diff -u -r -N squid-6.5/ChangeLog squid-6.6/ChangeLog
--- squid-6.5/ChangeLog	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/ChangeLog	2023-12-07 14:36:15.000000000 +1300
@@ -1,3 +1,16 @@
+Changes in squid-6.6 (5 Dec 2023):
+
+	- Bug 5328: Fix ESI build with libxml2 v2.12.0
+	- Bug 5319: QOS Netfilter MARK preservation is always disabled
+	- Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data"
+	- Bug 5317: FATAL attempt to read data from memory
+	- Bug 5154: Do not open IPv6 sockets when IPv6 is disabled
+	- FTP: Ignore credentials with a NUL-prefixed username
+	- log_db_daemon: Fix DSN construction
+	- Limit the number of allowed X-Forwarded-For hops
+	- Do not update StoreEntry expiration after errorAppendEntry()
+	- improve handling of response sending errors
+
 Changes in squid-6.5 (5 Nov 2023):
 
 	- Bug 5309: frequent "lowestOffset () <= target_offset" assertion
diff -u -r -N squid-6.5/configure squid-6.6/configure
--- squid-6.5/configure	2023-11-06 17:32:33.000000000 +1300
+++ squid-6.6/configure	2023-12-07 16:28:45.000000000 +1300
@@ -1,7 +1,7 @@
 #! /bin/sh
 # From configure.ac Revision.
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for Squid Web Proxy 6.5.
+# Generated by GNU Autoconf 2.71 for Squid Web Proxy 6.6.
 #
 # Report bugs to <https://bugs.squid-cache.org/>.
 #
@@ -626,8 +626,8 @@
 # Identity of this package.
 PACKAGE_NAME='Squid Web Proxy'
 PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='6.5'
-PACKAGE_STRING='Squid Web Proxy 6.5'
+PACKAGE_VERSION='6.6'
+PACKAGE_STRING='Squid Web Proxy 6.6'
 PACKAGE_BUGREPORT='https://bugs.squid-cache.org/'
 PACKAGE_URL=''
 
@@ -1696,7 +1696,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Squid Web Proxy 6.5 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 6.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1767,7 +1767,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Squid Web Proxy 6.5:";;
+     short | recursive ) echo "Configuration of Squid Web Proxy 6.6:";;
    esac
   cat <<\_ACEOF
 
@@ -2187,7 +2187,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Squid Web Proxy configure 6.5
+Squid Web Proxy configure 6.6
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -3200,7 +3200,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Squid Web Proxy $as_me 6.5, which was
+It was created by Squid Web Proxy $as_me 6.6, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -4692,7 +4692,7 @@
 
 # Define the identity of the package.
  PACKAGE='squid'
- VERSION='6.5'
+ VERSION='6.6'
 
 
 printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -54911,7 +54911,7 @@
 
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: ZPH QOS enabled: $enable_zph_qos" >&5
 printf "%s\n" "$as_me: ZPH QOS enabled: $enable_zph_qos" >&6;}
-if test "x$enable_zph_qos" = "xyes"]
+if test "x$enable_zph_qos" = "xyes"
 then :
 
   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: QOS netfilter mark preservation enabled: $with_netfilter_conntrack" >&5
@@ -56854,7 +56854,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Squid Web Proxy $as_me 6.5, which was
+This file was extended by Squid Web Proxy $as_me 6.6, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -56922,7 +56922,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-Squid Web Proxy config.status 6.5
+Squid Web Proxy config.status 6.6
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 
diff -u -r -N squid-6.5/configure.ac squid-6.6/configure.ac
--- squid-6.5/configure.ac	2023-11-06 17:32:33.000000000 +1300
+++ squid-6.6/configure.ac	2023-12-07 16:28:45.000000000 +1300
@@ -5,7 +5,7 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-AC_INIT([Squid Web Proxy],[6.5],[https://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[6.6],[https://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)
@@ -2965,7 +2965,7 @@
           [Enable Zero Penalty Hit QOS. When set, Squid will alter the
            TOS field of HIT responses to help policing network traffic])
 AC_MSG_NOTICE([ZPH QOS enabled: $enable_zph_qos])
-AS_IF(test "x$enable_zph_qos" = "xyes"],[
+AS_IF([test "x$enable_zph_qos" = "xyes"],[
   AC_MSG_NOTICE([QOS netfilter mark preservation enabled: $with_netfilter_conntrack])
   SQUID_DEFINE_BOOL(USE_LIBNETFILTERCONNTRACK,${with_netfilter_conntrack:=no},
     [Enable support for QOS netfilter mark preservation])
diff -u -r -N squid-6.5/doc/release-notes/release-6.html squid-6.6/doc/release-notes/release-6.html
--- squid-6.5/doc/release-notes/release-6.html	2023-11-06 17:36:30.000000000 +1300
+++ squid-6.6/doc/release-notes/release-6.html	2023-12-07 16:33:16.000000000 +1300
@@ -3,10 +3,10 @@
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.83">
  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
- <TITLE>Squid 6.5 release notes</TITLE>
+ <TITLE>Squid 6.6 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 6.5 release notes</H1>
+<H1>Squid 6.6 release notes</H1>
 
