert(r->auth_user_request->auth_user->auth_type == AUTH_NTLM);
-	auth_user_request = r->auth_user_request;
-	auth_user = auth_user_request->auth_user;
-	assert(auth_user != NULL);
-	ntlm_user = auth_user->scheme_data;
-	ntlm_request = auth_user_request->scheme_data;
-	assert((ntlm_user != NULL) && (ntlm_request != NULL));
-	debug(29, 1) ("authenticateNTLMHandleReply: *** Unsupported helper response ***, '%s'\n", reply);
-	/* **** NOTE THIS CODE IS EFFECTIVELY UNTESTED **** */
-	/* restart the authentication process */
-	ntlm_request->auth_state = AUTHENTICATE_STATE_NONE;
-	assert(ntlm_request->authserver ? ntlm_request->authserver == lastserver : 1);
-	ntlm_request->authserver = NULL;
+	fatalf("authenticateNTLMHandleReply: *** Unsupported helper response ***, '%s'\n", reply);
     }
     r->handler(r->data, NULL);
     cbdataUnlock(r->data);
     authenticateStateFree(r);
-    debug(29, 9) ("NTLM HandleReply, telling stateful helper : %d\n", result);
-    return result;
 }
 
 static void
@@ -717,36 +694,44 @@ authenticateNTLMStart(auth_user_request_
 	 * 2: does it have a challenge?
 	 * 3: tell it to get a challenge, or give ntlmauthdone the challenge
 	 */
-	server = helperStatefulDefer(ntlmauthenticators);
+	server = helperStatefulGetServer(ntlmauthenticators);
 	helperstate = server ? helperStatefulServerGetData(server) : NULL;
-	while ((server != NULL) && authenticateNTLMChangeChallenge_p(helperstate)) {
-	    /* flag this helper for challenge changing */
-	    helperstate->starve = 1;
-	    /* and release the deferred request */
-	    helperStatefulReleaseServer(server);
-	    /* Get another deferrable server */
-	    server = helperStatefulDefer(ntlmauthenticators);
-	    helperstate = server ? helperStatefulServerGetData(server) : NULL;
+	if (ntlmConfig->challengeuses) {
+	    while ((server != NULL) && authenticateNTLMChangeChallenge_p(helperstate)) {
+		/* flag this helper for challenge changing */
+		helperstate->starve = 1;
+		helperStatefulReset(server);
+		/* Get another server */
+		server = helperStatefulGetServer(ntlmauthenticators);
+		helperstate = server ? helperStatefulServerGetData(server) : NULL;
+	    }
 	}
-	if (server == NULL)
-	    debug(29, 9) ("unable to get a deferred ntlm helper... all helpers are refreshing challenges. Queuing as a placeholder request.\n");
-
 	ntlm_request->authserver = server;
 	/* tell the log what helper we have been given */
-	debug(29, 9) ("authenticateNTLMStart: helper '%p' assigned\n", server);
+	if (server == NULL)
+	    debug(29, 9) ("authenticateNTLMStart: unable to get a ntlm helper... Queuing as a placeholder request.\n");
+	else
+	    debug(29, 9) ("authenticateNTLMStart: helper '%p' assigned\n", server);
 	/* server and valid challenge? */
-	if ((server == NULL) || !authenticateNTLMValidChallenge(helperstate)) {
+	if ((server == NULL) || ntlmConfig->challengeuses == 0 || !authenticateNTLMValidChallenge(helperstate)) {
 	    /* No server, or server with invalid challenge */
 	    r = cbdataAlloc(authenticateStateData);
 	    r->handler = handler;
 	    cbdataLock(data);
 	    r->data = data;
 	    r->auth_user_request = auth_user_request;
-	    if (server == NULL) {
+	    authenticateAuthUserRequestLock(r->auth_user_request);
+	    if (server == NULL && ntlmConfig->challengeuses) {
 		helperStatefulSubmit(ntlmauthenticators, NULL, authenticateNTLMHandleplaceholder, r, NULL);
 	    } else {
 		/* Server with invalid challenge */
-		snprintf(buf, 8192, "YR\n");
+
+		if (ntlmConfig->use_ntlm_negotiate) {
+		    snprintf(buf, 8192, "YR %s\n", sent_string);
+		} else {
+		    snprintf(buf, 8192, "YR\n");
+		}
+
 		helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_request->authserver);
 	    }
 	} else {
@@ -756,10 +741,6 @@ authenticateNTLMStart(auth_user_request_
 	    helperstate->challengeuses++;
 	    /* assign the challenge */
 	    ntlm_request->authchallenge = xstrndup(helperstate->challenge, NTLM_CHALLENGE_SZ + 5);
-	    /* we're not actually submitting a request, so we need to release the helper 
-	     * should the connection close unexpectedly
-	     */
-	    ntlm_request->authserver_deferred = 1;
 	    handler(data, NULL);
 	}
 
@@ -770,9 +751,8 @@ authenticateNTLMStart(auth_user_request_
 	cbdataLock(data);
 	r->data = data;
 	r->auth_user_request = auth_user_request;
+	authenticateAuthUserRequestLock(r->auth_user_request);
 	snprintf(buf, 8192, "KK %s\n", sent_string);
-	/* getting rid of deferred request status */
-	ntlm_request->authserver_deferred = 0;
 	helperStatefulSubmit(ntlmauthenticators, buf, authenticateNTLMHandleReply, r, ntlm_request->authserver);
 	debug(29, 9) ("authenticateNTLMstart: finished\n");
 	break;
@@ -800,14 +780,14 @@ authenticateNTLMHelperServerAvailable(vo
 }
 
 static void
-authenticateNTLMHelperServerOnEmpty(void *data)
+authenticateNTLMHelperServerReset(void *data)
 {
     ntlm_helper_state_t *statedata = data;
     if (statedata == NULL)
 	return;
     if (statedata->starve) {
 	/* we have been starving the helper */
-	debug(29, 9) ("authenticateNTLMHelperServerOnEmpty: resetting challenge details\n");
+	debug(29, 9) ("authenticateNTLMHelperServerReset: resetting challenge details\n");
 	statedata->starve = 0;
 	statedata->challengeuses = 0;
 	statedata->renewed = 0;
@@ -816,20 +796,6 @@ authenticateNTLMHelperServerOnEmpty(void
     }
 }
 
-
-/* clear the NTLM helper of being reserved for future requests */
-static void
-authenticateNTLMReleaseServer(auth_user_request_t * auth_user_request)
-{
-    ntlm_request_t *ntlm_request;
-    assert(auth_user_request->auth_user->auth_type == AUTH_NTLM);
-    assert(auth_user_request->scheme_data != NULL);
-    ntlm_request = auth_user_request->scheme_data;
-    debug(29, 9) ("authenticateNTLMReleaseServer: releasing server '%p'\n", ntlm_request->authserver);
-    helperStatefulReleaseServer(ntlm_request->authserver);
-    ntlm_request->authserver = NULL;
-}
-
 /* clear any connection related authentication details */
 static void
 authenticateNTLMOnCloseConnection(ConnStateData * conn)
@@ -840,8 +806,8 @@ authenticateNTLMOnCloseConnection(ConnSt
 	assert(conn->auth_user_request->scheme_data != NULL);
 	ntlm_request = conn->auth_user_request->scheme_data;
 	assert(ntlm_request->conn == conn);
-	if (ntlm_request->authserver != NULL && ntlm_request->authserver_deferred)
-	    authenticateNTLMReleaseServer(conn->auth_user_request);
+	if (ntlm_request->authserver != NULL)
+	    authenticateNTLMReleaseServer(ntlm_request);
 	/* unlock the connection based lock */
 	debug(29, 9) ("authenticateNTLMOnCloseConnection: Unlocking auth_user from the connection.\n");
 	/* minor abstraction break here: FIXME */
@@ -1005,6 +971,12 @@ authenticateNTLMAuthenticateUser(auth_us
 	    fatal("Incorrect scheme in auth header\n");
 	    /* TODO: more fault tolerance.. reset the auth scheme here */
 	}
+	/* normal case with challenge reuses disabled */
+	if (ntlmConfig->challengeuses == 0) {
+	    /* verify with the ntlm helper */
+	    ntlm_request->auth_state = AUTHENTICATE_STATE_RESPONSE;
+	    return;
+	}
 	/* cache entries have authenticateauthheaderchallengestring */
 	snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s",
 	    ntlm_request->ntlmauthenticate,
@@ -1021,7 +993,7 @@ authenticateNTLMAuthenticateUser(auth_us
 	    debug(29, 4) ("authenticateNTLMAuthenticateUser: ntlm proxy-auth cache hit\n");
 	    /* throw away the temporary entry */
 	    ntlm_request->authserver_deferred = 0;
-	    authenticateNTLMReleaseServer(auth_user_request);
+	    authenticateNTLMReleaseServer(ntlm_request);
 	    authenticateAuthUserMerge(auth_user, proxy_auth_hash->auth_user);
 	    auth_user = proxy_auth_hash->auth_user;
 	    auth_user_request->auth_user = auth_user;
@@ -1047,31 +1019,33 @@ authenticateNTLMAuthenticateUser(auth_us
 	    ntlm_request->authchallenge,
 	    ntlm_request->ntlmauthenticate,
 	    ntlm_user->username);
-	/* cache entries have authenticateauthheaderchallengestring */
-	snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s",
-	    ntlm_request->ntlmauthenticate,
-	    ntlm_request->authchallenge);
 	/* see if this is an existing user with a different proxy_auth 
 	 * string */
-	if ((usernamehash = hash_lookup(proxy_auth_username_cache, ntlm_user->username))) {
-	    while ((usernamehash->auth_user->auth_type != auth_user->auth_type) && (usernamehash->next) && !authenticateNTLMcmpUsername(usernamehash->auth_user->scheme_data, ntlm_user))
+	usernamehash = hash_lookup(proxy_auth_username_cache, ntlm_user->username);
+	if (usernamehash) {
+	    while (usernamehash && (usernamehash->auth_user->auth_type != auth_user->auth_type || authenticateNTLMcmpUsername(usernamehash->auth_user->scheme_data, ntlm_user) != 0))
 		usernamehash = usernamehash->next;
-	    if (usernamehash->auth_user->auth_type == auth_user->auth_type) {
-		/*
-		 * add another link from the new proxy_auth to the
-		 * auth_user structure and update the information */
-		assert(proxy_auth_hash == NULL);
-		authenticateProxyAuthCacheAddLink(ntlmhash, usernamehash->auth_user);
-		/* we can't seamlessly recheck the username due to the 
-		 * challenge nature of the protocol. Just free the 
-		 * temporary auth_user */
-		authenticateAuthUserMerge(auth_user, usernamehash->auth_user);
-		auth_user = usernamehash->auth_user;
-		auth_user_request->auth_user = auth_user;
-	    }
+	}
+	if (usernamehash) {
+	    /*
+	     * add another link from the new proxy_auth to the
+	     * auth_user structure and update the information */
+	    assert(proxy_auth_hash == NULL);
+	    /* we can't seamlessly recheck the username due to the 
+	     * challenge nature of the protocol. Just free the 
+	     * temporary auth_user */
+	    authenticateAuthUserMerge(auth_user, usernamehash->auth_user);
+	    auth_user = usernamehash->auth_user;
+	    auth_user_request->auth_user = auth_user;
 	} else {
 	    /* store user in hash's */
 	    authenticateUserNameCacheAdd(auth_user);
+	}
+	if (ntlmConfig->challengeuses) {
+	    /* cache entries have authenticateauthheaderchallengestring */
+	    snprintf(ntlmhash, sizeof(ntlmhash) - 1, "%s%s",
+		ntlm_request->ntlmauthenticate,
+		ntlm_request->authchallenge);
 	    authenticateProxyAuthCacheAddLink(ntlmhash, auth_user);
 	}
 	/* set these to now because this is either a new login from an 
diff -rupN squid-2.5.STABLE4/src/auth/ntlm/auth_ntlm.h squid-2.5.STABLE5/src/auth/ntlm/auth_ntlm.h
--- squid-2.5.STABLE4/src/auth/ntlm/auth_ntlm.h	Wed Nov 28 01:01:57 2001
+++ squid-2.5.STABLE5/src/auth/ntlm/auth_ntlm.h	Wed Feb  4 10:42:36 2004
@@ -15,7 +15,7 @@ typedef enum {
     AUTHENTICATE_STATE_RESPONSE,
     AUTHENTICATE_STATE_DONE,
     AUTHENTICATE_STATE_FAILED
-} auth_state_t;                 /* connection level auth state */
+} auth_state_t;			/* connection level auth state */
 
 /* Generic */
 typedef struct {
@@ -60,6 +60,7 @@ struct _auth_ntlm_config {
     wordlist *authenticate;
     int challengeuses;
     time_t challengelifetime;
+    int use_ntlm_negotiate;
 };
 
 typedef struct _ntlm_user ntlm_user_t;
diff -rupN squid-2.5.STABLE4/src/authenticate.c squid-2.5.STABLE5/src/authenticate.c
--- squid-2.5.STABLE4/src/authenticate.c	Sun May 18 15:49:19 2003
+++ squid-2.5.STABLE5/src/authenticate.c	Wed Feb 18 11:51:16 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: authenticate.c,v 1.36.2.10 2003/05/18 21:49:19 hno Exp $
+ * $Id: authenticate.c,v 1.36.2.14 2004/02/18 18:51:16 hno Exp $
  *
  * DEBUG: section 29    Authenticator
  * AUTHOR: Duane Wessels
@@ -381,6 +381,8 @@ authenticateUserAuthenticated(auth_user_
 {
     if (!authenticateValidateUser(auth_user_request))
 	return 0;
+    if (auth_user_request->lastReply == AUTH_AUTHENTICATED)
+	return 1;
     if (auth_user_request->auth_user->auth_module > 0)
 	return authscheme_list[auth_user_request->auth_user->auth_module - 1].authenticated(auth_user_request);
     else
@@ -402,10 +404,12 @@ authenticateAuthenticateUser(auth_user_r
 }
 
 static auth_user_request_t *
-authTryGetUser(auth_user_request_t ** auth_user_request, ConnStateData * conn)
+authTryGetUser(auth_user_request_t ** auth_user_request, ConnStateData * conn, request_t * request)
 {
     if (*auth_user_request)
 	return *auth_user_request;
+    else if (request && request->auth_user_request)
+	return request->auth_user_request;
     else if (conn)
 	return conn->auth_user_request;
     else
@@ -445,7 +449,7 @@ authenticateAuthenticate(auth_user_reque
      * authenticated connection so we test for an authenticated
      * connection when we recieve no authentication header.
      */
-    if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(authTryGetUser(auth_user_request, conn))))
+    if (((proxy_auth == NULL) && (!authenticateUserAuthenticated(authTryGetUser(auth_user_request, conn, request))))
 	|| (conn && conn->auth_type == AUTH_BROKEN)) {
 	/* no header or authentication failed/got corrupted - restart */
 	if (conn)
@@ -459,10 +463,11 @@ authenticateAuthenticate(auth_user_reque
 	if (*auth_user_request) {
 	    /* unlock the ACL lock */
 	    authenticateAuthUserRequestUnlock(*auth_user_request);
-	    auth_user_request = NULL;
+	    *auth_user_request = NULL;
 	}
 	return AUTH_ACL_CHALLENGE;
     }
+#if 0
     /* 
      * Is this an already authenticated connection with a new auth header?
      * No check for function required in the if: its compulsory for conn based 
@@ -487,6 +492,7 @@ authenticateAuthenticate(auth_user_reque
 	/* Set the connection auth type */
 	conn->auth_type = AUTH_UNKNOWN;
     }
+#endif
     /* we have a proxy auth header and as far as we know this connection has
      * not had bungled connection oriented authentication happen on it. */
     debug(28, 9) ("authenticateAuthenticate: header %s.\n", proxy_auth ? proxy_auth : NULL);
@@ -581,6 +587,7 @@ authenticateAuthenticate(auth_user_reque
     }
     /* Unlock the request - we've authenticated it */
     authenticateAuthUserRequestUnlock(*auth_user_request);
+    *auth_user_request = NULL;
     return AUTH_AUTHENTICATED;
 }
 
@@ -588,20 +595,27 @@ auth_acl_t
 authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr)
 {
     /* If we have already been called, return the cached value */
-    auth_user_request_t *t = authTryGetUser(auth_user_request, conn);
+    auth_user_request_t *t = authTryGetUser(auth_user_request, conn, request);
     auth_acl_t result;
     if (t && t->lastReply != AUTH_ACL_CANNOT_AUTHENTICATE
 	&& t->lastReply != AUTH_ACL_HELPER) {
-	if (!*auth_user_request)
+	if (!*auth_user_request) {
 	    *auth_user_request = t;
+	    authenticateAuthUserRequestLock(*auth_user_request);
+	}
+	if (!request->auth_user_request) {
+	    request->auth_user_request = t;
+	    authenticateAuthUserRequestLock(request->auth_user_request);
+	}
 	return t->lastReply;
     }
     /* ok, call the actual authenticator routine. */
     result = authenticateAuthenticate(auth_user_request, headertype, request, conn, src_addr);
-    t = authTryGetUser(auth_user_request, conn);
+    t = authTryGetUser(auth_user_request, conn, request);
     if (t && result != AUTH_ACL_CANNOT_AUTHENTICATE &&
-	result != AUTH_ACL_HELPER)
+	result != AUTH_ACL_HELPER) {
 	t->lastReply = result;
+    }
     return result;
 }
 
@@ -728,7 +742,7 @@ authenticateFixHeader(HttpReply * rep, a
 	    || (rep->sline.status == HTTP_UNAUTHORIZED)) && internal)
 	/* this is a authenticate-needed response */
     {
-	if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0) & !authenticateUserAuthenticated(auth_user_request))
+	if ((auth_user_request != NULL) && (auth_user_request->auth_user->auth_module > 0) && authenticateDirection(auth_user_request) == 1)
 	    authscheme_list[auth_user_request->auth_user->auth_module - 1].authFixHeader(auth_user_request, rep, type, request);
 	else {
 	    int i;
@@ -781,7 +795,7 @@ authenticateAuthUserUnlock(auth_user_t *
     if (auth_user->references > 0) {
 	auth_user->references--;
     } else {
-	debug(29, 1) ("Attempt to lower Auth User %p refcount below 0!\n", auth_user);
+	fatalf("Attempt to lower Auth User %p refcount below 0!\n", auth_user);
     }
     debug(29, 9) ("authenticateAuthUserUnlock auth_user '%p' now at '%ld'.\n", auth_user, (long int) auth_user->references);
     if (auth_user->references == 0)
diff -rupN squid-2.5.STABLE4/src/cache_cf.c squid-2.5.STABLE5/src/cache_cf.c
--- squid-2.5.STABLE4/src/cache_cf.c	Tue Jul  1 14:42:41 2003
+++ squid-2.5.STABLE5/src/cache_cf.c	Sat Dec  6 10:19:36 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: cache_cf.c,v 1.396.2.14 2003/07/01 20:42:41 wessels Exp $
+ * $Id: cache_cf.c,v 1.396.2.16 2003/12/06 17:19:36 hno Exp $
  *
  * DEBUG: section 3     Configuration File Parsing
  * AUTHOR: Harvest Derived
@@ -431,6 +431,14 @@ configDoConfigure(void)
 	    debug(22, 0) ("WARNING: 'maxconn' ACL (%s) won't work with client_db disabled\n", a->name);
 	}
     }
+    if (Config.negativeDnsTtl <= 0) {
+	debug(22, 0) ("WARNING: resetting negative_dns_ttl to 1 second\n");
+	Config.negativeDnsTtl = 1;
+    }
+    if (Config.positiveDnsTtl < Config.negativeDnsTtl) {
+	debug(22, 0) ("NOTICE: positive_dns_ttl must be larger than negative_dns_ttl. Resetting negative_dns_ttl to match\n");
+	Config.positiveDnsTtl = Config.negativeDnsTtl;
+    }
 }
 
 /* Parse a time specification from the config file.  Store the
@@ -504,6 +512,8 @@ parseBytesLine(size_t * bptr, const char
     else if ((m = parseBytesUnits(token)) == 0)
 	self_destruct();
     *bptr = m * d / u;
+    if ((double) *bptr != m * d / u)
+	self_destruct();
 }
 
 static size_t
diff -rupN squid-2.5.STABLE4/src/cf.data.pre squid-2.5.STABLE5/src/cf.data.pre
--- squid-2.5.STABLE4/src/cf.data.pre	Tue Sep  2 01:49:32 2003
+++ squid-2.5.STABLE5/src/cf.data.pre	Tue Feb 10 14:01:21 2004
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.245.2.50 2003/09/02 07:49:32 hno Exp $
+# $Id: cf.data.pre,v 1.245.2.61 2004/02/10 21:01:21 hno Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -1070,6 +1070,23 @@ DOC_START
 	connection then turn this off.
 DOC_END
 
+NAME: ftp_telnet_protocol
+TYPE: onoff
+DEFAULT: on
+LOC: Config.Ftp.telnet
+DOC_START
+	The FTP protocol is officially defined to use the telnet protocol
+	as transport channel for the control connection. However, many
+	implemenations are broken and does not respect this aspect of
+	the FTP protocol.
+
+	If you have trouble accessing files with ASCII code 255 in the
+	path or similar problems involving this ASCII code then you can
+	try setting this directive to off. If that helps report to the
+	operator of the FTP server in question that their FTP server
+	is broken and does not follow the FTP standard.
+DOC_END
+
 NAME: cache_dns_program
 TYPE: string
 IFDEF: USE_DNSSERVERS
@@ -1106,7 +1123,7 @@ DOC_END
 
 NAME: dns_timeout
 TYPE: time_t
-DEFAULT: 5 minutes
+DEFAULT: 2 minutes
 LOC: Config.Timeout.idns_query
 IFDEF: !USE_DNSSERVERS
 DOC_START
@@ -1246,174 +1263,204 @@ TYPE: authparam
 LOC: Config.authConfig
 DEFAULT: none
 DOC_START
-	This is used to pass parameters to the various authentication
-	schemes.
+	This is used to define parameters for the various authentication
+	schemes supported by Squid.
+
 	format: auth_param scheme parameter [setting]
 	
-	auth_param basic program @DEFAULT_PREFIX@/bin/ncsa_auth @DEFAULT_PREFIX@/etc/passwd	
-	would tell the basic authentication scheme it's program parameter.
-
-	The order that authentication prompts are presented to the client_agent
-	is dependant on the order the scheme first appears in config file.
-	IE has a bug (it's not rfc 2617 compliant) in that it will use the basic
-	scheme if basic is the first entry presented, even if more secure schemes
-	are presented. For now use the order in the file below. If other browsers
-	have difficulties (don't recognise the schemes offered even if you are using
-	basic) then either put basic first, or disable the other schemes (by commenting
-	out their program entry).
-
-	Once an authentication scheme is fully configured, it can only be shutdown
-	by shutting squid down and restarting. Changes can be made on the fly and
-	activated with a reconfigure. I.E. You can change to a different helper,
-	but not unconfigure the helper completely.
+	The order that authentication schemes are presented to the client is
+	dependant on the order the scheme first appears in config file. IE
+	has a bug (it's not rfc 2617 compliant) in that it will use the basic
+	scheme if basic is the first entry presented, even if more secure
+	schemes are presented. For now use the order in the recommended
+	settings section below. If other browsers have difficulties (don't
+	recognise the schemes offered even if you are using basic) then either
+	put basic first, or disable the other schemes (by commenting out their
+	program entry).
+
+	Once an authentication scheme is fully configured, it can only be
+	shutdown by shutting squid down and restarting. Changes can be made on
+	the fly and activated with a reconfigure. I.E. You can change to a
+	different helper, but not unconfigure the helper completely.
+
+	Please note that while this directive defines how Squid processes
+	authentication it does not automatically activate authentication.
+	To use authenticaiton you must in addition make use of acls based
+	on login name in http_access (proxy_auth, proxy_auth_regex or
+	external with %LOGIN used in the format tag). The browser will be
+	challenged for authentication on the first such acl encountered
+	in http_access processing and will also be rechallenged for new
+	login credentials if the request is being denied by a proxy_auth
+	type acl.
 
