diff -u -r -N squid-5.5/acinclude/compiler-flags.m4 squid-5.6/acinclude/compiler-flags.m4
--- squid-5.5/acinclude/compiler-flags.m4	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/acinclude/compiler-flags.m4	2022-06-06 10:11:52.000000000 +1200
@@ -6,7 +6,7 @@
 ##
 
 # check if the compiler accepts a supplied flag
-# first argument is the variable containing the result 
+# first argument is the variable containing the result
 # (will be set to "yes" or "no")
 # second argument is the flag to be tested, verbatim
 #
@@ -28,7 +28,7 @@
 # Check if the compiler requires a supplied flag to build a test program.
 # When cross-compiling set flags explicitly.
 #
-# first argument is the variable containing the result 
+# first argument is the variable containing the result
 # (will be set to "yes" or "no")
 # second argument is the flag to be tested, verbatim
 # third is the #include and global setup for test program, verbatim
@@ -57,8 +57,8 @@
 #  - gcc
 #  - sunstudio
 #  - none (undetected)
-# 
-AC_DEFUN([SQUID_CC_GUESS_VARIANT], [ 
+#
+AC_DEFUN([SQUID_CC_GUESS_VARIANT], [
  AC_CACHE_CHECK([what kind of compiler we're using],[squid_cv_compiler],
  [
   AC_REQUIRE([AC_PROG_CC])
@@ -127,42 +127,42 @@
 # squid_cv_cxx_option_werror  (-Werror)
 # squid_cv_cc_option_wall     (-Wall)
 # squid_cv_cc_option_optimize (-O3)
-# 
+#
 AC_DEFUN([SQUID_CC_GUESS_OPTIONS], [
  AC_REQUIRE([SQUID_CC_GUESS_VARIANT])
  AC_MSG_CHECKING([for compiler variant])
  case "$squid_cv_compiler" in
-  gcc) 
-   squid_cv_cc_option_werror="-Werror" 
-   squid_cv_cxx_option_werror="-Werror" 
+  gcc)
+   squid_cv_cc_option_werror="-Werror"
+   squid_cv_cxx_option_werror="-Werror"
    squid_cv_cc_option_wall="-Wall"
    squid_cv_cc_option_optimize="-O3"
    squid_cv_cc_arg_pipe="-pipe"
    ;;
-  sunstudio) 
-   squid_cv_cc_option_werror="-errwarn=%all -errtags" 
-   squid_cv_cxx_option_werror="-errwarn=%all,no%badargtype2w,no%wbadinit,no%wbadasg -errtags" 
+  sunstudio)
+   squid_cv_cc_option_werror="-errwarn=%all -errtags"
+   squid_cv_cxx_option_werror="-errwarn=%all,no%badargtype2w,no%wbadinit,no%wbadasg -errtags"
    squid_cv_cc_option_wall="+w"
    squid_cv_cc_option_optimize="-fast"
    squid_cv_cc_arg_pipe=""
    ;;
-  clang) 
+  clang)
    squid_cv_cxx_option_werror="-Werror -Qunused-arguments"
    squid_cv_cc_option_werror="$squid_cv_cxx_option_werror"
    squid_cv_cc_option_wall="-Wall"
    squid_cv_cc_option_optimize="-O2"
    squid_cv_cc_arg_pipe=""
    ;;
-  icc) 
+  icc)
    squid_cv_cxx_option_werror="-Werror"
-   squid_cv_cc_option_werror="$squid_cv_cxx_option_werror" 
+   squid_cv_cc_option_werror="$squid_cv_cxx_option_werror"
    squid_cv_cc_option_wall="-Wall"
    squid_cv_cc_option_optimize="-O2"
    squid_cv_cc_arg_pipe=""
    ;;
-  *) 
-   squid_cv_cxx_option_werror="" 
-   squid_cv_cc_option_werror="" 
+  *)
+   squid_cv_cxx_option_werror=""
+   squid_cv_cc_option_werror=""
    squid_cv_cc_option_wall=""
    squid_cv_cc_option_optimize="-O"
    squid_cv_cc_arg_pipe=""
diff -u -r -N squid-5.5/acinclude/init.m4 squid-5.6/acinclude/init.m4
--- squid-5.5/acinclude/init.m4	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/acinclude/init.m4	2022-06-06 10:11:52.000000000 +1200
@@ -5,7 +5,7 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-dnl This encapsulates the nasty mess of headers we need to check when 
+dnl This encapsulates the nasty mess of headers we need to check when
 dnl checking types.
 AC_DEFUN([SQUID_DEFAULT_INCLUDES],[[
 /* What a mess.. many systems have added the (now standard) bit types
@@ -15,10 +15,10 @@
  */
 #if HAVE_SYS_TYPES_H
 #include <sys/types.h>
-#endif  
+#endif
 #if HAVE_LINUX_TYPES_H
 #include <linux/types.h>
-#endif  
+#endif
 #if HAVE_STDLIB_H
 #include <stdlib.h>
 #endif
@@ -37,7 +37,7 @@
 #if HAVE_NETINET_IN_SYSTM_H
 #include <netinet/in_systm.h>
 #endif
-]])     
+]])
 
 dnl *BSD net headers
 AC_DEFUN([SQUID_BSDNET_INCLUDES],[
diff -u -r -N squid-5.5/acinclude/krb5.m4 squid-5.6/acinclude/krb5.m4
--- squid-5.5/acinclude/krb5.m4	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/acinclude/krb5.m4	2022-06-06 10:11:52.000000000 +1200
@@ -15,7 +15,7 @@
     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <krb5.h>
 int i;
-]])], [ squid_cv_broken_krb5_h=no ], [ 
+]])], [ squid_cv_broken_krb5_h=no ], [
     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #if defined(__cplusplus)
 #define KRB5INT_BEGIN_DECLS     extern "C" {
@@ -246,7 +246,7 @@
 
  return 1;
 }
-  ]])],  
+  ]])],
   [ squid_cv_have_spnego=yes ], [ squid_cv_have_spnego=no ],[:])])
 ])
 
diff -u -r -N squid-5.5/acinclude/lib-checks.m4 squid-5.6/acinclude/lib-checks.m4
--- squid-5.5/acinclude/lib-checks.m4	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/acinclude/lib-checks.m4	2022-06-06 10:11:52.000000000 +1200
@@ -15,7 +15,7 @@
 #include <sys/types.h>
 #endif
 #if HAVE_REGEX_H
-#include <regex.h> 
+#include <regex.h>
 #endif
 ]], [[
 regex_t t; regcomp(&t,"",0);]])],
@@ -197,7 +197,7 @@
 SQUID_STATE_ROLLBACK(check_SSL_get_certificate)
 ])
 
-dnl Checks whether the  SSL_CTX_new and similar functions require 
+dnl Checks whether the  SSL_CTX_new and similar functions require
 dnl a const 'SSL_METHOD *' argument
 AC_DEFUN([SQUID_CHECK_OPENSSL_CONST_SSL_METHOD],[
   AH_TEMPLATE(SQUID_USE_CONST_SSL_METHOD, "Define to 1 if the SSL_CTX_new and similar openSSL API functions require 'const SSL_METHOD *'")
diff -u -r -N squid-5.5/acinclude/os-deps.m4 squid-5.6/acinclude/os-deps.m4
--- squid-5.5/acinclude/os-deps.m4	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/acinclude/os-deps.m4	2022-06-06 10:11:52.000000000 +1200
@@ -86,7 +86,7 @@
 dnl sets squid_cv_sys_capability_works to "yes" or "no"
 
 AC_DEFUN([SQUID_CHECK_FUNCTIONAL_LIBCAP2],[
-  AC_CACHE_CHECK([for operational libcap2 headers], 
+  AC_CACHE_CHECK([for operational libcap2 headers],
                  squid_cv_sys_capability_works,
     AC_LINK_IFELSE([AC_LANG_PROGRAM([[
 #include <stdlib.h>
@@ -218,7 +218,7 @@
         i = j = 1<<14;
         while (j) {
                 j >>= 1;
-                if (dup2(0, i) < 0) { 
+                if (dup2(0, i) < 0) {
                         i -= j;
                 } else {
                         close(i);
@@ -272,7 +272,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
-              ]], [[ struct sockaddr_in6 s; s.sin6_len = 1; ]])],[ ac_cv_have_sin6_len_in_struct_sai="yes" ],[ ac_cv_have_sin6_len_in_struct_sai="no" 
+              ]], [[ struct sockaddr_in6 s; s.sin6_len = 1; ]])],[ ac_cv_have_sin6_len_in_struct_sai="yes" ],[ ac_cv_have_sin6_len_in_struct_sai="no"
       ])
 ])
 SQUID_DEFINE_BOOL(HAVE_SIN6_LEN_IN_SAI,$ac_cv_have_sin6_len_in_struct_sai,
@@ -291,7 +291,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
-		]], [[ struct sockaddr_storage s; s.ss_len = 1; ]])],[ ac_cv_have_ss_len_in_struct_ss="yes" ],[ ac_cv_have_ss_len_in_struct_ss="no" 
+		]], [[ struct sockaddr_storage s; s.ss_len = 1; ]])],[ ac_cv_have_ss_len_in_struct_ss="yes" ],[ ac_cv_have_ss_len_in_struct_ss="no"
 	])
 ])
 SQUID_DEFINE_BOOL(HAVE_SS_LEN_IN_SS,$ac_cv_have_ss_len_in_struct_ss,
@@ -310,7 +310,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
-                ]], [[ struct sockaddr_in s; s.sin_len = 1; ]])],[ ac_cv_have_sin_len_in_struct_sai="yes" ],[ ac_cv_have_sin_len_in_struct_sai="no" 
+                ]], [[ struct sockaddr_in s; s.sin_len = 1; ]])],[ ac_cv_have_sin_len_in_struct_sai="yes" ],[ ac_cv_have_sin_len_in_struct_sai="no"
         ])
 ])
 SQUID_DEFINE_BOOL(HAVE_SIN_LEN_IN_SAI,$ac_cv_have_sin_len_in_struct_sai,[Define if sockaddr_in has field sin_len])
@@ -407,7 +407,7 @@
         if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) return 1;
 #endif
 	if (val <= 0) return 1;
-	fp = fopen("conftestval", "w"); 
+	fp = fopen("conftestval", "w");
 	fprintf (fp, "%d\n", val);
 	return 0;
 }
@@ -457,7 +457,7 @@
         if (getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &val, &len) < 0) return 1;
 #endif
 	if (val <= 0) return 1;
-	fp = fopen("conftestval", "w"); 
+	fp = fopen("conftestval", "w");
 	fprintf (fp, "%d\n", val);
 	return 0;
 }
@@ -511,7 +511,7 @@
         if (getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &val, &len) < 0) return 1;
 #endif
 	if (val <= 0) return 1;
-	fp = fopen("conftestval", "w"); 
+	fp = fopen("conftestval", "w");
 	fprintf (fp, "%d\n", val);
 	return 0;
 }
@@ -563,7 +563,7 @@
 #include <sys/statvfs.h>
 ]], [[
 struct statvfs sfs;
-sfs.f_blocks = sfs.f_bfree = sfs.f_frsize = 
+sfs.f_blocks = sfs.f_bfree = sfs.f_frsize =
 sfs.f_files = sfs.f_ffree = 0;
 statvfs("/tmp", &sfs);
 ]])],[ac_cv_func_statvfs=yes],[ac_cv_func_statvfs=no])
@@ -586,7 +586,7 @@
 #if HAVE_SYS_VFS_H
 #include <sts/vfs.h>
 #endif
-                ]], [[ struct statfs s; s.f_frsize = 0; ]])],[ ac_cv_have_f_frsize_in_struct_statfs="yes" ],[ ac_cv_have_f_frsize_in_struct_statfs="no" 
+                ]], [[ struct statfs s; s.f_frsize = 0; ]])],[ ac_cv_have_f_frsize_in_struct_statfs="yes" ],[ ac_cv_have_f_frsize_in_struct_statfs="no"
         ])
 ])
 SQUID_DEFINE_BOOL(HAVE_F_FRSIZE_IN_STATFS,$ac_cv_have_f_frsize_in_struct_statfs,[Define if struct statfs has field f_frsize (Linux 2.6 or later)])
@@ -629,7 +629,7 @@
 #if HAVE_RESOLV_H
 #include <resolv.h>
 #endif
-    ]], 
+    ]],
     [[_res_ext.nsaddr_list[[0]].s_addr;]])],[
       ac_cv_have_res_ext_nsaddr_list="yes" ],[
       ac_cv_have_res_ext_nsaddr_list="no"]))
@@ -708,7 +708,7 @@
 #if HAVE_RESOLV_H
 #include <resolv.h>
 #endif
-  ]], 
+  ]],
   [[_res.ns_list[[0]].addr;]])],
   [ac_cv_have_res_ns_list="yes"],[ac_cv_have_res_ns_list="no"]))
   if test $ac_cv_have_res_ns_list = "yes" ; then
diff -u -r -N squid-5.5/acinclude/pam.m4 squid-5.6/acinclude/pam.m4
--- squid-5.5/acinclude/pam.m4	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/acinclude/pam.m4	2022-06-06 10:11:52.000000000 +1200
@@ -25,15 +25,15 @@
 static struct pam_conv conv = { &password_conversation, 0 };
 ]])], [
    squid_cv_pam_conv_signature=linux
-], [ 
+], [
     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <security/pam_appl.h>
 static int
 password_conversation(int num_msg, struct pam_message **msg, struct pam_response **resp, void *appdata_ptr) { return 0; }
 static struct pam_conv conv = { &password_conversation, 0 };
-]])], [ 
+]])], [
   squid_cv_pam_conv_signature=solaris
- ], [ 
+ ], [
   squid_cv_pam_conv_signature=unknown
   ])
     ])
diff -u -r -N squid-5.5/acinclude/pkg.m4 squid-5.6/acinclude/pkg.m4
--- squid-5.5/acinclude/pkg.m4	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/acinclude/pkg.m4	2022-06-06 10:11:52.000000000 +1200
@@ -7,7 +7,7 @@
 
 # pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
 # serial 1 (pkg-config-0.24)
-# 
+#
 # Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
 #
 # This program is free software; you can redistribute it and/or modify
@@ -128,7 +128,7 @@
         _PKG_SHORT_ERRORS_SUPPORTED
         if test $_pkg_short_errors_supported = yes; then
 	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1`
-        else 
+        else
 	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1`
         fi
 	# Put the nasty error message in config.log where it belongs
diff -u -r -N squid-5.5/acinclude/squid-util.m4 squid-5.6/acinclude/squid-util.m4
--- squid-5.5/acinclude/squid-util.m4	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/acinclude/squid-util.m4	2022-06-06 10:11:52.000000000 +1200
@@ -70,7 +70,7 @@
 
 dnl look for modules in the base-directory supplied as argument.
 dnl fill-in the variable pointed-to by the second argument with the
-dnl space-separated list of modules 
+dnl space-separated list of modules
 AC_DEFUN([SQUID_LOOK_FOR_MODULES],[
 $2=""
 for dir in $1/*; do
@@ -113,7 +113,7 @@
 dnl e.g. SQUID_CHECK_EXISTING_MODULES([$srcdir/src/fs],[foo_module_candidates])
 dnl where $foo_module_candidates is "foo bar gazonk"
 dnl checks whether $srcdir/src/fs/{foo,bar,gazonk} exist and are all dirs
-dnl AND sets $foo_module_candidates_foo, $foo_module_candidates_bar 
+dnl AND sets $foo_module_candidates_foo, $foo_module_candidates_bar
 dnl and $foo_module_candidates_gazonk to "yes"
 AC_DEFUN([SQUID_CHECK_EXISTING_MODULES],[
   for squid_module_check_exist_tmp in $$2
@@ -145,12 +145,12 @@
 dnl aborts with an error for unknown values
 AC_DEFUN([SQUID_DEFINE_BOOL],[
 squid_tmp_define=""
-case "$2" in 
+case "$2" in
   yes|true|1) squid_tmp_define="1" ;;
   no|false|0|"") squid_tmp_define="0" ;;
   *) AC_MSG_ERROR([SQUID_DEFINE[]_BOOL: unrecognized value for $1: '$2']) ;;
 esac
-ifelse([$#],3, 
+ifelse([$#],3,
   [AC_DEFINE_UNQUOTED([$1], [$squid_tmp_define],[$3])],
   [AC_DEFINE_UNQUOTED([$1], [$squid_tmp_define])]
 )
@@ -170,7 +170,7 @@
     AS_HELP_STRING([--enable-build-info="build info string"],
       [Add an additional string in the output of "squid -v".
        Default is not to add anything. If the string is not specified,
-       tries to determine nick and revision number of the current 
+       tries to determine nick and revision number of the current
        bazaar branch]),[
   case "$enableval" in
     no) ${TRUE}
diff -u -r -N squid-5.5/aclocal.m4 squid-5.6/aclocal.m4
--- squid-5.5/aclocal.m4	2022-04-13 20:30:24.000000000 +1200
+++ squid-5.6/aclocal.m4	2022-06-06 10:41:57.000000000 +1200
@@ -11148,15 +11148,15 @@
 
 # @configure_input@
 
-# serial 4179 ltversion.m4
+# serial 4245 ltversion.m4
 # This file is part of GNU Libtool
 
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
+m4_define([LT_PACKAGE_VERSION], [2.4.7])
+m4_define([LT_PACKAGE_REVISION], [2.4.7])
 
 AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
+[macro_version='2.4.7'
+macro_revision='2.4.7'
 _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
 _LT_DECL(, macro_revision, 0)
 ])
diff -u -r -N squid-5.5/bootstrap.sh squid-5.6/bootstrap.sh
--- squid-5.5/bootstrap.sh	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/bootstrap.sh	2022-06-06 10:11:52.000000000 +1200
@@ -62,7 +62,7 @@
   path=`which $tool`
   if test $? -gt 0 ; then
     # path for $tool not found. Not defining, and hoping for the best
-    echo 
+    echo
     return
   fi
   echo $(dirname $path)
@@ -74,7 +74,7 @@
   else
     echo "$1 failed"
     echo "Autotool bootstrapping failed. You will need to investigate and correct" ;
-    echo "before you can develop on this source tree" 
+    echo "before you can develop on this source tree"
     exit 1
   fi
 }
@@ -117,7 +117,7 @@
 echo "libtool path : $ltpath"
 
 for dir in \
-	"" 
+	""
 do
     if [ -z "$dir" ] || [ -d $dir ]; then
 	if (
diff -u -r -N squid-5.5/cfgaux/ltmain.sh squid-5.6/cfgaux/ltmain.sh
--- squid-5.5/cfgaux/ltmain.sh	2022-04-13 20:30:26.000000000 +1200
+++ squid-5.6/cfgaux/ltmain.sh	2022-06-06 10:41:58.000000000 +1200
@@ -2,7 +2,7 @@
 ## DO NOT EDIT - This file generated from ./build-aux/ltmain.in
 ##               by inline-source v2019-02-19.15
 
-# libtool (GNU libtool) 2.4.6
+# libtool (GNU libtool) 2.4.7
 # Provide generalized library-building support services.
 # Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
 
@@ -31,8 +31,8 @@
 
 PROGRAM=libtool
 PACKAGE=libtool
-VERSION="2.4.6 Debian-2.4.7-3"
-package_revision=2.4.6
+VERSION="2.4.7 Debian-2.4.7-4"
+package_revision=2.4.7
 
 
 ## ------ ##
@@ -2217,7 +2217,7 @@
 # End:
 
 # Set a version string.
-scriptversion='(GNU libtool) 2.4.6'
+scriptversion='(GNU libtool) 2.4.7'
 
 
 # func_echo ARG...
@@ -2308,7 +2308,7 @@
        compiler:       $LTCC
        compiler flags: $LTCFLAGS
        linker:         $LD (gnu? $with_gnu_ld)
-       version:        $progname $scriptversion Debian-2.4.7-3
+       version:        $progname $scriptversion Debian-2.4.7-4
        automake:       `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
        autoconf:       `($AUTOCONF --version) 2>/dev/null |$SED 1q`
 
diff -u -r -N squid-5.5/ChangeLog squid-5.6/ChangeLog
--- squid-5.5/ChangeLog	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/ChangeLog	2022-06-06 10:11:52.000000000 +1200
@@ -1,3 +1,11 @@
+Changes in squid-5.6 (06 Jun 2022):
+
+	- Bug 5208: Part 1: Restart kids killed by SIGKILL
+	- Fix SQUID-MIB smilint errors
+	- negotiate_kerberos_auth: Initialise default_keytab
+	- Improve handling of Gopher responses
+	- ... and some semi-automated code polish
+
 Changes in squid-5.5 (12 Apr 2022):
 