 <H2>Squid Developers</H2>
 <P>
@@ -59,7 +59,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-6.5 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-6.6 for testing.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v6/">http://www.squid-cache.org/Versions/v6/</A> or the
 <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
diff -u -r -N squid-6.5/include/version.h squid-6.6/include/version.h
--- squid-6.5/include/version.h	2023-11-06 17:32:33.000000000 +1300
+++ squid-6.6/include/version.h	2023-12-07 16:28:45.000000000 +1300
@@ -10,7 +10,7 @@
 #define SQUID_VERSION_H
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1699245141
+#define SQUID_RELEASE_TIME 1701919714
 #endif
 
 /*
diff -u -r -N squid-6.5/RELEASENOTES.html squid-6.6/RELEASENOTES.html
--- squid-6.5/RELEASENOTES.html	2023-11-06 17:36:30.000000000 +1300
+++ squid-6.6/RELEASENOTES.html	2023-12-07 16:33:16.000000000 +1300
@@ -3,10 +3,10 @@
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.83">
  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
- <TITLE>Squid 6.5 release notes</TITLE>
+ <TITLE>Squid 6.6 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 6.5 release notes</H1>
+<H1>Squid 6.6 release notes</H1>
 
 <H2>Squid Developers</H2>
 <P>
@@ -59,7 +59,7 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-6.5 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-6.6 for testing.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v6/">http://www.squid-cache.org/Versions/v6/</A> or the
 <A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
diff -u -r -N squid-6.5/src/acl/external/delayer/ext_delayer_acl.8 squid-6.6/src/acl/external/delayer/ext_delayer_acl.8
--- squid-6.5/src/acl/external/delayer/ext_delayer_acl.8	2023-11-06 17:36:35.000000000 +1300
+++ squid-6.6/src/acl/external/delayer/ext_delayer_acl.8	2023-12-07 16:33:19.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_DELAYER_ACL 8"
-.TH EXT_DELAYER_ACL 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH EXT_DELAYER_ACL 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8 squid-6.6/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8
--- squid-6.5/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8	2023-11-06 17:36:35.000000000 +1300
+++ squid-6.6/src/acl/external/kerberos_sid_group/ext_kerberos_sid_group_acl.8	2023-12-07 16:33:19.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_KERBEROS_SID_GROUP_ACL 8"
-.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH EXT_KERBEROS_SID_GROUP_ACL 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/acl/external/SQL_session/ext_sql_session_acl.8 squid-6.6/src/acl/external/SQL_session/ext_sql_session_acl.8
--- squid-6.5/src/acl/external/SQL_session/ext_sql_session_acl.8	2023-11-06 17:36:35.000000000 +1300
+++ squid-6.6/src/acl/external/SQL_session/ext_sql_session_acl.8	2023-12-07 16:33:19.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_SQL_SESSION_ACL 8"
-.TH EXT_SQL_SESSION_ACL 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8 squid-6.6/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-6.5/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8	2023-11-06 17:36:35.000000000 +1300
+++ squid-6.6/src/acl/external/wbinfo_group/ext_wbinfo_group_acl.8	2023-12-07 16:33:20.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "EXT_WBINFO_GROUP_ACL 8"
-.TH EXT_WBINFO_GROUP_ACL 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/auth/basic/DB/basic_db_auth.8 squid-6.6/src/auth/basic/DB/basic_db_auth.8
--- squid-6.5/src/auth/basic/DB/basic_db_auth.8	2023-11-06 17:36:36.000000000 +1300
+++ squid-6.6/src/auth/basic/DB/basic_db_auth.8	2023-12-07 16:33:21.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_DB_AUTH 8"
-.TH BASIC_DB_AUTH 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/auth/basic/POP3/basic_pop3_auth.8 squid-6.6/src/auth/basic/POP3/basic_pop3_auth.8
--- squid-6.5/src/auth/basic/POP3/basic_pop3_auth.8	2023-11-06 17:36:36.000000000 +1300
+++ squid-6.6/src/auth/basic/POP3/basic_pop3_auth.8	2023-12-07 16:33:21.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "BASIC_POP3_AUTH 8"
-.TH BASIC_POP3_AUTH 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH BASIC_POP3_AUTH 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/cache_manager.cc squid-6.6/src/cache_manager.cc
--- squid-6.5/src/cache_manager.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/cache_manager.cc	2023-12-07 14:36:15.000000000 +1300
@@ -332,7 +332,6 @@
         err->url = xstrdup(entry->url());
         err->detailError(new ExceptionErrorDetail(Here().id()));
         errorAppendEntry(entry, err);
-        entry->expires = squid_curtime;
         return;
     }
 