 	=== Parameters for the basic scheme follow. ===
 	
 	"program" cmdline
-	Specify the command for the external authenticator.  Such a
-	program reads a line containing "username password" and replies
-	"OK" or "ERR" in an endless loop.  If you use an authenticator,
-	make sure you have 1 acl of type proxy_auth.  By default, the
-	basic authentication sheme is not used unless a program is specified.
-
-	If you want to use the traditional proxy authentication,
-	jump over to the ../auth_modules/NCSA directory and
-	type:
+	Specify the command for the external authenticator.  Such a program
+	reads a line containing "username password" and replies "OK" or
+	"ERR" in an endless loop.
+
+	By default, the basic authentication sheme is not used unless a
+	program is specified.
+
+	If you want to use the traditional proxy authentication, jump over to
+	the helpers/basic_auth/NCSA directory and type:
 		% make
 		% make install
 
 	Then, set this line to something like
 
-	auth_param basic program @DEFAULT_PREFIX@/bin/ncsa_auth @DEFAULT_PREFIX@/etc/passwd
-
+	auth_param basic program @DEFAULT_PREFIX@/libexec/ncsa_auth @DEFAULT_PREFIX@/etc/passwd
+	
 	"children" numberofchildren
-	The number of authenticator processes to spawn (no default).
-	If you start too few Squid will have to wait for them to
-	process a backlog of usercode/password verifications, slowing
-	it down. When password verifications are done via a (slow)
-	network you are likely to need lots of authenticator
-	processes.
+	The number of authenticator processes to spawn.
+	If you start too few Squid will have to wait for them to process a
+	backlog of usercode/password verifications, slowing it down. When
+	password verifications are done via a (slow) network you are likely to
+	need lots of authenticator processes.
 	auth_param basic children 5
 
 	"realm" realmstring
-	Specifies the realm name which is to be reported to the
-	client for the basic proxy authentication scheme (part of
-	the text the user will see when prompted their username and
-	password). There is no default.
+	Specifies the realm name which is to be reported to the client for
+	the basic proxy authentication scheme (part of the text the user
+	will see when prompted their username and password).
 	auth_param basic realm Squid proxy-caching web server
 
 	"credentialsttl" timetolive
 	Specifies how long squid assumes an externally validated
-	username:password pair is valid for - in other words how
-	often the helper program is called for that user. Set this
-	low to force revalidation with short lived passwords.  Note
-	that setting this high does not impact your susceptability
-	to replay attacks unless you are using an one-time password
-	system (such as SecureID).  If you are using such a system,
-	you will be vulnerable to replay attacks unless you also
-	use the max_user_ip ACL in an http_access rule.
+	username:password pair is valid for - in other words how often the
+	helper program is called for that user. Set this low to force
+	revalidation with short lived passwords.  Note that setting this high
+	does not impact your susceptability to replay attacks unless you are
+	using an one-time password system (such as SecureID). If you are using
+	such a system, you will be vulnerable to replay attacks unless you
+	also use the max_user_ip ACL in an http_access rule.
+	auth_param basic credentialsttl 2 hours
 
 	=== Parameters for the digest scheme follow ===
 
 	"program" cmdline
-	Specify the command for the external authenticator.  Such
-	a program reads a line containing "username":"realm" and
-	replies with the appropriate H(A1) value base64 encoded.
-	See rfc 2616 for the definition of H(A1).  If you use an
-	authenticator, make sure you have 1 acl of type proxy_auth.
-	By default, authentication is not used.
-
-	If you want to use build an authenticator,
-	jump over to the ../digest_auth_modules directory and choose the
-	authenticator to use. It it's directory type
+	Specify the command for the external authenticator.  Such a program
+	reads a line containing "username":"realm" and replies with the
+	appropriate H(A1) value base64 encoded.  See rfc 2616 for the
+	definition of H(A1).
+
+	By default, the digest authentication scheme is not used unless a
+	program is specified.
+
+	If you want to use a digest authenticator, jump over to the
+	helpers/digest_auth/ directory and choose the authenticator to use.
+	It it's directory type
         	% make
 	        % make install
 
 	Then, set this line to something like
 
-	auth_param digest program @DEFAULT_PREFIX@/bin/digest_auth_pw @DEFAULT_PREFIX@/etc/digpass
+	auth_param digest program @DEFAULT_PREFIX@/libexec/digest_auth_pw @DEFAULT_PREFIX@/etc/digpass
 
 
 	"children" numberofchildren
-	The number of authenticator processes to spawn (no default).
-	If you start too few Squid will have to wait for them to
-	process a backlog of H(A1) calculations, slowing it down.
-	When the H(A1) calculations are done via a (slow) network
-	you are likely to need lots of authenticator processes.
+	The number of authenticator processes to spawn (no default). If you
+	start too few Squid will have to wait for them to process a backlog of
+	H(A1) calculations, slowing it down.  When the H(A1) calculations are
+	done via a (slow) network you are likely to need lots of authenticator
+	processes.
 	auth_param digest children 5
 
 	"realm" realmstring
-	Specifies the realm name which is to be reported to the
-	client for the digest proxy authentication scheme (part of
-	the text the user will see when prompted their username and
-	password). There is no default.
+	Specifies the realm name which is to be reported to the client for the
+	digest proxy authentication scheme (part of the text the user will see
+	when prompted their username and password).
 	auth_param digest realm Squid proxy-caching web server
 
 	"nonce_garbage_interval" timeinterval
-	Specifies the interval that nonces that have been issued
-	to client_agent's are checked for validity.
+	Specifies the interval that nonces that have been issued to clients are
+	checked for validity.
+	auth_param digest nonce_garbage_interval 5 minutes
 
 	"nonce_max_duration" timeinterval
-	Specifies the maximum length of time a given nonce will be
-	valid for.
+	Specifies the maximum length of time a given nonce will be valid for.
+	auth_param digest nonce_max_duration 30 minutes
 
 	"nonce_max_count" number
-	Specifies the maximum number of times a given nonce can be
-	used.
+	Specifies the maximum number of times a given nonce can be used.
+	auth_param digest nonce_max_count 50
 
 	"nonce_strictness" on|off
-	Determines if squid requires strict increment-by-1 behaviour
-	for nonce counts, or just incrementing (off - for use when
-	useragents generate nonce counts that occasionally miss 1
-	(ie, 1,2,4,6)). Default off.
+	Determines if squid requires strict increment-by-1 behaviour for nonce
+	counts, or just incrementing (off - for use when useragents generate
+	nonce counts that occasionally miss 1 (ie, 1,2,4,6)).
+	auth_param digest nonce_strictness off
 
 	"check_nonce_count" on|off
 	This directive if set to off can disable the nonce count check
-	completely to work around buggy digest qop implementations in
-	certain mainstream browser versions. Default on to check the
-	nonce count to protect from authentication replay attacks.
+	completely to work around buggy digest qop implementations in certain
+	mainstream browser versions. Default on to check the nonce count to
+	protect from authentication replay attacks.
+	auth_param digest check_nonce_count on
 
 	"post_workaround" on|off
-	This is a workaround to certain buggy browsers who sends
-	an incorrect request digest in POST requests when reusing
-	the same nonce as aquired earlier on a GET request.
+	This is a workaround to certain buggy browsers who sends an incorrect
+	request digest in POST requests when reusing the same nonce as aquired
+       	earlier in response to a GET request.
+	auth_param digest post_workaround off
 
 	=== NTLM scheme options follow ===
 
 	"program" cmdline
-	Specify the command for the external ntlm authenticator.
-	Such a program reads a line containing the uuencoded NEGOTIATE
-	and replies with the ntlm CHALLENGE, then waits for the
-	response and answers with "OK" or "ERR" in an endless loop.
-	If you use an ntlm authenticator, make sure you have 1 acl
-	of type proxy_auth.  By default, the ntlm authenticator_program
-	is not used.
+	Specify the command for the external ntlm authenticator. Such a
+	program participates in the NTLMSSP exchanges between Squid and the
+	client and reads commands according to the Squid ntlmssp helper
+	protocol. See helpers/ntlm_auth/ for details. Recommended ntlm
+	authenticator is ntlm_auth from Samba-3.X, but a number of other
+	ntlm authenticators is available.
 
-	auth_param ntlm program @DEFAULT_PREFIX@/bin/ntlm_auth
+	By default, the ntlm authentication scheme is not used unless a
+	program is specified.
+
+	auth_param ntlm program /path/to/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
 
 	"children" numberofchildren
-	The number of authenticator processes to spawn (no default).
-	If you start too few Squid will have to wait for them to
-	process a backlog of credential verifications, slowing it
-	down. When crendential verifications are done via a (slow)
-	network you are likely to need lots of authenticator
-	processes.
+	The number of authenticator processes to spawn (no default). If you
+	start too few Squid will have to wait for them to process a backlog
+	of credential verifications, slowing it down. When crendential
+	verifications are done via a (slow) network you are likely to need
+	lots of authenticator processes.
 	auth_param ntlm children 5
 
 	"max_challenge_reuses" number
-	The maximum number of times a challenge given by a ntlm
-	authentication helper can be reused. Increasing this number
-	increases your exposure to replay attacks on your network.
-	0 means use the challenge only once.  (disable challenge
-	caching) See max_ntlm_challenge_lifetime for more information.
+	The maximum number of times a challenge given by a ntlm authentication
+	helper can be reused. Increasing this number increases your exposure
+	to replay attacks on your network. 0 (the default) means use the
+	challenge is used only once. See also the max_ntlm_challenge_lifetime
+	directive if enabling challenge reuses.
 	auth_param ntlm max_challenge_reuses 0
 
 	"max_challenge_lifetime" timespan
-	The maximum time period that a ntlm challenge is reused
-	over.  The actual period will be the minimum of this time
-	AND the number of reused challenges.
+	The maximum time period that a ntlm challenge is reused over. The
+	actual period will be the minimum of this time AND the number of
+	reused challenges.
 	auth_param ntlm max_challenge_lifetime 2 minutes
 
+	"use_ntlm_negotiate" on|off
+	Enables support for NTLM NEGOTIATE packet exchanges with the helper.
+	The configured ntlm authenticator must be able to handle NTLM
+	NEGOTIATE packet. See the authenticator programs documentation if
+	unsure. ntlm_auth from Samba-3.0.2 or later supports the use of this
+	option.
+	The NEGOTIATE packet is required to support NTLMv2 and a
+	number of other negotiable NTLMSSP options, and also makes it
+	more likely the negotiation is successful. Enabling this parameter
+	will also solve problems encountered when NT domain policies
+	restrict users to access only certain workstations. When this is off,
+	all users must be allowed to log on the proxy servers too, or they'll
+	get "invalid workstation" errors - and access denied - when trying to
+	use Squid's services.
+	Use of ntlm NEGOTIATE is incompatible with challenge reuse, so
+	enabling this parameter will OVERRIDE the max_challenge_reuses and
+	max_challenge_lifetime parameters and set them to 0.
+	auth_param ntlm use_ntlm_negotiate off
+
 NOCOMMENT_START
 #Recommended minimum configuration:
 #auth_param digest program <uncomment and complete this line>
@@ -1426,6 +1473,7 @@ NOCOMMENT_START
 #auth_param ntlm children 5
 #auth_param ntlm max_challenge_reuses 0
 #auth_param ntlm max_challenge_lifetime 2 minutes
+#auth_param ntlm use_ntlm_negotiate off
 #auth_param basic program <uncomment and complete this line>
 auth_param basic children 5
 auth_param basic realm Squid proxy-caching web server
@@ -1438,10 +1486,10 @@ TYPE: time_t
 DEFAULT: 1 hour
 LOC: Config.authenticateGCInterval
 DOC_START
-	The time period between garbage collection across the
-	username cache.  This is a tradeoff between memory utilisation
-	(long intervals - say 2 days) and CPU (short intervals -
-	say 1 minute). Only change if you have good reason to.
+	The time period between garbage collection across the username cache.
+	This is a tradeoff between memory utilisation (long intervals - say
+	2 days) and CPU (short intervals - say 1 minute). Only change if you
+	have good reason to.
 DOC_END
 
 NAME: authenticate_ttl
@@ -1449,10 +1497,9 @@ TYPE: time_t
 DEFAULT: 1 hour
 LOC: Config.authenticateTTL
 DOC_START
-	The time a user & their credentials stay in the logged in
-	user cache since their last request. When the garbage
-	interval passes, all user credentials that have passed their
-	TTL are removed from memory.
+	The time a user & their credentials stay in the logged in user cache
+	since their last request. When the garbage interval passes, all user
+	credentials that have passed their TTL are removed from memory.
 DOC_END
 
 NAME: authenticate_ip_ttl
@@ -1460,13 +1507,12 @@ TYPE: time_t
 LOC: Config.authenticateIpTTL
 DEFAULT: 0 seconds
 DOC_START
-	If you use proxy authentication and the 'max_user_ip' ACL,
-	this directive controls how long Squid remembers the IP
-	addresses associated with each user.  Use a small value
-	(e.g., 60 seconds) if your users might change addresses
-	quickly, as is the case with dialups.   You might be safe
-	using a larger value (e.g., 2 hours) in a corporate LAN
-	environment with relatively static address assignments.
+	If you use proxy authentication and the 'max_user_ip' ACL, this
+	directive controls how long Squid remembers the IP addresses
+	associated with each user.  Use a small value (e.g., 60 seconds) if
+	your users might change addresses quickly, as is the case with
+	dialups. You might be safe using a larger value (e.g., 2 hours) in a
+	corporate LAN environment with relatively static address assignments.
 DOC_END
 
 NAME: external_acl_type
@@ -1474,8 +1520,8 @@ TYPE: externalAclHelper
 LOC: Config.externalAclHelperList
 DEFAULT: none
 DOC_START
-	This option defines external acl classes using a helper program
-	to look up the status
+	This option defines external acl classes using a helper program to
+	look up the status
 	
 	  external_acl_type name [options] FORMAT.. /path/to/helper [helper arguments..]
 	
@@ -1725,9 +1771,9 @@ TYPE: time_t
 LOC: Config.positiveDnsTtl
 DEFAULT: 6 hours
 DOC_START
-	Time-to-Live (TTL) for positive caching of successful DNS lookups.
-	Default is 6 hours (360 minutes).  If you want to minimize the
-	use of Squid's ipcache, set this to 1, not 0.
+	Upper limit on how long Squid will cache positive DNS responses.
+	Default is 6 hours (360 minutes). This directive must be set
+	larger than negative_dns_ttl.
 DOC_END
 
 
@@ -1735,9 +1781,12 @@ NAME: negative_dns_ttl
 COMMENT: time-units
 TYPE: time_t
 LOC: Config.negativeDnsTtl
-DEFAULT: 5 minutes
+DEFAULT: 1 minute
 DOC_START
 	Time-to-Live (TTL) for negative caching of failed DNS lookups.
+	This also makes sets the lower cache limit on positive lookups.
+	Minimum value is 1 second, and it is not recommendable to go
+	much below 10 seconds.
 DOC_END
 
 NAME: range_offset_limit
@@ -1768,17 +1817,25 @@ COMMENT_START
  -----------------------------------------------------------------------------
 COMMENT_END
 
+NAME: forward_timeout
+COMMENT: time-units
+TYPE: time_t
+LOC: Config.Timeout.forward
+DEFAULT: 4 minutes
+DOC_START
+	This parameter specifies how long Squid should at most attempt in
+	finding a forwarding path for the request before giving up.
+DOC_END
+
 NAME: connect_timeout
 COMMENT: time-units
 TYPE: time_t
 LOC: Config.Timeout.connect
-DEFAULT: 2 minutes
+DEFAULT: 1 minute
 DOC_START
-	Some systems (notably Linux) can not be relied upon to properly
-	time out connect(2) requests.  Therefore the Squid process
-	enforces its own timeout on server connections.  This parameter
-	specifies how long to wait for the connect to complete.  The
-	default is two minutes (120 seconds).
+	This parameter specifies how long to wait for the TCP connect to
+	the requested server or peer to complete before Squid should
+	attempt to find another path where to forward the request.
 DOC_END
 
 NAME: peer_connect_timeout
@@ -1947,6 +2004,7 @@ DOC_START
 	    h1:m1 must be less than h2:m2
 	acl aclname url_regex [-i] ^http:// ...	# regex matching on whole URL
 	acl aclname urlpath_regex [-i] \.gif$ ...	# regex matching on URL path
+	acl aclname urllogin [-i] [^a-zA-Z0-9] ...	# regex matching on URL login field
 	acl aclname port     80 70 21 ...
 	acl aclname port     0-1024 ...		# ranges allowed
 	acl aclname myport   3128 ...		# (local socket TCP port)
@@ -2098,7 +2156,7 @@ http_access deny CONNECT !SSL_ports
 #
 # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
 
-# Exampe rule allowing access from your local networks. Adapt
+# Example rule allowing access from your local networks. Adapt
 # to list your (internal) IP networks from where browsing should
 # be allowed
 #acl our_networks src 192.168.1.0/24 192.168.2.0/24
@@ -3093,6 +3151,17 @@ DOC_START
 	@DEFAULT_ICON_DIR@
 DOC_END
 
+NAME: short_icon_urls
+TYPE: onoff
+LOC: Config.icons.use_short_names
+DEFAULT: off
+DOC_START
+	If this is enabled then Squid will use short URLs for icons.
+
+	If off then the URLs for icons will always be absolute URLs
+	including the proxy name and port.
+DOC_END
+
 NAME: error_directory
 TYPE: string
 LOC: Config.errorDirectory
@@ -3107,15 +3176,18 @@ DOC_END
 NAME: maximum_single_addr_tries
 TYPE: int
 LOC: Config.retry.maxtries
-DEFAULT: 3
+DEFAULT: 1
 DOC_START
 	This sets the maximum number of connection attempts for a
 	host that only has one address (for multiple-address hosts,
 	each address is tried once).
 
-	The default value is three tries, the (not recommended)
+	The default value is one attempt, the (not recommended)
 	maximum is 255 tries.  A warning message will be generated
 	if it is set to a value greater than ten.
+
+	Note: This is in addition to the request reforwarding which
+	takes place if Squid fails to get a satisfying response.
 DOC_END
 
 NAME: snmp_port
@@ -3577,6 +3649,10 @@ DOC_START
 	By combining nonhierarchical_direct off and prefer_direct on you
 	can set up Squid to use a parent as a backup path if going direct
 	fails.
+
+	Note: If you want Squid to use parents for all requests then see
+	the never_direct directive. prefer_direct only modifies how Squid
+	acts on cachable requests.
 DOC_END
 
 NAME: strip_query_terms
@@ -3726,6 +3802,21 @@ DOC_START
 	default, Squid uses persistent connections (when allowed)
 	with its clients and servers.  You can use these options to
 	disable persistent connections with clients and/or servers.
+DOC_END
+
+NAME: detect_broken_pconn
+TYPE: onoff
+LOC: Config.onoff.detect_broken_server_pconns
+DEFAULT: off
+DOC_START
+	Some servers have been found to incorrectly signal the use
+	of HTTP/1.0 persistent connections even on replies not
+	compatible, causing significant delays. This server problem
+	has mostly been seen on redirects.
+
+	By enabling this directive Squid attempts to detect such
+	broken replies and automatically assume the reply is finished
+	after 10 seconds timeout.
 DOC_END
 