 	- Regression Bug 5192: esi_parser default is incorrect
diff -u -r -N squid-5.5/compat/GnuRegex.c squid-5.6/compat/GnuRegex.c
--- squid-5.5/compat/GnuRegex.c	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/compat/GnuRegex.c	2022-06-06 10:11:52.000000000 +1200
@@ -166,7 +166,7 @@
 /* As in Harbison and Steele.  */
 #define SIGN_EXTEND_CHAR(c) ((((unsigned char) (c)) ^ 128) - 128)
 #endif
-
+
 /* Should we use malloc or alloca?  If REGEX_MALLOC is not defined, we
  * use `alloca' instead of `malloc'.  This is because using malloc in
  * re_search* or re_match* could cause memory leaks when C-g is used in
@@ -232,7 +232,7 @@
 #endif
 #define false 0
 #define true 1
-
+
 /* These are the command codes that appear in compiled regular
  * expressions.  Some opcodes are followed by argument bytes.  A
  * command code can specify any interpretation whatsoever for its
@@ -358,7 +358,7 @@
     notwordbound        /* Succeeds if not at a word boundary.  */
 
 } re_opcode_t;
-
+
 /* Common operations on the compiled pattern.  */
 
 /* Store NUMBER in two contiguous bytes starting at DESTINATION.  */
@@ -432,7 +432,7 @@
 #endif /* not EXTRACT_MACROS */
 
 #endif /* DEBUG */
-
+
 /* If DEBUG is defined, Regex prints many voluminous messages about what
  * it is doing (if the variable `debug' is nonzero).  If linked with the
  * main program in `iregex.c', you can enter patterns and strings
@@ -719,7 +719,7 @@
 #define DEBUG_PRINT_DOUBLE_STRING(w, s1, sz1, s2, sz2)
 
 #endif /* not DEBUG */
-
+
 /* This table gives an error message for each of the error codes listed
  * in regex.h.  Obviously the order here has to be same as there.  */
 
@@ -741,7 +741,7 @@
                                      "Regular expression too big",  /* REG_ESIZE */
                                      "Unmatched ) or \\)",  /* REG_ERPAREN */
                                     };
-
+
 /* Subroutine declarations and macros for regex_compile.  */
 
 /* Fetch the next character in the uncompiled pattern---translating it
@@ -929,7 +929,7 @@
     || STREQ (string, "space") || STREQ (string, "print")       \
     || STREQ (string, "punct") || STREQ (string, "graph")       \
     || STREQ (string, "cntrl") || STREQ (string, "blank"))
-
+
 /* `regex_compile' compiles PATTERN (of length SIZE) according to SYNTAX.
  * Returns one of error codes defined in `regex.h', or zero for success.
  *
@@ -1857,7 +1857,7 @@
 
     return REG_NOERROR;
 }               /* regex_compile */
-
+
 /* Subroutines for `regex_compile'.  */
 
 /* Store OP at LOC followed by two-byte integer parameter ARG.  */
@@ -2010,7 +2010,7 @@
 
     return REG_NOERROR;
 }
-
+
 /* Failure stack declarations and macros; both re_compile_fastmap and
  * re_match_2 use a failure stack.  These have to be macros because of
  * REGEX_ALLOCATE.  */
@@ -2277,7 +2277,7 @@
                                     \
   DEBUG_STATEMENT (nfailure_points_popped++);               \
 }               /* POP_FAILURE_POINT */
-
+
 /* re_compile_fastmap computes a ``fastmap'' for the compiled pattern in
  * BUFP.  A fastmap records which of the (1 << BYTEWIDTH) possible
  * characters can start a string that matches the pattern.  This fastmap
@@ -2517,7 +2517,7 @@
     bufp->can_be_null |= path_can_be_null;
     return 0;
 }               /* re_compile_fastmap */
-
+
 /* Searching routines.  */
 
 /* Like re_search_2, below, but only one string is specified, and
@@ -2659,7 +2659,7 @@
     }
     return -1;
 }               /* re_search_2 */
-
+
 /* Declarations and macros for re_match_2.  */
 
 /* Structure for per-register (a.k.a. per-group) information.
@@ -2797,7 +2797,7 @@
  * to actually save any registers when none are active.  */
 #define NO_HIGHEST_ACTIVE_REG (1 << BYTEWIDTH)
 #define NO_LOWEST_ACTIVE_REG (NO_HIGHEST_ACTIVE_REG + 1)
-
+
 /* Matching routines.  */
 
 /* re_match_2 matches the compiled pattern in BUFP against the
@@ -3846,7 +3846,7 @@
 
     return -1;          /* Failure to match.  */
 }               /* re_match_2 */
-
+
 /* Subroutine definitions for re_match_2.  */
 
 /* We are passed P pointing to a register number after a start_memory.
@@ -4077,7 +4077,7 @@
     }
     return 0;
 }
-
+
 /* Entry points for GNU code.  */
 
 /* POSIX.2 functions */
diff -u -r -N squid-5.5/compat/GnuRegex.h squid-5.6/compat/GnuRegex.h
--- squid-5.5/compat/GnuRegex.h	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/compat/GnuRegex.h	2022-06-06 10:11:52.000000000 +1200
@@ -210,7 +210,7 @@
    | RE_NO_BK_PARENS        | RE_NO_BK_REFS             \
    | RE_NO_BK_VBAR      | RE_UNMATCHED_RIGHT_PAREN_ORD)
 /* [[[end syntaxes]]] */
-
+
 /* Maximum number of duplicates an interval can allow.  Some systems
  * (erroneously) define this in other header files, but we want our
  * value, so remove any previous define.  */
@@ -276,7 +276,7 @@
     REG_ESIZE,          /* Compiled pattern bigger than 2^16 bytes.  */
     REG_ERPAREN         /* Unmatched ) or \); not returned from regcomp.  */
 } reg_errcode_t;
-
+
 /* This data structure represents a compiled pattern.  Before calling
  * the pattern compiler, the fields `buffer', `allocated', `fastmap',
  * `translate', and `no_sub' can be set.  After the pattern has been
@@ -355,7 +355,7 @@
 /* search.c (search_buffer) in Emacs needs this one opcode value.  It is
  * defined both in `regex.c' and here.  */
 #define RE_EXACTN_VALUE 1
-
+
 /* Type for byte offsets within the string.  POSIX mandates this.  */
 typedef int regoff_t;
 
@@ -381,7 +381,7 @@
     regoff_t rm_so;     /* Byte offset from string's start to substring's start.  */
     regoff_t rm_eo;     /* Byte offset from string's start to substring's end.  */
 } regmatch_t;
-
+
 /* Declarations for routines.  */
 
 /* To avoid duplicating every routine declaration -- once with a
diff -u -r -N squid-5.5/configure squid-5.6/configure
--- squid-5.5/configure	2022-04-13 20:30:32.000000000 +1200
+++ squid-5.6/configure	2022-06-06 10:42:04.000000000 +1200
@@ -1,7 +1,7 @@
 #! /bin/sh
 # From configure.ac Revision.
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for Squid Web Proxy 5.5.
+# Generated by GNU Autoconf 2.71 for Squid Web Proxy 5.6.
 #
 # Report bugs to <http://bugs.squid-cache.org/>.
 #
@@ -626,8 +626,8 @@
 # Identity of this package.
 PACKAGE_NAME='Squid Web Proxy'
 PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='5.5'
-PACKAGE_STRING='Squid Web Proxy 5.5'
+PACKAGE_VERSION='5.6'
+PACKAGE_STRING='Squid Web Proxy 5.6'
 PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
 PACKAGE_URL=''
 
@@ -1691,7 +1691,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Squid Web Proxy 5.5 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 5.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1762,7 +1762,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Squid Web Proxy 5.5:";;
+     short | recursive ) echo "Configuration of Squid Web Proxy 5.6:";;
    esac
   cat <<\_ACEOF
 
@@ -2196,7 +2196,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Squid Web Proxy configure 5.5
+Squid Web Proxy configure 5.6
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -3209,7 +3209,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Squid Web Proxy $as_me 5.5, which was
+It was created by Squid Web Proxy $as_me 5.6, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -4701,7 +4701,7 @@
 
 # Define the identity of the package.
  PACKAGE='squid'
- VERSION='5.5'
+ VERSION='5.6'
 
 
 printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -8903,8 +8903,8 @@
 
 
 
-macro_version='2.4.6'
-macro_revision='2.4.6'
+macro_version='2.4.7'
+macro_revision='2.4.7'
 
 
 
@@ -48442,7 +48442,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Squid Web Proxy $as_me 5.5, which was
+This file was extended by Squid Web Proxy $as_me 5.6, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -48510,7 +48510,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-Squid Web Proxy config.status 5.5
+Squid Web Proxy config.status 5.6
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 
diff -u -r -N squid-5.5/configure.ac squid-5.6/configure.ac
--- squid-5.5/configure.ac	2022-04-13 20:30:32.000000000 +1200
+++ squid-5.6/configure.ac	2022-06-06 10:42:04.000000000 +1200
@@ -5,7 +5,7 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-AC_INIT([Squid Web Proxy],[5.5],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[5.6],[http://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)
@@ -246,7 +246,7 @@
 dnl Substitutions
 AC_DEFINE_UNQUOTED(CONFIG_HOST_TYPE, "$host",[Host type from configure])
 
-AC_DEFINE_UNQUOTED(SQUID_CONFIGURE_OPTIONS, "$ac_configure_args", 
+AC_DEFINE_UNQUOTED(SQUID_CONFIGURE_OPTIONS, "$ac_configure_args",
                        [configure command line used to configure Squid])
 
 CACHE_EFFECTIVE_USER="nobody"
@@ -392,7 +392,7 @@
 
 AC_ARG_ENABLE(debug-cbdata,
   AS_HELP_STRING([--enable-debug-cbdata],
-      [Provide some debug information in cbdata]), [ 
+      [Provide some debug information in cbdata]), [
 SQUID_YESNO([$enableval],
     [unrecognized argument to --enable-debug-cbdata: $enableval])
 ])
@@ -419,7 +419,7 @@
 squid_opt_aufs_threads=""
 AC_ARG_WITH(aufs-threads,
   AS_HELP_STRING([--with-aufs-threads=N_THREADS],
-   [Tune the number of worker threads for the aufs object store.]), [ 
+   [Tune the number of worker threads for the aufs object store.]), [
 case $withval in
   [[0-9]]*)
     squid_opt_aufs_threads=$withval
@@ -487,7 +487,7 @@
      Set without a value or omitted, all available modules will be built.
      See src/DiskIO for a list of available modules, or
      Programmers Guide section on DiskIO
-     for details on how to build your custom disk module]), [ 
+     for details on how to build your custom disk module]), [
 case $enableval in
   yes)
     ${TRUE}
@@ -667,7 +667,7 @@
               SQUID_CFLAGS="$SQUID_CFLAGS -D_REENTRANT -lpthread"
               SQUID_CXXFLAGS="$SQUID_CXXFLAGS -D_REENTRANT -lpthread"
               AC_SEARCH_LIBS([pthread_create],[pthread thread],[
-                LIBPTHREADS="" #in LIBS 
+                LIBPTHREADS="" #in LIBS
               ],[
                 AC_MSG_NOTICE(pthread library required but cannot be found.)
                 squid_opt_use_diskthreads="no"
@@ -1075,7 +1075,7 @@
 test "x$squid_host_os" = "xmingw" && enable_wccpv2=no
 AC_ARG_ENABLE(wccpv2,
   AS_HELP_STRING([--disable-wccpv2],
-                 [Disable Web Cache Coordination V2 Protocol]), [ 
+                 [Disable Web Cache Coordination V2 Protocol]), [
 SQUID_YESNO([$enableval],
             [unrecognized argument to --disable-wccpv2: $enableval])
 ])
@@ -1084,13 +1084,13 @@
 AC_MSG_NOTICE([Web Cache Coordination V2 Protocol enabled: $enable_wccpv2])
 
 AC_ARG_ENABLE(kill-parent-hack,
-  AS_HELP_STRING([--enable-kill-parent-hack],[Kill parent on shutdown]), [ 
+  AS_HELP_STRING([--enable-kill-parent-hack],[Kill parent on shutdown]), [
 SQUID_YESNO([$enableval],
             [unrecognized argument to --enable-kill-parent-hack: $enableval])
 ])
 SQUID_DEFINE_BOOL(KILL_PARENT_OPT,${enable_kill_parent_hack:=no},
-                   [A dangerous feature which causes Squid to kill its parent 
-                    process (presumably the RunCache script) upon receipt 
+                   [A dangerous feature which causes Squid to kill its parent
+                    process (presumably the RunCache script) upon receipt
                     of SIGTERM or SIGINT. Deprecated, Use with caution.])
 AC_MSG_NOTICE([Kill parent on shutdown hack enabled: $enable_kill_parent_hack])
 
@@ -1162,7 +1162,7 @@
   )
   AC_CHECK_HEADERS( \
     net/if_arp.h \
-    net/route.h, 
+    net/route.h,
   [], [], [[
 #include <sys/types.h>
 #include <sys/socket.h>
@@ -1537,14 +1537,14 @@
   if test "x$LIB_KRB5_LIBS" != "x"; then
     if test "x$with_apple_krb5" = "xyes" ; then
       AC_DEFINE(USE_APPLE_KRB5,1,[Apple Kerberos support is available])
-      KRB5_FLAVOUR="Apple" 
+      KRB5_FLAVOUR="Apple"
     else
       AC_DEFINE(USE_MIT_KRB5,1,[MIT Kerberos support is available])
-      KRB5_FLAVOUR="MIT" 
+      KRB5_FLAVOUR="MIT"
     fi
     KRB5LIBS="$LIB_KRB5_PATH $LIB_KRB5_LIBS $KRB5LIBS"
     KRB5INCS="$LIB_KRB5_CFLAGS"
-    
+
     # check for other specific broken implementations
     CXXFLAGS="$CXXFLAGS $KRB5INCS"
     LIBS="$LIBS $KRB5LIBS"
@@ -1622,8 +1622,8 @@
     KRB5LIBS="$LIB_KRB5_PATH $LIB_KRB5_LIBS $KRB5LIBS"
     KRB5INCS="$LIB_KRB5_CFLAGS"
     AC_DEFINE(USE_SOLARIS_KRB5,1,[Solaris Kerberos support is available])
-    KRB5_FLAVOUR="Solaris" 
-    
+    KRB5_FLAVOUR="Solaris"
+
     # check for other specific broken implementations
     CXXFLAGS="$CXXFLAGS $KRB5INCS"
     LIBS="$LIBS $KRB5LIBS"
@@ -1795,8 +1795,8 @@
     KRB5LIBS="$LIB_KRB5_PATH $LIB_KRB5_LIBS $KRB5LIBS"
     KRB5INCS="$LIB_KRB5_CFLAGS"
     AC_DEFINE(USE_HEIMDAL_KRB5,1,[Heimdal Kerberos support is available])
-    KRB5_FLAVOUR="Heimdal" 
-    
+    KRB5_FLAVOUR="Heimdal"
+
     # check for other specific broken implementations
     CXXFLAGS="$CXXFLAGS $KRB5INCS"
     LIBS="$LIBS $KRB5LIBS"
@@ -1863,7 +1863,7 @@
     KRB5LIBS="$LIB_KRB5_PATH $LIB_KRB5_LIBS $KRB5LIBS"
     KRB5INCS="$LIB_KRB5_CFLAGS"
     AC_DEFINE(USE_GNUGSS,1,[GNU Kerberos support is available])
-    KRB5_FLAVOUR="GNU GSS" 
+    KRB5_FLAVOUR="GNU GSS"
 
     # check for other specific broken implementations
     CXXFLAGS="$CXXFLAGS $KRB5INCS"
@@ -1959,8 +1959,8 @@
 
                         return 0;
                     }
-		]])], 
-		[ AC_DEFINE(HAVE_LDAP, 1, [LDAP support]) 
+		]])],
+		[ AC_DEFINE(HAVE_LDAP, 1, [LDAP support])
 		  AC_MSG_RESULT(yes) ],
 		[ AC_MSG_RESULT(no) ],
 		[ AC_MSG_RESULT(cross-compiler cant tell) ])
@@ -1980,8 +1980,8 @@
                     {
                         return strcmp(LDAP_VENDOR_NAME,"OpenLDAP");
                     }
-		]])], 
-		[ AC_DEFINE(HAVE_OPENLDAP, 1, [OpenLDAP support]) 
+		]])],
+		[ AC_DEFINE(HAVE_OPENLDAP, 1, [OpenLDAP support])
 		  AC_MSG_RESULT(yes) ],
 		[ AC_MSG_RESULT(no) ],
 		[ AC_MSG_RESULT(cross-compiler cant tell) ])
@@ -1997,7 +1997,7 @@
                     {
                         return strcmp(LDAP_VENDOR_NAME,"Sun Microsystems Inc.");
                     }
-		]])], 
+		]])],
 		[ AC_DEFINE(HAVE_SUN_LDAP_SDK, 1, [Sun LDAP SDK support])
 		  AC_MSG_RESULT(yes) ],
 		[ AC_MSG_RESULT(no) ],
@@ -2016,7 +2016,7 @@
                     {
                         return strcmp(LDAP_VENDOR_NAME,"mozilla.org");
                     }
-		]])], 
+		]])],
 		[ AC_DEFINE(HAVE_MOZILLA_LDAP_SDK, 1, [Mozilla LDAP SDK support])
 		  AC_MSG_RESULT(yes) ],
 		[ AC_MSG_RESULT(no)],
@@ -2441,7 +2441,7 @@
 dnl AS_HELP_STRING is not suited here because it cannot to specify newlines
 AC_ARG_WITH(build-environment,
  AS_HELP_STRING([--with-build-environment=model],
-     [The build environment to use. Normally one of 
+     [The build environment to use. Normally one of
       POSIX_V6_ILP32_OFF32 (32 bits),
       POSIX_V6_ILP32_OFFBIG (32 bits with large file support),
       POSIX_V6_LP64_OFF64 (64 bits),
@@ -2990,7 +2990,7 @@
     ac_cv_func_getrusage='yes'
     AC_MSG_NOTICE([Using own rusage on Windows.])
     ;;
-  *)      
+  *)
     AC_CHECK_TYPE(struct rusage,AC_DEFINE(HAVE_STRUCT_RUSAGE,1,[The system provides struct rusage]),,[
 #if HAVE_SYS_TIME_H
 #include <sys/time.h>
@@ -3203,7 +3203,7 @@
 dnl --with-maxfd present for compatibility with Squid-2.
 dnl undocumented in ./configure --help  to encourage using the Squid-3 directive
 AC_ARG_WITH(maxfd,,
-[ 
+[
   case ${withval} in
     [[0-9]]*)
       squid_filedescriptors_num=$withval
@@ -3218,7 +3218,7 @@
 AC_ARG_WITH(filedescriptors,
   AS_HELP_STRING([--with-filedescriptors=NUMBER],
                  [Force squid to support NUMBER filedescriptors]),
-[ 
+[
   case ${withval} in
     [[0-9]]*)
       squid_filedescriptors_num=$withval
@@ -3686,10 +3686,10 @@
 AC_CHECK_LIB(regex, regexec, [REGEXLIB="-lregex"],[REGEXLIB=''])
 AC_ARG_ENABLE(gnuregex,
   AS_HELP_STRING([--enable-gnuregex],
-                 [Compile GNUregex.  Unless you have reason to use 
+                 [Compile GNUregex.  Unless you have reason to use
                  this option, you should not enable it.
-                 This library file is usually only required on Windows and 
-                 very old Unix boxes which do not have their own regex 
+                 This library file is usually only required on Windows and
+                 very old Unix boxes which do not have their own regex
                  library built in.]), [
 SQUID_YESNO([$enableval],[unrecognized argument to --enable-gnuregex: $enableval])
 ])
@@ -3752,7 +3752,7 @@
 dnl Squid will not usually attempt to translate templates when building
 AC_ARG_ENABLE(translation,
  AS_HELP_STRING([--enable-translation],[Generate the localized error page templates and manuals.
-		 Which can also be downloaded from http://www.squid-cache.org/Versions/langpack/.]), [ 
+		 Which can also be downloaded from http://www.squid-cache.org/Versions/langpack/.]), [
   SQUID_YESNO([$enableval],
      [unrecognized argument to --enable-translation: $enableval])
 ])
@@ -3826,7 +3826,7 @@
 AC_MSG_NOTICE([BUILD Tools C++ FLAGS: $BUILDCXXFLAGS])
 
 dnl Clean up after OSF/1 core dump bug
-rm -f core 
+rm -f core
 
 AC_CONFIG_FILES([
 	Makefile
diff -u -r -N squid-5.5/contrib/Makefile.am squid-5.6/contrib/Makefile.am
--- squid-5.5/contrib/Makefile.am	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/contrib/Makefile.am	2022-06-06 10:11:52.000000000 +1200
@@ -28,7 +28,7 @@
 	nextstep/pre_install \
 	solaris/solaris-krb5-include.patch
 