diff -u -r -N squid-6.5/src/ClientRequestContext.h squid-6.6/src/ClientRequestContext.h
--- squid-6.5/src/ClientRequestContext.h	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/ClientRequestContext.h	2023-12-07 14:36:15.000000000 +1300
@@ -78,8 +78,13 @@
 #if USE_OPENSSL
     bool sslBumpCheckDone = false;
 #endif
-    ErrorState *error = nullptr; ///< saved error page for centralized/delayed processing
+
     bool readNextRequest = false; ///< whether Squid should read after error handling
+    ErrorState *error = nullptr; ///< saved error page for centralized/delayed processing
+
+#if FOLLOW_X_FORWARDED_FOR
+    size_t currentXffHopNumber = 0; ///< number of X-Forwarded-For header values processed so far
+#endif
 };
 
 #endif /* SQUID_CLIENTREQUESTCONTEXT_H */
diff -u -r -N squid-6.5/src/clients/FtpGateway.cc squid-6.6/src/clients/FtpGateway.cc
--- squid-6.5/src/clients/FtpGateway.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/clients/FtpGateway.cc	2023-12-07 14:36:15.000000000 +1300
@@ -402,6 +402,12 @@
     if (login.isEmpty())
         return;
 
+    if (!login[0]) {
+        debugs(9, 2, "WARNING: Ignoring FTP credentials that start with a NUL character");
+        // TODO: Either support credentials with NUL characters (in any position) or ban all of them.
+        return;
+    }
+
     const SBuf::size_type colonPos = login.find(':');
 
     /* If there was a username part with at least one character use it.
@@ -1042,9 +1048,8 @@
     /* Test URL login syntax. Overrides any headers received. */
     loginParser(request->url.userInfo(), true);
 
-    /* name is missing. that's fatal. */
-    if (!user[0])
-        fatal("FTP login parsing destroyed username info");
+    // XXX: We we keep default "anonymous" instead of properly supporting empty usernames.
+    Assure(user[0]);
 
     /* name + password == success */
     if (password[0])
diff -u -r -N squid-6.5/src/client_side_request.cc squid-6.6/src/client_side_request.cc
--- squid-6.5/src/client_side_request.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/client_side_request.cc	2023-12-07 14:36:15.000000000 +1300
@@ -74,6 +74,11 @@
 #endif
 
 #if FOLLOW_X_FORWARDED_FOR
+
+#if !defined(SQUID_X_FORWARDED_FOR_HOP_MAX)
+#define SQUID_X_FORWARDED_FOR_HOP_MAX 64
+#endif
+
 static void clientFollowXForwardedForCheck(Acl::Answer answer, void *data);
 #endif /* FOLLOW_X_FORWARDED_FOR */
 