 NAME: pipeline_prefetch
diff -rupN squid-2.5.STABLE4/src/client.c squid-2.5.STABLE5/src/client.c
--- squid-2.5.STABLE4/src/client.c	Tue Jan  7 13:47:08 2003
+++ squid-2.5.STABLE5/src/client.c	Tue Feb 17 20:45:30 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client.c,v 1.94.2.5 2003/01/07 20:47:08 wessels Exp $
+ * $Id: client.c,v 1.94.2.6 2004/02/18 03:45:30 hno Exp $
  *
  * DEBUG: section 0     WWW Client
  * AUTHOR: Harvest Derived
@@ -262,7 +262,7 @@ main(int argc, char *argv[])
 	    exit(1);
 	}
 	snprintf(buf, BUFSIZ, "%s:%s", user, password);
-	snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %s\n", base64_encode(buf));
+	snprintf(buf, BUFSIZ, "Proxy-Authorization: Basic %s\r\n", base64_encode(buf));
 	strcat(msg, buf);
     }
     if (www_user) {
@@ -277,7 +277,7 @@ main(int argc, char *argv[])
 	    exit(1);
 	}
 	snprintf(buf, BUFSIZ, "%s:%s", user, password);
-	snprintf(buf, BUFSIZ, "Authorization: Basic %s\n", base64_encode(buf));
+	snprintf(buf, BUFSIZ, "Authorization: Basic %s\r\n", base64_encode(buf));
 	strcat(msg, buf);
     }
     if (keep_alive) {
diff -rupN squid-2.5.STABLE4/src/client_side.c squid-2.5.STABLE5/src/client_side.c
--- squid-2.5.STABLE4/src/client_side.c	Mon Sep  1 14:39:33 2003
+++ squid-2.5.STABLE5/src/client_side.c	Wed Feb 18 11:51:16 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.c,v 1.561.2.46 2003/09/01 20:39:33 hno Exp $
+ * $Id: client_side.c,v 1.561.2.54 2004/02/18 18:51:16 hno Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -100,6 +100,7 @@ static void clientProcessMiss(clientHttp
 static void clientBuildReplyHeader(clientHttpRequest * http, HttpReply * rep);
 static clientHttpRequest *parseHttpRequestAbort(ConnStateData * conn, const char *uri);
 static clientHttpRequest *parseHttpRequest(ConnStateData *, method_t *, int *, char **, size_t *);
+static void clientRedirectStart(clientHttpRequest * http);
 static RH clientRedirectDone;
 static void clientCheckNoCache(clientHttpRequest *);
 static void clientCheckNoCacheDone(int answer, void *data);
@@ -244,7 +245,7 @@ clientAccessCheckDone(int answer, void *
 	http->uri = xstrdup(urlCanonical(http->request));
 	assert(http->redirect_state == REDIRECT_NONE);
 	http->redirect_state = REDIRECT_PENDING;
-	redirectStart(http, clientRedirectDone, http);
+	clientRedirectStart(http);
     } else {
 	int require_auth = (answer == ACCESS_REQ_PROXY_AUTH || aclIsProxyAuth(AclMatchedName));
 	debug(33, 5) ("Access Denied: %s\n", http->uri);
@@ -293,6 +294,33 @@ clientAccessCheckDone(int answer, void *
 }
 
 static void
+clientRedirectAccessCheckDone(int answer, void *data)
+{
+    clientHttpRequest *http = data;
+    http->acl_checklist = NULL;
+    if (answer == ACCESS_ALLOWED)
+	redirectStart(http, clientRedirectDone, http);
+    else
+	clientRedirectDone(http, NULL);
+}
+
+static void
+clientRedirectStart(clientHttpRequest * http)
+{
+    debug(33, 5) ("clientRedirectStart: '%s'\n", http->uri);
+    if (Config.Program.redirect == NULL) {
+	clientRedirectDone(http, NULL);
+	return;
+    }
+    if (Config.accessList.redirector) {
+	http->acl_checklist = clientAclChecklistCreate(Config.accessList.redirector, http);
+	aclNBCheck(http->acl_checklist, clientRedirectAccessCheckDone, http);
+    } else {
+	redirectStart(http, clientRedirectDone, http);
+    }
+}
+
+static void
 clientRedirectDone(void *data, char *result)
 {
     clientHttpRequest *http = data;
@@ -785,8 +813,10 @@ httpRequestFree(void *data)
     MemObject *mem = NULL;
     debug(33, 3) ("httpRequestFree: %s\n", storeUrl(http->entry));
     if (!clientCheckTransferDone(http)) {
-	if (request && request->body_connection)
+	if (request && request->body_connection) {
 	    clientAbortBody(request);	/* abort request body transter */
+	    request->body_connection = NULL;
+	}
 	/* HN: This looks a bit odd.. why should client_side care about
 	 * the ICP selection status?
 	 */
@@ -1401,6 +1431,10 @@ clientBuildReplyHeader(clientHttpRequest
 	debug(33, 3) ("clientBuildReplyHeader: can't keep-alive, unknown body size\n");
 	request->flags.proxy_keepalive = 0;
     }
+    if (fdUsageHigh()) {
+	debug(33, 3) ("clientBuildReplyHeader: Not many unused FDs, can't keep-alive\n");
+	request->flags.proxy_keepalive = 0;
+    }
     /* Signal keep-alive if needed */
     httpHeaderPutStr(hdr,
 	http->flags.accel ? HDR_CONNECTION : HDR_PROXY_CONNECTION,
@@ -1818,6 +1852,8 @@ clientMaxBodySize(request_t * request, c
 {
     body_size *bs;
     aclCheck_t *checklist;
+    if (http->log_type == LOG_TCP_DENIED)
+	return;
     bs = (body_size *) Config.ReplyBodySize.head;
     while (bs) {
 	checklist = clientAclChecklistCreate(bs->access_list, http);
@@ -1935,18 +1971,18 @@ clientSendMoreData(void *data, char *buf
 	return;
     }
     if (http->out.offset == 0) {
-	if (Config.onoff.log_mime_hdrs) {
-	    size_t k;
-	    if ((k = headersEnd(buf, size))) {
-		safe_free(http->al.headers.reply);
-		http->al.headers.reply = xcalloc(k + 1, 1);
-		xstrncpy(http->al.headers.reply, buf, k);
-	    }
-	}
 	rep = clientBuildReply(http, buf, size);
 	if (rep) {
 	    aclCheck_t *ch;
 	    int rv;
+	    if (Config.onoff.log_mime_hdrs) {
+		size_t k;
+		if ((k = headersEnd(buf, size))) {
+		    safe_free(http->al.headers.reply);
+		    http->al.headers.reply = xcalloc(k + 1, 1);
+		    xstrncpy(http->al.headers.reply, buf, k);
+		}
+	    }
 	    clientMaxBodySize(http->request, http, rep);
 	    if (http->log_type != LOG_TCP_DENIED && clientReplyBodyTooLarge(http, rep->content_length)) {
 		ErrorState *err = errorCon(ERR_TOO_BIG, HTTP_FORBIDDEN);
@@ -1980,7 +2016,11 @@ clientSendMoreData(void *data, char *buf
 		    AclMatchedName ? AclMatchedName : "NO ACL's");
 		if (!rv) {
 		    ErrorState *err;
-		    err = errorCon(ERR_ACCESS_DENIED, HTTP_FORBIDDEN);
+		    err_type page_id;
+		    page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName);
+		    if (page_id == ERR_NONE)
+			page_id = ERR_ACCESS_DENIED;
+		    err = errorCon(page_id, HTTP_FORBIDDEN);
 		    err->request = requestLink(http->request);
 		    storeUnregister(http->sc, http->entry, http);
 		    http->sc = NULL;
@@ -1994,16 +2034,6 @@ clientSendMoreData(void *data, char *buf
 		    return;
 		}
 	    }
-	} else if (size < CLIENT_SOCK_SZ && entry->store_status == STORE_PENDING) {
-	    /* wait for more to arrive */
-	    storeClientCopy(http->sc, entry,
-		http->out.offset + size,
-		http->out.offset,
-		CLIENT_SOCK_SZ,
-		buf,
-		clientSendMoreData,
-		http);
-	    return;
 	}
 	/* reset range iterator */
 	http->range_iter.pos = HttpHdrRangeInitPos;
@@ -2338,16 +2368,6 @@ clientProcessRequest2(clientHttpRequest 
 	http->entry = e;
 	return LOG_TCP_HIT;
     }
-#if HTTP_VIOLATIONS
-    if (e->store_status == STORE_PENDING) {
-	if (r->flags.nocache || r->flags.nocache_hack) {
-	    debug(33, 3) ("Clearing no-cache for STORE_PENDING request\n\t%s\n",
-		storeUrl(e));
-	    r->flags.nocache = 0;
-	    r->flags.nocache_hack = 0;
-	}
-    }
-#endif
     if (r->flags.nocache) {
 	debug(33, 3) ("clientProcessRequest2: no-cache REFRESH MISS\n");
 	http->entry = NULL;
@@ -2495,7 +2515,7 @@ clientProcessMiss(clientHttpRequest * ht
 	storeReleaseRequest(http->entry);
 	httpRedirectReply(rep, http->redirect.status, http->redirect.location);
 	httpReplySwapOut(rep, http->entry);
-	httpReplyDestroy(rep);
+	httpReplyAbsorb(http->entry->mem_obj->reply, rep);
 	storeComplete(http->entry);
 	return;
     }
@@ -3040,6 +3060,8 @@ clientReadRequest(int fd, void *data)
 			http->flags.internal = 1;
 		    }
 		}
+		if (http->flags.internal)
+		    request->protocol = PROTO_HTTP;
 	    }
 	    /*
 	     * cache the Content-length value in request_t.
@@ -3260,8 +3282,7 @@ clientAbortBody(request_t * request)
     CBCB *callback;
     void *cbdata;
     int valid;
-    request->body_connection = NULL;
-    if (!conn->body.callback || !conn->body.request)
+    if (!conn->body.callback || conn->body.request != request)
 	return;
     buf = conn->body.buf;
     callback = conn->body.callback;
diff -rupN squid-2.5.STABLE4/src/comm.c squid-2.5.STABLE5/src/comm.c
--- squid-2.5.STABLE4/src/comm.c	Sun Mar 31 23:03:38 2002
+++ squid-2.5.STABLE5/src/comm.c	Sat Nov 29 11:52:59 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: comm.c,v 1.324.2.2 2002/04/01 06:03:38 wessels Exp $
+ * $Id: comm.c,v 1.324.2.3 2003/11/29 18:52:59 hno Exp $
  *
  * DEBUG: section 5     Socket Functions
  * AUTHOR: Harvest Derived
@@ -49,7 +49,6 @@ typedef struct {
     CNCB *callback;
     void *data;
     struct in_addr in_addr;
-    int locks;
     int fd;
     int tries;
     int addrcount;
@@ -272,7 +271,6 @@ commConnectStart(int fd, const char *hos
     cs->data = data;
     cbdataLock(cs->data);
     comm_add_close_handler(fd, commConnectFree, cs);
-    cs->locks++;
     ipcache_nbgethostbyname(host, commConnectDnsHandle, cs);
 }
 
@@ -280,8 +278,6 @@ static void
 commConnectDnsHandle(const ipcache_addrs * ia, void *data)
 {
     ConnectStateData *cs = data;
-    assert(cs->locks == 1);
-    cs->locks--;
     if (ia == NULL) {
 	debug(5, 3) ("commConnectDnsHandle: Unknown host: %s\n", cs->host);
 	if (!dns_error_message) {
@@ -398,6 +394,13 @@ commRetryConnect(ConnectStateData * cs)
     return commResetFD(cs);
 }
 
+static void
+commReconnect(void *data)
+{
+    ConnectStateData *cs = data;
+    ipcache_nbgethostbyname(cs->host, commConnectDnsHandle, cs);
+}
+
 /* Connect SOCK to specified DEST_PORT at DEST_HOST. */
 static void
 commConnectHandle(int fd, void *data)
@@ -425,8 +428,7 @@ commConnectHandle(int fd, void *data)
 	if (Config.onoff.test_reachability)
 	    netdbDeleteAddrNetwork(cs->S.sin_addr);
 	if (commRetryConnect(cs)) {
-	    cs->locks++;
-	    ipcache_nbgethostbyname(cs->host, commConnectDnsHandle, cs);
+	    eventAdd("commReconnect", commReconnect, cs, cs->addrcount == 1 ? 0.05 : 0.0, 0);
 	} else {
 	    commConnectCallback(cs, COMM_ERR_CONNECT);
 	}
diff -rupN squid-2.5.STABLE4/src/dns.c squid-2.5.STABLE5/src/dns.c
--- squid-2.5.STABLE4/src/dns.c	Tue Nov 12 00:12:22 2002
+++ squid-2.5.STABLE5/src/dns.c	Sat Dec  6 10:19:37 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: dns.c,v 1.86.2.1 2002/11/12 07:12:22 hno Exp $
+ * $Id: dns.c,v 1.86.2.2 2003/12/06 17:19:37 hno Exp $
  *
  * DEBUG: section 34    Dnsserver interface
  * AUTHOR: Harvest Derived
@@ -97,7 +97,7 @@ dnsSubmit(const char *lookup, HLPCB * ca
 	if (squid_curtime - first_warn > 3 * 60)
 	    fatal("DNS servers not responding for 3 minutes");
 	debug(34, 1) ("dnsSubmit: queue overload, rejecting %s\n", lookup);
-	callback(data, "$fail Temporary network problem, please retry later");
+	callback(data, (char *) "$fail Temporary network problem, please retry later");
 	return;
     }
     first_warn = 0;
@@ -112,7 +112,7 @@ variable_list *
 snmp_netDnsFn(variable_list * Var, snint * ErrP)
 {
     variable_list *Answer = NULL;
-    debug(49, 5) ("snmp_netDnsFn: Processing request:\n", Var->name[LEN_SQ_NET + 1]);
+    debug(49, 5) ("snmp_netDnsFn: Processing request: %d\n", Var->name[LEN_SQ_NET + 1]);
     snmpDebugOid(5, Var->name, Var->name_length);
     *ErrP = SNMP_ERR_NOERROR;
     switch (Var->name[LEN_SQ_NET + 1]) {
diff -rupN squid-2.5.STABLE4/src/dns_internal.c squid-2.5.STABLE5/src/dns_internal.c
--- squid-2.5.STABLE4/src/dns_internal.c	Tue Jun 25 05:44:35 2002
+++ squid-2.5.STABLE5/src/dns_internal.c	Sat Dec  6 10:19:37 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: dns_internal.c,v 1.45.2.1 2002/06/25 11:44:35 hno Exp $
+ * $Id: dns_internal.c,v 1.45.2.2 2003/12/06 17:19:37 hno Exp $
  *
  * DEBUG: section 78    DNS lookups; interacts with lib/rfc1035.c
  * AUTHOR: Duane Wessels
@@ -64,6 +64,8 @@ struct _idns_query {
     IDNSCB *callback;
     void *callback_data;
     int attempt;
+    const char *error;
+    int rcode;
 };
 
 struct _ns {
@@ -463,9 +465,12 @@ idnsGrokReply(const char *buf, size_t sz
     }
     dlinkDelete(&q->lru, &lru_list);
     idnsRcodeCount(n, q->attempt);
+    q->error = NULL;
     if (n < 0) {
 	debug(78, 3) ("idnsGrokReply: error %d\n", rfc1035_errno);
-	if (-2 == n && ++q->attempt < MAX_ATTEMPT) {
+	q->error = rfc1035_error_message;
+	q->rcode = -n;
+	if (q->rcode == 2 && ++q->attempt < MAX_ATTEMPT) {
 	    /*
 	     * RCODE 2 is "Server failure - The name server was
 	     * unable to process this query due to a problem with
@@ -481,7 +486,7 @@ idnsGrokReply(const char *buf, size_t sz
     valid = cbdataValid(q->callback_data);
     cbdataUnlock(q->callback_data);
     if (valid)
-	q->callback(q->callback_data, answers, n);
+	q->callback(q->callback_data, answers, n, q->error);
     rfc1035RRDestroy(answers, n);
     memFree(q, MEM_IDNS_QUERY);
 }
@@ -571,7 +576,7 @@ idnsCheckQueue(void *unused)
 	    /* name servers went away; reconfiguring or shutting down */
 	    break;
 	q = n->data;
-	if (tvSubDsec(q->sent_t, current_time) < Config.Timeout.idns_retransmit * (1 << q->nsends % nns))
+	if (tvSubDsec(q->sent_t, current_time) < Config.Timeout.idns_retransmit * 1 << ((q->nsends - 1) / nns))
 	    break;
 	debug(78, 3) ("idnsCheckQueue: ID %#04x timeout\n",
 	    q->id);
@@ -585,8 +590,12 @@ idnsCheckQueue(void *unused)
 		(int) q->id, q->nsends,
 		tvSubDsec(q->start_t, current_time));
 	    cbdataUnlock(q->callback_data);
-	    if (v)
-		q->callback(q->callback_data, NULL, 0);
+	    if (v) {
+		if (q->rcode != 0)
+		    q->callback(q->callback_data, NULL, -q->rcode, q->error);
+		else
+		    q->callback(q->callback_data, NULL, -16, "Timeout");
+	    }
 	    memFree(q, MEM_IDNS_QUERY);
 	}
     }
@@ -683,7 +692,7 @@ idnsALookup(const char *name, IDNSCB * c
     q->id = rfc1035BuildAQuery(name, q->buf, &q->sz);
     if (0 == q->id) {
 	/* problem with query data -- query not sent */
-	callback(data, NULL, 0);
+	callback(data, NULL, 0, "Internal error");
 	memFree(q, MEM_IDNS_QUERY);
 	return;
     }
diff -rupN squid-2.5.STABLE4/src/enums.h squid-2.5.STABLE5/src/enums.h
--- squid-2.5.STABLE4/src/enums.h	Mon Jan 20 17:06:39 2003
+++ squid-2.5.STABLE5/src/enums.h	Wed Feb  4 10:42:28 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: enums.h,v 1.203.2.8 2003/01/21 00:06:39 wessels Exp $
+ * $Id: enums.h,v 1.203.2.10 2004/02/04 17:42:28 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -136,6 +136,7 @@ typedef enum {
     ACL_REP_MIME_TYPE,
     ACL_MAX_USER_IP,
     ACL_EXTERNAL,
+    ACL_URLLOGIN,
     ACL_ENUM_MAX
 } squid_acl;
 
@@ -527,14 +528,6 @@ typedef enum {
     AUTH_DIGEST,
     AUTH_BROKEN			/* known type, but broken data */
 } auth_type_t;
-
-/* stateful helper callback response codes */
-typedef enum {
-    S_HELPER_UNKNOWN,
-    S_HELPER_RESERVE,
-    S_HELPER_RELEASE,
-    S_HELPER_DEFER
-} stateful_helper_callback_t;
 
 /* stateful helper reservation info */
 typedef enum {
diff -rupN squid-2.5.STABLE4/src/errorpage.c squid-2.5.STABLE5/src/errorpage.c
--- squid-2.5.STABLE4/src/errorpage.c	Tue May 27 01:20:55 2003
+++ squid-2.5.STABLE5/src/errorpage.c	Thu Nov  6 09:13:03 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: errorpage.c,v 1.167.2.8 2003/05/27 07:20:55 hno Exp $
+ * $Id: errorpage.c,v 1.167.2.9 2003/11/06 16:13:03 hno Exp $
  *
  * DEBUG: section 4     Error Generation
  * AUTHOR: Duane Wessels
@@ -192,7 +192,7 @@ errorTryLoadText(const char *page_name, 
 	text = NULL;
     }
     file_close(fd);
-    if (strstr(text, "%s") == NULL)
+    if (text && strstr(text, "%s") == NULL)
 	strcat(text, "%S");	/* add signature */
     return text;
 }
diff -rupN squid-2.5.STABLE4/src/external_acl.c squid-2.5.STABLE5/src/external_acl.c
--- squid-2.5.STABLE4/src/external_acl.c	Tue Sep  2 01:51:59 2003
+++ squid-2.5.STABLE5/src/external_acl.c	Tue Feb 17 21:00:08 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: external_acl.c,v 1.1.2.28 2003/09/02 07:51:59 hno Exp $
+ * $Id: external_acl.c,v 1.1.2.30 2004/02/18 04:00:08 hno Exp $
  *
  * DEBUG: section 82    External ACL
  * AUTHOR: Henrik Nordstrom, MARA Systems AB
@@ -423,7 +423,6 @@ aclMatchExternal(void *data, aclCheck_t 
 	/* Not sufficient data to process */
 	return -1;
     }
-    ch->auth_user_request = NULL;
     if (entry) {
 	if (entry->def != acl->def || strcmp(entry->hash.key, key) != 0) {
 	    /* Not ours.. get rid of it */
@@ -508,7 +507,7 @@ makeExternalAclKey(aclCheck_t * ch, exte
 	const char *str = NULL;
 	switch (format->type) {
 	case EXT_ACL_LOGIN:
-	    str = authenticateUserRequestUsername(ch->auth_user_request);
+	    str = authenticateUserRequestUsername(request->auth_user_request);
 	    break;
 #if USE_IDENT
 	case EXT_ACL_IDENT:
@@ -760,7 +759,6 @@ externalAclLookup(aclCheck_t * ch, void 
 	}
     }
     key = makeExternalAclKey(ch, acl);
-    ch->auth_user_request = NULL;
     if (!key) {
 	debug(82, 1) ("externalAclLookup: lookup in '%s', prerequisit failure\n", def->name);
 	callback(callback_data, NULL);
diff -rupN squid-2.5.STABLE4/src/fd.c squid-2.5.STABLE5/src/fd.c
--- squid-2.5.STABLE4/src/fd.c	Sun Aug 26 16:24:56 2001
+++ squid-2.5.STABLE5/src/fd.c	Sun Dec 14 05:30:36 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: fd.c,v 1.43 2001/08/26 22:24:56 hno Exp $
+ * $Id: fd.c,v 1.43.2.1 2003/12/14 12:30:36 hno Exp $
  *
  * DEBUG: section 51    Filedescriptor Functions
  * AUTHOR: Duane Wessels
@@ -176,6 +176,17 @@ int
 fdNFree(void)
 {
     return Squid_MaxFD - Number_FD - Opening_FD;
+}
+
+int
+fdUsageHigh(void)
+{
+    int nrfree = fdNFree();
+    if (nrfree < (RESERVED_FD << 1))
+	return 1;
+    if (nrfree < (Number_FD >> 2))
+	return 1;
+    return 0;
 }
 
 /* Called when we runs out of file descriptors */
diff -rupN squid-2.5.STABLE4/src/forward.c squid-2.5.STABLE5/src/forward.c
--- squid-2.5.STABLE4/src/forward.c	Wed Aug  6 07:49:01 2003
+++ squid-2.5.STABLE5/src/forward.c	Wed Feb 18 06:44:55 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: forward.c,v 1.82.2.4 2003/08/06 13:49:01 hno Exp $
+ * $Id: forward.c,v 1.82.2.12 2004/02/18 13:44:55 hno Exp $
  *
  * DEBUG: section 17    Request Forwarding
  * AUTHOR: Duane Wessels
@@ -42,6 +42,7 @@ static void fwdConnectStart(void *);	/* 
 static void fwdStateFree(FwdState * fwdState);
 static PF fwdConnectTimeout;
 static PF fwdServerClosed;
+static PF fwdPeerClosed;
 static CNCB fwdConnectDone;
 static int fwdCheckRetry(FwdState * fwdState);
 static int fwdReforward(FwdState *);
@@ -119,8 +120,6 @@ fwdStateFree(FwdState * fwdState)
 	fwdState->server_fd = -1;
 	debug(17, 3) ("fwdStateFree: closing FD %d\n", sfd);
 	comm_close(sfd);
-	if (p)
-	    p->stats.conn_open--;
     }
     cbdataFree(fwdState);
 }
@@ -136,7 +135,9 @@ fwdCheckRetry(FwdState * fwdState)
 	return 0;
     if (fwdState->n_tries > 10)
 	return 0;
-    if (squid_curtime - fwdState->start > Config.Timeout.connect)
+    if (fwdState->origin_tries > 2)
+	return 0;
+    if (squid_curtime - fwdState->start >= Config.Timeout.forward)
 	return 0;
     if (fwdState->flags.dont_retry)
 	return 0;
@@ -180,6 +181,7 @@ fwdServerClosed(int fd, void *data)
     assert(fwdState->server_fd == fd);
     fwdState->server_fd = -1;
     if (fwdCheckRetry(fwdState)) {
+	int originserver = (fwdState->servers->peer == NULL);
 	debug(17, 3) ("fwdServerClosed: re-forwarding (%d tries, %d secs)\n",
 	    fwdState->n_tries,
 	    (int) (squid_curtime - fwdState->start));
@@ -197,10 +199,11 @@ fwdServerClosed(int fd, void *data)
 		/* Use next. The last "direct" entry is retried multiple times */
 		fwdState->servers = fs->next;
 		fwdServerFree(fs);
+		originserver = 0;
 	    }
 	}
-	/* use eventAdd to break potential call sequence loops */
-	eventAdd("fwdConnectStart", fwdConnectStart, fwdState, 0.0, 0);
+	/* use eventAdd to break potential call sequence loops and to slow things down a little */
+	eventAdd("fwdConnectStart", fwdConnectStart, fwdState, originserver ? 0.05 : 0.005, 0);
 	return;
     }
     if (!fwdState->err && shutting_down) {
@@ -235,8 +238,6 @@ fwdConnectDone(int server_fd, int status
 	err->dnsserver_msg = xstrdup(dns_error_message);
 	err->request = requestLink(request);
 	fwdFail(fwdState, err);
-	if (fs->peer)
-	    fs->peer->stats.conn_open--;
 	comm_close(server_fd);
     } else if (status != COMM_OK) {
 	assert(fs);
@@ -251,10 +252,8 @@ fwdConnectDone(int server_fd, int status
 	}
 	err->request = requestLink(request);
 	fwdFail(fwdState, err);
-	if (fs->peer) {
+	if (fs->peer)
 	    peerConnectFailed(fs->peer);
-	    fs->peer->stats.conn_open--;
-	}
 	comm_close(server_fd);
     } else {
 	debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
@@ -279,7 +278,6 @@ fwdConnectTimeout(int fd, void *data)
     FwdState *fwdState = data;
     StoreEntry *entry = fwdState->entry;
     ErrorState *err;
-    peer *p = fwdStateServerPeer(fwdState);
     debug(17, 2) ("fwdConnectTimeout: FD %d: '%s'\n", fd, storeUrl(entry));
     assert(fd == fwdState->server_fd);
     if (entry->mem_obj->inmem_hi == 0) {
@@ -294,8 +292,6 @@ fwdConnectTimeout(int fd, void *data)
 	    if (fwdState->servers->peer)
 		peerConnectFailed(fwdState->servers->peer);
     }
-    if (p)
-	p->stats.conn_open--;
     comm_close(fd);
 }
 