-all: 
+all:
 
 install: install-@host_os@
 
diff -u -r -N squid-5.5/contrib/Makefile.in squid-5.6/contrib/Makefile.in
--- squid-5.5/contrib/Makefile.in	2022-04-13 20:30:26.000000000 +1200
+++ squid-5.6/contrib/Makefile.in	2022-06-06 10:41:58.000000000 +1200
@@ -633,7 +633,7 @@
 .PRECIOUS: Makefile
 
 
-all: 
+all:
 
 install: install-@host_os@
 
diff -u -r -N squid-5.5/doc/release-notes/release-5.html squid-5.6/doc/release-notes/release-5.html
--- squid-5.5/doc/release-notes/release-5.html	2022-04-13 20:37:56.000000000 +1200
+++ squid-5.6/doc/release-notes/release-5.html	2022-06-06 10:47:28.000000000 +1200
@@ -3,10 +3,10 @@
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.82">
  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
- <TITLE>Squid 5.5 release notes</TITLE>
+ <TITLE>Squid 5.6 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 5.5 release notes</H1>
+<H1>Squid 5.6 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -61,7 +61,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-5.5.</P>
+<P>The Squid Team are pleased to announce the release of Squid-5.6.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v5/">http://www.squid-cache.org/Versions/v5/</A> or the
 <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
diff -u -r -N squid-5.5/include/cache_snmp.h squid-5.6/include/cache_snmp.h
--- squid-5.5/include/cache_snmp.h	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/include/cache_snmp.h	2022-06-06 10:11:52.000000000 +1200
@@ -230,7 +230,7 @@
     MESH_END
 };
 
-/* CachePeerTableEntry (version 3) */
+/* CachePeerEntry (version 3) */
 enum {
     MESH_PTBL_START     = 0,
     MESH_PTBL_INDEX     = 1,  /* cachePeerIndex  */
diff -u -r -N squid-5.5/include/version.h squid-5.6/include/version.h
--- squid-5.5/include/version.h	2022-04-13 20:30:32.000000000 +1200
+++ squid-5.6/include/version.h	2022-06-06 10:42:04.000000000 +1200
@@ -7,7 +7,7 @@
  */
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1649838622
+#define SQUID_RELEASE_TIME 1654468914
 #endif
 
 /*
diff -u -r -N squid-5.5/lib/snmplib/Makefile.am squid-5.6/lib/snmplib/Makefile.am
--- squid-5.5/lib/snmplib/Makefile.am	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/lib/snmplib/Makefile.am	2022-06-06 10:11:52.000000000 +1200
@@ -8,7 +8,7 @@
 ## Process this file with automake to produce Makefile.in
 ##
 ## Makefile for libsnmp.
-## 
+##
 AM_CFLAGS = $(SQUID_CFLAGS)
 AM_CXXFLAGS = $(SQUID_CXXFLAGS)
 AM_CPPFLAGS = \
diff -u -r -N squid-5.5/libltdl/configure squid-5.6/libltdl/configure
--- squid-5.5/libltdl/configure	2022-04-13 20:31:02.000000000 +1200
+++ squid-5.6/libltdl/configure	2022-06-06 10:42:32.000000000 +1200
@@ -3324,8 +3324,8 @@
 
 
 
-macro_version='2.4.6'
-macro_revision='2.4.6'
+macro_version='2.4.7'
+macro_revision='2.4.7'
 
 
 
diff -u -r -N squid-5.5/libltdl/m4/ltversion.m4 squid-5.6/libltdl/m4/ltversion.m4
--- squid-5.5/libltdl/m4/ltversion.m4	2022-04-13 20:30:26.000000000 +1200
+++ squid-5.6/libltdl/m4/ltversion.m4	2022-06-06 10:41:58.000000000 +1200
@@ -10,15 +10,15 @@
 
 # @configure_input@
 
-# serial 4179 ltversion.m4
+# serial 4245 ltversion.m4
 # This file is part of GNU Libtool
 
-m4_define([LT_PACKAGE_VERSION], [2.4.6])
-m4_define([LT_PACKAGE_REVISION], [2.4.6])
+m4_define([LT_PACKAGE_VERSION], [2.4.7])
+m4_define([LT_PACKAGE_REVISION], [2.4.7])
 
 AC_DEFUN([LTVERSION_VERSION],
-[macro_version='2.4.6'
-macro_revision='2.4.6'
+[macro_version='2.4.7'
+macro_revision='2.4.7'
 _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
 _LT_DECL(, macro_revision, 0)
 ])
diff -u -r -N squid-5.5/RELEASENOTES.html squid-5.6/RELEASENOTES.html
--- squid-5.5/RELEASENOTES.html	2022-04-13 20:37:56.000000000 +1200
+++ squid-5.6/RELEASENOTES.html	2022-06-06 10:47:28.000000000 +1200
@@ -3,10 +3,10 @@
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.82">
  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
- <TITLE>Squid 5.5 release notes</TITLE>
+ <TITLE>Squid 5.6 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 5.5 release notes</H1>
+<H1>Squid 5.6 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -61,7 +61,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-5.5.</P>
+<P>The Squid Team are pleased to announce the release of Squid-5.6.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v5/">http://www.squid-cache.org/Versions/v5/</A> or the
 <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
diff -u -r -N squid-5.5/scripts/calc-must-ids.sh squid-5.6/scripts/calc-must-ids.sh
--- squid-5.5/scripts/calc-must-ids.sh	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/scripts/calc-must-ids.sh	2022-06-06 10:11:52.000000000 +1200
@@ -10,7 +10,7 @@
 # Usage:
 #         calc-must-ids.sh [MustID]
 # Given an id it searches for the related Must expression in all
-# source files. If no arguments given it returns all Must expressions 
+# source files. If no arguments given it returns all Must expressions
 # with its ids and their  exact position in the source files.
 #
 # Example usage:
diff -u -r -N squid-5.5/src/acl/external/delayer/ext_delayer_acl.8 squid-5.6/src/acl/external/delayer/ext_delayer_acl.8
--- squid-5.5/src/acl/external/delayer/ext_delayer_acl.8	2022-04-13 20:37:58.000000000 +1200
+++ squid-5.6/src/acl/external/delayer/ext_delayer_acl.8	2022-06-06 10:47:31.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_DELAYER_ACL 8"
-.TH EXT_DELAYER_ACL 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH EXT_DELAYER_ACL 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/src/acl/external/file_userip/example.conf squid-5.6/src/acl/external/file_userip/example.conf
--- squid-5.5/src/acl/external/file_userip/example.conf	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/acl/external/file_userip/example.conf	2022-06-06 10:11:52.000000000 +1200
@@ -9,10 +9,10 @@
 #
 # Lines that begin with a # are ignored
 # The main format is:
-# 
+#
 # Single user
 # ip[/mask]		user
-# 
+#
 # Users that belong to "group"  (/etc/group)
 # ip[/mask]		@group
 #
diff -u -r -N squid-5.5/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 squid-5.6/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8
--- squid-5.5/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8	2022-04-13 20:37:58.000000000 +1200
+++ squid-5.6/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8	2022-06-06 10:47:31.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_KERBEROS_SID_GROUP_ACL 8"
-.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/src/acl/external/SQL_session/ext_sql_session_acl.8 squid-5.6/src/acl/external/SQL_session/ext_sql_session_acl.8
--- squid-5.5/src/acl/external/SQL_session/ext_sql_session_acl.8	2022-04-13 20:37:58.000000000 +1200
+++ squid-5.6/src/acl/external/SQL_session/ext_sql_session_acl.8	2022-06-06 10:47:31.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_SQL_SESSION_ACL 8"
-.TH EXT_SQL_SESSION_ACL 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 squid-5.6/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-5.5/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8	2022-04-13 20:37:58.000000000 +1200
+++ squid-5.6/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8	2022-06-06 10:47:31.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_WBINFO_GROUP_ACL 8"
-.TH EXT_WBINFO_GROUP_ACL 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/src/auth/basic/DB/basic_db_auth.8 squid-5.6/src/auth/basic/DB/basic_db_auth.8
--- squid-5.5/src/auth/basic/DB/basic_db_auth.8	2022-04-13 20:37:59.000000000 +1200
+++ squid-5.6/src/auth/basic/DB/basic_db_auth.8	2022-06-06 10:47:32.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_DB_AUTH 8"
-.TH BASIC_DB_AUTH 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/src/auth/basic/POP3/basic_pop3_auth.8 squid-5.6/src/auth/basic/POP3/basic_pop3_auth.8
--- squid-5.5/src/auth/basic/POP3/basic_pop3_auth.8	2022-04-13 20:38:00.000000000 +1200
+++ squid-5.6/src/auth/basic/POP3/basic_pop3_auth.8	2022-06-06 10:47:32.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_POP3_AUTH 8"
-.TH BASIC_POP3_AUTH 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH BASIC_POP3_AUTH 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc squid-5.6/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc
--- squid-5.5/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/auth/negotiate/kerberos/negotiate_kerberos_auth.cc	2022-06-06 10:11:52.000000000 +1200
@@ -349,7 +349,7 @@
     char *service_principal = NULL;
     char *keytab_name = NULL;
     char *keytab_name_env = NULL;
-    char default_keytab[MAXPATHLEN];
+    char default_keytab[MAXPATHLEN] = {};
 #if HAVE_KRB5_MEMORY_KEYTAB
     char *memory_keytab_name = NULL;
     char *memory_keytab_name_env = NULL;
diff -u -r -N squid-5.5/src/base/AsyncFunCalls.h squid-5.6/src/base/AsyncFunCalls.h
--- squid-5.5/src/base/AsyncFunCalls.h	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/base/AsyncFunCalls.h	2022-06-06 10:11:52.000000000 +1200
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
  *
  * Squid software is distributed under GPLv2+ license and includes
  * contributions from numerous individuals and organizations.
diff -u -r -N squid-5.5/src/cf.data.pre squid-5.6/src/cf.data.pre
--- squid-5.5/src/cf.data.pre	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/cf.data.pre	2022-06-06 10:11:52.000000000 +1200
@@ -8,21 +8,21 @@
 COMMENT_START
 	WELCOME TO @SQUID@
 	----------------------------
-	
+
 	This is the documentation for the Squid configuration file.
 	This documentation can also be found online at:
 		http://www.squid-cache.org/Doc/config/
-	
+
 	You may wish to look at the Squid home page and wiki for the
 	FAQ and other documentation:
 		http://www.squid-cache.org/
 		http://wiki.squid-cache.org/SquidFaq
 		http://wiki.squid-cache.org/ConfigExamples
-	
+
 	This documentation shows what the defaults for various directives
 	happen to be.  If you don't need to change the default, you should
 	leave the line out of your squid.conf in most cases.
-	
+
 	In some cases "none" refers to no default setting at all,
 	while in other cases it refers to the value of the option
 	- the comments for that keyword indicate if this is the case.
@@ -495,7 +495,7 @@
 	"optimistic" kernel simply kills Squid kid with a SIGBUS signal.
 	Some of the memory limits enforced by the kernel are currently
 	poorly understood: We do not know how to detect and check them. This
-	option ensures that the mapped memory will be available. 
+	option ensures that the mapped memory will be available.
 
 	This option may have a positive performance side-effect: Locking
 	memory at start avoids runtime paging I/O. Paging slows Squid down.
@@ -1044,7 +1044,7 @@
 DOC_START
 	Defining an Access List
 
-	Every access list definition must begin with an aclname and acltype, 
+	Every access list definition must begin with an aclname and acltype,
 	followed by either type-specific arguments or a quoted filename that
 	they are read from.
 
@@ -1061,7 +1061,7 @@
 	-i,+i	By default, regular expressions are CASE-SENSITIVE. To make them
 		case-insensitive, use the -i option. To return case-sensitive
 		use the +i option between patterns, or make a new ACL line
-		without -i.	
+		without -i.
 
 	-n	Disable lookups and address type conversions.  If lookup or
 		conversion is required because the parameter type (IP or
@@ -1072,7 +1072,7 @@
 	-m[=delimiters]
 		Perform a list membership test, interpreting values as
 		comma-separated token lists and matching against individual
-		tokens instead of whole values. 
+		tokens instead of whole values.
 		The optional "delimiters" parameter specifies one or more
 		alternative non-alphanumeric delimiter characters.
 		non-alphanumeric delimiter characters.
@@ -1194,10 +1194,10 @@
 	acl aclname myportname 3128 ...       # *_port name [fast]
 
 	acl aclname proto HTTP FTP ...        # request protocol [fast]
- 
+
 	acl aclname method GET POST ...       # HTTP request method [fast]
 
-	acl aclname http_status 200 301 500- 400-403 ... 
+	acl aclname http_status 200 301 500- 400-403 ...
 	  # status code in reply [fast]
 
 	acl aclname browser [-i] regexp ...
@@ -1499,7 +1499,7 @@
 	acl aclname server_cert_fingerprint [-sha1] fingerprint
 	  # match against server SSL certificate fingerprint [fast]
 	  #
-	  # The fingerprint is the digest of the DER encoded version 
+	  # The fingerprint is the digest of the DER encoded version
 	  # of the whole certificate. The user should use the form: XX:XX:...
 	  # Optional argument specifies the digest algorithm to use.
 	  # The SHA1 digest algorithm is the default and is currently
@@ -1509,7 +1509,7 @@
 	  # matches server name obtained from various sources [fast]
 	  #
 	  # The ACL computes server name(s) using such information sources as
-	  # CONNECT request URI, TLS client SNI, and TLS server certificate 
+	  # CONNECT request URI, TLS client SNI, and TLS server certificate
 	  # subject (CN and SubjectAltName). The computed server name(s) usually
 	  # change with each SslBump step, as more info becomes available:
 	  # * SNI is used as the server name instead of the request URI,
@@ -1526,7 +1526,7 @@
 	  #
 	  # Unlike dstdomain, this ACL does not perform DNS lookups.
 	  #
-	  # An ACL option below may be used to restrict what information 
+	  # An ACL option below may be used to restrict what information
 	  # sources are used to extract the server names from:
 	  #
 	  # --client-requested
@@ -1586,7 +1586,7 @@
 	  # This group ACL is fast if all evaluated ACLs in the group are fast
 	  # and slow otherwise.
 
-	acl aclname all-of acl1 acl2 ... 
+	acl aclname all-of acl1 acl2 ...
 	  # match all of the acls [fast or slow]
 	  # The first mismatching ACL stops further ACL evaluation.
 	  #
@@ -1713,7 +1713,7 @@
 	refer to as the indirect client address.  This address may
 	be treated as the client address for access control, ICAP, delay
 	pools and logging, depending on the acl_uses_indirect_client,
-	icap_uses_indirect_client, delay_pool_uses_indirect_client, 
+	icap_uses_indirect_client, delay_pool_uses_indirect_client,
 	log_uses_indirect_client and tproxy_uses_indirect_client options.
 
 	This clause only supports fast acl types.
@@ -2094,13 +2094,13 @@
 	especially useful in interception environments where Squid is likely
 	to see connections for unsupported protocols that Squid should either
 	terminate or tunnel at TCP level.
- 
+
 		on_unsupported_protocol <action> [!]acl ...
- 
+
 	The first matching action wins. Only fast ACLs are supported.
 
 	Supported actions are:
- 
+
 	tunnel: Establish a TCP connection with the intended server and
 		blindly shovel TCP packets between the client and server.
 
@@ -2283,17 +2283,17 @@
 
 	   generate-host-certificates[=<on|off>]
 			Dynamically create SSL server certificates for the
-			destination hosts of bumped CONNECT requests.When 
+			destination hosts of bumped CONNECT requests.When
 			enabled, the cert and key options are used to sign
 			generated certificates. Otherwise generated
 			certificate will be selfsigned.
-			If there is a CA certificate lifetime of the generated 
+			If there is a CA certificate lifetime of the generated
 			certificate equals lifetime of the CA certificate. If
-			generated certificate is selfsigned lifetime is three 
+			generated certificate is selfsigned lifetime is three
 			years.
 			This option is enabled by default when ssl-bump is used.
 			See the ssl-bump option above for more information.
-			
+
 	   dynamic_cert_mem_cache_size=SIZE
 			Approximate total RAM size spent on cached generated
 			certificates. If set to zero, caching is disabled. The
@@ -2424,7 +2424,7 @@
 	Other Options:
 
 	   connection-auth[=on|off]
-	                use connection-auth=off to tell Squid to prevent 
+	                use connection-auth=off to tell Squid to prevent
 	                forwarding Microsoft connection oriented authentication
 			(NTLM, Negotiate and Kerberos)
 
@@ -2848,62 +2848,62 @@
 	Regardless of this option setting, when dealing with intercepted
 	traffic, Squid always verifies that the destination IP address matches
 	the Host header domain or IP (called 'authority form URL').
-	
+
 	This enforcement is performed to satisfy a MUST-level requirement in
 	RFC 2616 section 14.23: "The Host field value MUST represent the naming
 	authority of the origin server or gateway given by the original URL".
-	
+
 	When set to ON:
 		Squid always responds with an HTTP 409 (Conflict) error
 		page and logs a security warning if there is no match.
-	
+
 		Squid verifies that the destination IP address matches
 		the Host header for forward-proxy and reverse-proxy traffic
 		as well. For those traffic types, Squid also enables the
 		following checks, comparing the corresponding Host header
 		and Request-URI components:
-	
+
 		 * The host names (domain or IP) must be identical,
 		   but valueless or missing Host header disables all checks.
 		   For the two host names to match, both must be either IP
 		   or FQDN.
-	
+
 		 * Port numbers must be identical, but if a port is missing
 		   the scheme-default port is assumed.
-	
-	
+
+
 	When set to OFF (the default):
 		Squid allows suspicious requests to continue but logs a
 		security warning and blocks caching of the response.
-	
+
 		 * Forward-proxy traffic is not checked at all.
-	
+
 		 * Reverse-proxy traffic is not checked at all.
-	
+
 		 * Intercepted traffic which passes verification is handled
 		   according to client_dst_passthru.
-	
+
 		 * Intercepted requests which fail verification are sent
 		   to the client original destination instead of DIRECT.
 		   This overrides 'client_dst_passthru off'.
-	
+
 		For now suspicious intercepted CONNECT requests are always
 		responded to with an HTTP 409 (Conflict) error page.
-	
-	
+
+
 	SECURITY NOTE:
-	
+
 	As described in CVE-2009-0801 when the Host: header alone is used
 	to determine the destination of a request it becomes trivial for
 	malicious scripts on remote websites to bypass browser same-origin
 	security policy and sandboxing protections.
-	
+
 	The cause of this is that such applets are allowed to perform their
 	own HTTP stack, in which case the same-origin policy of the browser
 	sandbox only verifies that the applet tries to contact the same IP
 	as from where it was loaded at the IP level. The Host: header may
 	be different from the connected IP and approved origin.
-	
+
 DOC_END
 
 NAME: client_dst_passthru
@@ -2914,20 +2914,20 @@
 	With NAT or TPROXY intercepted traffic Squid may pass the request
 	directly to the original client destination IP or seek a faster
 	source using the HTTP Host header.
-	
+
 	Using Host to locate alternative servers can provide faster
 	connectivity with a range of failure recovery options.
 	But can also lead to connectivity trouble when the client and
 	server are attempting stateful interactions unaware of the proxy.
-	
+
 	This option (on by default) prevents alternative DNS entries being
 	located to send intercepted traffic DIRECT to an origin server.
 	The clients original destination IP and port will be used instead.
-	
+
 	Regardless of this option setting, when dealing with intercepted
 	traffic Squid will verify the Host: header and any traffic which
 	fails Host verification will be treated as if this option were ON.
-	
+
 	see host_verify_strict for details on the verification process.
 DOC_END
 
@@ -2943,17 +2943,17 @@
 LOC: Security::ProxyOutgoingConfig
 DOC_START
 	disable		Do not support https:// URLs.
-	
+
 	cert=/path/to/client/certificate
 			A client X.509 certificate to use when connecting.
-	
+
 	key=/path/to/client/private_key
 			The private key corresponding to the cert= above.
 
