add 3 distribution patches;

squid-2.2.stable5-newlines_in_auth.patch
After decoding the base64 encoded "user:password" pair given by the
client, squid doesn't strip out any '\n' found in the resulting
string. Given such a string, any external authenticator will receive two
lines instead of one, and most probably send two results. Now, any
subsequent authentification exchange will have its answer shifted by
one. Therefore, a malicious user can gain access to sites they should not
have access to.

squid-2.2.stable5-ipcache_negative.patch
The IP cache immediately removes entries that should be negatively
cached. This appears to be due to some changes made for retrying failed
connections.

squid-2.2.stable5-no_cache.patch
A missing no_cache list is treated the same as no_cache deny all.

www/squid/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.6 1999/10/01 00:01:54 brad Exp $
+# $OpenBSD: Makefile,v 1.7 1999/12/09 19:48:17 brad Exp $
 
 DISTNAME=	squid-2.2.STABLE5
 PKGNAME=	squid-2.2
@@ -6,13 +6,24 @@ CATEGORIES=	www
 MASTER_SITES=	http://squid.nlanr.net/Versions/v2/2.2/
 EXTRACT_SUFX=	-src.tar.gz
 
+PATCH_SITES=	http://squid.nlanr.net/Versions/v2/2.2/bugs/
+PATCHFILES=	squid-2.2.stable5-no_cache.patch \
+		squid-2.2.stable5-ipcache_negative.patch \
+		squid-2.2.stable5-newlines_in_auth.patch
+.if defined(PATCH_DEBUG)
+PATCH_DIST_ARGS=-d ${WRKSRC}/src -E ${PATCH_DIST_STRIP}
+.else
+PATCH_DIST_ARGS=-d ${WRKSRC}/src --forward --quiet -E ${PATCH_DIST_STRIP}
+.endif
+
 MAINTAINER=	ports@openbsd.org
 
-STRIP=		# won't install scripts correctly otherwise.
-MAKEFILE=	makefile
 SYSCONFDIR=	/etc/squid
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--sysconfdir=${SYSCONFDIR} --localstatedir=/var/squid
+CONFIGURE_ARGS=	--sysconfdir=${SYSCONFDIR} --localstatedir="/var/squid"
+
+MAKEFILE=	makefile
+STRIP=		# won't install scripts correctly otherwise.
 
 post-install:
 	@PKG_PREFIX="${PREFIX}" ${SH} ${PKGDIR}/INSTALL ${DISTNAME} POST-INSTALL

www/squid/files/md5

@@ -1,3 +1,12 @@
 MD5 (squid-2.2.STABLE5-src.tar.gz) = e5b02867a4c58ac5db191041a9c298b6
+MD5 (squid-2.2.stable5-ipcache_negative.patch) = 20bfacdf3722a9957ea5ca6c64626aa2
+MD5 (squid-2.2.stable5-newlines_in_auth.patch) = 5860cdc5613486f04571b81da40d4958
+MD5 (squid-2.2.stable5-no_cache.patch) = adb98dcb868da61ffcf5035cbf7f1049
 RMD160 (squid-2.2.STABLE5-src.tar.gz) = ea2dada08f2d63cb83be8a97717e403ee62330e7
+RMD160 (squid-2.2.stable5-ipcache_negative.patch) = dcb9ac05647d92f476704c3f24d5984cac1d90e1
+RMD160 (squid-2.2.stable5-newlines_in_auth.patch) = b81e3e685ebeb8503eb2ab79b8f90be4c2552802
+RMD160 (squid-2.2.stable5-no_cache.patch) = 8677052f0f57549e3bc4859f05a0caf650d44e7d
 SHA1 (squid-2.2.STABLE5-src.tar.gz) = ab03c701a3e21805bcf313b54f95dd3fe435a67f
+SHA1 (squid-2.2.stable5-ipcache_negative.patch) = 23bb13dbe470a31b190b6ce6e0982591f9fe4a66
+SHA1 (squid-2.2.stable5-newlines_in_auth.patch) = 5fa99dce569b9e297890e4fe275d6b97f38d8456
+SHA1 (squid-2.2.stable5-no_cache.patch) = 3dadd96c7b9081d1c4b79a7137ced42459fcd744