@@ -361,7 +357,8 @@ fwdConnectStart(void *data)
     FwdServer *fs = fwdState->servers;
     const char *host;
     unsigned short port;
-    time_t ctimeout;
+    int ctimeout;
+    int ftimeout = Config.Timeout.forward - (squid_curtime - fwdState->start);
     struct in_addr outgoing;
     unsigned short tos;
     assert(fs);
@@ -382,14 +379,26 @@ fwdConnectStart(void *data)
 	port = fwdState->request->port;
 	ctimeout = Config.Timeout.connect;
     }
-    if (fwdCheckRetriable(fwdState)) {
-	if ((fd = pconnPop(host, port)) >= 0) {
+    if (ftimeout < 0)
+	ftimeout = 5;
+    if (ftimeout < ctimeout)
+	ctimeout = ftimeout;
+    if ((fd = pconnPop(host, port)) >= 0) {
+	if (fwdCheckRetriable(fwdState)) {
 	    debug(17, 3) ("fwdConnectStart: reusing pconn FD %d\n", fd);
 	    fwdState->server_fd = fd;
 	    fwdState->n_tries++;
+	    if (!fs->peer)
+		fwdState->origin_tries++;
 	    comm_add_close_handler(fd, fwdServerClosed, fwdState);
 	    fwdConnectDone(fd, COMM_OK, fwdState);
 	    return;
+	} else {
+	    /* Discard the persistent connection to not cause
+	     * a imbalance in number of conenctions open if there
+	     * is a lot of POST requests
+	     */
+	    comm_close(fd);
 	}
     }
 #if URL_CHECKSUM_DEBUG
@@ -418,14 +427,18 @@ fwdConnectStart(void *data)
     }
     fwdState->server_fd = fd;
     fwdState->n_tries++;
+    if (!fs->peer)
+	fwdState->origin_tries++;
     /*
      * stats.conn_open is used to account for the number of
      * connections that we have open to the peer, so we can limit
      * based on the max-conn option.  We need to increment here,
      * even if the connection may fail.
      */
-    if (fs->peer)
+    if (fs->peer) {
 	fs->peer->stats.conn_open++;
+	comm_add_close_handler(fd, fwdPeerClosed, fs->peer);
+    }
     comm_add_close_handler(fd, fwdServerClosed, fwdState);
     commSetTimeout(fd,
 	ctimeout,
@@ -525,11 +538,6 @@ fwdDispatch(FwdState * fwdState)
 	     * transient (network) error; its a bug.
 	     */
 	    fwdState->flags.dont_retry = 1;
-	    /*
-	     * this assertion exists because if we are connected to
-	     * a peer, then we need to decrement p->stats.conn_open.
-	     */
-	    assert(NULL == p);
 	    comm_close(fwdState->server_fd);
 	    break;
 	}
@@ -554,6 +562,8 @@ fwdReforward(FwdState * fwdState)
     }
     if (fwdState->n_tries > 9)
 	return 0;
+    if (fwdState->origin_tries > 1)
+	return 0;
     if (fwdState->request->flags.body_sent)
 	return 0;
     assert(fs);
@@ -592,7 +602,7 @@ fwdStart(int fd, StoreEntry * e, request
      * from peer_digest.c, asn.c, netdb.c, etc and should always
      * be allowed.  yuck, I know.
      */
-    if (r->client_addr.s_addr != no_addr.s_addr) {
+    if (r->client_addr.s_addr != no_addr.s_addr && r->protocol != PROTO_INTERNAL && r->protocol != PROTO_CACHEOBJ) {
 	/*      
 	 * Check if this host is allowed to fetch MISSES from us (miss_access)
 	 */
@@ -603,7 +613,11 @@ fwdStart(int fd, StoreEntry * e, request
 	ch.request = r;
 	answer = aclCheckFast(Config.accessList.miss, &ch);
 	if (answer == 0) {
-	    err = errorCon(ERR_FORWARDING_DENIED, HTTP_FORBIDDEN);
+	    err_type page_id;
+	    page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName);
+	    if (page_id == ERR_NONE)
+		page_id = ERR_FORWARDING_DENIED;
+	    err = errorCon(page_id, HTTP_FORBIDDEN);
 	    err->request = requestLink(r);
 	    err->src_addr = r->client_addr;
 	    errorAppendEntry(e, err);
@@ -706,6 +720,16 @@ fwdAbort(void *data)
     FwdState *fwdState = data;
     debug(17, 2) ("fwdAbort: %s\n", storeUrl(fwdState->entry));
     fwdStateFree(fwdState);
+}
+
+/*
+ * Accounts for closed persistent connections
+ */
+static void
+fwdPeerClosed(int fd, void *data)
+{
+    peer *p = data;
+    p->stats.conn_open--;
 }
 
 /*
diff -rupN squid-2.5.STABLE4/src/fqdncache.c squid-2.5.STABLE5/src/fqdncache.c
--- squid-2.5.STABLE4/src/fqdncache.c	Wed Oct 24 00:16:16 2001
+++ squid-2.5.STABLE5/src/fqdncache.c	Sat Dec  6 10:19:37 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: fqdncache.c,v 1.149 2001/10/24 06:16:16 hno Exp $
+ * $Id: fqdncache.c,v 1.149.2.4 2003/12/06 17:19:37 hno Exp $
  *
  * DEBUG: section 35    FQDN Cache
  * AUTHOR: Harvest Derived
@@ -72,10 +72,10 @@ static dlink_list lru_list;
 
 #if USE_DNSSERVERS
 static HLPCB fqdncacheHandleReply;
-static fqdncache_entry *fqdncacheParse(const char *buf);
+static fqdncache_entry *fqdncacheParse(fqdncache_entry *, const char *buf);
 #else
 static IDNSCB fqdncacheHandleReply;
-static fqdncache_entry *fqdncacheParse(rfc1035_rr *, int);
+static fqdncache_entry *fqdncacheParse(fqdncache_entry *, rfc1035_rr *, int, const char *error_message);
 #endif
 static void fqdncacheRelease(fqdncache_entry *);
 static fqdncache_entry *fqdncacheCreateEntry(const char *name);
@@ -189,11 +189,15 @@ fqdncacheCreateEntry(const char *name)
 static void
 fqdncacheAddEntry(fqdncache_entry * f)
 {
-    hash_link *e = hash_lookup(fqdn_table, f->hash.key);
+    fqdncache_entry *e = (fqdncache_entry *) hash_lookup(fqdn_table, f->hash.key);
     if (NULL != e) {
-	/* avoid colission */
-	fqdncache_entry *q = (fqdncache_entry *) e;
-	fqdncacheRelease(q);
+	/* avoid collision */
+	if (f->flags.negcached && !e->flags.negcached && e->expires > squid_curtime) {
+	    /* Don't waste good information */
+	    fqdncacheFreeEntry(f);
+	    return;
+	}
+	fqdncacheRelease(e);
     }
     hash_join(fqdn_table, &f->hash);
     dlinkAdd(f, &f->lru, &lru_list);
@@ -222,93 +226,101 @@ fqdncacheCallback(fqdncache_entry * f)
 
 static fqdncache_entry *
 #if USE_DNSSERVERS
-fqdncacheParse(const char *inbuf)
+fqdncacheParse(fqdncache_entry * f, const char *inbuf)
 {
     LOCAL_ARRAY(char, buf, DNS_INBUF_SZ);
     char *token;
-    static fqdncache_entry f;
     int ttl;
-    memset(&f, '\0', sizeof(f));
-    f.expires = squid_curtime;
-    f.flags.negcached = 1;
+    const char *name = (const char *) f->hash.key;
+    f->expires = squid_curtime + Config.negativeDnsTtl;
+    f->flags.negcached = 1;
     if (inbuf == NULL) {
-	debug(35, 1) ("fqdncacheParse: Got <NULL> reply\n");
-	return &f;
+	debug(35, 1) ("fqdncacheParse: Got <NULL> reply in response to '%s'\n", name);
+	f->error_message = xstrdup("Internal Error");
+	return f;
     }
     xstrncpy(buf, inbuf, DNS_INBUF_SZ);
     debug(35, 5) ("fqdncacheParse: parsing: {%s}\n", buf);
     token = strtok(buf, w_space);
     if (NULL == token) {
-	debug(35, 1) ("fqdncacheParse: Got <NULL>, expecting '$name'\n");
-	return &f;
+	debug(35, 1) ("fqdncacheParse: Got <NULL>, expecting '$name' in response to '%s'\n", name);
+	f->error_message = xstrdup("Internal Error");
+	return f;
     }
     if (0 == strcmp(token, "$fail")) {
-	f.expires = squid_curtime + Config.negativeDnsTtl;
 	token = strtok(NULL, "\n");
 	assert(NULL != token);
-	f.error_message = xstrdup(token);
-	return &f;
+	f->error_message = xstrdup(token);
+	return f;
     }
     if (0 != strcmp(token, "$name")) {
-	debug(35, 1) ("fqdncacheParse: Got '%s', expecting '$name'\n", token);
-	return &f;
+	debug(35, 1) ("fqdncacheParse: Got '%s', expecting '$name' in response to '%s'\n", inbuf, name);
+	f->error_message = xstrdup("Internal Error");
+	return f;
     }
     token = strtok(NULL, w_space);
     if (NULL == token) {
-	debug(35, 1) ("fqdncacheParse: Got <NULL>, expecting TTL\n");
-	return &f;
+	debug(35, 1) ("fqdncacheParse: Got '%s', expecting TTL in response to '%s'\n", inbuf, name);
+	f->error_message = xstrdup("Internal Error");
+	return f;
     }
-    f.flags.negcached = 0;
+    f->flags.negcached = 0;
     ttl = atoi(token);
-    if (ttl > 0)
-	f.expires = squid_curtime + ttl;
-    else
-	f.expires = squid_curtime + Config.positiveDnsTtl;
+    if (ttl == 0 || ttl > Config.positiveDnsTtl)
+	ttl = Config.positiveDnsTtl;
+    if (ttl < Config.negativeDnsTtl)
+	ttl = Config.negativeDnsTtl;
+    f->expires = squid_curtime + ttl;
     token = strtok(NULL, w_space);
     if (NULL != token) {
-	f.names[0] = xstrdup(token);
-	f.name_count = 1;
+	f->names[0] = xstrdup(token);
+	f->name_count = 1;
     }
-    return &f;
+    return f;
 }
 #else
-fqdncacheParse(rfc1035_rr * answers, int nr)
+fqdncacheParse(fqdncache_entry * f, rfc1035_rr * answers, int nr, const char *error_message)
 {
-    static fqdncache_entry f;
     int k;
-    int na = 0;
-    memset(&f, '\0', sizeof(f));
-    f.expires = squid_curtime;
-    f.flags.negcached = 1;
+    int ttl = 0;
+    const char *name = (const char *) f->hash.key;
+    f->expires = squid_curtime + Config.negativeDnsTtl;
+    f->flags.negcached = 1;
     if (nr < 0) {
-	debug(35, 3) ("fqdncacheParse: Lookup failed (error %d)\n",
-	    rfc1035_errno);
-	assert(rfc1035_error_message);
-	f.error_message = xstrdup(rfc1035_error_message);
-	return &f;
+	debug(35, 3) ("fqdncacheParse: Lookup of '%s' failed (%s)\n", name, error_message);
+	f->error_message = xstrdup(error_message);
+	return f;
     }
     if (nr == 0) {
-	debug(35, 3) ("fqdncacheParse: No DNS records\n");
-	f.error_message = xstrdup("No DNS records");
-	return &f;
+	debug(35, 3) ("fqdncacheParse: No DNS records for '%s'\n", name);
+	f->error_message = xstrdup("No DNS records");
+	return f;
     }
-    debug(35, 3) ("fqdncacheParse: %d answers\n", nr);
+    debug(35, 3) ("fqdncacheParse: %d answers for '%s'\n", nr, name);
     assert(answers);
     for (k = 0; k < nr; k++) {
 	if (answers[k].type != RFC1035_TYPE_PTR)
 	    continue;
 	if (answers[k].class != RFC1035_CLASS_IN)
 	    continue;
-	na++;
-	f.flags.negcached = 0;
-	f.names[0] = xstrdup(answers[k].rdata);
-	f.name_count = 1;
-	f.expires = squid_curtime + answers[k].ttl;
-	return &f;
-    }
-    debug(35, 1) ("fqdncacheParse: No PTR record\n");
-    f.error_message = xstrdup("No PTR record");
-    return &f;
+	f->names[f->name_count++] = xstrndup(answers[k].rdata, answers[k].rdlength);
+	if (ttl == 0 || answers[k].ttl < ttl)
+	    ttl = answers[k].ttl;
+	if (f->name_count >= FQDN_MAX_NAMES)
+	    break;
+    }
+    if (f->name_count == 0) {
+	debug(35, 1) ("fqdncacheParse: No PTR record\n");
+	f->error_message = xstrdup("No PTR record");
+	return f;
+    }
+    if (ttl == 0 || ttl > Config.positiveDnsTtl)
+	ttl = Config.positiveDnsTtl;
+    if (ttl < Config.negativeDnsTtl)
+	ttl = Config.negativeDnsTtl;
+    f->expires = squid_curtime + ttl;
+    f->flags.negcached = 0;
+    return f;
 }
 #endif
 
@@ -316,30 +328,22 @@ static void
 #if USE_DNSSERVERS
 fqdncacheHandleReply(void *data, char *reply)
 #else
-fqdncacheHandleReply(void *data, rfc1035_rr * answers, int na)
+fqdncacheHandleReply(void *data, rfc1035_rr * answers, int na, const char *error_message)
 #endif
 {
     int n;
     generic_cbdata *c = data;
     fqdncache_entry *f = c->data;
-    fqdncache_entry *x = NULL;
     cbdataFree(c);
     c = NULL;
     n = ++FqdncacheStats.replies;
     statHistCount(&statCounter.dns.svc_time,
 	tvSubMsec(f->request_time, current_time));
 #if USE_DNSSERVERS
-    x = fqdncacheParse(reply);
+    fqdncacheParse(f, reply);
 #else
-    x = fqdncacheParse(answers, na);
+    fqdncacheParse(f, answers, na, error_message);
 #endif
-    assert(x);
-    f->name_count = x->name_count;
-    for (n = 0; n < (int) f->name_count; n++)
-	f->names[n] = x->names[n];
-    f->error_message = x->error_message;
-    f->expires = x->expires;
-    f->flags = x->flags;
     fqdncacheAddEntry(f);
     fqdncacheCallback(f);
 }
diff -rupN squid-2.5.STABLE4/src/ftp.c squid-2.5.STABLE5/src/ftp.c
--- squid-2.5.STABLE4/src/ftp.c	Wed Jul 16 07:42:51 2003
+++ squid-2.5.STABLE5/src/ftp.c	Tue Feb 24 16:31:22 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ftp.c,v 1.316.2.10 2003/07/16 13:42:51 hno Exp $
+ * $Id: ftp.c,v 1.316.2.13 2004/02/24 23:31:22 hno Exp $
  *
  * DEBUG: section 9     File Transfer Protocol (FTP)
  * AUTHOR: Harvest Derived
@@ -336,10 +336,10 @@ ftpLoginParser(const char *login, FtpSta
     }
     if (escaped)
 	rfc1738_unescape(ftpState->user);
-    if (ftpState->user[0] || ftpState->password[0])
-	return;
-    xstrncpy(ftpState->user, "anonymous", MAX_URL);
-    xstrncpy(ftpState->password, Config.Ftp.anon_user, MAX_URL);
+    if (!ftpState->user[0])
+	xstrncpy(ftpState->user, "anonymous", MAX_URL);
+    if (strcmp(ftpState->user, "anonymous") == 0 && !ftpState->password[0])
+	xstrncpy(ftpState->password, Config.Ftp.anon_user, MAX_URL);
 }
 
 static void
@@ -1131,16 +1131,55 @@ ftpStart(FwdState * fwd)
 
 /* ====================================================================== */
 
+/* escapes any IAC (0xFF) characters. Returns a new string */
+static char *
+escapeIAC(const char *buf)
+{
+    int n;
+    char *ret;
+    unsigned const char *p;
+    unsigned char *r;
+    for (p = (unsigned const char *) buf, n = 1; *p; n++, p++)
+	if (*p == 255)
+	    n++;
+    ret = xmalloc(n);
+    for (p = (unsigned const char *) buf, r = (unsigned char *) ret; *p; p++) {
+	*r++ = *p;
+	if (*p == 255)
+	    *r++ = 255;
+    }
+    *r++ = '\0';
+    assert((r - (unsigned char *) ret) == n);
+    return ret;
+}
+
+/* removes any telnet options. Same string returned */
+static char *
+decodeTelnet(char *buf)
+{
+    char *p = buf;
+    while ((p = strstr(p, "\377\377")) != NULL) {
+	p++;
+	memmove(p, p + 1, strlen(p + 1) + 1);
+    }
+    return buf;
+}
+
 static void
 ftpWriteCommand(const char *buf, FtpStateData * ftpState)
 {
+    char *ebuf;
     debug(9, 5) ("ftpWriteCommand: %s\n", buf);
+    if (Config.Ftp.telnet)
+	ebuf = escapeIAC(buf);
+    else
+	ebuf = xstrdup(buf);
     safe_free(ftpState->ctrl.last_command);
     safe_free(ftpState->ctrl.last_reply);
     ftpState->ctrl.last_command = xstrdup(buf);
     comm_write(ftpState->ctrl.fd,
-	xstrdup(buf),
-	strlen(buf),
+	ebuf,
+	strlen(ebuf),
 	ftpWriteCommandCallback,
 	ftpState,
 	xfree);
@@ -1219,6 +1258,8 @@ ftpParseControlReply(char *buf, size_t l
 	list = memAllocate(MEM_WORDLIST);
 	list->key = xmalloc(linelen - offset);
 	xstrncpy(list->key, s + offset, linelen - offset);
+	if (Config.Ftp.telnet)
+	    decodeTelnet(list->key);
 	debug(9, 7) ("%d %s\n", code, list->key);
 	*tail = list;
 	tail = &list->next;
@@ -2264,6 +2305,8 @@ static void
 ftpDataWriteCallback(int fd, char *buf, size_t size, int err, void *data)
 {
     FtpStateData *ftpState = (FtpStateData *) data;
+    if (err == COMM_ERR_CLOSING)
+	return;
     if (!err) {
 	/* Shedule the rest of the request */
 	clientReadBody(ftpState->request, ftpState->data.buf, ftpState->data.size, ftpRequestBody, ftpState);
diff -rupN squid-2.5.STABLE4/src/gopher.c squid-2.5.STABLE5/src/gopher.c
--- squid-2.5.STABLE4/src/gopher.c	Sun Sep  1 06:38:04 2002
+++ squid-2.5.STABLE5/src/gopher.c	Sat Nov 29 01:38:36 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: gopher.c,v 1.162.2.6 2002/09/01 12:38:04 hno Exp $
+ * $Id: gopher.c,v 1.162.2.7 2003/11/29 08:38:36 hno Exp $
  *
  * DEBUG: section 10    Gopher
  * AUTHOR: Harvest Derived
@@ -77,9 +77,9 @@ typedef struct gopher_ds {
 	HTML_CSO_PAGE
     } conversion;
     int HTML_header_added;
+    int HTML_pre;
     char type_id;
     char request[MAX_URL];
-    int data_in;
     int cso_recno;
     int len;
     char *buf;			/* pts to a 4k page */
@@ -265,10 +265,10 @@ static void
 gopherEndHTML(GopherStateData * gopherState)
 {
     StoreEntry *e = gopherState->entry;
-    if (!gopherState->data_in) {
+    if (!gopherState->HTML_header_added) {
 	gopherHTMLHeader(e, "Server Return Nothing", NULL);
 	storeAppendPrintf(e, "<P>The Gopher query resulted in a blank response</P>");
-    } else {
+    } else if (gopherState->HTML_pre) {
 	storeAppendPrintf(e, "</PRE>\n");
     }
     gopherHTMLFooter(e);
@@ -310,8 +310,7 @@ gopherToHTML(GopherStateData * gopherSta
 	gopherHTMLFooter(entry);
 	/* now let start sending stuff to client */
 	storeBufferFlush(entry);
-	gopherState->data_in = 1;
-
+	gopherState->HTML_header_added = 1;
 	return;
     }
     if (gopherState->conversion == HTML_CSO_PAGE) {
@@ -324,8 +323,7 @@ gopherToHTML(GopherStateData * gopherSta
 	gopherHTMLFooter(entry);
 	/* now let start sending stuff to client */
 	storeBufferFlush(entry);
-	gopherState->data_in = 1;
-
+	gopherState->HTML_header_added = 1;
 	return;
     }
     inbuf[len] = '\0';
@@ -337,6 +335,7 @@ gopherToHTML(GopherStateData * gopherSta
 	    gopherHTMLHeader(entry, "Gopher Menu", NULL);
 	strCat(outbuf, "<PRE>");
 	gopherState->HTML_header_added = 1;
+	gopherState->HTML_pre = 1;
     }
     while ((pos != NULL) && (pos < inbuf + len)) {
 