 			If key= is not specified cert= is assumed to
 			reference a PEM file containing both the certificate
 			and private key.
-	
+
 	cipher=...	The list of valid TLS ciphers to use.
 
 	min-version=1.N
@@ -2997,29 +2997,29 @@
 				for a more complete list.
 				http://www.gnutls.org/manual/gnutls.html#Priority-Strings
 
-	
+
 	cafile=		PEM file containing CA certificates to use when verifying
 			the peer certificate. May be repeated to load multiple files.
 
 	capath=		A directory containing additional CA certificates to
 			use when verifying the peer certificate.
 			Requires OpenSSL or LibreSSL.
-	
+
 	crlfile=... 	A certificate revocation list file to use when
 			verifying the peer certificate.
-	
+
 	flags=...	Specify various flags modifying the TLS implementation:
-	
+
 			DONT_VERIFY_PEER
 				Accept certificates even if they fail to
 				verify.
 			DONT_VERIFY_DOMAIN
 				Don't verify the peer certificate
 				matches the server name
-	
+
 	default-ca[=off]
 			Whether to use the system Trusted CAs. Default is ON.
-	
+
 	domain= 	The peer name as advertised in its certificate.
 			Used for verifying the correctness of the received peer
 			certificate. If not specified the peer hostname will be
@@ -3167,7 +3167,7 @@
 		not allow to make decisions based on SSL handshake info.
 
 	    peek-and-splice
-		Decide whether to bump or splice the connection based on 
+		Decide whether to bump or splice the connection based on
 		client-to-squid and server-to-squid SSL hello messages.
 		XXX: Remove.
 
@@ -3282,7 +3282,7 @@
 TYPE: sslproxy_cert_adapt
 LOC: Config.ssl_client.cert_adapt
 DOC_START
-	
+
 	sslproxy_cert_adapt <adaptation algorithm> acl ...
 
 	The following certificate adaptation algorithms are supported:
@@ -3296,12 +3296,12 @@
 		the CA certificate used to sign generated certificates.
 
 	   setCommonName or setCommonName{CN}
-		Sets Subject.CN property to the host name specified as a 
+		Sets Subject.CN property to the host name specified as a
 		CN parameter or, if no explicit CN parameter was specified,
 		extracted from the CONNECT request. It is a misconfiguration
 		to use setCommonName without an explicit parameter for
 		intercepted or tproxied SSL connections.
-		
+
 	This clause only supports fast acl types.
 
 	Squid first groups sslproxy_cert_adapt options by adaptation algorithm.
@@ -3336,12 +3336,12 @@
 DOC_END
 
 COMMENT_START
- OPTIONS RELATING TO EXTERNAL SSL_CRTD 
+ OPTIONS RELATING TO EXTERNAL SSL_CRTD
  -----------------------------------------------------------------------------
 COMMENT_END
 
 NAME: sslcrtd_program
-TYPE: eol 
+TYPE: eol
 IFDEF: USE_SSL_CRTD
 DEFAULT: @DEFAULT_SSL_CRTD@ -s @DEFAULT_SSL_DB_DIR@ -M 4MB
 LOC: Ssl::TheConfig.ssl_crtd
@@ -3374,18 +3374,18 @@
 
 	The startup= and idle= options allow some measure of skew in your
 	tuning.
-	
+
 		startup=N
-	
+
 	Sets the minimum number of processes to spawn when Squid
 	starts or reconfigures. When set to zero the first request will
 	cause spawning of the first child process to handle it.
-	
+
 	Starting too few children temporary slows Squid under load while it
 	tries to spawn enough additional processes to cope with traffic.
-	
+
 		idle=N
-	
+
 	Sets a minimum of how many processes Squid is to try and keep available
 	at all times. When traffic begins to rise above what the existing
 	processes can handle this many more will be spawned up to the maximum
@@ -3398,7 +3398,7 @@
 	numberofchildren limit. If the queued requests exceed queue size for
 	more than 3 minutes squid aborts its operation. The default value is
 	set to 2*numberofchildren.
-	
+
 	You must have at least one ssl_crtd process.
 DOC_END
 
@@ -3431,32 +3431,32 @@
 	does not support spawning more than 32 helpers.
 
 	Usage: numberofchildren [option]...
-	
+
 	The startup= and idle= options allow some measure of skew in your
 	tuning.
-	
+
 		startup=N
-	
+
 	Sets the minimum number of processes to spawn when Squid
 	starts or reconfigures. When set to zero the first request will
 	cause spawning of the first child process to handle it.
-	
+
 	Starting too few children temporary slows Squid under load while it
 	tries to spawn enough additional processes to cope with traffic.
-	
+
 		idle=N
-	
+
 	Sets a minimum of how many processes Squid is to try and keep available
 	at all times. When traffic begins to rise above what the existing
 	processes can handle this many more will be spawned up to the maximum
 	configured. A minimum setting of 1 is required.
 
 		concurrency=
-	
+
 	The number of requests each certificate validator helper can handle in
 	parallel. A value of 0 indicates the certficate validator does not
 	support concurrency. Defaults to 1.
-	
+
 	When this directive is set to a value >= 1 then the protocol
 	used to communicate with the helper is modified to include
 	a request ID in front of the request/response. The request
@@ -3470,7 +3470,7 @@
 	child can be started due to numberofchildren limit. If the queued
 	requests exceed queue size for more than 3 minutes squid aborts its
 	operation. The default value is set to 2*numberofchildren.
-	
+
 	You must have at least one ssl_crt_validator process.
 DOC_END
 
@@ -3485,11 +3485,11 @@
 LOC: Config.peers
 DOC_START
 	To specify other caches in a hierarchy, use the format:
-	
+
 		cache_peer hostname type http-port icp-port [options]
-	
+
 	For example,
-	
+
 	#                                        proxy  icp
 	#          hostname             type     port   port  options
 	#          -------------------- -------- ----- -----  -----------
@@ -3497,96 +3497,96 @@
 	cache_peer sib1.foo.net         sibling   3128  3130  proxy-only
 	cache_peer sib2.foo.net         sibling   3128  3130  proxy-only
 	cache_peer example.com          parent    80       0  default
-	cache_peer cdn.example.com      sibling   3128     0  
-	
+	cache_peer cdn.example.com      sibling   3128     0
+
 	      type:	either 'parent', 'sibling', or 'multicast'.
-	
+
 	proxy-port:	The port number where the peer accept HTTP requests.
 			For other Squid proxies this is usually 3128
 			For web servers this is usually 80
-	
+
 	  icp-port:	Used for querying neighbor caches about objects.
 			Set to 0 if the peer does not support ICP or HTCP.
 			See ICP and HTCP options below for additional details.
-	
-	
+
+
 	==== ICP OPTIONS ====
-	
+
 	You MUST also set icp_port and icp_access explicitly when using these options.
 	The defaults will prevent peer traffic using ICP.
-	
-	
+
+
 	no-query	Disable ICP queries to this neighbor.
-	
+
 	multicast-responder
 			Indicates the named peer is a member of a multicast group.
 			ICP queries will not be sent directly to the peer, but ICP
 			replies will be accepted from it.
-	
+
 	closest-only	Indicates that, for ICP_OP_MISS replies, we'll only forward
 			CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.
-	
+
 	background-ping
 			To only send ICP queries to this neighbor infrequently.
 			This is used to keep the neighbor round trip time updated
 			and is usually used in conjunction with weighted-round-robin.
-	
-	
+
+
 	==== HTCP OPTIONS ====
-	
+
 	You MUST also set htcp_port and htcp_access explicitly when using these options.
 	The defaults will prevent peer traffic using HTCP.
-	
-	
+
+
 	htcp		Send HTCP, instead of ICP, queries to the neighbor.
 			You probably also want to set the "icp-port" to 4827
 			instead of 3130. This directive accepts a comma separated
 			list of options described below.
-	
+
 	htcp=oldsquid	Send HTCP to old Squid versions (2.5 or earlier).
-	
+
 	htcp=no-clr	Send HTCP to the neighbor but without
 			sending any CLR requests.  This cannot be used with
 			only-clr.
-	
+
 	htcp=only-clr	Send HTCP to the neighbor but ONLY CLR requests.
 			This cannot be used with no-clr.
-	
+
 	htcp=no-purge-clr
 			Send HTCP to the neighbor including CLRs but only when
 			they do not result from PURGE requests.
-	
+
 	htcp=forward-clr
 			Forward any HTCP CLR requests this proxy receives to the peer.
-	
-	
+
+
 	==== PEER SELECTION METHODS ====
-	
+
 	The default peer selection method is ICP, with the first responding peer
 	being used as source. These options can be used for better load balancing.
-	
-	
+
+
 	default		This is a parent cache which can be used as a "last-resort"
 			if a peer cannot be located by any of the peer-selection methods.
 			If specified more than once, only the first is used.
-	
+
 	round-robin	Load-Balance parents which should be used in a round-robin
 			fashion in the absence of any ICP queries.
 			weight=N can be used to add bias.
-	
+
 	weighted-round-robin
 			Load-Balance parents which should be used in a round-robin
 			fashion with the frequency of each parent being based on the
 			round trip time. Closer parents are used more often.
 			Usually used for background-ping parents.
 			weight=N can be used to add bias.
-	
+
 	carp		Load-Balance parents which should be used as a CARP array.
 			The requests will be distributed among the parents based on the
 			CARP load balancing hash function based on their weight.
-	
+
 	userhash	Load-balance parents based on the client proxy_auth or ident username.
-	
+
 	sourcehash	Load-balance parents based on the client source IP.
 
 	multicast-siblings
@@ -3597,97 +3597,97 @@
 			a "parent" cache, anyway.  It's useful, e.g., when
 			configuring a pool of redundant Squid proxies, being
 			members of the same multicast group.
-	
-	
+
+
 	==== PEER SELECTION OPTIONS ====
-	
+
 	weight=N	use to affect the selection of a peer during any weighted
 			peer-selection mechanisms.
 			The weight must be an integer; default is 1,
 			larger weights are favored more.
 			This option does not affect parent selection if a peering
 			protocol is not in use.
-	
+
 	basetime=N	Specify a base amount to be subtracted from round trip
 			times of parents.
 			It is subtracted before division by weight in calculating
 			which parent to fectch from. If the rtt is less than the
 			base time the rtt is set to a minimal value.
-	
+
 	ttl=N		Specify a TTL to use when sending multicast ICP queries
 			to this address.
 			Only useful when sending to a multicast group.
 			Because we don't accept ICP replies from random
 			hosts, you must configure other group members as
 			peers with the 'multicast-responder' option.
-	
+
 	no-delay	To prevent access to this neighbor from influencing the
 			delay pools.
-	
+
 	digest-url=URL	Tell Squid to fetch the cache digest (if digests are
 			enabled) for this host from the specified URL rather
 			than the Squid default location.
-	
-	
+
+
 	==== CARP OPTIONS ====
-	
+
 	carp-key=key-specification
 			use a different key than the full URL to hash against the peer.
-			the key-specification is a comma-separated list of the keywords			
+			the key-specification is a comma-separated list of the keywords
 			scheme, host, port, path, params
 			Order is not important.
-	
+
 	==== ACCELERATOR / REVERSE-PROXY OPTIONS ====
-	
+
 	originserver	Causes this parent to be contacted as an origin server.
 			Meant to be used in accelerator setups when the peer
 			is a web server.
-	
+
 	forceddomain=name
 			Set the Host header of requests forwarded to this peer.
 			Useful in accelerator setups where the server (peer)
 			expects a certain domain name but clients may request
 			others. ie example.com or www.example.com
-	
+
 	no-digest	Disable request of cache digests.
-	
+
 	no-netdb-exchange
 			Disables requesting ICMP RTT database (NetDB).
-	
-	
+
+
 	==== AUTHENTICATION OPTIONS ====
-	
+
 	login=user:password
 			If this is a personal/workgroup proxy and your parent
 			requires proxy authentication.
-			
+
 			Note: The string can include URL escapes (i.e. %20 for
 			spaces). This also means % must be written as %%.
-	
+
 	login=PASSTHRU
 			Send login details received from client to this peer.
 			Both Proxy- and WWW-Authorization headers are passed
 			without alteration to the peer.
 			Authentication is not required by Squid for this to work.
-			
+
 			Note: This will pass any form of authentication but
 			only Basic auth will work through a proxy unless the
 			connection-auth options are also used.
 
 	login=PASS	Send login details received from client to this peer.
 			Authentication is not required by this option.
-			
+
 			If there are no client-provided authentication headers
 			to pass on, but username and password are available
 			from an external ACL user= and password= result tags
 			they may be sent instead.
-			
+
 			Note: To combine this with proxy_auth both proxies must
 			share the same user database as HTTP only allows for
 			a single login (one for proxy, one for origin server).
 			Also be warned this will expose your users proxy
 			password to the peer. USE WITH CAUTION
-	
+
 	login=*:password
 			Send the username to the upstream cache, but with a
 			fixed password. This is meant to be used when the peer
@@ -3697,57 +3697,57 @@
 			information which is added to the username. This can
 			be used to identify this proxy to the peer, similar to
 			the login=username:password option above.
-	
+
 	login=NEGOTIATE
 			If this is a personal/workgroup proxy and your parent
 			requires a secure proxy authentication.
 			The first principal from the default keytab or defined by
-			the environment variable KRB5_KTNAME will be used. 
-	
+			the environment variable KRB5_KTNAME will be used.
+
 			WARNING: The connection may transmit requests from multiple
 			clients. Negotiate often assumes end-to-end authentication
 			and a single-client. Which is not strictly true here.
-	
+
 	login=NEGOTIATE:principal_name
 			If this is a personal/workgroup proxy and your parent
-			requires a secure proxy authentication. 
+			requires a secure proxy authentication.
 			The principal principal_name from the default keytab or
 			defined by the environment variable KRB5_KTNAME will be
 			used.
-	
+
 			WARNING: The connection may transmit requests from multiple
 			clients. Negotiate often assumes end-to-end authentication
 			and a single-client. Which is not strictly true here.
-	
+
 	connection-auth=on|off
 			Tell Squid that this peer does or not support Microsoft
 			connection oriented authentication, and any such
 			challenges received from there should be ignored.
 			Default is auto to automatically determine the status
 			of the peer.
-	
+
 	auth-no-keytab
 			Do not use a keytab to authenticate to a peer when
 			login=NEGOTIATE is specified. Let the GSSAPI
 			implementation determine which already existing
 			credentials cache to use instead.
-	
-	
+
+
 	==== SSL / HTTPS / TLS OPTIONS ====
-	
+
 	tls		Encrypt connections to this peer with TLS.
-	
+
 	sslcert=/path/to/ssl/certificate
 			A client X.509 certificate to use when connecting to
 			this peer.
-	
+
 	sslkey=/path/to/ssl/key
 			The private key corresponding to sslcert above.
 
 			If sslkey= is not specified sslcert= is assumed to
 			reference a PEM file containing both the certificate
 			and private key.
-	
+
 	sslcipher=...	The list of valid SSL ciphers to use when connecting
 			to this peer.
 
@@ -3794,16 +3794,16 @@
 
 	tls-cafile=	PEM file containing CA certificates to use when verifying
 			the peer certificate. May be repeated to load multiple files.
-	
+
 	sslcapath=...	A directory containing additional CA certificates to
 			use when verifying the peer certificate.
 			Requires OpenSSL or LibreSSL.
-	
+
 	sslcrlfile=... 	A certificate revocation list file to use when
 			verifying the peer certificate.
-	
+
 	sslflags=...	Specify various flags modifying the SSL implementation:
-	
+
 			DONT_VERIFY_PEER
 				Accept certificates even if they fail to
 				verify.
@@ -3811,35 +3811,35 @@
 			DONT_VERIFY_DOMAIN
 				Don't verify the peer certificate
 				matches the server name
-	
+
 	ssldomain= 	The peer name as advertised in it's certificate.
 			Used for verifying the correctness of the received peer
 			certificate. If not specified the peer hostname will be
 			used.
-	
+
 	front-end-https[=off|on|auto]
 			Enable the "Front-End-Https: On" header needed when
 			using Squid as a SSL frontend in front of Microsoft OWA.
 			See MS KB document Q307347 for details on this header.
 			If set to auto the header will only be added if the
 			request is forwarded as a https:// URL.
-	
+
 	tls-default-ca[=off]
 			Whether to use the system Trusted CAs. Default is ON.
-	
+
 	tls-no-npn	Do not use the TLS NPN extension to advertise HTTP/1.1.
 
 	==== GENERAL OPTIONS ====
-	
+
 	connect-timeout=N
 			A peer-specific connect timeout.
 			Also see the peer_connect_timeout directive.
-	
+
 	connect-fail-limit=N
 			How many times connecting to a peer must fail before
 			it is marked as down. Standby connection failures
 			count towards this limit. Default is 10.
-	
+
 	allow-miss	Disable Squid's use of only-if-cached when forwarding
 			requests to siblings. This is primarily useful when
 			icp_hit_stale is used by the sibling. Excessive use
@@ -3848,28 +3848,28 @@
 			deny cache peer usage on requests from a peer:
 			acl fromPeer ...
 			cache_peer_access peerName deny fromPeer
-	
+
 	max-conn=N 	Limit the number of concurrent connections the Squid
 			may open to this peer, including already opened idle
 			and standby connections. There is no peer-specific
 			connection limit by default.
-	
+
 			A peer exceeding the limit is not used for new
 			requests unless a standby connection is available.
-	
+
 			max-conn currently works poorly with idle persistent
 			connections: When a peer reaches its max-conn limit,
 			and there are idle persistent connections to the peer,
 			the peer may not be selected because the limiting code
 			does not know whether Squid can reuse those idle
 			connections.
-	
+
 	standby=N	Maintain a pool of N "hot standby" connections to an
 			UP peer, available for requests when no idle
 			persistent connection is available (or safe) to use.
 			By default and with zero N, no such pool is maintained.
 			N must not exceed the max-conn limit (if any).
-	
+
 			At start or after reconfiguration, Squid opens new TCP
 			standby connections until there are N connections
 			available and then replenishes the standby pool as
@@ -3877,14 +3877,14 @@
 			connection never goes back to the standby pool, but
 			may go to the regular idle persistent connection pool
 			shared by all peers and origin servers.
-	
+
 			Squid never opens multiple new standby connections
 			concurrently.  This one-at-a-time approach minimizes
 			flooding-like effect on peers. Furthermore, just a few
 			standby connections should be sufficient in most cases
 			to supply most new requests with a ready-to-use
 			connection.
-	
+
 			Standby connections obey server_idle_pconn_timeout.
 			For the feature to work as intended, the peer must be
 			configured to accept and keep them open longer than
@@ -3893,7 +3893,7 @@
 			connections. Default request_timeout and
 			server_idle_pconn_timeout values ensure such a
 			configuration.
-	
+
 	name=xxx	Unique name for the peer.
 			Required if you have multiple peers on the same host
 			but different ports.
@@ -3901,13 +3901,13 @@
 			directives to identify the peer.
 			Can be used by outgoing access controls through the
 			peername ACL type.
-	
+
 	no-tproxy	Do not use the client-spoof TPROXY support when forwarding
 			requests to this peer. Use normal address selection instead.
 			This overrides the spoof_client_ip ACL.
-	
+
 	proxy-only	objects fetched from the peer will not be stored locally.
-	
+
 DOC_END
 
 NAME: cache_peer_access
@@ -4006,7 +4006,7 @@
 	certain persistent connection failures and any attempts to use a
 	different peer. However, low-level connection reopening attempts
 	(enabled using connect_retries) are not counted.
-	
+
 	See also: forward_timeout and connect_retries.
 DOC_END
 
@@ -4188,14 +4188,14 @@
 DOC_START
 	Set the default value for max-size parameter on any cache_dir.
 	The value is specified in bytes, and the default is 4 MB.
-	
+
 	If you wish to get a high BYTES hit ratio, you should probably
 	increase this (one 32 MB object hit counts for 3200 10KB
 	hits).
-	
+
 	If you wish to increase hit ratio more than you want to
 	save bandwidth you should leave this low.
-	
+
 	NOTE: if using the LFUDA replacement policy you should increase
 	this value to maximize the byte hit rate improvement of LFUDA!
 	See cache_replacement_policy for a discussion of this policy.
@@ -4655,7 +4655,7 @@
 				default %d/%b/%Y:%H:%M:%S %z
 		tr	Response time (milliseconds)
 		dt	Total time spent making DNS lookups (milliseconds)
-		tS	Approximate master transaction start time in 
+		tS	Approximate master transaction start time in
 			<full seconds since epoch>.<fractional seconds> format.
 			Currently, Squid considers the master transaction
 			started when a complete HTTP request header initiating
@@ -4776,7 +4776,7 @@
 		[http::]<sH	Reply high offset sent
 		[http::]<sS	Upstream object size
 
-		[http::]<bs	Number of HTTP-equivalent message body bytes 
+		[http::]<bs	Number of HTTP-equivalent message body bytes
 				received from the next hop, excluding chunked
 				transfer encoding and control messages.
 				Generated FTP/Gopher listings are treated as
@@ -4787,7 +4787,7 @@
 		[http::]<pt	Peer response time in milliseconds. The timer starts
 				when the last request byte is sent to the next hop
 				and stops when the last response byte is received.
-		[http::]<tt	Total time in milliseconds. The timer 
+		[http::]<tt	Total time in milliseconds. The timer
 				starts with the first connect request (or write I/O)
 				sent to the first selected peer. The timer stops
 				with the last I/O with the last peer.
@@ -4806,7 +4806,7 @@
 				an already bumped connection, Squid logs the
 				corresponding SslBump mode ("splice", "bump",
 				"peek", "stare", "terminate", "server-first"
-				or "client-first"). See the ssl_bump option 
+				or "client-first"). See the ssl_bump option
 				for more information about these modes.
 