@@ -438,8 +443,16 @@
                 /* override the default src_addr tested if we have to go deeper than one level into XFF */
                 Filled(calloutContext->acl_checklist)->src_addr = request->indirect_client_addr;
             }
-            calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data);
-            return;
+            if (++calloutContext->currentXffHopNumber < SQUID_X_FORWARDED_FOR_HOP_MAX) {
+                calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data);
+                return;
+            }
+            const auto headerName = Http::HeaderLookupTable.lookup(Http::HdrType::X_FORWARDED_FOR).name;
+            debugs(28, DBG_CRITICAL, "ERROR: Ignoring trailing " << headerName << " addresses" <<
+                   Debug::Extra << "addresses allowed by follow_x_forwarded_for: " << calloutContext->currentXffHopNumber <<
+                   Debug::Extra << "last/accepted address: " << request->indirect_client_addr <<
+                   Debug::Extra << "ignored trailing addresses: " << request->x_forwarded_for_iterator);
+            // fall through to resume clientAccessCheck() processing
         }
     }
 
diff -u -r -N squid-6.5/src/comm.cc squid-6.6/src/comm.cc
--- squid-6.5/src/comm.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/comm.cc	2023-12-07 14:36:15.000000000 +1300
@@ -364,6 +364,12 @@
     /* Create socket for accepting new connections. */
     ++ statCounter.syscalls.sock.sockets;
 
+    if (!Ip::EnableIpv6 && addr.isIPv6()) {
+        debugs(50, 2, "refusing to open an IPv6 socket when IPv6 support is disabled: " << addr);
+        errno = ENOTSUP;
+        return -1;
+    }
+
     /* Setup the socket addrinfo details for use */
     addr.getAddrInfo(AI);
     AI->ai_socktype = sock_type;
diff -u -r -N squid-6.5/src/esi/Libxml2Parser.cc squid-6.6/src/esi/Libxml2Parser.cc
--- squid-6.5/src/esi/Libxml2Parser.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/esi/Libxml2Parser.cc	2023-12-07 14:36:15.000000000 +1300
@@ -144,7 +144,7 @@
 char const *
 ESILibxml2Parser::errorString() const
 {
-    xmlErrorPtr error = xmlGetLastError();
+    const auto error = xmlGetLastError();
 
     if (error == nullptr)
         return nullptr;
diff -u -r -N squid-6.5/src/http/url_rewriters/LFS/url_lfs_rewrite.8 squid-6.6/src/http/url_rewriters/LFS/url_lfs_rewrite.8
--- squid-6.5/src/http/url_rewriters/LFS/url_lfs_rewrite.8	2023-11-06 17:36:37.000000000 +1300
+++ squid-6.6/src/http/url_rewriters/LFS/url_lfs_rewrite.8	2023-12-07 16:33:22.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "URL_LFS_REWRITE 8"
-.TH URL_LFS_REWRITE 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH URL_LFS_REWRITE 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/ip/Address.cc squid-6.6/src/ip/Address.cc
--- squid-6.5/src/ip/Address.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/ip/Address.cc	2023-12-07 14:36:15.000000000 +1300
@@ -623,7 +623,7 @@
             && dst->ai_protocol == 0)
         dst->ai_protocol = IPPROTO_UDP;
 
-    if (force == AF_INET6 || (force == AF_UNSPEC && Ip::EnableIpv6 && isIPv6()) ) {
+    if (force == AF_INET6 || (force == AF_UNSPEC && isIPv6()) ) {
         dst->ai_addr = (struct sockaddr*)new sockaddr_in6;
 
         memset(dst->ai_addr,0,sizeof(struct sockaddr_in6));
diff -u -r -N squid-6.5/src/ip/Intercept.cc squid-6.6/src/ip/Intercept.cc
--- squid-6.5/src/ip/Intercept.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/ip/Intercept.cc	2023-12-07 14:36:15.000000000 +1300
@@ -15,6 +15,7 @@
 #include "comm/Connection.h"
 #include "fde.h"
 #include "ip/Intercept.h"
+#include "ip/tools.h"
 #include "src/tools.h"
 
 #include <cerrno>
@@ -416,6 +417,13 @@
 
     debugs(3, 3, "Detect TPROXY support on port " << test);
 
+    if (!Ip::EnableIpv6 && test.isIPv6() && !test.setIPv4()) {
+        debugs(3, DBG_CRITICAL, "Cannot use TPROXY for " << test << " because IPv6 support is disabled");
+        if (doneSuid)
+            leave_suid();
+        return false;
+    }
+
     int tos = 1;
     int tmp_sock = -1;
 
diff -u -r -N squid-6.5/src/log/DB/log_db_daemon.8 squid-6.6/src/log/DB/log_db_daemon.8
--- squid-6.5/src/log/DB/log_db_daemon.8	2023-11-06 17:36:37.000000000 +1300
+++ squid-6.6/src/log/DB/log_db_daemon.8	2023-12-07 16:33:22.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "LOG_DB_DAEMON 8"
-.TH LOG_DB_DAEMON 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/log/DB/log_db_daemon.pl.in squid-6.6/src/log/DB/log_db_daemon.pl.in
--- squid-6.5/src/log/DB/log_db_daemon.pl.in	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/log/DB/log_db_daemon.pl.in	2023-12-07 14:36:15.000000000 +1300
@@ -392,7 +392,7 @@
     );
 