@@ -505,7 +504,6 @@ gopherToHTML(GopherStateData * gopherSta
 			}
 			safe_free(escaped_selector);
 			strCat(outbuf, tmpbuf);
-			gopherState->data_in = 1;
 		    } else {
 			memset(line, '\0', TEMP_BUF_SIZE);
 			continue;
@@ -543,7 +541,6 @@ gopherToHTML(GopherStateData * gopherSta
 			snprintf(tmpbuf, TEMP_BUF_SIZE, "%s\n", html_quote(result));
 		    }
 		    strCat(outbuf, tmpbuf);
-		    gopherState->data_in = 1;
 		    break;
 		} else {
 		    int code;
@@ -571,7 +568,6 @@ gopherToHTML(GopherStateData * gopherSta
 			    /* Print the message the server returns */
 			    snprintf(tmpbuf, TEMP_BUF_SIZE, "</PRE><HR noshade size=\"1px\"><H2>%s</H2>\n<PRE>", html_quote(result));
 			    strCat(outbuf, tmpbuf);
-			    gopherState->data_in = 1;
 			    break;
 			}
 
diff -rupN squid-2.5.STABLE4/src/helper.c squid-2.5.STABLE5/src/helper.c
--- squid-2.5.STABLE4/src/helper.c	Fri Sep 12 14:30:16 2003
+++ squid-2.5.STABLE5/src/helper.c	Mon Feb  9 02:03:49 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: helper.c,v 1.34.2.13 2003/09/12 20:30:16 hno Exp $
+ * $Id: helper.c,v 1.34.2.15 2004/02/09 09:03:49 hno Exp $
  *
  * DEBUG: section 84    Helper process maintenance
  * AUTHOR: Harvest Derived?
@@ -53,9 +53,6 @@ static void helperStatefulKickQueue(stat
 static void helperRequestFree(helper_request * r);
 static void helperStatefulRequestFree(helper_stateful_request * r);
 static void StatefulEnqueue(statefulhelper * hlp, helper_stateful_request * r);
-static helper_stateful_request *StatefulServerDequeue(helper_stateful_server * srv);
-static void StatefulServerEnqueue(helper_stateful_server * srv, helper_stateful_request * r);
-static void helperStatefulServerKickQueue(helper_stateful_server * srv);
 
 void
 helperOpenServers(helper * hlp)
@@ -184,12 +181,8 @@ helperStatefulOpenServers(statefulhelper
 	srv = cbdataAlloc(helper_stateful_server);
 	srv->pid = x;
 	srv->flags.alive = 1;
-	srv->flags.reserved = S_HELPER_FREE;
-	srv->deferred_requests = 0;
-	srv->stats.deferbyfunc = 0;
-	srv->stats.deferbycb = 0;
+	srv->flags.reserved = 0;
 	srv->stats.submits = 0;
-	srv->stats.releases = 0;
 	srv->index = k;
 	srv->rfd = rfd;
 	srv->wfd = wfd;
@@ -243,14 +236,10 @@ helperSubmit(helper * hlp, const char *b
     debug(84, 9) ("helperSubmit: %s\n", buf);
 }
 
-/* lastserver = "server last used as part of a deferred or reserved
- * request sequence"
- */
 void
-helperStatefulSubmit(statefulhelper * hlp, const char *buf, HLPSCB * callback, void *data, helper_stateful_server * lastserver)
+helperStatefulSubmit(statefulhelper * hlp, const char *buf, HLPSCB * callback, void *data, helper_stateful_server * srv)
 {
     helper_stateful_request *r = memAllocate(MEM_HELPER_STATEFUL_REQUEST);
-    helper_stateful_server *srv;
     if (hlp == NULL) {
 	debug(84, 3) ("helperStatefulSubmit: hlp == NULL\n");
 	callback(data, 0, NULL);
@@ -258,109 +247,50 @@ helperStatefulSubmit(statefulhelper * hl
     }
     r->callback = callback;
     r->data = data;
-    if (buf != NULL) {
+    if (buf)
 	r->buf = xstrdup(buf);
-	r->placeholder = 0;
-    } else {
-	r->buf = NULL;
-	r->placeholder = 1;
-    }
     cbdataLock(r->data);
-    if ((buf != NULL) && lastserver) {
-	debug(84, 5) ("StatefulSubmit with lastserver %p\n", lastserver);
-	/* the queue doesn't count for this assert because queued requests
-	 * have already gone through here and been tested.
-	 * It's legal to have deferred_requests == 0 and queue entries 
-	 * and status of S_HELPEER_DEFERRED.
-	 * BUT:  It's not legal to submit a new request w/lastserver in
-	 * that state.
-	 */
-	assert(!(lastserver->deferred_requests == 0 &&
-		lastserver->flags.reserved == S_HELPER_DEFERRED));
-	if (lastserver->flags.reserved != S_HELPER_RESERVED) {
-	    lastserver->stats.submits++;
-	    lastserver->deferred_requests--;
-	}
-	if (!(lastserver->request)) {
-	    debug(84, 5) ("StatefulSubmit dispatching\n");
-	    helperStatefulDispatch(lastserver, r);
-	} else {
-	    debug(84, 5) ("StatefulSubmit queuing\n");
-	    StatefulServerEnqueue(lastserver, r);
-	}
+    if (!srv)
+	srv = helperStatefulGetServer(hlp);
+    if (srv) {
+	debug(84, 5) ("helperStatefulSubmit: sever %p, buf '%s'.\n", srv, buf ? buf : "NULL");
+	assert(!srv->request);
+	assert(!srv->flags.busy);
+	helperStatefulDispatch(srv, r);
     } else {
-	if ((srv = StatefulGetFirstAvailable(hlp))) {
-	    helperStatefulDispatch(srv, r);
-	} else
-	    StatefulEnqueue(hlp, r);
+	debug(84, 9) ("helperStatefulSubmit: enqueued, buf '%s'.\n", buf ? buf : "NULL");
+	StatefulEnqueue(hlp, r);
     }
-    debug(84, 9) ("helperStatefulSubmit: placeholder: '%d', buf '%s'.\n", r->placeholder, buf);
 }
 
 helper_stateful_server *
-helperStatefulDefer(statefulhelper * hlp)
-/* find and add a deferred request to a server */
+helperStatefulGetServer(statefulhelper * hlp)
+/* find a server for this request */
 {
-    dlink_node *n;
-    helper_stateful_server *srv = NULL, *rv = NULL;
+    helper_stateful_server *srv = NULL;
     if (hlp == NULL) {
-	debug(84, 3) ("helperStatefulDefer: hlp == NULL\n");
+	debug(84, 3) ("helperStatefulGetServer: hlp == NULL\n");
 	return NULL;
     }
-    debug(84, 5) ("helperStatefulDefer: Running servers %d.\n", hlp->n_running);
+    debug(84, 5) ("helperStatefulGetServer: Running servers %d.\n", hlp->n_running);
     if (hlp->n_running == 0) {
-	debug(84, 1) ("helperStatefulDefer: No running servers!. \n");
-	return NULL;
-    }
-    rv = srv = StatefulGetFirstAvailable(hlp);
-    if (rv == NULL) {
-	/*
-	 * all currently busy; loop through servers and find server
-	 * with the shortest queue
-	 */
-	for (n = hlp->servers.head; n != NULL; n = n->next) {
-	    srv = n->data;
-	    if (srv->flags.reserved == S_HELPER_RESERVED)
-		continue;
-	    if (!srv->flags.alive)
-		continue;
-	    if ((hlp->IsAvailable != NULL) && (srv->data != NULL) &&
-		!(hlp->IsAvailable(srv->data)))
-		continue;
-	    if ((rv != NULL) && (rv->deferred_requests < srv->deferred_requests))
-		continue;
-	    rv = srv;
-	}
-    }
-    if (rv == NULL) {
-	debug(84, 1) ("helperStatefulDefer: None available.\n");
+	debug(84, 1) ("helperStatefulGetServer: No running servers!. \n");
 	return NULL;
     }
-    /* consistency check:
-     * when the deferred count is 0,
-     *   submits + releases == deferbyfunc + deferbycb
-     * Or in english, when there are no deferred requests, the amount
-     * we have submitted to the queue or cancelled must equal the amount
-     * we have said we wanted to be able to submit or cancel
-     */
-    if (rv->deferred_requests == 0)
-	assert(rv->stats.submits + rv->stats.releases ==
-	    rv->stats.deferbyfunc + rv->stats.deferbycb);
-
-    rv->flags.reserved = S_HELPER_DEFERRED;
-    rv->deferred_requests++;
-    rv->stats.deferbyfunc++;
-    return rv;
+    srv = StatefulGetFirstAvailable(hlp);
+    if (srv)
+	srv->flags.reserved = 1;
+    debug(84, 5) ("helperStatefulGetServer: Returning %p\n", srv);
+    return srv;
 }
 
+/* puts this helper forcibly back in the queue. */
 void
 helperStatefulReset(helper_stateful_server * srv)
-/* puts this helper back in the queue. the calling app is required to 
- * manage the state in the helper.
- */
 {
     statefulhelper *hlp = srv->parent;
     helper_stateful_request *r;
+    debug(84, 5) ("helperStatefulReset: %p\n", srv);
     r = srv->request;
     if (r != NULL) {
 	/* reset attempt DURING an outstaning request */
@@ -372,31 +302,26 @@ helperStatefulReset(helper_stateful_serv
 	srv->request = NULL;
     }
     srv->flags.busy = 0;
-    if (srv->queue.head) {
-	srv->flags.reserved = S_HELPER_DEFERRED;
-	helperStatefulServerKickQueue(srv);
+    srv->flags.reserved = 0;
+    if ((srv->parent->Reset != NULL) && (srv->data))
+	srv->parent->Reset(srv->data);
+    if (srv->flags.shutdown) {
+	int wfd = srv->wfd;
+	srv->wfd = -1;
+	comm_close(wfd);
     } else {
-	srv->flags.reserved = S_HELPER_FREE;
-	if ((srv->parent->OnEmptyQueue != NULL) && (srv->data))
-	    srv->parent->OnEmptyQueue(srv->data);
 	helperStatefulKickQueue(hlp);
     }
 }
 
+/* puts this helper back in the queue. */
 void
 helperStatefulReleaseServer(helper_stateful_server * srv)
-/*decrease the number of 'waiting' clients that set the helper to be DEFERRED */
 {
-    srv->stats.releases++;
-    if (srv->flags.reserved == S_HELPER_DEFERRED) {
-	assert(srv->deferred_requests);
-	srv->deferred_requests--;
-    }
-    if (!(srv->deferred_requests) && (srv->flags.reserved == S_HELPER_DEFERRED) && !(srv->queue.head)) {
-	srv->flags.reserved = S_HELPER_FREE;
-	if ((srv->parent->OnEmptyQueue != NULL) && (srv->data))
-	    srv->parent->OnEmptyQueue(srv->data);
-    }
+    debug(84, 5) ("helperStatefulReleaseServer: %p\n", srv);
+    assert(!srv->request);
+    assert(srv->flags.reserved);
+    helperStatefulReset(srv);
 }
 
 void *
@@ -475,12 +400,11 @@ helperStatefulStats(StoreEntry * sentry,
     storeAppendPrintf(sentry, "avg service time: %d msec\n",
 	hlp->stats.avg_svc_time);
     storeAppendPrintf(sentry, "\n");
-    storeAppendPrintf(sentry, "%7s\t%7s\t%7s\t%11s\t%20s\t%s\t%7s\t%7s\t%7s\n",
+    storeAppendPrintf(sentry, "%7s\t%7s\t%7s\t%11s\t%s\t%7s\t%7s\t%7s\n",
 	"#",
 	"FD",
 	"PID",
 	"# Requests",
-	"# Deferred Requests",
 	"Flags",
 	"Time",
 	"Offset",
@@ -488,18 +412,16 @@ helperStatefulStats(StoreEntry * sentry,
     for (link = hlp->servers.head; link; link = link->next) {
 	srv = link->data;
 	tt = 0.001 * tvSubMsec(srv->dispatch_time, current_time);
-	storeAppendPrintf(sentry, "%7d\t%7d\t%7d\t%11d\t%20d\t%c%c%c%c%c%c\t%7.3f\t%7d\t%s\n",
+	storeAppendPrintf(sentry, "%7d\t%7d\t%7d\t%11d\t%c%c%c%c%c\t%7.3f\t%7d\t%s\n",
 	    srv->index + 1,
 	    srv->rfd,
 	    srv->pid,
 	    srv->stats.uses,
-	    (int) srv->deferred_requests,
 	    srv->flags.alive ? 'A' : ' ',
 	    srv->flags.busy ? 'B' : ' ',
 	    srv->flags.closing ? 'C' : ' ',
-	    srv->flags.reserved != S_HELPER_FREE ? 'R' : ' ',
+	    srv->flags.reserved ? 'R' : ' ',
 	    srv->flags.shutdown ? 'S' : ' ',
-	    srv->request ? (srv->request->placeholder ? 'P' : ' ') : ' ',
 	    tt < 0.0 ? 0.0 : tt,
 	    (int) srv->offset,
 	    srv->request ? log_quote(srv->request->buf) : "(none)");
@@ -570,16 +492,11 @@ helperStatefulShutdown(statefulhelper * 
 		hlp->id_name, srv->index + 1);
 	    continue;
 	}
-	if (srv->flags.reserved != S_HELPER_FREE) {
+	if (srv->flags.reserved) {
 	    debug(84, 3) ("helperStatefulShutdown: %s #%d is RESERVED.\n",
 		hlp->id_name, srv->index + 1);
 	    continue;
 	}
-	if (srv->deferred_requests) {
-	    debug(84, 3) ("helperStatefulShutdown: %s #%d has DEFERRED requests.\n",
-		hlp->id_name, srv->index + 1);
-	    continue;
-	}
 	srv->flags.closing = 1;
 	wfd = srv->wfd;
 	srv->wfd = -1;
@@ -747,11 +664,8 @@ helperHandleRead(int fd, void *data)
 	/* end of reply found */
 	debug(84, 3) ("helperHandleRead: end of reply found\n");
 	*t = '\0';
-	if (cbdataValid(r->data))
-	    r->callback(r->data, srv->buf);
 	srv->flags.busy = 0;
 	srv->offset = 0;
-	helperRequestFree(r);
 	srv->request = NULL;
 	hlp->stats.replies++;
 	srv->answer_time = current_time;
@@ -759,11 +673,10 @@ helperHandleRead(int fd, void *data)
 	    intAverage(hlp->stats.avg_svc_time,
 	    tvSubUsec(srv->dispatch_time, current_time),
 	    hlp->stats.replies, REDIRECT_AV_FACTOR);
-	if (srv->flags.shutdown) {
-	    int wfd = srv->wfd;
-	    srv->wfd = -1;
-	    comm_close(wfd);
-	} else
+	if (cbdataValid(r->data))
+	    r->callback(r->data, srv->buf);
+	helperRequestFree(r);
+	if (!srv->flags.shutdown)
 	    helperKickQueue(hlp);
     } else {
 	commSetSelect(srv->rfd, COMM_SELECT_READ, helperHandleRead, srv, 0);
@@ -803,68 +716,20 @@ helperStatefulHandleRead(int fd, void *d
 	/* end of reply found */
 	debug(84, 3) ("helperStatefulHandleRead: end of reply found\n");
 	*t = '\0';
-	if (cbdataValid(r->data)) {
-	    switch ((r->callback(r->data, srv, srv->buf))) {	/*if non-zero reserve helper */
-	    case S_HELPER_UNKNOWN:
-		fatal("helperStatefulHandleRead: either a non-state aware callback was give to the stateful helper routines, or an uninitialised callback response was recieved.\n");
-		break;
-	    case S_HELPER_RELEASE:	/* helper finished with */
-		if (!srv->deferred_requests && !srv->queue.head) {
-		    srv->flags.reserved = S_HELPER_FREE;
-		    if ((srv->parent->OnEmptyQueue != NULL) && (srv->data))
-			srv->parent->OnEmptyQueue(srv->data);
-		    debug(84, 5) ("StatefulHandleRead: releasing %s #%d\n", hlp->id_name, srv->index + 1);
-		} else {
-		    srv->flags.reserved = S_HELPER_DEFERRED;
-		    debug(84, 5) ("StatefulHandleRead: outstanding deferred requests on %s #%d. reserving for deferred requests.\n", hlp->id_name, srv->index + 1);
-		}
-		break;
-	    case S_HELPER_RESERVE:	/* 'pin' this helper for the caller */
-		if (!srv->queue.head) {
-		    assert(srv->deferred_requests == 0);
-		    srv->flags.reserved = S_HELPER_RESERVED;
-		    debug(84, 5) ("StatefulHandleRead: reserving %s #%d\n", hlp->id_name, srv->index + 1);
-		} else {
-		    fatal("StatefulHandleRead: Callback routine attempted to reserve a stateful helper with deferred requests. This can lead to deadlock.\n");
-		}
-		break;
-	    case S_HELPER_DEFER:
-		/* the helper is still needed, but can
-		 * be used for other requests in the meantime.
-		 */
-		srv->flags.reserved = S_HELPER_DEFERRED;
-		srv->deferred_requests++;
-		srv->stats.deferbycb++;
-		debug(84, 5) ("StatefulHandleRead: reserving %s #%d for deferred requests.\n", hlp->id_name, srv->index + 1);
-		break;
-	    default:
-		fatal("helperStatefulHandleRead: unknown stateful helper callback result.\n");
-	    }
-
-	} else {
-	    debug(84, 1) ("StatefulHandleRead: no callback data registered\n");
-	}
 	srv->flags.busy = 0;
 	srv->offset = 0;
-	helperStatefulRequestFree(r);
 	srv->request = NULL;
 	hlp->stats.replies++;
 	hlp->stats.avg_svc_time =
 	    intAverage(hlp->stats.avg_svc_time,
 	    tvSubMsec(srv->dispatch_time, current_time),
 	    hlp->stats.replies, REDIRECT_AV_FACTOR);
-	if (srv->flags.shutdown
-	    && srv->flags.reserved == S_HELPER_FREE
-	    && !srv->deferred_requests) {
-	    int wfd = srv->wfd;
-	    srv->wfd = -1;
-	    comm_close(wfd);
+	if (cbdataValid(r->data)) {
+	    r->callback(r->data, srv, srv->buf);
 	} else {
-	    if (srv->queue.head)
-		helperStatefulServerKickQueue(srv);
-	    else
-		helperStatefulKickQueue(hlp);
+	    debug(84, 1) ("StatefulHandleRead: no callback data registered\n");
 	}
+	helperStatefulRequestFree(r);
     } else {
 	commSetSelect(srv->rfd, COMM_SELECT_READ, helperStatefulHandleRead, srv, 0);
     }
@@ -878,16 +743,20 @@ Enqueue(helper * hlp, helper_request * r
     hlp->stats.queue_size++;
     if (hlp->stats.queue_size < hlp->n_running)
 	return;
-    if (squid_curtime - hlp->last_queue_warn < 600)
+    if (hlp->stats.queue_size < hlp->n_running)
+	return;
+    if (squid_curtime - hlp->last_queue_warn < 30)
 	return;
     if (shutting_down || reconfiguring)
 	return;
     hlp->last_queue_warn = squid_curtime;
-    debug(84, 0) ("WARNING: All %s processes are busy.\n", hlp->id_name);
-    debug(84, 0) ("WARNING: %d pending requests queued\n", hlp->stats.queue_size);
+    debug(84, 1) ("WARNING: All %s processes are busy.\n", hlp->id_name);
+    debug(84, 1) ("WARNING: up to %d pending requests queued\n", hlp->stats.max_queue_size);
     if (hlp->stats.queue_size > hlp->n_running * 2)
-	fatalf("Too many queued %s requests", hlp->id_name);
-    debug(84, 1) ("Consider increasing the number of %s processes in your config file.\n", hlp->id_name);
+	fatalf("Too many queued %s requests (%d on %d)", hlp->id_name, hlp->stats.queue_size, hlp->n_running);
+    if (hlp->stats.max_queue_size > 1)
+	debug(84, 1) ("Consider increasing the number of %s processes to at least %d in your config file.\n", hlp->id_name, hlp->n_running + hlp->stats.max_queue_size);
+    hlp->stats.max_queue_size = hlp->stats.queue_size;
 }
 
 static void
@@ -898,43 +767,22 @@ StatefulEnqueue(statefulhelper * hlp, he
     hlp->stats.queue_size++;
     if (hlp->stats.queue_size < hlp->n_running)
 	return;
-    if (hlp->stats.queue_size > hlp->n_running * 2)
-	fatalf("Too many queued %s requests", hlp->id_name);
-    if (squid_curtime - hlp->last_queue_warn < 600)
+    if (hlp->stats.queue_size > hlp->stats.max_queue_size)
+	hlp->stats.max_queue_size = hlp->stats.queue_size;
+    if (hlp->stats.queue_size > hlp->n_running * 5)
+	fatalf("Too many queued %s requests (%d on %d)", hlp->id_name, hlp->stats.queue_size, hlp->n_running);
+    if (squid_curtime - hlp->last_queue_warn < 30)
 	return;
     if (shutting_down || reconfiguring)
 	return;
     hlp->last_queue_warn = squid_curtime;
-    debug(84, 0) ("WARNING: All %s processes are busy.\n", hlp->id_name);
-    debug(84, 0) ("WARNING: %d pending requests queued\n", hlp->stats.queue_size);
-    debug(84, 1) ("Consider increasing the number of %s processes in your config file.\n", hlp->id_name);
-}
-
-static void
-StatefulServerEnqueue(helper_stateful_server * srv, helper_stateful_request * r)
-{
-    dlink_node *link = memAllocate(MEM_DLINK_NODE);
-    dlinkAddTail(r, link, &srv->queue);
-/* TODO: warning if the queue on this server is more than X
- * We don't check the queue size at the moment, because
- * requests hitting here are deferrable 
- */
-/*    hlp->stats.queue_size++;
- * if (hlp->stats.queue_size < hlp->n_running)
- * return;
- * if (squid_curtime - hlp->last_queue_warn < 600)
- * return;
- * if (shutting_down || reconfiguring)
- * return;
- * hlp->last_queue_warn = squid_curtime;
- * debug(84, 0) ("WARNING: All %s processes are busy.\n", hlp->id_name);
- * debug(84, 0) ("WARNING: %d pending requests queued\n", hlp->stats.queue_size);
- * if (hlp->stats.queue_size > hlp->n_running * 2)
- * fatalf("Too many queued %s requests", hlp->id_name);
- * debug(84, 1) ("Consider increasing the number of %s processes in your config file.\n", hlp->id_name);  */
+    debug(84, 1) ("WARNING: All %s processes are busy.\n", hlp->id_name);
+    debug(84, 1) ("WARNING: up to %d pending requests queued\n", hlp->stats.max_queue_size);
+    if (hlp->stats.max_queue_size > 1)
+	debug(84, 1) ("Consider increasing the number of %s processes to at least %d in your config file.\n", hlp->id_name, hlp->n_running + hlp->stats.max_queue_size);
+    hlp->stats.max_queue_size = hlp->stats.queue_size;
 }
 