 				A "none" token is logged for requests that
@@ -5013,7 +5013,7 @@
 DEFAULT_IF_NONE: daemon:@DEFAULT_ACCESS_LOG@ squid
 DOC_START
 	Configures whether and how Squid logs HTTP and ICP transactions.
-	If access logging is enabled, a single line is logged for every 
+	If access logging is enabled, a single line is logged for every
 	matching HTTP or ICP request. The recommended directive formats are:
 
 	access_log <module>:<place> [option ...] [acl acl ...]
@@ -5025,12 +5025,12 @@
         In most cases, the first ACL name must not contain the '=' character
 	and should not be equal to an existing logformat name. You can always
 	start with an 'all' ACL to work around those restrictions.
-	
+
 	Will log to the specified module:place using the specified format (which
 	must be defined in a logformat directive) those entries which match
 	ALL the acl's specified (which must be defined in acl clauses).
 	If no acl is specified, all requests will be logged to this destination.
-	
+
 	===== Available options for the recommended directive format =====
 
 	logformat=name		Names log line format (either built-in or
@@ -5049,7 +5049,7 @@
 	on-error=die|drop	Defines action on unrecoverable errors. The
 				'drop' action ignores (i.e., does not log)
 				affected log records. The default 'die' action
-				kills the affected worker. The drop action 
+				kills the affected worker. The drop action
 				support has not been tested for modules other
 				than tcp.
 
@@ -5063,20 +5063,20 @@
 				Only supported by the stdio module.
 
 	===== Modules Currently available =====
-	
+
 	none	Do not log any requests matching these ACL.
 		Do not specify Place or logformat name.
-	
+
 	stdio	Write each log line to disk immediately at the completion of
 		each request.
 		Place: the filename and path to be written.
-	
+
 	daemon	Very similar to stdio. But instead of writing to disk the log
 		line is passed to a daemon helper for asychronous handling instead.
 		Place: varies depending on the daemon.
-		
+
 		log_file_daemon Place: the file name and path to be written.
-	
+
 	syslog	To log each request via syslog facility.
 		Place: The syslog facility and priority level for these entries.
 		Place Format:  facility.priority
@@ -5086,7 +5086,7 @@
 
 		And priority could be any of:
 			err, warning, notice, info, debug.
-	
+
 	udp	To send each log line as text data to a UDP receiver.
 		Place: The destination host name or IP and port.
 		Place Format:   //host:port
@@ -5112,7 +5112,7 @@
 	The icap_log option format is:
 	icap_log <filepath> [<logformat name> [acl acl ...]]
 	icap_log none [acl acl ...]]
-	
+
 	Please see access_log option documentation for details. The two
 	kinds of logs share the overall configuration approach and many
 	features.
@@ -5161,7 +5161,7 @@
 
 		icap::ru	ICAP Request-URI. Similar to ru.
 
-		icap::rm	ICAP request method (REQMOD, RESPMOD, or 
+		icap::rm	ICAP request method (REQMOD, RESPMOD, or
 				OPTIONS). Similar to existing rm.
 
 		icap::>st	The total size of the ICAP request sent to the ICAP
@@ -5252,10 +5252,10 @@
 	saved and for how long.
 	There are not really utilities to analyze this data, so you can safely
 	disable it (the default).
-	
+
 	Store log uses modular logging outputs. See access_log for the list
 	of modules supported.
-	
+
 	Example:
 		cache_store_log stdio:@DEFAULT_STORE_LOG@
 		cache_store_log daemon:@DEFAULT_STORE_LOG@
@@ -5531,7 +5531,7 @@
 
 	NATs may be able to put the connection on a "fast path" through the
 	translator using EPSV, as the EPRT command will never be used
-	and therefore, translation of the data portion of the segments 
+	and therefore, translation of the data portion of the segments
 	will never be needed.
 
 	EPSV is often required to interoperate with FTP servers on IPv6
@@ -5747,18 +5747,18 @@
 
 	The startup= and idle= options allow some measure of skew in your
 	tuning.
-	
+
 		startup=
-	
+
 	Sets a minimum of how many processes are to be spawned when Squid
 	starts or reconfigures. When set to zero the first request will
 	cause spawning of the first child process to handle it.
-	
+
 	Starting too few will cause an initial slowdown in traffic as Squid
 	attempts to simultaneously spawn enough processes to cope.
-	
+
 		idle=
-	
+
 	Sets a minimum of how many processes Squid is to try and keep available
 	at all times. When traffic begins to rise above what the existing
 	processes can handle this many more will be spawned up to the maximum
@@ -5813,14 +5813,14 @@
 	To preserve same-origin security policies in browsers and
 	prevent Host: header forgery by redirectors Squid rewrites
 	any Host: header in redirected requests.
-	
+
 	If you are running an accelerator this may not be a wanted
 	effect of a redirector. This directive enables you disable
 	Host: alteration in reverse-proxy traffic.
-	
+
 	WARNING: Entries are cached on the result of the URL rewriting
 	process, so be careful if you have domain-virtual hosts.
-	
+
 	WARNING: Squid and other software verifies the URL and Host
 	are matching, so be careful not to relay through other proxies
 	or inspecting firewalls with this disabled.
@@ -5974,21 +5974,21 @@
 	queues. Using too many helpers wastes your system resources.
 
 	Usage: numberofchildren [option]...
-	
+
 	The startup= and idle= options allow some measure of skew in your
 	tuning.
-	
+
 		startup=
-	
+
 	Sets a minimum of how many processes are to be spawned when Squid
 	starts or reconfigures. When set to zero the first request will
 	cause spawning of the first child process to handle it.
-	
+
 	Starting too few will cause an initial slowdown in traffic as Squid
 	attempts to simultaneously spawn enough processes to cope.
-	
+
 		idle=
-	
+
 	Sets a minimum of how many processes Squid is to try and keep available
 	at all times. When traffic begins to rise above what the existing
 	processes can handle this many more will be spawned up to the maximum
@@ -6058,7 +6058,7 @@
 	queue grows too large, the action is prescribed by the
 	on-persistent-overload option. You should only enable this if the
 	helpers are not critical to your caching system. If you use
-	helpers for critical caching components, and you enable this 
+	helpers for critical caching components, and you enable this
 	option,	users may not get objects from cache.
 	This options sets default queue-size option of the store_id_children
 	to 0.
@@ -6252,9 +6252,9 @@
 		ensures that the client will receive an updated version
 		if one is available.
 
-		store-stale stores responses even if they don't have explicit 
-		freshness or a validator (i.e., Last-Modified or an ETag) 
-		present, or if they're already stale. By default, Squid will 
+		store-stale stores responses even if they don't have explicit
+		freshness or a validator (i.e., Last-Modified or an ETag)
+		present, or if they're already stale. By default, Squid will
 		not cache such responses because they usually can't be
 		reused. Note that such responses will be stale by default.
 
@@ -6399,35 +6399,35 @@
 DEFAULT: none
 DOC_START
 	usage: (size) [units] [[!]aclname]
-	
-	Sets an upper limit on how far (number of bytes) into the file 
-	a Range request	may be to cause Squid to prefetch the whole file. 
-	If beyond this limit, Squid forwards the Range request as it is and 
+
+	Sets an upper limit on how far (number of bytes) into the file
+	a Range request	may be to cause Squid to prefetch the whole file.
+	If beyond this limit, Squid forwards the Range request as it is and
 	the result is NOT cached.
-	
+
 	This is to stop a far ahead range request (lets say start at 17MB)
 	from making Squid fetch the whole object up to that point before
 	sending anything to the client.
-	
-	Multiple range_offset_limit lines may be specified, and they will 
-	be searched from top to bottom on each request until a match is found. 
-	The first match found will be used.  If no line matches a request, the 
+
+	Multiple range_offset_limit lines may be specified, and they will
+	be searched from top to bottom on each request until a match is found.
+	The first match found will be used.  If no line matches a request, the
 	default limit of 0 bytes will be used.
-	
+
 	'size' is the limit specified as a number of units.
-	
+
 	'units' specifies whether to use bytes, KB, MB, etc.
 	If no units are specified bytes are assumed.
-	
+
 	A size of 0 causes Squid to never fetch more than the
 	client requested. (default)
-	
+
 	A size of 'none' causes Squid to always fetch the object from the
 	beginning so it may cache the result. (2.0 style)
-	
+
 	'aclname' is the name of a defined ACL.
-	
-	NP: Using 'none' as the byte value here will override any quick_abort settings 
+
+	NP: Using 'none' as the byte value here will override any quick_abort settings
 	    that may otherwise apply to the range request. The range request will
 	    be fully fetched from start to finish regardless of the client
 	    actions. This affects bandwidth usage.
@@ -7126,16 +7126,16 @@
 	the idle connection pool (or equivalent). No effect on ongoing/active
 	transactions. Connection lifetime is the time period from the
 	connection acceptance or opening time until "now".
-	
+
 	This limit is useful in environments with long-lived connections
 	where Squid configuration or environmental factors change during a
 	single connection lifetime. If unrestricted, some connections may
 	last for hours and even days, ignoring those changes that should
 	have affected their behavior or their existence.
-	
+
 	Currently, a new lifetime value supplied via Squid reconfiguration
 	has no effect on already idle connections unless they become busy.
-	
+
 	When set to '0' this limit is not used.
 DOC_END
 
@@ -8783,7 +8783,7 @@
 DOC_END
 
 COMMENT_START
- OPTIONS INFLUENCING REQUEST FORWARDING 
+ OPTIONS INFLUENCING REQUEST FORWARDING
  -----------------------------------------------------------------------------
 COMMENT_END
 
@@ -9016,7 +9016,7 @@
 	See the accf_dataready(9) man page for details.
 
 	Linux:
-	
+
 	The 'data' filter delays delivering of new connections
 	to Squid until there is some data to process by TCP_ACCEPT_DEFER.
 	You may optionally specify a number of seconds to wait by
@@ -9122,12 +9122,12 @@
 	between ICAP OPTIONS requests.
 
 	Squid forgets ICAP service failures older than the specified
-	value of memory-depth. The memory fading algorithm 
-	is approximate because Squid does not remember individual 
+	value of memory-depth. The memory fading algorithm
+	is approximate because Squid does not remember individual
 	errors but groups them instead, splitting the option
 	value into ten time slots of equal length.
 
-	When memory-depth is 0 and by default this option has no 
+	When memory-depth is 0 and by default this option has no
 	effect on service failure expiration.
 
 	Squid always forgets failures when updating service settings
@@ -9163,7 +9163,7 @@
 DOC_START
 	The ICAP Preview feature allows the ICAP server to handle the
 	HTTP message by looking only at the beginning of the message body
-	or even without receiving the body at all. In some environments, 
+	or even without receiving the body at all. In some environments,
 	previews greatly speedup ICAP processing.
 
 	During an ICAP OPTIONS transaction, the server may tell	Squid what
@@ -9357,7 +9357,7 @@
 		  * block:  send an HTTP error response to the client
 		  * bypass: ignore the "over-connected" ICAP service
 		  * wait:   wait (in a FIFO queue) for an ICAP connection slot
-		  * force:  proceed, ignoring the Max-Connections limit 
+		  * force:  proceed, ignoring the Max-Connections limit
 
 		In SMP mode with N workers, each worker assumes the service
 		connection limit is Max-Connections/N, even though not all
@@ -9365,7 +9365,7 @@
 
 		The default value is "bypass" if service is bypassable,
 		otherwise it is set to "wait".
-		
+
 
 	max-conn=number
 		Use the given number as the Max-Connections limit, regardless
@@ -9470,7 +9470,7 @@
 DOC_START
 	This deprecated option was documented to define an ICAP service
 	chain, even though it actually defined a set of similar, redundant
-	services, and the chains were not supported. 
+	services, and the chains were not supported.
 
 	To define a set of redundant services, please use the
 	adaptation_service_set directive. For service chains, use
@@ -9558,7 +9558,7 @@
 
 	connection-encryption=on|off
 		Determines the eCAP service effect on the connections_encrypted
-		ACL. 
+		ACL.
 
 		Defaults to "on", which does not taint the master transaction
 		w.r.t. that ACL.
@@ -9746,8 +9746,8 @@
 	This option specifies the table entry names that Squid must accept
 	from and forward to the adaptation transactions.
 
-	An ICAP REQMOD or RESPMOD transaction may set an entry in the 
-	shared table by returning an ICAP header field with a name 
+	An ICAP REQMOD or RESPMOD transaction may set an entry in the
+	shared table by returning an ICAP header field with a name
 	specified in adaptation_masterx_shared_names.
 
 	An eCAP REQMOD or RESPMOD transaction may set an entry in the
@@ -9775,24 +9775,24 @@
 	headers or eCAP options to Squid ICAP requests or eCAP transactions.
 	Use it to pass custom authentication tokens and other
 	transaction-state related meta information to an ICAP/eCAP service.
-	
+
 	The addition of a meta header is ACL-driven:
 		adaptation_meta name value [!]aclname ...
-	
+
 	Processing for a given header name stops after the first ACL list match.
 	Thus, it is impossible to add two headers with the same name. If no ACL
-	lists match for a given header name, no such header is added. For 
+	lists match for a given header name, no such header is added. For
 	example:
-	
+
 		# do not debug transactions except for those that need debugging
 		adaptation_meta X-Debug 1 needs_debugging
-	
+
 		# log all transactions except for those that must remain secret
 		adaptation_meta X-Log 1 !keep_secret
-	
+
 		# mark transactions from users in the "G 1" group
 		adaptation_meta X-Authenticated-Groups "G 1" authed_as_G1
-	
+
 	The "value" parameter may be a regular squid.conf token or a "double
 	quoted string". Within the quoted string, use backslash (\) to escape
 	any character, which is currently only useful for escaping backslashes
@@ -9895,17 +9895,17 @@
 DOC_START
 	Maximum number of bytes packet size to advertise via EDNS.
 	Set to "none" to disable EDNS large packet support.
-	
+
 	For legacy reasons DNS UDP replies will default to 512 bytes which
 	is too small for many responses. EDNS provides a means for Squid to
 	negotiate receiving larger responses back immediately without having
 	to failover with repeat requests. Responses larger than this limit
 	will retain the old behaviour of failover to TCP DNS.
-	
+
 	Squid has no real fixed limit internally, but allowing packet sizes
 	over 1500 bytes requires network jumbogram support and is usually not
 	necessary.
-	
+
 	WARNING: The RFC also indicates that some older resolvers will reply
 	with failure of the whole request if the extension is added. Some
 	resolvers have already been identified which will reply with mangled
@@ -10276,10 +10276,10 @@
 	receiving an error response with status 403 (Forbidden),
 	500 (Internal Error), 501 or 503 (Service not available).
 	Status 502 and 504 (Gateway errors) are always retried.
-	
+
 	This is mainly useful if you are in a complex cache hierarchy to
 	work around access control errors.
-	
+
 	NOTE: This retry will attempt to find another working destination.
 	Which is different from the server which just failed.
 DOC_END
@@ -10434,7 +10434,7 @@
 DEFAULT: on
 LOC: Config.onoff.WIN32_IpAddrChangeMonitor
 DOC_START
-	On Windows Squid by default will monitor IP address changes and will 
+	On Windows Squid by default will monitor IP address changes and will
 	reconfigure itself after any detected event. This is very useful for
 	proxies connected to internet with dial-up interfaces.
 	In some cases (a Proxy server acting as VPN gateway is one) it could be
@@ -10477,7 +10477,7 @@
 	and FTP agents that require a "Please Continue" control message response
 	to actually send the request body to Squid. It is mostly useful in
 	adaptation environments.
-	
+
 	When Squid receives an HTTP request with an "Expect: 100-continue"
 	header or an FTP upload command (e.g., STOR), Squid normally sends the
 	request headers or FTP command information to an adaptation service (or
@@ -10487,7 +10487,7 @@
 	that request body or data transfer may never come because Squid has not
 	responded with the HTTP 100 or FTP 150 (Please Continue) control message
 	to the request sender yet!
-	
+
 	An allow match tells Squid to respond with the HTTP 100 or FTP 150
 	(Please Continue) control message on its own, before forwarding the
 	request to an adaptation service or peer. Such a response usually forces
diff -u -r -N squid-5.5/src/cf_gen_defines squid-5.6/src/cf_gen_defines
--- squid-5.5/src/cf_gen_defines	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/cf_gen_defines	2022-06-06 10:11:52.000000000 +1200
@@ -1,4 +1,4 @@
-#!/usr/bin/awk -f 
+#!/usr/bin/awk -f
 
 ## Copyright (C) 1996-2022 The Squid Software Foundation and contributors
 ##
diff -u -r -N squid-5.5/src/Common.am squid-5.6/src/Common.am
--- squid-5.5/src/Common.am	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/Common.am	2022-06-06 10:11:52.000000000 +1200
@@ -43,7 +43,7 @@
 
 ## so that others can always use += for these variables
 CLEANFILES =
-check_PROGRAMS = 
+check_PROGRAMS =
 TESTS =
 
 AM_CPPFLAGS = \
diff -u -r -N squid-5.5/src/gopher.cc squid-5.6/src/gopher.cc
--- squid-5.5/src/gopher.cc	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/gopher.cc	2022-06-06 10:11:52.000000000 +1200
@@ -34,7 +34,7 @@
 #include "MemObject.h"
 #endif
 
-/* gopher type code from rfc. Anawat. */
+// RFC 1436 section 3.8 gopher item-type codes
 #define GOPHER_FILE         '0'
 #define GOPHER_DIRECTORY    '1'
 #define GOPHER_CSO          '2'
@@ -50,17 +50,18 @@
 #define GOPHER_GIF          'g'
 #define GOPHER_IMAGE        'I'
 
+// Gopher+ section 2.9 extension types
+// https://github.com/jgoerzen/pygopherd/blob/master/doc/standards/Gopher%2B.txt
+#define GOPHER_PLUS_IMAGE   ':'
+#define GOPHER_PLUS_MOVIE   ';'
+#define GOPHER_PLUS_SOUND   '<'
+
+// non-standard item-type codes
 #define GOPHER_HTML         'h'
 #define GOPHER_INFO         'i'
-
-///  W3 address
 #define GOPHER_WWW          'w'
 #define GOPHER_SOUND        's'
 
-#define GOPHER_PLUS_IMAGE   ':'
-#define GOPHER_PLUS_MOVIE   ';'
-#define GOPHER_PLUS_SOUND   '<'
-
 #define GOPHER_PORT         70
 
 #define TAB                 '\t'
@@ -364,7 +365,6 @@
     char *lpos = NULL;
     char *tline = NULL;
     LOCAL_ARRAY(char, line, TEMP_BUF_SIZE);
-    LOCAL_ARRAY(char, tmpbuf, TEMP_BUF_SIZE);
     char *name = NULL;
     char *selector = NULL;
     char *host = NULL;
@@ -374,7 +374,6 @@
     char gtype;
     StoreEntry *entry = NULL;
 
-    memset(tmpbuf, '\0', TEMP_BUF_SIZE);
     memset(line, '\0', TEMP_BUF_SIZE);
 
     entry = gopherState->entry;
@@ -409,7 +408,7 @@
         return;
     }
 
-    String outbuf;
+    SBuf outbuf;
 
     if (!gopherState->HTML_header_added) {
         if (gopherState->conversion == GopherStateData::HTML_CSO_RESULT)
@@ -572,39 +571,43 @@
                         icon_url = NULL;
                         break;
 
+                    case GOPHER_WWW:
+                        icon_url = mimeGetIconURL("internal-link");
+                        break;
+
                     default:
                         icon_url = mimeGetIconURL("internal-unknown");
                         break;
                     }
 
-                    memset(tmpbuf, '\0', TEMP_BUF_SIZE);
-
                     if ((gtype == GOPHER_TELNET) || (gtype == GOPHER_3270)) {
                         if (strlen(escaped_selector) != 0)
-                            snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s@%s%s%s/\">%s</A>\n",
-                                     icon_url, escaped_selector, rfc1738_escape_part(host),
-                                     *port ? ":" : "", port, html_quote(name));
+                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s@%s%s%s/\">%s</A>\n",
+                                           icon_url, escaped_selector, rfc1738_escape_part(host),
+                                           *port ? ":" : "", port, html_quote(name));
                         else
-                            snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s%s%s/\">%s</A>\n",
-                                     icon_url, rfc1738_escape_part(host), *port ? ":" : "",
-                                     port, html_quote(name));
+                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s%s%s/\">%s</A>\n",
+                                           icon_url, rfc1738_escape_part(host), *port ? ":" : "",
+                                           port, html_quote(name));
 
