diff --git a/www/squid/Makefile b/www/squid/Makefile
index 88fee97364b..a1c0fd394c9 100644
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.100 2009/10/30 00:56:57 sthen Exp $
+# $OpenBSD: Makefile,v 1.101 2010/02/03 06:41:17 jasper Exp $
 
 COMMENT=	WWW and FTP proxy cache and accelerator
 
 DISTNAME=	squid-2.7.STABLE7
+PKGNAME=	${DISTNAME}p0
 CATEGORIES=	www
 MASTER_SITES=	${HOMEPAGE}/Versions/v2/2.7/
 DIST_SUBDIR=	squid
diff --git a/www/squid/patches/patch-lib_rfc1035_c b/www/squid/patches/patch-lib_rfc1035_c
new file mode 100644
index 00000000000..9de9d29fe23
--- /dev/null
+++ b/www/squid/patches/patch-lib_rfc1035_c
@@ -0,0 +1,20 @@
+$OpenBSD: patch-lib_rfc1035_c,v 1.1 2010/02/03 06:41:17 jasper Exp $
+
+Security fix for CVE-2010-0308, "Squid DNS Packet Processing
+Denial of Service Vulnerability"
+
+Patch from upstream svn, changeset 12597.
+
+--- lib/rfc1035.c.orig	Tue Feb  2 14:50:56 2010
++++ lib/rfc1035.c	Tue Feb  2 14:51:24 2010
+@@ -286,7 +286,9 @@ rfc1035NameUnpack(const char *buf, size_t sz, int *off
+     size_t len;
+     assert(ns > 0);
+     do {
+-	assert((*off) < sz);
++	if ((*off) >= sz) {
++	    return 1;
++	}
+ 	c = *(buf + (*off));
+ 	if (c > 191) {
+ 	    /* blasted compression */