-
 static helper_request *
 Dequeue(helper * hlp)
 {
@@ -950,19 +798,6 @@ Dequeue(helper * hlp)
 }
 
 static helper_stateful_request *
-StatefulServerDequeue(helper_stateful_server * srv)
-{
-    dlink_node *link;
-    helper_stateful_request *r = NULL;
-    if ((link = srv->queue.head)) {
-	r = link->data;
-	dlinkDelete(link, &srv->queue);
-	memFree(link, MEM_DLINK_NODE);
-    }
-    return r;
-}
-
-static helper_stateful_request *
 StatefulDequeue(statefulhelper * hlp)
 {
     dlink_node *link;
@@ -1006,7 +841,7 @@ StatefulGetFirstAvailable(statefulhelper
 	srv = n->data;
 	if (srv->flags.busy)
 	    continue;
-	if (srv->flags.reserved == S_HELPER_RESERVED)
+	if (srv->flags.reserved)
 	    continue;
 	if (!srv->flags.alive)
 	    continue;
@@ -1057,32 +892,16 @@ helperStatefulDispatch(helper_stateful_s
 	helperStatefulRequestFree(r);
 	return;
     }
-    debug(84, 9) ("helperStatefulDispatch busying helper %s #%d\n", hlp->id_name, srv->index + 1);
-    if (r->placeholder == 1) {
-	/* a callback is needed before this request can _use_ a helper. */
-	/* we don't care about releasing/deferring this helper. The request NEVER
-	 * gets to the helper. So we throw away the return code */
-	r->callback(r->data, srv, NULL);
-	/* throw away the placeholder */
-	helperStatefulRequestFree(r);
-	/* and push the queue. Note that the callback may have submitted a new 
-	 * request to the helper which is why we test for the request*/
-	if (srv->request == NULL) {
-	    if (srv->flags.shutdown
-		&& srv->flags.reserved == S_HELPER_FREE
-		&& !srv->deferred_requests) {
-		int wfd = srv->wfd;
-		srv->wfd = -1;
-		comm_close(wfd);
-	    } else {
-		if (srv->queue.head)
-		    helperStatefulServerKickQueue(srv);
-		else
-		    helperStatefulKickQueue(hlp);
-	    }
+    if (!r->buf) {
+	if (cbdataValid(r->data)) {
+	    r->callback(r->data, srv, NULL);
+	} else {
+	    debug(84, 1) ("helperStatefulDispatch: no callback data registered\n");
 	}
+	helperStatefulRequestFree(r);
 	return;
     }
+    debug(84, 9) ("helperStatefulDispatch busying helper %s #%d\n", hlp->id_name, srv->index + 1);
     srv->flags.busy = 1;
     srv->request = r;
     srv->dispatch_time = current_time;
@@ -1117,16 +936,10 @@ helperStatefulKickQueue(statefulhelper *
 {
     helper_stateful_request *r;
     helper_stateful_server *srv;
-    while ((srv = StatefulGetFirstAvailable(hlp)) && (r = StatefulDequeue(hlp)))
-	helperStatefulDispatch(srv, r);
-}
-
-static void
-helperStatefulServerKickQueue(helper_stateful_server * srv)
-{
-    helper_stateful_request *r;
-    if ((r = StatefulServerDequeue(srv)))
+    while ((srv = StatefulGetFirstAvailable(hlp)) && (r = StatefulDequeue(hlp))) {
+	srv->flags.reserved = 1;
 	helperStatefulDispatch(srv, r);
+    }
 }
 
 static void
diff -rupN squid-2.5.STABLE4/src/http.c squid-2.5.STABLE5/src/http.c
--- squid-2.5.STABLE4/src/http.c	Mon Aug 18 11:24:25 2003
+++ squid-2.5.STABLE5/src/http.c	Fri Jan 30 16:09:12 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: http.c,v 1.384.2.9 2003/08/18 17:24:25 hno Exp $
+ * $Id: http.c,v 1.384.2.12 2004/01/30 23:09:12 hno Exp $
  *
  * DEBUG: section 11    Hypertext Transfer Protocol (HTTP)
  * AUTHOR: Harvest Derived
@@ -64,6 +64,13 @@ httpStateFree(int fd, void *data)
 #endif
     if (httpState == NULL)
 	return;
+    if (httpState->body_buf) {
+	clientAbortBody(httpState->orig_request);
+	if (httpState->body_buf) {
+	    memFree(httpState->body_buf, MEM_8K_BUF);
+	    httpState->body_buf = NULL;
+	}
+    }
     storeUnlockObject(httpState->entry);
     if (httpState->reply_hdr) {
 	memFree(httpState->reply_hdr, MEM_8K_BUF);
@@ -466,9 +473,16 @@ httpProcessReplyHeader(HttpStateData * h
     if (httpState->flags.keepalive)
 	if (httpState->peer)
 	    httpState->peer->stats.n_keepalives_sent++;
-    if (reply->keep_alive)
+    if (reply->keep_alive) {
 	if (httpState->peer)
 	    httpState->peer->stats.n_keepalives_recv++;
+	if (Config.onoff.detect_broken_server_pconns && httpReplyBodySize(httpState->request->method, reply) == -1) {
+	    debug(11, 1) ("httpProcessReplyHeader: Impossible keep-alive header from '%s'\n", storeUrl(entry));
+	    debug(11, 2) ("GOT HTTP REPLY HDR:\n---------\n%s\n----------\n",
+		httpState->reply_hdr);
+	    httpState->flags.keepalive_broken = 1;
+	}
+    }
     if (reply->date > -1 && !httpState->peer) {
 	int skew = abs(reply->date - squid_curtime);
 	if (skew > 86400)
@@ -571,18 +585,18 @@ httpReadReply(int fd, void *data)
 #endif
 	kb_incr(&statCounter.server.all.kbytes_in, len);
 	kb_incr(&statCounter.server.http.kbytes_in, len);
-	commSetTimeout(fd, Config.Timeout.read, NULL, NULL);
 	IOStats.Http.reads++;
 	for (clen = len - 1, bin = 0; clen; bin++)
 	    clen >>= 1;
 	IOStats.Http.read_hist[bin]++;
     }
-    if (!httpState->reply_hdr && len > 0) {
+    if (!httpState->reply_hdr && len > 0 && fd_table[fd].uses > 1) {
 	/* Skip whitespace */
 	while (len > 0 && xisspace(*buf))
 	    xmemmove(buf, buf + 1, len--);
 	if (len == 0) {
 	    /* Continue to read... */
+	    /* Timeout NOT increased. This whitespace was from previous reply */
 	    commSetSelect(fd, COMM_SELECT_READ, httpReadReply, httpState, 0);
 	    return;
 	}
@@ -662,7 +676,12 @@ httpReadReply(int fd, void *data)
 	    httpState->fd = -1;
 	    httpStateFree(fd, httpState);
 	} else {
-	    /* Wait for EOF condition */
+	    /* Wait for more data or EOF condition */
+	    if (httpState->flags.keepalive_broken) {
+		commSetTimeout(fd, 10, NULL, NULL);
+	    } else {
+		commSetTimeout(fd, Config.Timeout.read, NULL, NULL);
+	    }
 	    commSetSelect(fd, COMM_SELECT_READ, httpReadReply, httpState, 0);
 	}
     }
@@ -696,8 +715,6 @@ httpSendComplete(int fd, char *bufnotuse
 	comm_close(fd);
 	return;
     } else {
-	/* Schedule read reply. */
-	commSetSelect(fd, COMM_SELECT_READ, httpReadReply, httpState, 0);
 	/*
 	 * Set the read timeout here because it hasn't been set yet.
 	 * We only set the read timeout after the request has been
@@ -965,8 +982,13 @@ httpSendRequest(HttpStateData * httpStat
     StoreEntry *entry = httpState->entry;
     peer *p = httpState->peer;
     CWCB *sendHeaderDone;
+    int fd = httpState->fd;
+
+    debug(11, 5) ("httpSendRequest: FD %d: httpState %p.\n", fd, httpState);
 
-    debug(11, 5) ("httpSendRequest: FD %d: httpState %p.\n", httpState->fd, httpState);
+    /* Schedule read reply. (but no timeout set until request fully sent) */
+    commSetTimeout(fd, Config.Timeout.lifetime, httpTimeout, httpState);
+    commSetSelect(fd, COMM_SELECT_READ, httpReadReply, httpState, 0);
 
     if (httpState->orig_request->body_connection)
 	sendHeaderDone = httpSendRequestEntry;
@@ -998,8 +1020,8 @@ httpSendRequest(HttpStateData * httpStat
 	entry,
 	&mb,
 	httpState->flags);
-    debug(11, 6) ("httpSendRequest: FD %d:\n%s\n", httpState->fd, mb.buf);
-    comm_write_mbuf(httpState->fd, mb, sendHeaderDone, httpState);
+    debug(11, 6) ("httpSendRequest: FD %d:\n%s\n", fd, mb.buf);
+    comm_write_mbuf(fd, mb, sendHeaderDone, httpState);
 }
 
 void
@@ -1084,7 +1106,19 @@ static void
 httpRequestBodyHandler(char *buf, ssize_t size, void *data)
 {
     HttpStateData *httpState = (HttpStateData *) data;
+    httpState->body_buf = NULL;
     if (size > 0) {
+	if (httpState->reply_hdr_state >= 2 && !httpState->flags.abuse_detected) {
+	    httpState->flags.abuse_detected = 1;
+	    debug(11, 1) ("httpSendRequestEntryDone: Likely proxy abuse detected '%s' -> '%s'\n",
+		inet_ntoa(httpState->orig_request->client_addr),
+		storeUrl(httpState->entry));
+	    if (httpState->entry->mem_obj->reply->sline.status == HTTP_INVALID_HEADER) {
+		memFree8K(buf);
+		comm_close(httpState->fd);
+		return;
+	    }
+	}
 	comm_write(httpState->fd, buf, size, httpSendRequestEntry, data, memFree8K);
     } else if (size == 0) {
 	/* End of body */
@@ -1124,7 +1158,8 @@ httpSendRequestEntry(int fd, char *bufno
 	comm_close(fd);
 	return;
     }
-    clientReadBody(httpState->orig_request, memAllocate(MEM_8K_BUF), 8192, httpRequestBodyHandler, httpState);
+    httpState->body_buf = memAllocate(MEM_8K_BUF);
+    clientReadBody(httpState->orig_request, httpState->body_buf, 8192, httpRequestBodyHandler, httpState);
 }
 
 void
diff -rupN squid-2.5.STABLE4/src/ipcache.c squid-2.5.STABLE5/src/ipcache.c
--- squid-2.5.STABLE4/src/ipcache.c	Tue Nov 13 15:16:24 2001
+++ squid-2.5.STABLE5/src/ipcache.c	Thu Feb 12 02:32:09 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ipcache.c,v 1.236 2001/11/13 22:16:24 hno Exp $
+ * $Id: ipcache.c,v 1.236.2.3 2004/02/12 09:32:09 hno Exp $
  *
  * DEBUG: section 14    IP Cache
  * AUTHOR: Harvest Derived
@@ -77,9 +77,9 @@ static IPH dummy_handler;
 static int ipcacheExpiredEntry(ipcache_entry *);
 static int ipcache_testname(void);
 #if USE_DNSSERVERS
-static ipcache_entry *ipcacheParse(const char *buf);
+static ipcache_entry *ipcacheParse(ipcache_entry *, const char *buf);
 #else
-static ipcache_entry *ipcacheParse(rfc1035_rr *, int);
+static ipcache_entry *ipcacheParse(ipcache_entry *, rfc1035_rr *, int, const char *error);
 #endif
 static ipcache_entry *ipcache_get(const char *);
 static void ipcacheLockEntry(ipcache_entry *);
@@ -230,97 +230,106 @@ ipcacheCallback(ipcache_entry * i)
     ipcacheUnlockEntry(i);
 }
 
-static ipcache_entry *
 #if USE_DNSSERVERS
-ipcacheParse(const char *inbuf)
+static ipcache_entry *
+ipcacheParse(ipcache_entry * i, const char *inbuf)
 {
     LOCAL_ARRAY(char, buf, DNS_INBUF_SZ);
     char *token;
-    static ipcache_entry i;
-    int j;
+    int j = 0;
     int k;
     int ipcount = 0;
     int ttl;
     char A[32][16];
-    memset(&i, '\0', sizeof(i));
-    i.expires = squid_curtime;
-    i.flags.negcached = 1;
+    const char *name = (const char *) i->hash.key;
+    i->expires = squid_curtime + Config.negativeDnsTtl;
+    i->flags.negcached = 1;
+    safe_free(i->addrs.in_addrs);
+    safe_free(i->addrs.bad_mask);
+    safe_free(i->error_message);
+    i->addrs.count = 0;
     if (inbuf == NULL) {
 	debug(14, 1) ("ipcacheParse: Got <NULL> reply\n");
-	i.error_message = xstrdup("Internal Squid Error");
-	return &i;
+	i->error_message = xstrdup("Internal Squid Error");
+	return i;
     }
     xstrncpy(buf, inbuf, DNS_INBUF_SZ);
     debug(14, 5) ("ipcacheParse: parsing: {%s}\n", buf);
     token = strtok(buf, w_space);
     if (NULL == token) {
-	debug(14, 1) ("ipcacheParse: Got <NULL>, expecting '$addr'\n");
-	return &i;
+	debug(14, 1) ("ipcacheParse: expecting result, got '%s'\n", inbuf);
+	i->error_message = xstrdup("Internal Squid Error");
+	return NULL;
     }
     if (0 == strcmp(token, "$fail")) {
-	i.expires = squid_curtime + Config.negativeDnsTtl;
 	token = strtok(NULL, "\n");
 	assert(NULL != token);
-	i.error_message = xstrdup(token);
-	return &i;
+	i->error_message = xstrdup(token);
+	return i;
     }
     if (0 != strcmp(token, "$addr")) {
-	debug(14, 1) ("ipcacheParse: Got '%s', expecting '$addr'\n", token);
-	return &i;
+	debug(14, 1) ("ipcacheParse: expecting '$addr', got '%s' in response to '%s'\n", inbuf, name);
+	i->error_message = xstrdup("Internal Squid Error");
+	return NULL;
     }
     token = strtok(NULL, w_space);
     if (NULL == token) {
-	debug(14, 1) ("ipcacheParse: Got <NULL>, expecting TTL\n");
-	return &i;
+	debug(14, 1) ("ipcacheParse: expecting data, got '%s' in response to '%s'\n", inbuf, name);
+	i->error_message = xstrdup("Internal Squid Error");
+	return NULL;
     }
-    i.flags.negcached = 0;
+    i->flags.negcached = 0;
     ttl = atoi(token);
-    if (ttl > 0)
-	i.expires = squid_curtime + ttl;
-    else
-	i.expires = squid_curtime + Config.positiveDnsTtl;
     while (NULL != (token = strtok(NULL, w_space))) {
 	xstrncpy(A[ipcount], token, 16);
 	if (++ipcount == 32)
 	    break;
     }
-    if (0 == ipcount) {
-	i.addrs.in_addrs = NULL;
-	i.addrs.bad_mask = NULL;
+    if (ipcount <= 0) {
+	debug(14, 1) ("ipcacheParse: No addresses in response to '%s'\n", name);
     } else {
-	i.addrs.in_addrs = xcalloc(ipcount, sizeof(struct in_addr));
-	i.addrs.bad_mask = xcalloc(ipcount, sizeof(unsigned char));
-    }
-    for (j = 0, k = 0; k < ipcount; k++) {
-	if (safe_inet_addr(A[k], &i.addrs.in_addrs[j]))
-	    j++;
-	else
-	    debug(14, 1) ("ipcacheParse: Invalid IP address '%s'\n", A[k]);
+	i->addrs.in_addrs = xcalloc(ipcount, sizeof(struct in_addr));
+	i->addrs.bad_mask = xcalloc(ipcount, sizeof(unsigned char));
+	for (j = 0, k = 0; k < ipcount; k++) {
+	    if (safe_inet_addr(A[k], &i->addrs.in_addrs[j]))
+		j++;
+	    else
+		debug(14, 1) ("ipcacheParse: Invalid IP address '%s' in response to '%s'\n", A[k], name);
+	}
     }
-    i.addrs.count = (unsigned char) j;
-    return &i;
+    i->addrs.count = (unsigned char) j;
+    if (ttl == 0 || ttl > Config.positiveDnsTtl)
+	ttl = Config.positiveDnsTtl;
+    if (ttl < Config.negativeDnsTtl)
+	ttl = Config.negativeDnsTtl;
+    i->expires = squid_curtime + ttl;
+    return i;
 }
 #else
-ipcacheParse(rfc1035_rr * answers, int nr)
+static ipcache_entry *
+ipcacheParse(ipcache_entry * i, rfc1035_rr * answers, int nr, const char *error_message)
 {
-    static ipcache_entry i;
     int k;
     int j;
     int na = 0;
-    memset(&i, '\0', sizeof(i));
-    i.expires = squid_curtime + Config.negativeDnsTtl;
-    i.flags.negcached = 1;
+    int ttl = 0;
+    const char *name = (const char *) i->hash.key;
+    i->expires = squid_curtime + Config.negativeDnsTtl;
+    i->flags.negcached = 1;
+    safe_free(i->addrs.in_addrs);
+    safe_free(i->addrs.bad_mask);
+    safe_free(i->error_message);
+    i->addrs.count = 0;
     if (nr < 0) {
-	debug(14, 3) ("ipcacheParse: Lookup failed (error %d)\n",
-	    rfc1035_errno);
-	assert(rfc1035_error_message);
-	i.error_message = xstrdup(rfc1035_error_message);
-	return &i;
+	debug(14, 3) ("ipcacheParse: Lookup failed '%s' for '%s'\n",
+	    error_message, (const char *) i->hash.key);
+	i->error_message = xstrdup(error_message);
+	return i;
     }
     if (nr == 0) {
-	debug(14, 3) ("ipcacheParse: No DNS records\n");
-	i.error_message = xstrdup("No DNS records");
-	return &i;
+	debug(14, 3) ("ipcacheParse: No DNS records in response to '%s'\n", name);
+	i->error_message = xstrdup("No DNS records");
+	return i;
     }
     assert(answers);
     for (j = 0, k = 0; k < nr; k++) {
@@ -331,29 +340,34 @@ ipcacheParse(rfc1035_rr * answers, int n
 	na++;
     }
     if (na == 0) {
-	debug(14, 1) ("ipcacheParse: No Address records\n");
-	i.error_message = xstrdup("No Address records");
-	return &i;
-    }
-    i.flags.negcached = 0;
-    i.addrs.in_addrs = xcalloc(na, sizeof(struct in_addr));
-    i.addrs.bad_mask = xcalloc(na, sizeof(unsigned char));
-    i.addrs.count = (unsigned char) na;
+	debug(14, 1) ("ipcacheParse: No Address records in response to '%s'\n", name);
+	i->error_message = xstrdup("No Address records");
+	return i;
+    }
+    i->flags.negcached = 0;
+    i->addrs.in_addrs = xcalloc(na, sizeof(struct in_addr));
+    i->addrs.bad_mask = xcalloc(na, sizeof(unsigned char));
     for (j = 0, k = 0; k < nr; k++) {
 	if (answers[k].type != RFC1035_TYPE_A)
 	    continue;
 	if (answers[k].class != RFC1035_CLASS_IN)
 	    continue;
-	if (j == 0)
-	    i.expires = squid_curtime + answers[k].ttl;
+	if (ttl == 0 || ttl > answers[k].ttl)
+	    ttl = answers[k].ttl;
 	assert(answers[k].rdlength == 4);
-	xmemcpy(&i.addrs.in_addrs[j++], answers[k].rdata, 4);
+	xmemcpy(&i->addrs.in_addrs[j++], answers[k].rdata, 4);
 	debug(14, 3) ("ipcacheParse: #%d %s\n",
 	    j - 1,
-	    inet_ntoa(i.addrs.in_addrs[j - 1]));
+	    inet_ntoa(i->addrs.in_addrs[j - 1]));
     }
+    i->addrs.count = (unsigned char) na;
+    if (ttl == 0 || ttl > Config.positiveDnsTtl)
+	ttl = Config.positiveDnsTtl;
+    if (ttl < Config.negativeDnsTtl)
+	ttl = Config.negativeDnsTtl;
+    i->expires = squid_curtime + ttl;
     assert(j == na);
-    return &i;
+    return i;
 }
 #endif
 