                     } else if (gtype == GOPHER_INFO) {
-                        snprintf(tmpbuf, TEMP_BUF_SIZE, "\t%s\n", html_quote(name));
+                        outbuf.appendf("\t%s\n", html_quote(name));
                     } else {
                         if (strncmp(selector, "GET /", 5) == 0) {
                             /* WWW link */
-                            snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"http://%s/%s\">%s</A>\n",
-                                     icon_url, host, rfc1738_escape_unescaped(selector + 5), html_quote(name));
+                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"http://%s/%s\">%s</A>\n",
+                                           icon_url, host, rfc1738_escape_unescaped(selector + 5), html_quote(name));
+                        } else if (gtype == GOPHER_WWW) {
+                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"gopher://%s/%c%s\">%s</A>\n",
+                                           icon_url, rfc1738_escape_unescaped(selector), html_quote(name));
                         } else {
                             /* Standard link */
-                            snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"gopher://%s/%c%s\">%s</A>\n",
-                                     icon_url, host, gtype, escaped_selector, html_quote(name));
+                            outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"gopher://%s/%c%s\">%s</A>\n",
+                                           icon_url, host, gtype, escaped_selector, html_quote(name));
                         }
                     }
 
                     safe_free(escaped_selector);
-                    outbuf.append(tmpbuf);
                 } else {
                     memset(line, '\0', TEMP_BUF_SIZE);
                     continue;
@@ -637,13 +640,12 @@
                     break;
 
                 if (gopherState->cso_recno != recno) {
-                    snprintf(tmpbuf, TEMP_BUF_SIZE, "</PRE><HR noshade size=\"1px\"><H2>Record# %d<br><i>%s</i></H2>\n<PRE>", recno, html_quote(result));
+                    outbuf.appendf("</PRE><HR noshade size=\"1px\"><H2>Record# %d<br><i>%s</i></H2>\n<PRE>", recno, html_quote(result));
                     gopherState->cso_recno = recno;
                 } else {
-                    snprintf(tmpbuf, TEMP_BUF_SIZE, "%s\n", html_quote(result));
+                    outbuf.appendf("%s\n", html_quote(result));
                 }
 
-                outbuf.append(tmpbuf);
                 break;
             } else {
                 int code;
@@ -671,8 +673,7 @@
 
                 case 502: { /* Too Many Matches */
                     /* Print the message the server returns */
-                    snprintf(tmpbuf, TEMP_BUF_SIZE, "</PRE><HR noshade size=\"1px\"><H2>%s</H2>\n<PRE>", html_quote(result));
-                    outbuf.append(tmpbuf);
+                    outbuf.appendf("</PRE><HR noshade size=\"1px\"><H2>%s</H2>\n<PRE>", html_quote(result));
                     break;
                 }
 
@@ -688,13 +689,12 @@
 
     }               /* while loop */
 
-    if (outbuf.size() > 0) {
-        entry->append(outbuf.rawBuf(), outbuf.size());
+    if (outbuf.length() > 0) {
+        entry->append(outbuf.rawContent(), outbuf.length());
         /* now let start sending stuff to client */
         entry->flush();
     }
 
-    outbuf.clean();
     return;
 }
 
diff -u -r -N squid-5.5/src/http/RegisteredHeadersHash.gperf squid-5.6/src/http/RegisteredHeadersHash.gperf
--- squid-5.5/src/http/RegisteredHeadersHash.gperf	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/http/RegisteredHeadersHash.gperf	2022-06-06 10:11:52.000000000 +1200
@@ -20,7 +20,7 @@
 %enum
 %global-table
 %ignore-case
-%struct-type 
+%struct-type
 class HeaderTableRecord;
 %%
 Accept, Http::HdrType::ACCEPT, Http::HdrFieldType::ftStr, HdrKind::ListHeader|HdrKind::RequestHeader
diff -u -r -N squid-5.5/src/http/url_rewriters/LFS/url_lfs_rewrite.8 squid-5.6/src/http/url_rewriters/LFS/url_lfs_rewrite.8
--- squid-5.5/src/http/url_rewriters/LFS/url_lfs_rewrite.8	2022-04-13 20:38:00.000000000 +1200
+++ squid-5.6/src/http/url_rewriters/LFS/url_lfs_rewrite.8	2022-06-06 10:47:32.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "URL_LFS_REWRITE 8"
-.TH URL_LFS_REWRITE 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH URL_LFS_REWRITE 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/src/ipc/Kid.cc squid-5.6/src/ipc/Kid.cc
--- squid-5.5/src/ipc/Kid.cc	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/ipc/Kid.cc	2022-06-06 10:11:52.000000000 +1200
@@ -100,7 +100,6 @@
              exitedHappy() ||
              hopeless() ||
              shutting_down ||
-             signaled(SIGKILL) || // squid -k kill
              signaled(SIGINT) || // unexpected forced shutdown
              signaled(SIGTERM)); // unexpected forced shutdown
 }
diff -u -r -N squid-5.5/src/log/DB/doc/views.sql squid-5.6/src/log/DB/doc/views.sql
--- squid-5.5/src/log/DB/doc/views.sql	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/log/DB/doc/views.sql	2022-06-06 10:11:52.000000000 +1200
@@ -393,7 +393,7 @@
             SELECT SUM(http_reply_size)
             FROM access_log a1
             WHERE a.date_day = a1.date_day
-        ) * 100                               
+        ) * 100
     )                                     AS most_active_client_t_pc
 
     FROM access_log a
diff -u -r -N squid-5.5/src/log/DB/log_db_daemon.8 squid-5.6/src/log/DB/log_db_daemon.8
--- squid-5.5/src/log/DB/log_db_daemon.8	2022-04-13 20:38:00.000000000 +1200
+++ squid-5.6/src/log/DB/log_db_daemon.8	2022-06-06 10:47:33.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "LOG_DB_DAEMON 8"
-.TH LOG_DB_DAEMON 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/src/main.cc squid-5.6/src/main.cc
--- squid-5.5/src/main.cc	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/main.cc	2022-06-06 10:11:52.000000000 +1200
@@ -568,6 +568,7 @@
             /** \li On interrupt send SIGINT. */
             opt_send_signal = SIGINT;
         else if (!strncmp(optValue, "kill", strlen(optValue)))
+            // XXX: In SMP mode, uncatchable SIGKILL only kills the master process
             /** \li On kill send SIGKILL. */
             opt_send_signal = SIGKILL;
 
diff -u -r -N squid-5.5/src/Makefile.am squid-5.6/src/Makefile.am
--- squid-5.5/src/Makefile.am	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/Makefile.am	2022-06-06 10:11:52.000000000 +1200
@@ -770,7 +770,7 @@
 cf_parser.cci: cf.data cf_gen$(EXEEXT)
 	./cf_gen$(EXEEXT) cf.data $(srcdir)/cf.data.depend
 
-# The cf_gen_defines.cci is auto-generated and does not exist when the 
+# The cf_gen_defines.cci is auto-generated and does not exist when the
 # dependencies computed. We need to add its include files (autoconf.h) here
 cf_gen_defines.cci: $(srcdir)/cf_gen_defines $(srcdir)/cf.data.pre $(top_builddir)/include/autoconf.h
 	$(AWK) -f $(srcdir)/cf_gen_defines <$(srcdir)/cf.data.pre >$@ || ($(RM) -f $@ && exit 1)
@@ -848,7 +848,7 @@
 test_tools.cc: $(top_srcdir)/test-suite/test_tools.cc
 	cp $(top_srcdir)/test-suite/test_tools.cc .
 
-# stock tools for unit tests - library independent versions of dlink_list 
+# stock tools for unit tests - library independent versions of dlink_list
 # etc.
 # globals.cc is needed by test_tools.cc.
 # Neither of these should be disted from here.
diff -u -r -N squid-5.5/src/Makefile.in squid-5.6/src/Makefile.in
--- squid-5.5/src/Makefile.in	2022-04-13 20:30:27.000000000 +1200
+++ squid-5.6/src/Makefile.in	2022-06-06 10:41:59.000000000 +1200
@@ -3404,7 +3404,7 @@
 
 man_MANS = squid.8
 
-# stock tools for unit tests - library independent versions of dlink_list 
+# stock tools for unit tests - library independent versions of dlink_list
 # etc.
 # globals.cc is needed by test_tools.cc.
 # Neither of these should be disted from here.
@@ -8152,7 +8152,7 @@
 cf_parser.cci: cf.data cf_gen$(EXEEXT)
 	./cf_gen$(EXEEXT) cf.data $(srcdir)/cf.data.depend
 
-# The cf_gen_defines.cci is auto-generated and does not exist when the 
+# The cf_gen_defines.cci is auto-generated and does not exist when the
 # dependencies computed. We need to add its include files (autoconf.h) here
 cf_gen_defines.cci: $(srcdir)/cf_gen_defines $(srcdir)/cf.data.pre $(top_builddir)/include/autoconf.h
 	$(AWK) -f $(srcdir)/cf_gen_defines <$(srcdir)/cf.data.pre >$@ || ($(RM) -f $@ && exit 1)
diff -u -r -N squid-5.5/src/mib.txt squid-5.6/src/mib.txt
--- squid-5.5/src/mib.txt	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/mib.txt	2022-06-06 10:11:52.000000000 +1200
@@ -3,85 +3,94 @@
 SQUID-MIB DEFINITIONS ::= BEGIN
 
 IMPORTS
-	enterprises, Unsigned32, TimeTicks, Gauge32, Counter32,
-	MODULE-IDENTITY, OBJECT-TYPE, Integer32
-        	FROM SNMPv2-SMI
+        enterprises, TimeTicks, Gauge32, Counter32,
+        MODULE-IDENTITY, OBJECT-TYPE, Integer32
+                FROM SNMPv2-SMI
 
-	DisplayString, TEXTUAL-CONVENTION
-        	FROM SNMPv2-TC
+        DisplayString, TEXTUAL-CONVENTION
+                FROM SNMPv2-TC
 
-	InetAddressType, InetAddress
-        	FROM INET-ADDRESS-MIB;
+        InetAddressType, InetAddress
+                FROM INET-ADDRESS-MIB;
 
 squid MODULE-IDENTITY
-    LAST-UPDATED "200812240200Z"
-    ORGANIZATION "National Laboratory for Applied Network Research"
-    CONTACT-INFO
-            "        Squid Developers
-
-             E-mail: squid@squid-cache.org"
-    DESCRIPTION
-		"Squid MIB defined for the management of the Squid
-		proxy server. See http://www.squid-cache.org/."
-
-    REVISION      "200812240200Z"
-    DESCRIPTION
-		"Corrected MIB strictness requirements. Mapped
-		valid port ranges"
-    
-    REVISION      "200712140000Z"
-    DESCRIPTION
-		"Added support for IPv6 Technology."
-
-    REVISION      "9901010000Z"
-    DESCRIPTION
-		"Added objects and corrected asn.1 syntax and
-		descriptions."
-
-    REVISION      "9809220000Z"
-    DESCRIPTION
-		"Move to SMIv2. Prepare to split into proxy/squid."
-		
-    ::= { nlanr 1 }
+        LAST-UPDATED "202204151000Z"
+        ORGANIZATION "National Laboratory for Applied Network Research"
+        CONTACT-INFO
+                "Squid Developers
+
+                E-mail: squid@squid-cache.org"
+        DESCRIPTION
+                "Squid MIB defined for the management of the Squid
+                proxy server. See http://www.squid-cache.org/."
+
+        REVISION      "202204151000Z"
+        DESCRIPTION
+                "Reorganized cachePeerTable and related objects to
+                fix smilint errors.
+
+                Removed unused import of Unsigned32.
+
+                Improve formatting consistency."
+
+        REVISION      "200812240200Z"
+        DESCRIPTION
+                "Corrected MIB strictness requirements. Mapped
+                valid port ranges"
+
+        REVISION      "200712140000Z"
+        DESCRIPTION
+                "Added support for IPv6 Technology."
+
+        REVISION      "9901010000Z"
+        DESCRIPTION
+                "Added objects and corrected asn.1 syntax and
+                descriptions."
+
+        REVISION      "9809220000Z"
+        DESCRIPTION
+                "Move to SMIv2. Prepare to split into proxy/squid."
+
+        ::= { nlanr 1 }
 
 --
 -- OID Assignments
 --
-	nlanr OBJECT IDENTIFIER ::= { enterprises 3495 }
-	cacheSystem	OBJECT IDENTIFIER ::= { squid 1 }
-	cacheConfig  	OBJECT IDENTIFIER ::= { squid 2 }
-	cachePerf	OBJECT IDENTIFIER ::= { squid 3 }
-	cacheNetwork	OBJECT IDENTIFIER ::= { squid 4 }
-	cacheMesh	OBJECT IDENTIFIER ::= { squid 5 }
 
+        nlanr         OBJECT IDENTIFIER ::= { enterprises 3495 }
+        cacheSystem   OBJECT IDENTIFIER ::= { squid 1 }
+        cacheConfig   OBJECT IDENTIFIER ::= { squid 2 }
+        cachePerf     OBJECT IDENTIFIER ::= { squid 3 }
+        cacheNetwork  OBJECT IDENTIFIER ::= { squid 4 }
+        cacheMesh     OBJECT IDENTIFIER ::= { squid 5 }
 
 --
 -- cacheSystem group { squid 1 }
 --
 
         cacheSysVMsize OBJECT-TYPE
-	        SYNTAX Integer32
-		MAX-ACCESS read-only
-		STATUS current
-		DESCRIPTION
-			" Storage Mem size in KB "
-	::= { cacheSystem 1 }
-
-	cacheSysStorage OBJECT-TYPE
-		SYNTAX Integer32
-		MAX-ACCESS read-only
+                SYNTAX Integer32
+                MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " Storage Swap size in KB "
+                        "Storage Mem size in KB"
+        ::= { cacheSystem 1 }
+
+        cacheSysStorage OBJECT-TYPE
+                SYNTAX Integer32
+                MAX-ACCESS read-only
+                STATUS current
+                DESCRIPTION
+                        "Storage Swap size in KB"
         ::= { cacheSystem 2 }
 
-	cacheUptime  OBJECT-TYPE
+        cacheUptime  OBJECT-TYPE
                 SYNTAX TimeTicks
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " The Uptime of the cache in timeticks "
-	::= { cacheSystem 3 }
+                        "The Uptime of the cache in timeticks"
+        ::= { cacheSystem 3 }
 
 --
 -- cacheConfig group { squid 2 }
@@ -89,20 +98,20 @@
 -- Contains configuration information including peers etc.
 --
 
-	cacheAdmin OBJECT-TYPE
-		SYNTAX DisplayString
-		MAX-ACCESS read-only
+        cacheAdmin OBJECT-TYPE
+                SYNTAX DisplayString
+                MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " Cache Administrator E-Mail address "
-	::= { cacheConfig 1 }
+                        "Cache Administrator E-Mail address"
+        ::= { cacheConfig 1 }
 
         cacheSoftware OBJECT-TYPE
                 SYNTAX DisplayString
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " Cache Software Name "
+                        "Cache Software Name"
         ::= { cacheConfig 2 }
 
         cacheVersionId OBJECT-TYPE
@@ -110,29 +119,31 @@
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " Cache Software Version "
+                        "Cache Software Version"
         ::= { cacheConfig 3 }
 
-	cacheLoggingFacility OBJECT-TYPE
-		SYNTAX DisplayString
-		MAX-ACCESS read-write
-		STATUS current
-		DESCRIPTION
-			" Logging Facility. An informational string
-			  indicating logging info like debug level,
-			  local/syslog/remote logging etc "
-	::= { cacheConfig 4 }
-
--- cacheStorageConfig group
+        cacheLoggingFacility OBJECT-TYPE
+                SYNTAX DisplayString
+                MAX-ACCESS read-write
+                STATUS current
+                DESCRIPTION
+                        "Logging Facility. An informational string
+                        indicating logging info like debug level,
+                        local/syslog/remote logging etc"
+        ::= { cacheConfig 4 }
+
+        --
+        -- cacheStorageConfig group
+        --
 
-	cacheStorageConfig OBJECT IDENTIFIER ::= { cacheConfig 5 }
+        cacheStorageConfig OBJECT IDENTIFIER ::= { cacheConfig 5 }
 
-	cacheMemMaxSize OBJECT-TYPE
+        cacheMemMaxSize OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " The value of the cache_mem parameter in MB "
+                        "The value of the cache_mem parameter in MB"
         ::= { cacheStorageConfig 1 }
 
         cacheSwapMaxSize OBJECT-TYPE
@@ -140,7 +151,7 @@
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " The total of the cache_dir space allocated in MB "
+                        "The total of the cache_dir space allocated in MB"
         ::= { cacheStorageConfig 2 }
 
         cacheSwapHighWM OBJECT-TYPE
@@ -148,7 +159,7 @@
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " Cache Swap High Water Mark "
+                        "Cache Swap High Water Mark"
         ::= { cacheStorageConfig 3 }
 
         cacheSwapLowWM OBJECT-TYPE
@@ -156,37 +167,38 @@
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " Cache Swap Low Water Mark "
+                        "Cache Swap Low Water Mark"
         ::= { cacheStorageConfig 4 }
 
--- end of  cacheStorageConfig group
+        --
+        -- end of  cacheStorageConfig group
+        --
 
-	cacheUniqName OBJECT-TYPE
-		SYNTAX DisplayString
-		MAX-ACCESS read-only
+        cacheUniqName OBJECT-TYPE
+                SYNTAX DisplayString
+                MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " Cache unique host name "
-	::= { cacheConfig 6 }
-
+                        "Cache unique host name"
+        ::= { cacheConfig 6 }
 
 --
 -- cachePerformance group { squid 3 }
 --
 
-	cacheSysPerf    OBJECT IDENTIFIER ::= { cachePerf 1 }
+        cacheSysPerf    OBJECT IDENTIFIER ::= { cachePerf 1 }
         cacheProtoStats OBJECT IDENTIFIER ::= { cachePerf 2 }
 
-	--
-	-- cacheSysPerf
-	--
+        --
+        -- cacheSysPerf
+        --
 
         cacheSysPageFaults OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " Page faults with physical i/o "
+                        "Page faults with physical i/o"
         ::= { cacheSysPerf 1 }
 
         cacheSysNumReads OBJECT-TYPE
@@ -194,350 +206,351 @@
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " HTTP I/O number of reads "
-       	::= { cacheSysPerf 2 }
+                        "HTTP I/O number of reads"
+        ::= { cacheSysPerf 2 }
 
-	cacheMemUsage OBJECT-TYPE
-		SYNTAX Integer32
-		MAX-ACCESS read-only
-		STATUS 	current
-		DESCRIPTION
-			" Total memory accounted for KB "
-	::= { cacheSysPerf 3 }
-
-	cacheCpuTime OBJECT-TYPE
-		SYNTAX Integer32
-		MAX-ACCESS read-only
+        cacheMemUsage OBJECT-TYPE
+                SYNTAX Integer32
+                MAX-ACCESS read-only
+                STATUS current
+                DESCRIPTION
+                        "Total memory accounted for KB"
+        ::= { cacheSysPerf 3 }
+
+        cacheCpuTime OBJECT-TYPE
+                SYNTAX Integer32
+                MAX-ACCESS read-only
                 STATUS  current
                 DESCRIPTION
-                        " Amount of cpu seconds consumed "
-	::= { cacheSysPerf 4 }
+                        "Amount of cpu seconds consumed"
+        ::= { cacheSysPerf 4 }
 
-	cacheCpuUsage OBJECT-TYPE
+        cacheCpuUsage OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS  current
                 DESCRIPTION
-                        " The percentage use of the CPU "
+                        "The percentage use of the CPU"
         ::= { cacheSysPerf 5 }
 
-	cacheMaxResSize OBJECT-TYPE
+        cacheMaxResSize OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS  current
                 DESCRIPTION
-                        " Maximum Resident Size in KB "
+                        "Maximum Resident Size in KB"
         ::= { cacheSysPerf 6 }
 