@@ -361,27 +375,21 @@ static void
 #if USE_DNSSERVERS
 ipcacheHandleReply(void *data, char *reply)
 #else
-ipcacheHandleReply(void *data, rfc1035_rr * answers, int na)
+ipcacheHandleReply(void *data, rfc1035_rr * answers, int na, const char *error_message)
 #endif
 {
     generic_cbdata *c = data;
     ipcache_entry *i = c->data;
-    ipcache_entry *x = NULL;
     cbdataFree(c);
     c = NULL;
     IpcacheStats.replies++;
     statHistCount(&statCounter.dns.svc_time,
 	tvSubMsec(i->request_time, current_time));
 #if USE_DNSSERVERS
-    x = ipcacheParse(reply);
+    ipcacheParse(i, reply);
 #else
-    x = ipcacheParse(answers, na);
+    ipcacheParse(i, answers, na, error_message);
 #endif
-    assert(x);
-    i->addrs = x->addrs;
-    i->error_message = x->error_message;
-    i->expires = x->expires;
-    i->flags = x->flags;
     ipcacheAddEntry(i);
     ipcacheCallback(i);
 }
diff -rupN squid-2.5.STABLE4/src/main.c squid-2.5.STABLE5/src/main.c
--- squid-2.5.STABLE4/src/main.c	Sun Jun  8 17:28:46 2003
+++ squid-2.5.STABLE5/src/main.c	Wed Dec 17 14:10:30 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: main.c,v 1.345.2.11 2003/06/08 23:28:46 wessels Exp $
+ * $Id: main.c,v 1.345.2.13 2003/12/17 21:10:30 hno Exp $
  *
  * DEBUG: section 1     Startup and Main Loop
  * AUTHOR: Harvest Derived
@@ -329,7 +329,7 @@ serverConnectionsClose(void)
 static void
 mainReconfigure(void)
 {
-    debug(1, 1) ("Restarting Squid Cache (version %s)...\n", version_string);
+    debug(1, 1) ("Reconfiguring Squid Cache (version %s)...\n", version_string);
     reconfiguring = 1;
     /* Already called serverConnectionsClose and ipcacheShutdownServers() */
     serverConnectionsClose();
@@ -832,6 +832,10 @@ checkRunningPid(void)
 {
     pid_t pid;
     debug_log = stderr;
+    if (strcmp(Config.pidFilename, "none") == 0) {
+	debug(0, 1) ("No pid_filename specified. Trusting you know what you are doing.\n");
+	return 0;
+    }
     pid = readPidFile();
     if (pid < 2)
 	return 0;
diff -rupN squid-2.5.STABLE4/src/mime.c squid-2.5.STABLE5/src/mime.c
--- squid-2.5.STABLE4/src/mime.c	Sat Nov  9 21:43:31 2002
+++ squid-2.5.STABLE5/src/mime.c	Sun Dec 14 06:33:47 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: mime.c,v 1.102.2.2 2002/11/10 04:43:31 hno Exp $
+ * $Id: mime.c,v 1.102.2.3 2003/12/14 13:33:47 hno Exp $
  *
  * DEBUG: section 25    MIME Parsing
  * AUTHOR: Harvest Derived
@@ -219,10 +219,17 @@ mimeGetIcon(const char *fn)
 const char *
 mimeGetIconURL(const char *fn)
 {
+    static MemBuf mb = MemBufNULL;
     char *icon = mimeGetIcon(fn);
     if (icon == NULL)
 	return null_string;
-    return internalLocalUri("/squid-internal-static/icons/", icon);
+    if (Config.icons.use_short_names) {
+	memBufReset(&mb);
+	memBufPrintf(&mb, "/squid-internal-static/icons/%s", icon);
+	return mb.buf;
+    } else {
+	return internalLocalUri("/squid-internal-static/icons/", icon);
+    }
 }
 
 char *
diff -rupN squid-2.5.STABLE4/src/mime.conf.default squid-2.5.STABLE5/src/mime.conf.default
--- squid-2.5.STABLE4/src/mime.conf.default	Wed Aug 22 03:25:41 2001
+++ squid-2.5.STABLE5/src/mime.conf.default	Wed Feb 25 17:03:02 2004
@@ -14,122 +14,181 @@
 #
 # regexp	content-type			icon		encoding	mode
 #-----------------------------------------------------------------------------------
-\.gif$			image/gif		anthony-image.gif	-	image
+\.gif$			image/gif		anthony-image.gif	-	image	+download
 \.mime$			www/mime		anthony-text.gif	-	ascii	+download
-^internal-dirup$	-			anthony-dirup.gif	-	ascii
-^internal-dir$		-			anthony-dir.gif		-	ascii
-^internal-link$		-			anthony-link.gif	-	ascii
-^internal-menu$		-			anthony-dir.gif		-	ascii
-^internal-text$		-			anthony-text.gif	-	ascii
-^internal-index$	-			anthony-dir.gif		-	ascii
-^internal-image$	-			anthony-image.gif	-	ascii
-^internal-sound$	-			anthony-sound.gif	-	ascii
-^internal-movie$	-			anthony-movie.gif	-	ascii
-^internal-telnet$	-			anthony-portal.gif	-	ascii
-^internal-binary$	-			anthony-box.gif		-	ascii
-^internal-unknown$	-			anthony-unknown.gif	-	ascii
-^internal-view$		-			anthony-text.gif	-	ascii
-^internal-download$	-			anthony-box.gif		-	ascii
-\.bin$		application/macbinary		anthony-unknown.gif	-	image
-\.oda$		application/oda			anthony-unknown.gif	-	image
-\.exe$		application/octet-stream	anthony-unknown.gif	-	image
-\.pdf$		application/pdf			anthony-unknown.gif	-	image
-\.ai$		application/postscript		anthony-ps.gif		-	ascii	+download
-\.eps$		application/postscript		anthony-ps.gif		-	ascii	+download
-\.ps$		application/postscript		anthony-ps.gif		-	ascii	+download +view
-\.rtf$		application/x-rtf		anthony-unknown.gif	-	image
-\.Z$		-				anthony-compressed.gif	compress image
-\.gz$		-				anthony-unknown.gif	gzip	image
-\.tgz$		application/x-tar		anthony-tar.gif		gzip	image
-\.csh$		application/x-csh		anthony-script.gif	-	ascii
-\.dvi$		application/x-dvi		anthony-dvi.gif		-	image
-\.hdf$		application/x-hdf		anthony-unknown.gif	-	image
-\.latex$	application/x-latex		anthony-tex.gif		-	ascii
-\.lsm$		text/plain			anthony-text.gif	-	ascii
-\.nc$		application/x-netcdf		anthony-unknown.gif	-	image
+^internal-dirup$	-			anthony-dirup.gif	-	-
+^internal-dir$		-			anthony-dir.gif		-	-
+^internal-link$		-			anthony-link.gif	-	-
+^internal-menu$		-			anthony-dir.gif		-	-
+^internal-text$		-			anthony-text.gif	-	-
+^internal-index$	-			anthony-dir.gif		-	-
+^internal-image$	-			anthony-image.gif	-	-
+^internal-sound$	-			anthony-sound.gif	-	-
+^internal-movie$	-			anthony-movie.gif	-	-
+^internal-telnet$	-			anthony-portal.gif	-	-
+^internal-binary$	-			anthony-box.gif		-	-
+^internal-unknown$	-			anthony-unknown.gif	-	-
+^internal-view$		-			anthony-text.gif	-	-
+^internal-download$	-			anthony-box.gif		-	-
+\.bin$		application/macbinary		anthony-unknown.gif	-	image	+download
+\.oda$		application/oda			anthony-unknown.gif	-	image	+download
+\.exe$		application/octet-stream	anthony-unknown.gif	-	image	+download
+\.pdf$		application/pdf			anthony-unknown.gif	-	image	+download
+\.ai$		application/postscript		anthony-ps.gif		-	image	+download +view
+\.eps$		application/postscript		anthony-ps.gif		-	image	+download +view
+\.ps$		application/postscript		anthony-ps.gif		-	image	+download +view
+\.rtf$		text/rtf			anthony-text.gif	-	ascii	+download +view
+\.Z$		-				anthony-compressed.gif	compress image	+download
+\.gz$		-				anthony-compressed.gif	gzip	image	+download
+\.bz2$		application/octet-stream	anthony-compressed.gif	-	image	+download
+\.bz$		application/octet-stream	anthony-compressed.gif	-	image	+download
+\.tgz$		application/x-tar		anthony-tar.gif		gzip	image	+download
+\.csh$		application/x-csh		anthony-script.gif	-	ascii	+download +view
+\.dvi$		application/x-dvi		anthony-dvi.gif		-	image	+download
+\.hdf$		application/x-hdf		anthony-unknown.gif	-	image	+download
+\.latex$	application/x-latex		anthony-tex.gif		-	ascii	+download +view
+\.lsm$		text/plain			anthony-text.gif	-	ascii	+download +view
+\.nc$		application/x-netcdf		anthony-unknown.gif	-	image	+download
 \.cdf$		application/x-netcdf		anthony-unknown.gif	-	ascii	+download
-\.sh$		application/x-sh		anthony-script.gif	-	ascii
-\.tcl$		application/x-tcl		anthony-script.gif	-	ascii	+view
-\.tex$		application/x-tex		anthony-tex.gif		-	ascii
-\.texi$		application/x-texinfo		anthony-tex.gif		-	ascii
-\.texinfo$	application/x-texinfo		anthony-tex.gif		-	ascii
-\.t$		application/x-troff		anthony-text.gif	-	ascii
-\.roff$		application/x-troff		anthony-text.gif	-	ascii
-\.tr$		application/x-troff		anthony-text.gif	-	ascii
-\.man$		application/x-troff-man		anthony-text.gif	-	ascii
-\.me$		application/x-troff-me		anthony-text.gif	-	ascii
-\.ms$		application/x-troff-ms		anthony-text.gif	-	ascii
-\.src$		application/x-wais-source	anthony-text.gif	-	ascii	+download
-\.zip$		application/x-zip-compressed	anthony-compressed.gif	-	image
-\.bcpio$	application/x-bcpio		anthony-unknown.gif	-	image
-\.cpio$		application/x-cpio		anthony-unknown.gif	-	image
-\.gtar$		application/x-gtar		anthony-tar.gif		-	image
-\.rpm$		application/x-rpm		anthony-unknown.gif	-	image
+\.sh$		application/x-sh		anthony-script.gif	-	ascii	+download +view
+\.tcl$		application/x-tcl		anthony-script.gif	-	ascii	+download +view
+\.tex$		application/x-tex		anthony-tex.gif		-	ascii	+download +view
+\.texi$		application/x-texinfo		anthony-tex.gif		-	ascii	+download +view
+\.texinfo$	application/x-texinfo		anthony-tex.gif		-	ascii	+download +view
+\.t$		application/x-troff		anthony-text.gif	-	ascii	+download +view
+\.roff$		application/x-troff		anthony-text.gif	-	ascii	+download +view
+\.tr$		application/x-troff		anthony-text.gif	-	ascii	+download +view
+\.man$		application/x-troff-man		anthony-text.gif	-	ascii	+download +view
+\.me$		application/x-troff-me		anthony-text.gif	-	ascii	+download +view
+\.ms$		application/x-troff-ms		anthony-text.gif	-	ascii	+download +view
+\.src$		application/x-wais-source	anthony-unknown.gif	-	ascii	+download
+\.zip$		application/zip			anthony-compressed.gif	-	image	+download
+\.bcpio$	application/x-bcpio		anthony-box.gif		-	image	+download
+\.cpio$		application/x-cpio		anthony-box.gif		-	image	+download
+\.gtar$		application/x-gtar		anthony-tar.gif		-	image	+download
+\.rpm$		application/x-rpm		anthony-unknown.gif	-	image	+download
 \.shar$		application/x-shar		anthony-script.gif	-	image	+download +view
-\.sv4cpio$	application/x-sv4cpio		anthony-unknown.gif	-	image
-\.sv4crc$	application/x-sv4crc		anthony-unknown.gif	-	image
-\.tar$		application/x-tar		anthony-tar.gif		-	image
-\.ustar$	application/x-ustar		anthony-tar.gif		-	image
-\.au$		audio/basic			anthony-sound.gif	-	image
-\.snd$		audio/basic			anthony-sound.gif	-	image
-\.mp2$		audio/basic			anthony-sound.gif	-	image
-\.mp3$		audio/basic			anthony-sound.gif	-	image
-\.aif$		audio/x-aiff			anthony-sound.gif	-	image
-\.aiff$		audio/x-aiff			anthony-sound.gif	-	image
-\.aifc$		audio/x-aiff			anthony-sound.gif	-	image
-\.wav$		audio/x-wav			anthony-sound.gif	-	image
-\.ief$		image/ief			anthony-image.gif	-	image
-\.jpeg$		image/jpeg			anthony-image.gif	-	image
-\.jpg$		image/jpeg			anthony-image.gif	-	image
-\.jpe$		image/jpeg			anthony-image.gif	-	image
-\.tiff$		image/tiff			anthony-image.gif	-	image
-\.tif$		image/tiff			anthony-image.gif	-	image
-\.ras$		image/cmu-raster		anthony-image.gif	-	image
-\.pnm$		image/x-portable-anymap		anthony-image.gif	-	image
-\.pbm$		image/x-portable-bitmap		anthony-image.gif	-	image
-\.pgm$		image/x-portable-graymap	anthony-image.gif	-	image
-\.ppm$		image/x-portable-pixmap		anthony-image.gif	-	image
-\.rgb$		image/x-rgb			anthony-image.gif	-	image
-\.xbm$		image/x-xbitmap			anthony-xbm.gif		-	image
-\.xpm$		image/x-xpixmap			anthony-xpm.gif		-	image
-\.xwd$		image/x-xwindowdump		anthony-image.gif	-	image
-\.html$		text/html			anthony-text.gif	-	ascii
-\.htm$		text/html			anthony-text.gif	-	ascii
-\.c$		text/plain			anthony-c.gif		-	ascii
-\.h$		text/plain			anthony-c.gif		-	ascii
-\.cc$		text/plain			anthony-c.gif		-	ascii
-\.hh$		text/plain			anthony-c.gif		-	ascii
-\.m$		text/plain			anthony-text.gif	-	ascii
-\.f90$		text/plain			anthony-text.gif	-	ascii
-\.txt$		text/plain			anthony-text.gif	-	ascii
-\.rtx$		text/richtext			anthony-text.gif	-	ascii	+download
-\.tsv$		text/tab-separated-values	anthony-text.gif	-	ascii	+download
-\.etx$		text/x-setext			anthony-text.gif	-	ascii	+download
-\.mpeg$		video/mpeg			anthony-movie.gif	-	image
-\.mpg$		video/mpeg			anthony-movie.gif	-	image
-\.mpe$		video/mpeg			anthony-movie.gif	-	image
-\.qt$		video/quicktime			anthony-movie.gif	-	image
-\.mov$		video/quicktime			anthony-movie.gif	-	image
-\.avi$		video/x-msvideo			anthony-movie.gif	-	image
-\.movie$	video/x-sgi-movie		anthony-movie.gif	-	image
-\.hqx$		application/mac-binhex40	anthony-binhex.gif	-	image
-\.mwrt$		application/macwriteii		anthony-unknown.gif	-	image
-\.msw$		application/msword		anthony-unknown.gif	-	image
-\.doc$		application/msword		anthony-unknown.gif	-	image	+view
-\.xls$		application/msexcel		anthony-unknown.gif	-	image
-\.wk[s1234]$	application/vnd.lotus-1-2-3	anthony-unknown.gif	-	image
-\.mif$		application/x-mif		anthony-unknown.gif	-	image
-\.sit$		application/stuffit		anthony-unknown.gif	-	image
-\.pict$		application/pict		anthony-image.gif	-	image
-\.pic$		application/pict		anthony-image.gif	-	image
-\.arj$		application/x-arj-compressed	anthony-compressed.gif	-	image
-\.lzh$		application/x-lha-compressed	anthony-compressed.gif	-	image
-\.lha$		application/x-lha-compressed	anthony-compressed.gif	-	image
-\.zlib$		application/x-deflate		anthony-compressed.gif	deflate	image
+\.sv4cpio$	application/x-sv4cpio		anthony-box.gif		-	image	+download
+\.sv4crc$	application/x-sv4crc		anthony-box.gif		-	image	+download
+\.tar$		application/x-tar		anthony-tar.gif		-	image	+download
+\.ustar$	application/x-ustar		anthony-tar.gif		-	image	+download
+\.au$		audio/basic			anthony-sound.gif	-	image	+download
+\.snd$		audio/basic			anthony-sound.gif	-	image	+download
+\.mp2$		audio/mpeg			anthony-sound.gif	-	image	+download
+\.mp3$		audio/mpeg			anthony-sound.gif	-	image	+download
+\.mpga$		audio/mpeg			anthony-sound.gif	-	image	+download
+\.aif$		audio/x-aiff			anthony-sound.gif	-	image	+download
+\.aiff$		audio/x-aiff			anthony-sound.gif	-	image	+download
+\.aifc$		audio/x-aiff			anthony-sound.gif	-	image	+download
+\.wav$		audio/x-wav			anthony-sound.gif	-	image	+download
+\.bmp$		image/bmp			anthony-image.gif	-	image	+download
+\.ief$		image/ief			anthony-image.gif	-	image	+download
+\.jpeg$		image/jpeg			anthony-image.gif	-	image	+download
+\.jpg$		image/jpeg			anthony-image.gif	-	image	+download
+\.jpe$		image/jpeg			anthony-image.gif	-	image	+download
+\.tiff$		image/tiff			anthony-image.gif	-	image	+download
+\.tif$		image/tiff			anthony-image.gif	-	image	+download
+\.ras$		image/x-cmu-raster		anthony-image.gif	-	image	+download
+\.pnm$		image/x-portable-anymap		anthony-image.gif	-	image	+download
+\.pbm$		image/x-portable-bitmap		anthony-image.gif	-	image	+download
+\.pgm$		image/x-portable-graymap	anthony-image.gif	-	image	+download
+\.ppm$		image/x-portable-pixmap		anthony-image.gif	-	image	+download
+\.rgb$		image/x-rgb			anthony-image.gif	-	image	+download
+\.xbm$		image/x-xbitmap			anthony-xbm.gif		-	image	+download
+\.xpm$		image/x-xpixmap			anthony-xpm.gif		-	image	+download
+\.xwd$		image/x-xwindowdump		anthony-image.gif	-	image	+download
+\.html$		text/html			anthony-text.gif	-	ascii	+download +view
+\.htm$		text/html			anthony-text.gif	-	ascii	+download +view
+\.css$		text/css			anthony-script.gif	-	ascii	+download +view
+\.js$		application/x-javascript	anthony-c.gif		-	ascii	+download +view
+\.c$		text/plain			anthony-c.gif		-	ascii	+download
+\.h$		text/plain			anthony-c.gif		-	ascii	+download
+\.cc$		text/plain			anthony-c.gif		-	ascii	+download
+\.cpp$		text/plain			anthony-c.gif		-	ascii	+download
+\.hh$		text/plain			anthony-c.gif		-	ascii	+download
+\.m$		text/plain			anthony-script.gif	-	ascii	+download
+\.f90$		text/plain			anthony-f.gif		-	ascii	+download
+\.txt$		text/plain			anthony-text.gif	-	ascii	+download
+\.asc$		text/plain			anthony-text.gif	-	ascii	+download
+\.rtx$		text/richtext			anthony-quill.gif	-	ascii	+download +view
+\.tsv$		text/tab-separated-values	anthony-script.gif	-	ascii	+download +view
+\.etx$		text/x-setext			anthony-text.gif	-	ascii	+download +view
+\.mpeg$		video/mpeg			anthony-movie.gif	-	image	+download
+\.mpg$		video/mpeg			anthony-movie.gif	-	image	+download
+\.mpe$		video/mpeg			anthony-movie.gif	-	image	+download
+\.qt$		video/quicktime			anthony-movie.gif	-	image	+download
+\.mov$		video/quicktime			anthony-movie.gif	-	image	+download
+\.avi$		video/x-msvideo			anthony-movie.gif	-	image	+download
+\.movie$	video/x-sgi-movie		anthony-movie.gif	-	image	+download
+\.cpt$		application/mac-compactpro	anthony-unknown.gif	-	image	+download
+\.hqx$		application/mac-binhex40	anthony-binhex.gif	-	image	+download
+\.mwrt$		application/macwriteii		anthony-text.gif	-	image	+download
+\.msw$		application/msword		anthony-script.gif	-	image	+download
+\.doc$		application/msword		anthony-layout.gif	-	image	+download +view
+\.xls$		application/vnd.ms-excel	anthony-layout.gif	-	image	+download
+\.ppt$		application/vnd.ms-powerpoint	anthony-image2.gif	-	image	+download
+\.wk[s1234]$	application/vnd.lotus-1-2-3	anthony-script.gif	-	image	+download
+\.mif$		application/vnd.mif		anthony-unknown.gif	-	image	+download
+\.sit$		application/x-stuffit		anthony-compressed.gif	-	image	+download
+\.pict$		application/pict		anthony-image.gif	-	image	+download
+\.pic$		application/pict		anthony-image.gif	-	image	+download
+\.arj$		application/x-arj-compressed	anthony-compressed.gif	-	image	+download
+\.lzh$		application/x-lha-compressed	anthony-compressed.gif	-	image	+download
+\.lha$		application/x-lha-compressed	anthony-compressed.gif	-	image	+download
+\.zlib$		application/x-deflate		anthony-compressed.gif	deflate	image	+download
 README		text/plain			anthony-text.gif	-	ascii	+download
-^core$		application/octet-stream	anthony-bomb.gif	-	image
-\.core$		application/octet-stream	anthony-bomb.gif	-	image
-\.png$		image/png			anthony-image.gif	-	image
-\.cab$		application/octet-stream	anthony-compressed.gif	-	image	+view
+^core$		application/octet-stream	anthony-bomb.gif	-	image	+download
+\.core$		application/octet-stream	anthony-bomb.gif	-	image	+download
+\.png$		image/png			anthony-image.gif	-	image	+download
+\.cab$		application/octet-stream	anthony-compressed.gif	-	image	+download +view
+\.xpi$		application/x-xpinstall		anthony-unknown.gif	-	image	+download
+\.class$	application/octet-stream	anthony-unknown.gif	-	image	+download
+\.java$		text/plain			anthony-c.gif		-	ascii	+download
+\.dcr$		application/x-director		anthony-unknown.gif	-	image	+download
+\.dir$		application/x-director		anthony-unknown.gif	-	image	+download
+\.dxr$		application/x-director		anthony-unknown.gif	-	image	+download
+\.djv$		image/vnd.djvu			anthony-image.gif	-	image	+download
+\.djvu$		image/vnd.djvu			anthony-image.gif	-	image	+download
+\.dll$		application/octet-stream	anthony-unknown.gif	-	image	+download
+\.dms$		application/octet-stream	anthony-unknown.gif	-	image	+download
+\.ez$		application/andrew-inset	anthony-unknown.gif	-	image	+download
+\.ice$		x-conference/x-cooltalk		anthony-unknown.gif	-	image	+download
+\.iges$		model/iges			anthony-image.gif	-	image	+download
+\.igs$		model/iges			anthony-image.gif	-	image	+download
+\.kar$		audio/midi			anthony-sound.gif	-	image	+download
+\.mid$		audio/midi			anthony-sound.gif	-	image	+download
+\.midi$		audio/midi			anthony-sound.gif	-	image	+download
+\.mesh$		model/mesh			anthony-image.gif	-	image	+download
+\.silo$		model/mesh			anthony-image.gif	-	image	+download
+\.mxu$		video/vnd.mpegurl		anthony-movie.gif	-	image	+download
+\.pdb$		chemical/x-pdb			anthony-unknown.gif	-	image	+download
+\.pgn$		application/x-chess-pgn		anthony-unknown.gif	-	image	+download
+\.ra$		audio/x-realaudio		anthony-sound.gif	-	image	+download
+\.ram$		audio/x-pn-realaudio		anthony-sound.gif	-	image	+download
+\.rm$		audio/x-pn-realaudio		anthony-sound.gif	-	image	+download
+\.sgml$		text/sgml			anthony-text.gif	-	ascii	+download
+\.sgm$		text/sgml			anthony-text.gif	-	ascii	+download
+\.skd$		application/x-koan		anthony-unknown.gif	-	image	+download
+\.skm$		application/x-koan		anthony-unknown.gif	-	image	+download
+\.skp$		application/x-koan		anthony-unknown.gif	-	image	+download
+\.skt$		application/x-koan		anthony-unknown.gif	-	image	+download
+\.smi$		application/smil		anthony-unknown.gif	-	image	+download
+\.smil$		application/smil		anthony-unknown.gif	-	image	+download
+\.so$		application/octet-stream	anthony-unknown.gif	-	image	+download
+\.spl$		application/x-futuresplash	anthony-unknown.gif	-	image	+download
+\.swf$		application/x-shockwave-flash	anthony-unknown.gif	-	image	+download
+\.vcd$		application/x-cdlink		anthony-unknown.gif	-	image	+download
+\.vrml$		model/vrml			anthony-image.gif	-	image	+download
+\.wbmp$		image/vnd.wap.wbmp		anthony-image.gif	-	image	+download
+\.wbxml$	application/vnd.wap.wbxml	anthony-unknown.gif	-	image	+download
+\.wmlc$		application/vnd.wap.wmlc	anthony-unknown.gif	-	image	+download
+\.wmlsc$	application/vnd.wap.wmlscriptc	anthony-script.gif	-	image	+download
+\.wmls$		application/vnd.wap.wmlscript	anthony-script.gif	-	image	+download
+\.xht$		application/xhtml		anthony-text.gif	-	ascii	+download
+\.xhtml$	application/xhtml		anthony-text.gif	-	ascii	+download
+\.xml$		text/xml			anthony-text.gif	-	ascii	+download
+\.xsl$		text/xml			anthony-layout.gif	-	ascii	+download
+\.xyz$		chemical/x-xyz			anthony-unknown.gif	-	image	+download
+
 # the default
-.		text/plain			anthony-unknown.gif	-	image	+view +download
+.		text/plain			anthony-unknown.gif	-	image	+download +view
diff -rupN squid-2.5.STABLE4/src/neighbors.c squid-2.5.STABLE5/src/neighbors.c
--- squid-2.5.STABLE4/src/neighbors.c	Tue Aug 12 18:28:19 2003
+++ squid-2.5.STABLE5/src/neighbors.c	Sat Nov 29 11:53:00 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: neighbors.c,v 1.299.2.3 2003/08/13 00:28:19 wessels Exp $
+ * $Id: neighbors.c,v 1.299.2.4 2003/11/29 18:53:00 hno Exp $
  *
  * DEBUG: section 15    Neighbor Routines
  * AUTHOR: Harvest Derived
@@ -48,8 +48,7 @@ static void neighborAliveHtcp(peer *, co
 static void neighborCountIgnored(peer *);
 static void peerRefreshDNS(void *);
 static IPH peerDNSConfigure;
-static void peerProbeConnect(peer *);
-static IPH peerProbeConnect2;
+static int peerProbeConnect(peer *);
 static CNCB peerProbeConnectDone;
 static void peerCountMcastPeersDone(void *data);
 static void peerCountMcastPeersStart(void *data);
@@ -590,20 +589,17 @@ peerDigestLookup(peer * p, request_t * r
     if (!p->digest) {
 	debug(15, 5) ("peerDigestLookup: gone!\n");
 	return LOOKUP_NONE;
-    } else if (!peerHTTPOkay(p, request)) {
-	debug(15, 5) ("peerDigestLookup: !peerHTTPOkay\n");
-	return LOOKUP_NONE;
-    } else if (p->digest->flags.usable) {
-	debug(15, 5) ("peerDigestLookup: usable\n");
-	/* fall through; put here to have common case on top */ ;
     } else if (!p->digest->flags.needed) {
 	debug(15, 5) ("peerDigestLookup: note need\n");
 	peerDigestNeeded(p->digest);
 	return LOOKUP_NONE;
-    } else {
+    } else if (!p->digest->flags.usable) {
 	debug(15, 5) ("peerDigestLookup: !ready && %srequested\n",
 	    p->digest->flags.requested ? "" : "!");
 	return LOOKUP_NONE;
+    } else if (!peerHTTPOkay(p, request)) {
+	debug(15, 5) ("peerDigestLookup: !peerHTTPOkay\n");
+	return LOOKUP_NONE;
     }
     debug(15, 5) ("peerDigestLookup: OK to lookup peer %s\n", p->host);
     assert(p->digest->cd);
@@ -935,8 +931,8 @@ int
 neighborUp(const peer * p)
 {
     if (!p->tcp_up) {
-	peerProbeConnect((peer *) p);
-	return 0;
+	if (!peerProbeConnect((peer *) p))
+	    return 0;
     }
     if (p->options.no_query)
 	return 1;
@@ -1042,15 +1038,14 @@ peerRefreshDNS(void *data)
     eventAddIsh("peerRefreshDNS", peerRefreshDNS, NULL, 3600.0, 1);
 }
 