-	cacheNumObjCount OBJECT-TYPE
+        cacheNumObjCount OBJECT-TYPE
                 SYNTAX Gauge32
-		MAX-ACCESS read-only
+                MAX-ACCESS read-only
                 STATUS  current
                 DESCRIPTION
-                        " Number of objects stored by the cache "
+                        "Number of objects stored by the cache"
         ::= { cacheSysPerf 7 }
 
         cacheCurrentLRUExpiration OBJECT-TYPE
                 SYNTAX TimeTicks
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Storage LRU Expiration Age "
+                DESCRIPTION
+                        "Storage LRU Expiration Age"
         ::= { cacheSysPerf 8 }
 
         cacheCurrentUnlinkRequests OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Requests given to unlinkd "
+                DESCRIPTION
+                        "Requests given to unlinkd"
         ::= { cacheSysPerf 9 }
 
         cacheCurrentUnusedFDescrCnt OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Available number of file descriptors "
+                DESCRIPTION
+                        "Available number of file descriptors"
         ::= { cacheSysPerf 10 }
 
-	cacheCurrentResFileDescrCnt  OBJECT-TYPE
+        cacheCurrentResFileDescrCnt  OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Reserved number of file descriptors "
+                DESCRIPTION
+                        "Reserved number of file descriptors"
         ::= { cacheSysPerf 11 }
 
-	cacheCurrentFileDescrCnt  OBJECT-TYPE
+        cacheCurrentFileDescrCnt  OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of file descriptors in use "
+                DESCRIPTION
+                        "Number of file descriptors in use"
         ::= { cacheSysPerf 12 }
 
-	cacheCurrentFileDescrMax  OBJECT-TYPE
+        cacheCurrentFileDescrMax  OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Highest file descriptors in use "
+                DESCRIPTION
+                        "Highest file descriptors in use"
         ::= { cacheSysPerf 13 }
 
-	--
-	-- cacheProtoStats
-	--
+--
+-- cacheProtoStats
+--
 
-		-- cacheProtoAggregateStats
-		--
+        --
+        -- cacheProtoAggregateStats
+        --
 
-	cacheProtoAggregateStats OBJECT IDENTIFIER ::= { cacheProtoStats 1 }
+        cacheProtoAggregateStats OBJECT IDENTIFIER ::= { cacheProtoStats 1 }
 
 
-	cacheProtoClientHttpRequests  OBJECT-TYPE
+        cacheProtoClientHttpRequests  OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of HTTP requests received "
+                DESCRIPTION
+                        "Number of HTTP requests received"
         ::= { cacheProtoAggregateStats 1 }
 
         cacheHttpHits OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of HTTP Hits "
+                DESCRIPTION
+                        "Number of HTTP Hits"
         ::= { cacheProtoAggregateStats 2 }
 
         cacheHttpErrors OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of HTTP Errors "
+                DESCRIPTION
+                        "Number of HTTP Errors"
         ::= { cacheProtoAggregateStats 3 }
 
         cacheHttpInKb OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of HTTP KB's received "
+                DESCRIPTION
+                        "Number of HTTP KB's received"
         ::= { cacheProtoAggregateStats 4 }
 
         cacheHttpOutKb OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " Number of HTTP KB's transmitted "
+                DESCRIPTION
+                        "Number of HTTP KB's transmitted"
         ::= { cacheProtoAggregateStats 5 }
 
-	cacheIcpPktsSent OBJECT-TYPE
+        cacheIcpPktsSent OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " Number of ICP messages sent "
+                DESCRIPTION
+                        "Number of ICP messages sent"
         ::= { cacheProtoAggregateStats 6 }
 
-	cacheIcpPktsRecv OBJECT-TYPE
+        cacheIcpPktsRecv OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " Number of ICP messages received "
+                DESCRIPTION
+                        "Number of ICP messages received"
         ::= { cacheProtoAggregateStats 7 }
 
         cacheIcpKbSent OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " Number of ICP KB's transmitted "
+                DESCRIPTION
+                        "Number of ICP KB's transmitted"
         ::= { cacheProtoAggregateStats 8 }
 
         cacheIcpKbRecv OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " Number of ICP KB's received "
+                DESCRIPTION
+                        "Number of ICP KB's received"
         ::= { cacheProtoAggregateStats 9 }
 
         cacheServerRequests OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " All requests from the client for the cache server "
+                DESCRIPTION
+                        "All requests from the client for the cache server"
         ::= { cacheProtoAggregateStats 10 }
 
         cacheServerErrors OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " All errors for the cache server from client requests "
+                DESCRIPTION
+                        "All errors for the cache server from client requests"
         ::= { cacheProtoAggregateStats 11 }
 
-	cacheServerInKb OBJECT-TYPE
+        cacheServerInKb OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " KB's of traffic received from servers "
+                DESCRIPTION
+                        "KB's of traffic received from servers"
         ::= { cacheProtoAggregateStats 12 }
 
         cacheServerOutKb OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " KB's of traffic sent to servers "
+                DESCRIPTION
+                        "KB's of traffic sent to servers"
         ::= { cacheProtoAggregateStats 13 }
 
-	cacheCurrentSwapSize OBJECT-TYPE
+        cacheCurrentSwapSize OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " Storage Swap size "
+                DESCRIPTION
+                        "Storage Swap size"
         ::= { cacheProtoAggregateStats 14 }
 
        cacheClients OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " Number of clients accessing cache "
+                DESCRIPTION
+                        "Number of clients accessing cache"
         ::= { cacheProtoAggregateStats 15 }
 
-	--
-	-- cacheProtoMedianSvcStats group
-	--
-	-- This is a table, indexed by the interval we want statistics for
-	-- Example: cacheDnsSvcTime.10 gives 10-min medians for Dns Service Time.
+        --
+        -- cacheProtoMedianSvcStats group
+        --
+        -- This is a table, indexed by the interval we want statistics for
+        -- Example: cacheDnsSvcTime.10 gives 10-min medians for Dns Service Time.
 
-	cacheMedianSvcTable OBJECT-TYPE
+        cacheMedianSvcTable OBJECT-TYPE
                 SYNTAX SEQUENCE OF CacheMedianSvcEntry
                 MAX-ACCESS not-accessible
                 STATUS current
                 DESCRIPTION
-                        " CacheMedianSvcTable "
-	::= { cacheProtoStats 2 }
+                        "CacheMedianSvcTable"
+        ::= { cacheProtoStats 2 }
 
         cacheMedianSvcEntry OBJECT-TYPE
                 SYNTAX CacheMedianSvcEntry
                 MAX-ACCESS not-accessible
                 STATUS current
                 DESCRIPTION
-                        " An entry in cacheMedianSvcTable "
+                        "An entry in cacheMedianSvcTable"
                 INDEX   { cacheMedianTime }
         ::= { cacheMedianSvcTable 1 }
 
         CacheMedianSvcEntry ::= SEQUENCE {
-		cacheMedianTime		Integer32,
-		cacheHttpAllSvcTime 	Integer32,
-		cacheHttpMissSvcTime 	Integer32,
-		cacheHttpNmSvcTime 	Integer32,
-		cacheHttpHitSvcTime 	Integer32,
-		cacheIcpQuerySvcTime 	Integer32,
-		cacheIcpReplySvcTime 	Integer32,
-		cacheDnsSvcTime		Integer32,
-		cacheRequestHitRatio	Integer32,
-		cacheRequestByteRatio	Integer32,
-		cacheHttpNhSvcTime	Integer32
-	}
+                cacheMedianTime         Integer32,
+                cacheHttpAllSvcTime     Integer32,
+                cacheHttpMissSvcTime    Integer32,
+                cacheHttpNmSvcTime      Integer32,
+                cacheHttpHitSvcTime     Integer32,
+                cacheIcpQuerySvcTime    Integer32,
+                cacheIcpReplySvcTime    Integer32,
+                cacheDnsSvcTime         Integer32,
+                cacheRequestHitRatio    Integer32,
+                cacheRequestByteRatio   Integer32,
+                cacheHttpNhSvcTime      Integer32
+        }
 
-	cacheMedianTime OBJECT-TYPE
+        cacheMedianTime OBJECT-TYPE
                 SYNTAX Integer32 (1|5|60)
                 MAX-ACCESS not-accessible
                 STATUS current
-		DESCRIPTION
-                        " The value used to index the table 1/5/60"
+                DESCRIPTION
+                        "The value used to index the table 1/5/60"
         ::= { cacheMedianSvcEntry 1 }
 
-	cacheHttpAllSvcTime OBJECT-TYPE
+        cacheHttpAllSvcTime OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " HTTP all service time "
+                DESCRIPTION
+                        "HTTP all service time"
         ::= { cacheMedianSvcEntry 2 }
 
-	cacheHttpMissSvcTime OBJECT-TYPE
+        cacheHttpMissSvcTime OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " HTTP miss service time "
+                DESCRIPTION
+                        "HTTP miss service time"
         ::= { cacheMedianSvcEntry 3 }
 
-	cacheHttpNmSvcTime OBJECT-TYPE
+        cacheHttpNmSvcTime OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " HTTP hit not-modified service time "
+                DESCRIPTION
+                        "HTTP hit not-modified service time"
         ::= { cacheMedianSvcEntry 4 }
 
-	cacheHttpHitSvcTime OBJECT-TYPE
+        cacheHttpHitSvcTime OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " HTTP hit service time "
+                DESCRIPTION
+                        "HTTP hit service time"
         ::= { cacheMedianSvcEntry 5 }
 
-	cacheIcpQuerySvcTime OBJECT-TYPE
+        cacheIcpQuerySvcTime OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " ICP query service time "
+                DESCRIPTION
+                        "ICP query service time"
         ::= { cacheMedianSvcEntry 6 }
 
-	cacheIcpReplySvcTime OBJECT-TYPE
+        cacheIcpReplySvcTime OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " ICP reply service time "
+                DESCRIPTION
+                        "ICP reply service time"
         ::= { cacheMedianSvcEntry 7 }
 
-	cacheDnsSvcTime OBJECT-TYPE
+        cacheDnsSvcTime OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " DNS service time "
+                DESCRIPTION
+                        "DNS service time"
         ::= { cacheMedianSvcEntry 8 }
 
         cacheRequestHitRatio OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " Request Hit Ratios "
+                DESCRIPTION
+                        "Request Hit Ratios"
         ::= { cacheMedianSvcEntry 9 }
 
         cacheRequestByteRatio OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " Byte Hit Ratios "
+                DESCRIPTION
+                        "Byte Hit Ratios"
         ::= { cacheMedianSvcEntry 10 }
 
-	cacheHttpNhSvcTime OBJECT-TYPE
+        cacheHttpNhSvcTime OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-                        " HTTP refresh hit service time "
+                DESCRIPTION
+                        "HTTP refresh hit service time"
         ::= { cacheMedianSvcEntry 11 }
 
 --
@@ -547,510 +560,507 @@
 -- will reside here until the both the Proxy and Squid MIBs are implimented.
 --
 
-	cacheIpCache	OBJECT IDENTIFIER ::= { cacheNetwork 1 }
-	cacheFqdnCache	OBJECT IDENTIFIER ::= { cacheNetwork 2 }
-	cacheDns	OBJECT IDENTIFIER ::= { cacheNetwork 3 }
+        cacheIpCache    OBJECT IDENTIFIER ::= { cacheNetwork 1 }
+        cacheFqdnCache  OBJECT IDENTIFIER ::= { cacheNetwork 2 }
+        cacheDns        OBJECT IDENTIFIER ::= { cacheNetwork 3 }
 
 --
 -- cacheIpCache
 --
 
-	cacheIpEntries OBJECT-TYPE
+        cacheIpEntries OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" IP Cache Entries "
+                DESCRIPTION
+                        "IP Cache Entries"
         ::= { cacheIpCache 1 }
 
-	cacheIpRequests OBJECT-TYPE
+        cacheIpRequests OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of IP Cache requests "
+                DESCRIPTION
+                        "Number of IP Cache requests"
         ::= { cacheIpCache 2 }
 
-	cacheIpHits OBJECT-TYPE
+        cacheIpHits OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of IP Cache hits "
+                DESCRIPTION
+                        "Number of IP Cache hits"
         ::= { cacheIpCache 3 }
 
-	cacheIpPendingHits OBJECT-TYPE
+        cacheIpPendingHits OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of IP Cache pending hits "
+                DESCRIPTION
+                        "Number of IP Cache pending hits"
         ::= { cacheIpCache 4 }
 
-	cacheIpNegativeHits OBJECT-TYPE
+        cacheIpNegativeHits OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of IP Cache negative hits "
+                DESCRIPTION
+                        "Number of IP Cache negative hits"
         ::= { cacheIpCache 5 }
 
-	cacheIpMisses OBJECT-TYPE
+        cacheIpMisses OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of IP Cache misses "
+                DESCRIPTION
+                        "Number of IP Cache misses"
         ::= { cacheIpCache 6 }
 
-	cacheBlockingGetHostByName OBJECT-TYPE
+        cacheBlockingGetHostByName OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of blocking gethostbyname requests "
+                DESCRIPTION
+                        "Number of blocking gethostbyname requests"
         ::= { cacheIpCache 7 }
 
-	cacheAttemptReleaseLckEntries OBJECT-TYPE
+        cacheAttemptReleaseLckEntries OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of attempts to release locked IP Cache entries "
+                DESCRIPTION
+                        "Number of attempts to release locked IP Cache entries"
         ::= { cacheIpCache 8 }
 
 --
 -- cacheFqdnCache
 --
 
-	cacheFqdnEntries OBJECT-TYPE
+        cacheFqdnEntries OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" FQDN Cache entries "
+                DESCRIPTION
+                        "FQDN Cache entries"
         ::= { cacheFqdnCache 1 }
 
-	cacheFqdnRequests OBJECT-TYPE
+        cacheFqdnRequests OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of FQDN Cache requests "
+                DESCRIPTION
+                        "Number of FQDN Cache requests"
         ::= { cacheFqdnCache 2 }
 
-	cacheFqdnHits OBJECT-TYPE
+        cacheFqdnHits OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of FQDN Cache hits "
+                DESCRIPTION
+                        "Number of FQDN Cache hits"
         ::= { cacheFqdnCache 3 }
 
-	cacheFqdnPendingHits OBJECT-TYPE
+        cacheFqdnPendingHits OBJECT-TYPE
                 SYNTAX Gauge32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of FQDN Cache pending hits "
+                DESCRIPTION
+                        "Number of FQDN Cache pending hits"
         ::= { cacheFqdnCache 4 }
 
-	cacheFqdnNegativeHits OBJECT-TYPE
+        cacheFqdnNegativeHits OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of FQDN Cache negative hits "
+                DESCRIPTION
+                        "Number of FQDN Cache negative hits"
         ::= { cacheFqdnCache 5 }
 
-	cacheFqdnMisses OBJECT-TYPE
+        cacheFqdnMisses OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of FQDN Cache misses "
+                DESCRIPTION
+                        "Number of FQDN Cache misses"
         ::= { cacheFqdnCache 6 }
 
-	cacheBlockingGetHostByAddr OBJECT-TYPE
+        cacheBlockingGetHostByAddr OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of blocking gethostbyaddr requests "
+                DESCRIPTION
+                        "Number of blocking gethostbyaddr requests"
         ::= { cacheFqdnCache 7 }
 
 --
---	cacheDNS
+--      cacheDNS
 --
 
-	cacheDnsRequests OBJECT-TYPE
+        cacheDnsRequests OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of external DNS server requests "
+                DESCRIPTION
+                        "Number of external DNS server requests"
         ::= { cacheDns 1 }
 
-	cacheDnsReplies OBJECT-TYPE
+        cacheDnsReplies OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of external DNS server replies "
+                DESCRIPTION
+                        "Number of external DNS server replies"
         ::= { cacheDns 2 }
 
-	cacheDnsNumberServers OBJECT-TYPE
+        cacheDnsNumberServers OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of external DNS server processes "
+                DESCRIPTION
+                        "Number of external DNS server processes"
         ::= { cacheDns 3 }
-	
+
 --
 -- cacheMesh group { squid 5 }
 --
 
-	cachePeerTable OBJECT-TYPE
-		SYNTAX SEQUENCE OF CachePeerTableEntry
-		MAX-ACCESS not-accessible
-		STATUS current
-		DESCRIPTION
-			" This table contains an enumeration of
-			  the peer caches, complete with info "
+        CachePeerTableIndex ::= TEXTUAL-CONVENTION
+                DISPLAY-HINT "d"
+                STATUS current
+                DESCRIPTION
+                        "A unique value, greater than zero for each
+                        cache peer instance in the managed
+                        system. It is recommended that values are assigned
+                        contiguously starting from 1. The value for each
+                        cache peer index must remain constant
+                        at least from one re-initialization of the entity's
+                        network management system to the next
+                        re-initialization."
+                SYNTAX    Integer32 (1..2147483647)
+
+        ValidPort ::= TEXTUAL-CONVENTION
+                DISPLAY-HINT "d"
+                STATUS current
+                DESCRIPTION
+                        "A integer value from 1 to 65535 to indicate
+                        the appropriate port number for the connection."
+                SYNTAX    Integer32 (1..65535)
+
+        cachePeerTable OBJECT-TYPE
+                SYNTAX SEQUENCE OF CachePeerEntry
+                MAX-ACCESS not-accessible
+                STATUS current
+                DESCRIPTION
+                        "This table contains an enumeration of
+                        the peer caches, complete with info"
         ::= { cacheMesh 1 }
 
-	cachePeerEntry OBJECT-TYPE
-		SYNTAX CachePeerTableEntry
-		MAX-ACCESS not-accessible
-		STATUS current
-		DESCRIPTION
-			" An entry in cachePeerTable (version 3) "
-		INDEX 	{ cachePeerIndex }
-	::= { cachePeerTable 3 }
-
-	CachePeerTableEntry ::= SEQUENCE {
-	  cachePeerIndex	CachePeerTableIndex, 
-	  cachePeerName		DisplayString,
-	  cachePeerAddressType  InetAddressType,
-	  cachePeerAddress      InetAddress,
-	  cachePeerPortHttp 	ValidPort,
-	  cachePeerPortIcp	ValidPort,
-	  cachePeerType 	Integer32,
-	  cachePeerState	Integer32,
-	  cachePeerPingsSent	Counter32,
-	  cachePeerPingsAcked	Counter32,
-	  cachePeerFetches	Counter32,
-	  cachePeerRtt		Integer32,
-	  cachePeerIgnored	Counter32,
-	  cachePeerKeepAlSent	Counter32,
-	  cachePeerKeepAlRecv	Counter32
-	}
-	
-	ValidPort ::= TEXTUAL-CONVENTION
-             DISPLAY-HINT "d"
-             STATUS       current
-             DESCRIPTION
-				"A integer value from 1 to 65535 to indicate 
-				the appropriate port number for the connection."
-			SYNTAX       Integer32 (1..65535)
-	
-	CachePeerTableIndex ::= TEXTUAL-CONVENTION
-             DISPLAY-HINT "d"
-             STATUS       current
-             DESCRIPTION
-               "A unique value, greater than zero for each
-               cache peer instance in the managed
-               system. It is recommended that values are assigned
-               contiguously starting from 1. The value for each
-               cache peer index must remain constant
-               at least from one re-initialization of the entity's
-               network management system to the next
-               re-initialization."
-             SYNTAX       Integer32 (1..2147483647)
-
-
-	cachePeerIndex OBJECT-TYPE
-		SYNTAX CachePeerTableIndex
-		MAX-ACCESS read-only
-		STATUS current
-		DESCRIPTION
-			   "A unique non-zero value identifying
-			     the particular cache Peer."
-	::= { cachePeerEntry 1 }
-
-	cachePeerName OBJECT-TYPE
-		SYNTAX DisplayString
-		MAX-ACCESS read-only
-		STATUS current
-		DESCRIPTION
-			  " The FQDN name or internal alias for the
-		      	    peer cache "
-	::= { cachePeerEntry 2 }
-
-	cachePeerAddressType OBJECT-TYPE
-	SYNTAX      InetAddressType
-	MAX-ACCESS  read-only
-	STATUS      current
-	DESCRIPTION
-		"The type of Internet address by which the peer
-		cache is reachable."
-
-	::= { cachePeerEntry 3 }
-
-	cachePeerAddress OBJECT-TYPE
-	SYNTAX      InetAddress (SIZE (1..64))
-	MAX-ACCESS  read-only
-	STATUS      current
-	DESCRIPTION
-	"The Internet address for the peer cache.  The type of this
-	 address is determined by the value of the peerAddressType
-         object.  Note that implementations must limit themselves
-         to a single entry in this table per reachable peer.
-         The peerAddress may not be empty due to the SIZE
-         restriction.
-
-         If a row is created administratively by an SNMP
-         operation and the address type value is dns(16), then
-         the agent stores the DNS name internally.  A DNS name
-         lookup must be performed on the internally stored DNS
-         name whenever it is being used to contact the peer.
-
-         If a row is created by the managed entity itself and
-         the address type value is dns(16), then the agent
-         stores the IP address internally.  A DNS reverse lookup
-         must be performed on the internally stored IP address
-         whenever the value is retrieved via SNMP."
-	 ::= { cachePeerEntry 4 }
+        cachePeerEntry OBJECT-TYPE
+                SYNTAX CachePeerEntry
+                MAX-ACCESS not-accessible
+                STATUS current
+                DESCRIPTION
+                        "An entry in cachePeerTable (version 3)"
+                INDEX  { cachePeerIndex }
+        ::= { cachePeerTable 3 }
+
+        CachePeerEntry ::= SEQUENCE {
+                cachePeerIndex         CachePeerTableIndex,
+                cachePeerName          DisplayString,
+                cachePeerAddressType   InetAddressType,
+                cachePeerAddress       InetAddress,
+                cachePeerPortHttp      ValidPort,
+                cachePeerPortIcp       ValidPort,
+                cachePeerType          Integer32,
+                cachePeerState         Integer32,
+                cachePeerPingsSent     Counter32,
+                cachePeerPingsAcked    Counter32,
+                cachePeerFetches       Counter32,
+                cachePeerRtt           Integer32,
+                cachePeerIgnored       Counter32,
+                cachePeerKeepAlSent    Counter32,
+                cachePeerKeepAlRecv    Counter32
+        }
+        cachePeerIndex OBJECT-TYPE
+                SYNTAX CachePeerTableIndex
+                MAX-ACCESS read-only
+                STATUS current
+                DESCRIPTION
+                        "A unique non-zero value identifying
+                        the particular cache Peer."
+        ::= { cachePeerEntry 1 }
 