-void
-peerConnectFailed(peer * p)
+static void
+peerConnectFailedSilent(peer * p)
 {
     p->stats.last_connect_failure = squid_curtime;
     if (!p->tcp_up) {
 	debug(15, 2) ("TCP connection to %s/%d dead\n", p->host, p->http_port);
 	return;
     }
-    debug(15, 1) ("TCP connection to %s/%d failed\n", p->host, p->http_port);
     p->tcp_up--;
     if (!p->tcp_up) {
 	debug(15, 1) ("Detected DEAD %s: %s/%d/%d\n",
@@ -1061,6 +1056,13 @@ peerConnectFailed(peer * p)
 }
 
 void
+peerConnectFailed(peer * p)
+{
+    debug(15, 1) ("TCP connection to %s/%d failed\n", p->host, p->http_port);
+    peerConnectFailedSilent(p);
+}
+
+void
 peerConnectSucceded(peer * p)
 {
     if (!p->tcp_up) {
@@ -1073,35 +1075,42 @@ peerConnectSucceded(peer * p)
     p->tcp_up = PEER_TCP_MAGIC_COUNT;
 }
 
+static void
+peerProbeConnectTimeout(int fd, void *data)
+{
+    peer *p = data;
+    comm_close(fd);
+    p->test_fd = -1;
+    peerConnectFailedSilent(p);
+}
+
 /*
  * peerProbeConnect will be called on dead peers by neighborUp 
  */
-static void
+static int
 peerProbeConnect(peer * p)
 {
     int fd;
+    time_t ctimeout = p->connect_timeout > 0 ? p->connect_timeout
+    : Config.Timeout.peer_connect;
+    int ret = squid_curtime - p->stats.last_connect_failure > ctimeout * 10;
     if (p->test_fd != -1)
-	return;			/* probe already running */
-    if (squid_curtime - p->stats.last_connect_probe < Config.Timeout.connect)
-	return;			/* don't probe to often */
+	return ret;		/* probe already running */
+    if (squid_curtime - p->stats.last_connect_probe == 0)
+	return ret;		/* don't probe to often */
     fd = comm_open(SOCK_STREAM, 0, getOutgoingAddr(NULL),
 	0, COMM_NONBLOCKING, p->host);
     if (fd < 0)
-	return;
+	return ret;
+    commSetTimeout(fd, ctimeout, peerProbeConnectTimeout, p);
     p->test_fd = fd;
     p->stats.last_connect_probe = squid_curtime;
-    ipcache_nbgethostbyname(p->host, peerProbeConnect2, p);
-}
-
-static void
-peerProbeConnect2(const ipcache_addrs * ianotused, void *data)
-{
-    peer *p = data;
     commConnectStart(p->test_fd,
 	p->host,
 	p->http_port,
 	peerProbeConnectDone,
 	p);
+    return ret;
 }
 
 static void
@@ -1111,7 +1120,7 @@ peerProbeConnectDone(int fd, int status,
     if (status == COMM_OK) {
 	peerConnectSucceded(p);
     } else {
-	peerConnectFailed(p);
+	peerConnectFailedSilent(p);
     }
     comm_close(fd);
     p->test_fd = -1;
diff -rupN squid-2.5.STABLE4/src/pconn.c squid-2.5.STABLE5/src/pconn.c
--- squid-2.5.STABLE4/src/pconn.c	Fri Apr 13 18:03:23 2001
+++ squid-2.5.STABLE5/src/pconn.c	Mon Dec 15 16:38:43 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: pconn.c,v 1.31 2001/04/14 00:03:23 hno Exp $
+ * $Id: pconn.c,v 1.31.2.2 2003/12/15 23:38:43 hno Exp $
  *
  * DEBUG: section 48    Persistent Connections
  * AUTHOR: Duane Wessels
@@ -95,11 +95,11 @@ static void
 pconnRemoveFD(struct _pconn *p, int fd)
 {
     int i;
-    for (i = 0; i < p->nfds; i++) {
+    for (i = p->nfds - 1; i >= 0; i--) {
 	if (p->fds[i] == fd)
 	    break;
     }
-    assert(i < p->nfds);
+    assert(i >= 0);
     debug(48, 3) ("pconnRemoveFD: found FD %d at index %d\n", fd, i);
     for (; i < p->nfds - 1; i++)
 	p->fds[i] = p->fds[i + 1];
@@ -190,7 +190,7 @@ pconnPush(int fd, const char *host, u_sh
     int *old;
     LOCAL_ARRAY(char, key, SQUIDHOSTNAMELEN + 10);
     LOCAL_ARRAY(char, desc, FD_DESC_SZ);
-    if (fdNFree() < (RESERVED_FD << 1)) {
+    if (fdUsageHigh()) {
 	debug(48, 3) ("pconnPush: Not many unused FDs\n");
 	comm_close(fd);
 	return;
@@ -235,7 +235,7 @@ pconnPop(const char *host, u_short port)
     if (hptr != NULL) {
 	p = (struct _pconn *) hptr;
 	assert(p->nfds > 0);
-	fd = p->fds[0];
+	fd = p->fds[p->nfds - 1];
 	pconnRemoveFD(p, fd);
 	commSetSelect(fd, COMM_SELECT_READ, NULL, NULL, 0);
 	commSetTimeout(fd, -1, NULL, NULL);
diff -rupN squid-2.5.STABLE4/src/pinger.c squid-2.5.STABLE5/src/pinger.c
--- squid-2.5.STABLE4/src/pinger.c	Thu Jan 11 17:37:20 2001
+++ squid-2.5.STABLE5/src/pinger.c	Mon Dec 22 17:55:57 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: pinger.c,v 1.46 2001/01/12 00:37:20 wessels Exp $
+ * $Id: pinger.c,v 1.46.2.1 2003/12/23 00:55:57 hno Exp $
  *
  * DEBUG: section 42    ICMP Pinger program
  * AUTHOR: Duane Wessels
@@ -170,7 +170,7 @@ pingerSendEcho(struct in_addr to, int op
     echo = (icmpEchoData *) (icmp + 1);
     echo->opcode = (unsigned char) opcode;
     echo->tv = current_time;
-    icmp_pktsize += sizeof(icmpEchoData) - MAX_PAYLOAD;
+    icmp_pktsize += sizeof(struct timeval) + sizeof(char);
     if (payload) {
 	if (len > MAX_PAYLOAD)
 	    len = MAX_PAYLOAD;
diff -rupN squid-2.5.STABLE4/src/protos.h squid-2.5.STABLE5/src/protos.h
--- squid-2.5.STABLE4/src/protos.h	Sun Aug 10 15:04:47 2003
+++ squid-2.5.STABLE5/src/protos.h	Wed Feb  4 10:42:28 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: protos.h,v 1.420.2.20 2003/08/10 21:04:47 hno Exp $
+ * $Id: protos.h,v 1.420.2.22 2004/02/04 17:42:28 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -269,6 +269,7 @@ extern void fd_bytes(int fd, int len, un
 extern void fdFreeMemory(void);
 extern void fdDumpOpen(void);
 extern int fdNFree(void);
+extern int fdUsageHigh(void);
 extern void fdAdjustReserved(void);
 
 extern fileMap *file_map_create(void);
@@ -1273,7 +1274,7 @@ extern void helperStatefulFree(statefulh
 extern void helperStatefulReset(helper_stateful_server * srv);
 extern void helperStatefulReleaseServer(helper_stateful_server * srv);
 extern void *helperStatefulServerGetData(helper_stateful_server * srv);
-extern helper_stateful_server *helperStatefulDefer(statefulhelper *);
+extern helper_stateful_server *helperStatefulGetServer(statefulhelper *);
 
 
 
diff -rupN squid-2.5.STABLE4/src/redirect.c squid-2.5.STABLE5/src/redirect.c
--- squid-2.5.STABLE4/src/redirect.c	Sat Jul 20 18:30:02 2002
+++ squid-2.5.STABLE5/src/redirect.c	Sun Dec 14 06:40:47 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: redirect.c,v 1.88.2.1 2002/07/21 00:30:02 hno Exp $
+ * $Id: redirect.c,v 1.88.2.3 2003/12/14 13:40:47 hno Exp $
  *
  * DEBUG: section 61    Redirector
  * AUTHOR: Duane Wessels
@@ -100,23 +100,6 @@ redirectStart(clientHttpRequest * http, 
     assert(http);
     assert(handler);
     debug(61, 5) ("redirectStart: '%s'\n", http->uri);
-    if (Config.Program.redirect == NULL) {
-	handler(data, NULL);
-	return;
-    }
-    if (Config.accessList.redirector) {
-	aclCheck_t ch;
-	memset(&ch, '\0', sizeof(ch));
-	ch.src_addr = http->conn->peer.sin_addr;
-	ch.my_addr = http->conn->me.sin_addr;
-	ch.my_port = ntohs(http->conn->me.sin_port);
-	ch.request = http->request;
-	if (!aclCheckFast(Config.accessList.redirector, &ch)) {
-	    /* denied -- bypass redirector */
-	    handler(data, NULL);
-	    return;
-	}
-    }
     if (Config.onoff.redirector_bypass && redirectors->stats.queue_size) {
 	/* Skip redirector if there is one request queued */
 	n_bypassed++;
@@ -143,7 +126,7 @@ redirectStart(clientHttpRequest * http, 
 	r->orig_url,
 	inet_ntoa(r->client_addr),
 	fqdn,
-	r->client_ident,
+	r->client_ident[0] ? rfc1738_escape(r->client_ident) : dash_str,
 	r->method_s);
     helperSubmit(redirectors, buf, redirectHandleReply, r);
 }
diff -rupN squid-2.5.STABLE4/src/ssl_support.c squid-2.5.STABLE5/src/ssl_support.c
--- squid-2.5.STABLE4/src/ssl_support.c	Sat Feb  8 07:53:15 2003
+++ squid-2.5.STABLE5/src/ssl_support.c	Thu Dec 11 00:53:11 2003
@@ -1,21 +1,21 @@
 
 /*
- * $Id: ssl_support.c,v 1.5.2.2 2003/02/08 14:53:15 hno Exp $
+ * $Id: ssl_support.c,v 1.5.2.3 2003/12/11 07:53:11 wessels Exp $
  *
  * AUTHOR: Benno Rice
  * DEBUG: section 83    SSL accelerator support
  *
- * SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
+ * SQUID Web Proxy Cache          http://www.squid-cache.org/
  * ----------------------------------------------------------
  *
- *  Squid is the result of efforts by numerous individuals from the
- *  Internet community.  Development is led by Duane Wessels of the
- *  National Laboratory for Applied Network Research and funded by the
- *  National Science Foundation.  Squid is Copyrighted (C) 1998 by
- *  Duane Wessels and the University of California San Diego.  Please
- *  see the COPYRIGHT file for full details.  Squid incorporates
- *  software developed and/or copyrighted by other sources.  Please see
- *  the CREDITS file for full details.
+ *  Squid is the result of efforts by numerous individuals from
+ *  the Internet community; see the CONTRIBUTORS file for full
+ *  details.   Many organizations have provided support for Squid's
+ *  development; see the SPONSORS file for full details.  Squid is
+ *  Copyrighted (C) 2001 by the Regents of the University of
+ *  California; see the COPYRIGHT file for full details.  Squid
+ *  incorporates software developed and/or copyrighted by other
+ *  sources; see the CREDITS file for full details.
  *
  *  This program is free software; you can redistribute it and/or modify
  *  it under the terms of the GNU General Public License as published by
diff -rupN squid-2.5.STABLE4/src/store.c squid-2.5.STABLE5/src/store.c
--- squid-2.5.STABLE4/src/store.c	Wed Aug  6 07:49:02 2003
+++ squid-2.5.STABLE5/src/store.c	Wed Sep 24 16:30:22 2003
@@ -1,6 +1,6 @@
 
 /*
- * $Id: store.c,v 1.544.2.4 2003/08/06 13:49:02 hno Exp $
+ * $Id: store.c,v 1.544.2.5 2003/09/24 22:30:22 wessels Exp $
  *
  * DEBUG: section 20    Storage Manager
  * AUTHOR: Harvest Derived
@@ -443,6 +443,7 @@ storeSetPublicKey(StoreEntry * e)
 	    }
 #endif
 	    storeSetPublicKey(pe);
+	    storeBuffer(pe);
 	    httpReplySwapOut(pe->mem_obj->reply, pe);
 	    storeBufferFlush(pe);
 	    storeTimestampsSet(pe);
diff -rupN squid-2.5.STABLE4/src/structs.h squid-2.5.STABLE5/src/structs.h
--- squid-2.5.STABLE4/src/structs.h	Fri Sep 12 14:30:16 2003
+++ squid-2.5.STABLE5/src/structs.h	Wed Feb  4 10:42:28 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.408.2.14 2003/09/12 20:30:16 hno Exp $
+ * $Id: structs.h,v 1.408.2.23 2004/02/04 17:42:28 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -400,6 +400,7 @@ struct _SquidConfig {
     struct {
 	time_t read;
 	time_t lifetime;
+	time_t forward;
 	time_t connect;
 	time_t peer_connect;
 	time_t request;
@@ -592,6 +593,7 @@ struct _SquidConfig {
 	int vary_ignore_expire;
 	int pipeline_prefetch;
 	int request_entities;
+	int detect_broken_server_pconns;
     } onoff;
     acl *aclList;
     struct {
@@ -626,6 +628,7 @@ struct _SquidConfig {
 	char *anon_user;
 	int passive;
 	int sanitycheck;
+	int telnet;
     } Ftp;
     refresh_t *Refresh;
     struct _cacheSwap {
@@ -635,6 +638,7 @@ struct _SquidConfig {
     } cacheSwap;
     struct {
 	char *directory;
+	int use_short_names;
     } icons;
     char *errorDirectory;
     struct {
@@ -965,6 +969,8 @@ struct _http_state_flags {
     unsigned int proxying:1;
     unsigned int keepalive:1;
     unsigned int only_if_cached:1;
+    unsigned int keepalive_broken:1;
+    unsigned int abuse_detected:1;
 };
 
 struct _HttpStateData {
@@ -979,6 +985,7 @@ struct _HttpStateData {
     int fd;
     http_state_flags flags;
     FwdState *fwd;
+    char *body_buf;
 };
 
 struct _icpUdpData {
@@ -1951,7 +1958,7 @@ struct _FwdServer {
 };
 
 struct _FwdState {
-    int client_fd;
+    int client_fd;		/* XXX unnecessary */
     StoreEntry *entry;
     request_t *request;
     FwdServer *servers;
@@ -1959,6 +1966,7 @@ struct _FwdState {
     ErrorState *err;
     time_t start;
     int n_tries;
+    int origin_tries;
 #if WIP_FWD_LOG
     http_status last_status;
 #endif
@@ -1994,8 +2002,6 @@ struct _helper_request {
 struct _helper_stateful_request {
     char *buf;
     HLPSCB *callback;
-    int placeholder;		/* if 1, this is a dummy request waiting for a stateful helper
-				 * to become available for deferred requests.*/
     void *data;
 };
 
@@ -2013,6 +2019,7 @@ struct _helper {
 	int requests;
 	int replies;
 	int queue_size;
+	int max_queue_size;
 	int avg_svc_time;
     } stats;
     time_t last_restart;
@@ -2028,12 +2035,13 @@ struct _helper_stateful {
     int ipc_type;
     MemPool *datapool;
     HLPSAVAIL *IsAvailable;
-    HLPSONEQ *OnEmptyQueue;
+    HLPSRESET *Reset;
     time_t last_queue_warn;
     struct {
 	int requests;
 	int replies;
 	int queue_size;
+	int max_queue_size;
 	int avg_svc_time;
     } stats;
     time_t last_restart;
@@ -2075,7 +2083,6 @@ struct _helper_stateful_server {
     struct timeval dispatch_time;
     struct timeval answer_time;
     dlink_node link;
-    dlink_list queue;
     statefulhelper *parent;
     helper_stateful_request *request;
     struct _helper_stateful_flags {
@@ -2083,16 +2090,13 @@ struct _helper_stateful_server {
 	unsigned int busy:1;
 	unsigned int closing:1;
 	unsigned int shutdown:1;
-	stateful_helper_reserve_t reserved;
+	unsigned int reserved:1;
     } flags;
     struct {
 	int uses;
 	int submits;
 	int releases;
-	int deferbyfunc;
-	int deferbycb;
     } stats;
-    int deferred_requests;	/* current number of deferred requests */
     void *data;			/* State data used by the calling routines */
 };
 
diff -rupN squid-2.5.STABLE4/src/typedefs.h squid-2.5.STABLE5/src/typedefs.h
--- squid-2.5.STABLE4/src/typedefs.h	Sun May 11 11:30:13 2003
+++ squid-2.5.STABLE5/src/typedefs.h	Wed Feb  4 10:42:29 2004
@@ -1,6 +1,6 @@
 
 /*
- * $Id: typedefs.h,v 1.132.2.2 2003/05/11 17:30:13 hno Exp $
+ * $Id: typedefs.h,v 1.132.2.4 2004/02/04 17:42:29 hno Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -249,11 +249,11 @@ typedef void OBJH(StoreEntry *);
 typedef void SIGHDLR(int sig);
 typedef void STVLDCB(void *, int, int);
 typedef void HLPCB(void *, char *buf);
-typedef stateful_helper_callback_t HLPSCB(void *, void *lastserver, char *buf);
+typedef void HLPSCB(void *, void *lastserver, char *buf);
 typedef int HLPSAVAIL(void *);
-typedef void HLPSONEQ(void *);
+typedef void HLPSRESET(void *);
 typedef void HLPCMDOPTS(int *argc, char **argv);
-typedef void IDNSCB(void *, rfc1035_rr *, int);
+typedef void IDNSCB(void *, rfc1035_rr *, int, const char *);
 
 typedef void STINIT(SwapDir *);
 typedef void STNEWFS(SwapDir *);