+        cachePeerName OBJECT-TYPE
+                SYNTAX DisplayString
+                MAX-ACCESS read-only
+                STATUS current
+                DESCRIPTION
+                        "The FQDN name or internal alias for the
+                        peer cache"
+        ::= { cachePeerEntry 2 }
 
-	cachePeerPortHttp OBJECT-TYPE
+        cachePeerAddressType OBJECT-TYPE
+                SYNTAX InetAddressType
+                MAX-ACCESS read-only
+                STATUS current
+                DESCRIPTION
+                        "The type of Internet address by which the peer
+                        cache is reachable."
+        ::= { cachePeerEntry 3 }
+
+        cachePeerAddress OBJECT-TYPE
+                SYNTAX InetAddress (SIZE (1..64))
+                MAX-ACCESS read-only
+                STATUS current
+                DESCRIPTION
+                        "The Internet address for the peer cache.  The type of this
+                        address is determined by the value of the peerAddressType
+                        object.  Note that implementations must limit themselves
+                        to a single entry in this table per reachable peer.
+                        The peerAddress may not be empty due to the SIZE
+                        restriction.
+
+                        If a row is created administratively by an SNMP
+                        operation and the address type value is dns(16), then
+                        the agent stores the DNS name internally.  A DNS name
+                        lookup must be performed on the internally stored DNS
+                        name whenever it is being used to contact the peer.
+
+                        If a row is created by the managed entity itself and
+                        the address type value is dns(16), then the agent
+                        stores the IP address internally.  A DNS reverse lookup
+                        must be performed on the internally stored IP address
+                        whenever the value is retrieved via SNMP."
+        ::= { cachePeerEntry 4 }
+
+
+        cachePeerPortHttp OBJECT-TYPE
                 SYNTAX ValidPort
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" The port the peer listens for HTTP requests "
+                DESCRIPTION
+                        "The port the peer listens for HTTP requests"
         ::= { cachePeerEntry 5 }
 
-	cachePeerPortIcp OBJECT-TYPE
+        cachePeerPortIcp OBJECT-TYPE
                 SYNTAX ValidPort
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" The port the peer listens for ICP requests
-			  should be 0 if not configured to send ICP requests "
+                DESCRIPTION
+                        "The port the peer listens for ICP requests
+                        should be 0 if not configured to send ICP requests"
         ::= { cachePeerEntry 6 }
 
-	cachePeerType OBJECT-TYPE
+        cachePeerType OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
                 DESCRIPTION
-                        " Peer Type "
-	::= { cachePeerEntry 7 }
+                        "Peer Type"
+        ::= { cachePeerEntry 7 }
 
-	cachePeerState OBJECT-TYPE
+        cachePeerState OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" The operational state of this peer "
+                DESCRIPTION
+                        "The operational state of this peer"
         ::= { cachePeerEntry 8 }
 
         cachePeerPingsSent OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of pings sent to peer "
+                DESCRIPTION
+                        "Number of pings sent to peer"
         ::= { cachePeerEntry 9 }
 
         cachePeerPingsAcked OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of pings received from peer "
+                DESCRIPTION
+                        "Number of pings received from peer"
         ::= {  cachePeerEntry 10 }
 
         cachePeerFetches OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of times this peer was selected  "
+                DESCRIPTION
+                        "Number of times this peer was selected"
         ::= { cachePeerEntry 11 }
 
         cachePeerRtt OBJECT-TYPE
                 SYNTAX Integer32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Last known round-trip time to the peer (in ms) "
+                DESCRIPTION
+                        "Last known round-trip time to the peer (in ms)"
         ::= { cachePeerEntry 12 }
 
         cachePeerIgnored OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" How many times this peer was ignored "
+                DESCRIPTION
+                        "How many times this peer was ignored"
         ::= { cachePeerEntry 13 }
 
         cachePeerKeepAlSent OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of keepalives sent "
+                DESCRIPTION
+                        "Number of keepalives sent"
         ::= { cachePeerEntry 14 }
 
         cachePeerKeepAlRecv OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-		DESCRIPTION
-			" Number of keepalives received "
+                DESCRIPTION
+                        "Number of keepalives received"
         ::= { cachePeerEntry 15 }
 
 ---
 --- Table of cache's clients, with statistics. Children caches can be identified
 --- by non-zero number of ICP requests (unless browsers start using ICP).
----	
+---
 
         cacheClientTable OBJECT-TYPE
-           SYNTAX  SEQUENCE OF CacheClientEntry
-           MAX-ACCESS  not-accessible
-           STATUS  current
-           DESCRIPTION
-                    "A list of cache client entries."
-       	::= { cacheMesh 2 }
-
-	cacheClientEntry OBJECT-TYPE
-           SYNTAX CacheClientEntry
-           MAX-ACCESS  not-accessible
-           STATUS  current
-           DESCRIPTION
-                    "An IP entry in cacheClientTable "
-	   INDEX { cacheClientAddress }
-	::= { cacheClientTable 2 }
-
-	CacheClientEntry ::= SEQUENCE {
-		cacheClientAddressType  InetAddressType,
-		cacheClientAddress      InetAddress,
-               	cacheClientHttpRequests	Counter32,
-               	cacheClientHttpKb 	Counter32,
-               	cacheClientHttpHits 	Counter32,
-               	cacheClientHTTPHitKb	Counter32,
-		cacheClientIcpRequests	Counter32,
-		cacheClientIcpKb 	Counter32,
-               	cacheClientIcpHits 	Counter32,
-               	cacheClientIcpHitKb	Counter32
-	}
+                SYNTAX SEQUENCE OF CacheClientEntry
+                MAX-ACCESS not-accessible
+                STATUS current
+                DESCRIPTION
+                        "A list of cache client entries"
+        ::= { cacheMesh 2 }
+
+        cacheClientEntry OBJECT-TYPE
+                SYNTAX CacheClientEntry
+                MAX-ACCESS not-accessible
+                STATUS current
+                DESCRIPTION
+                        "An IP entry in cacheClientTable"
+                INDEX { cacheClientAddress }
+        ::= { cacheClientTable 2 }
+
+        CacheClientEntry ::= SEQUENCE {
+                cacheClientAddressType   InetAddressType,
+                cacheClientAddress       InetAddress,
+                cacheClientHttpRequests  Counter32,
+                cacheClientHttpKb        Counter32,
+                cacheClientHttpHits      Counter32,
+                cacheClientHTTPHitKb     Counter32,
+                cacheClientIcpRequests   Counter32,
+                cacheClientIcpKb         Counter32,
+                cacheClientIcpHits       Counter32,
+                cacheClientIcpHitKb      Counter32
+        }
 
-	cacheClientAddressType OBJECT-TYPE
+        cacheClientAddressType OBJECT-TYPE
                 SYNTAX InetAddressType
                 MAX-ACCESS read-only
                 STATUS current
-           	DESCRIPTION
-                    "The client's IP address "
+                DESCRIPTION
+                        "The client's IP address"
         ::= { cacheClientEntry 1 }
 
-	cacheClientAddress OBJECT-TYPE
-	SYNTAX      InetAddress (SIZE (1..64))
-	MAX-ACCESS  read-only
-	STATUS      current
-	DESCRIPTION
-	"The Internet address for the client.  The type of this
-	 address is determined by the value of the peerAddressType
-         object.  Note that implementations must limit themselves
-         to a single entry in this table per reachable peer.
-         The peerAddress may not be empty due to the SIZE
-         restriction.
-
-         If a row is created administratively by an SNMP
-         operation and the address type value is dns(16), then
-         the agent stores the DNS name internally.  A DNS name
-         lookup must be performed on the internally stored DNS
-         name whenever it is being used to contact the peer.
-
-         If a row is created by the managed entity itself and
-         the address type value is dns(16), then the agent
-         stores the IP address internally.  A DNS reverse lookup
-         must be performed on the internally stored IP address
-         whenever the value is retrieved via SNMP."
-	 ::= { cacheClientEntry 2 }
+        cacheClientAddress OBJECT-TYPE
+                SYNTAX      InetAddress (SIZE (1..64))
+                MAX-ACCESS  read-only
+                STATUS      current
+                DESCRIPTION
+                        "The Internet address for the client.  The type of this
+                        address is determined by the value of the peerAddressType
+                        object.  Note that implementations must limit themselves
+                        to a single entry in this table per reachable peer.
+                        The peerAddress may not be empty due to the SIZE
+                        restriction.
+
+                        If a row is created administratively by an SNMP
+                        operation and the address type value is dns(16), then
+                        the agent stores the DNS name internally.  A DNS name
+                        lookup must be performed on the internally stored DNS
+                        name whenever it is being used to contact the peer.
+
+                        If a row is created by the managed entity itself and
+                        the address type value is dns(16), then the agent
+                        stores the IP address internally.  A DNS reverse lookup
+                        must be performed on the internally stored IP address
+                        whenever the value is retrieved via SNMP."
+        ::= { cacheClientEntry 2 }
 
-	cacheClientHttpRequests OBJECT-TYPE
+        cacheClientHttpRequests OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-           	DESCRIPTION
-                    " Number of HTTP requests received from client "
+                DESCRIPTION
+                        "Number of HTTP requests received from client"
         ::= { cacheClientEntry 3 }
 
-	cacheClientHttpKb OBJECT-TYPE
+        cacheClientHttpKb OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-           	DESCRIPTION
-                    " Amount of total HTTP traffic to this client  "
+                DESCRIPTION
+                        "Amount of total HTTP traffic to this client"
         ::= { cacheClientEntry 4 }
 
         cacheClientHttpHits OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-           	DESCRIPTION
-                    " Number of hits in response to this client's HTTP requests "
+                DESCRIPTION
+                        "Number of hits in response to this client's HTTP requests"
         ::= { cacheClientEntry 5 }
 
         cacheClientHTTPHitKb OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-           	DESCRIPTION
-                    " Amount of HTTP hit traffic in KB "
+                DESCRIPTION
+                        "Amount of HTTP hit traffic in KB"
         ::= { cacheClientEntry 6 }
 
-	cacheClientIcpRequests OBJECT-TYPE
+        cacheClientIcpRequests OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-           	DESCRIPTION
-                    " Number of ICP requests received from client "
+                DESCRIPTION
+                        "Number of ICP requests received from client"
         ::= { cacheClientEntry 7 }
 
-	cacheClientIcpKb OBJECT-TYPE
+        cacheClientIcpKb OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-           	DESCRIPTION
-                    " Amount of total ICP traffic to this client (child) "
+                DESCRIPTION
+                        "Amount of total ICP traffic to this client (child)"
         ::= { cacheClientEntry 8 }
 
         cacheClientIcpHits OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-           	DESCRIPTION
-                    " Number of hits in response to this client's ICP requests "
+                DESCRIPTION
+                        "Number of hits in response to this client's ICP requests"
         ::= { cacheClientEntry 9 }
 
         cacheClientIcpHitKb OBJECT-TYPE
                 SYNTAX Counter32
                 MAX-ACCESS read-only
                 STATUS current
-           	DESCRIPTION
-                    " Amount of ICP hit traffic in KB "
+                DESCRIPTION
+                        "Amount of ICP hit traffic in KB"
         ::= { cacheClientEntry 10 }
 
-	-- end of cacheClientTable
+-- end of cacheClientTable
 
+-- end of cacheMesh group
 
-    -- end of cacheMesh group
-
+--
 -- end of SQUID-MIB
 --
-END
 
+END
diff -u -r -N squid-5.5/src/security/cert_validators/fake/security_fake_certverify.8 squid-5.6/src/security/cert_validators/fake/security_fake_certverify.8
--- squid-5.5/src/security/cert_validators/fake/security_fake_certverify.8	2022-04-13 20:38:01.000000000 +1200
+++ squid-5.6/src/security/cert_validators/fake/security_fake_certverify.8	2022-06-06 10:47:33.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SECURITY_FAKE_CERTVERIFY 8"
-.TH SECURITY_FAKE_CERTVERIFY 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH SECURITY_FAKE_CERTVERIFY 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/src/snmp_core.cc squid-5.6/src/snmp_core.cc
--- squid-5.5/src/snmp_core.cc	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/src/snmp_core.cc	2022-06-06 10:11:52.000000000 +1200
@@ -212,7 +212,7 @@
     /* cachePeerTable - 1.3.6.1.4.1.3495.1.5.1 */
     snmpAddNodeStr("1.3.6.1.4.1.3495.1.5", MESH_PTBL, NULL, NULL);
 
-    /* CachePeerTableEntry (version 3) - 1.3.6.1.4.1.3495.1.5.1.3 */
+    /* CachePeerEntry (version 3) - 1.3.6.1.4.1.3495.1.5.1.3 */
     snmpAddNodeStr("1.3.6.1.4.1.3495.1.5.1", 3, NULL, NULL);
     snmpAddNodeStr("1.3.6.1.4.1.3495.1.5.1.3", MESH_PTBL_INDEX, snmp_meshPtblFn, peer_Inst);
     snmpAddNodeStr("1.3.6.1.4.1.3495.1.5.1.3", MESH_PTBL_NAME, snmp_meshPtblFn, peer_Inst);
diff -u -r -N squid-5.5/src/store/id_rewriters/file/storeid_file_rewrite.8 squid-5.6/src/store/id_rewriters/file/storeid_file_rewrite.8
--- squid-5.5/src/store/id_rewriters/file/storeid_file_rewrite.8	2022-04-13 20:37:59.000000000 +1200
+++ squid-5.6/src/store/id_rewriters/file/storeid_file_rewrite.8	2022-06-06 10:47:31.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "STOREID_FILE_REWRITE 8"
-.TH STOREID_FILE_REWRITE 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH STOREID_FILE_REWRITE 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/test-suite/Makefile.am squid-5.6/test-suite/Makefile.am
--- squid-5.5/test-suite/Makefile.am	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/test-suite/Makefile.am	2022-06-06 10:11:52.000000000 +1200
@@ -88,7 +88,7 @@
 
 stub_libmem.cc: $(top_srcdir)/src/tests/stub_libmem.cc STUB.h
 	cp $(top_srcdir)/src/tests/stub_libmem.cc $@
-	
+
 STUB.h: $(top_srcdir)/src/tests/STUB.h
 	cp $(top_srcdir)/src/tests/STUB.h $@
 
diff -u -r -N squid-5.5/test-suite/testheaders.sh squid-5.6/test-suite/testheaders.sh
--- squid-5.5/test-suite/testheaders.sh	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/test-suite/testheaders.sh	2022-06-06 10:11:52.000000000 +1200
@@ -35,7 +35,7 @@
 #include "${f}"
 int main( int argc, char* argv[] ) { return 0; }
 EOF
-        if ${cc} -c -o $t.o $t.cc ; then 
+        if ${cc} -c -o $t.o $t.cc ; then
             echo "Ok."
         else
             echo "Fail."
diff -u -r -N squid-5.5/tools/helper-mux/helper-mux.8 squid-5.6/tools/helper-mux/helper-mux.8
--- squid-5.5/tools/helper-mux/helper-mux.8	2022-04-13 20:38:01.000000000 +1200
+++ squid-5.6/tools/helper-mux/helper-mux.8	2022-06-06 10:47:33.000000000 +1200
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "HELPER-MUX 8"
-.TH HELPER-MUX 8 "2022-04-13" "perl v5.34.0" "User Contributed Perl Documentation"
+.TH HELPER-MUX 8 "2022-06-05" "perl v5.34.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-5.5/tools/purge/conffile.hh squid-5.6/tools/purge/conffile.hh
--- squid-5.5/tools/purge/conffile.hh	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/tools/purge/conffile.hh	2022-06-06 10:11:52.000000000 +1200
@@ -69,7 +69,7 @@
 typedef std::vector<CacheDir> CacheDirVector;
 
 int
-readConfigFile( CacheDirVector& cachedir, 
+readConfigFile( CacheDirVector& cachedir,
 		const char* fn,
 		FILE* debug = 0 );
   // purpose: read squid.conf file and extract cache_dir entries
diff -u -r -N squid-5.5/tools/purge/convert.hh squid-5.6/tools/purge/convert.hh
--- squid-5.5/tools/purge/convert.hh	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/tools/purge/convert.hh	2022-06-06 10:11:52.000000000 +1200
@@ -72,7 +72,7 @@
 const char*
 my_sock_ntoa( const struct sockaddr_in& a, SockAddress buffer );
   // purpose: thread-safely convert IPv4 socket pair into ASCII rep.
-  // paramtr: a (IN): socket_in address 
+  // paramtr: a (IN): socket_in address
   //          buffer (OUT): storage area to store representation into.
   // returns: pointer to buffer
 
diff -u -r -N squid-5.5/tools/purge/socket.hh squid-5.6/tools/purge/socket.hh
--- squid-5.5/tools/purge/socket.hh	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/tools/purge/socket.hh	2022-06-06 10:11:52.000000000 +1200
@@ -118,13 +118,13 @@
   // paramtr: host (IN): address describing the server
   //          port (IN): port to connect at the server
   //          nodelay (IN): true=set TCP_NODELAY option.
-  //          sendBufferSize (IN): don't set (use sys defaults) if < 0 
-  //          recvBufferSize (IN): don't set (use sys defaults) if < 0 
+  //          sendBufferSize (IN): don't set (use sys defaults) if < 0
+  //          recvBufferSize (IN): don't set (use sys defaults) if < 0
   // returns: >=0 is the descriptor of the opened, connected socket,
   //          -1  is an indication of an error (errno may have been reset).
 
 int
-serverSocket( struct in_addr host, unsigned short port, 
+serverSocket( struct in_addr host, unsigned short port,
 	      int backlog = SOMAXCONN, bool reuse = true, bool nodelay = false,
 	      int sendBufferSize = -1, int recvBufferSize = -1 );
   // purpose: open a server socket for listening
@@ -134,8 +134,8 @@
   //          reuse (IN): set SO_REUSEADDR option - default usefully
   //          nodelay (IN): true=set TCP_NODELAY option.
   //            SETTING TCP_NODELAY ON A SERVER SOCKET DOES NOT MAKE SENSE!
-  //          sendBufferSize (IN): don't set (use sys defaults) if < 0 
-  //          recvBufferSize (IN): don't set (use sys defaults) if < 0 
+  //          sendBufferSize (IN): don't set (use sys defaults) if < 0
+  //          recvBufferSize (IN): don't set (use sys defaults) if < 0
   // returns: opened listening fd, or -1 on error.
   // warning: error message will be printed on stderr and errno reset.
 
diff -u -r -N squid-5.5/tools/purge/squid-tlv.hh squid-5.6/tools/purge/squid-tlv.hh
--- squid-5.5/tools/purge/squid-tlv.hh	2022-04-13 17:26:01.000000000 +1200
+++ squid-5.6/tools/purge/squid-tlv.hh	2022-06-06 10:11:52.000000000 +1200
@@ -59,8 +59,8 @@
 // taken from Squid-2.x
 // NOTE!  We must preserve the order of this list!
 enum SquidMetaType {
-  STORE_META_VOID,		// should not come up 
-  STORE_META_KEY_URL,		// key w/ keytype 
+  STORE_META_VOID,		// should not come up
+  STORE_META_KEY_URL,		// key w/ keytype
   STORE_META_KEY_SHA,
   STORE_META_KEY_MD5,
   STORE_META_URL,		// the url , if not in the header