 # perform db connection
-my $dsn = "DBI:mysql:database=$database" . ($host ne "localhost" ? ":$host" : "");
+my $dsn = "DBI:mysql:database=$database" . ($host ne "localhost" ? ";host=$host" : "");
 my $dbh;
 my $sth;
 eval {
diff -u -r -N squid-6.5/src/peer_digest.cc squid-6.6/src/peer_digest.cc
--- squid-6.5/src/peer_digest.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/peer_digest.cc	2023-12-07 14:36:15.000000000 +1300
@@ -396,11 +396,11 @@
         return;
     }
 
-    assert(fetch->pd && receivedData.data);
+    assert(fetch->pd);
     /* The existing code assumes that the received pointer is
      * where we asked the data to be put
      */
-    assert(fetch->buf + fetch->bufofs == receivedData.data);
+    assert(!receivedData.data || fetch->buf + fetch->bufofs == receivedData.data);
 
     /* Update the buffer size */
     fetch->bufofs += receivedData.length;
@@ -682,7 +682,7 @@
     }
 
     /* continue checking (maybe-successful eof case) */
-    if (!reason && !size) {
+    if (!reason && !size && fetch->state != DIGEST_READ_REPLY) {
         if (!pd->cd)
             reason = "null digest?!";
         else if (fetch->mask_offset != pd->cd->mask_size)
diff -u -r -N squid-6.5/src/security/cert_validators/fake/security_fake_certverify.8 squid-6.6/src/security/cert_validators/fake/security_fake_certverify.8
--- squid-6.5/src/security/cert_validators/fake/security_fake_certverify.8	2023-11-06 17:36:38.000000000 +1300
+++ squid-6.6/src/security/cert_validators/fake/security_fake_certverify.8	2023-12-07 16:33:22.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "SECURITY_FAKE_CERTVERIFY 8"
-.TH SECURITY_FAKE_CERTVERIFY 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH SECURITY_FAKE_CERTVERIFY 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/servers/Server.cc squid-6.6/src/servers/Server.cc
--- squid-6.5/src/servers/Server.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/servers/Server.cc	2023-12-07 14:36:15.000000000 +1300
@@ -204,8 +204,14 @@
 
     Must(io.conn->fd == clientConnection->fd);
 
-    if (io.flag && pipeline.front())
-        pipeline.front()->initiateClose("write failure");
+    if (io.flag) {
+        debugs(33, 2, "bailing after a write failure: " << xstrerr(io.xerrno));
+        LogTagsErrors lte;
+        lte.timedout = io.xerrno == ETIMEDOUT;
+        lte.aborted = !lte.timedout; // intentionally true for zero io.xerrno
+        terminateAll(Error(ERR_WRITE_ERROR, SysErrorDetail::NewIfAny(io.xerrno)), lte);
+        return;
+    }
 
     afterClientWrite(io.size); // update state
     writeSomeData(); // maybe schedules another write
diff -u -r -N squid-6.5/src/store/id_rewriters/file/storeid_file_rewrite.8 squid-6.6/src/store/id_rewriters/file/storeid_file_rewrite.8
--- squid-6.5/src/store/id_rewriters/file/storeid_file_rewrite.8	2023-11-06 17:36:35.000000000 +1300
+++ squid-6.6/src/store/id_rewriters/file/storeid_file_rewrite.8	2023-12-07 16:33:20.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "STOREID_FILE_REWRITE 8"
-.TH STOREID_FILE_REWRITE 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH STOREID_FILE_REWRITE 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff -u -r -N squid-6.5/src/store_client.cc squid-6.6/src/store_client.cc
--- squid-6.5/src/store_client.cc	2023-11-06 16:41:43.000000000 +1300
+++ squid-6.6/src/store_client.cc	2023-12-07 14:36:15.000000000 +1300
@@ -409,8 +409,9 @@
             return; // failure
     }
 
-    // send any immediately available body bytes even if we also sendHttpHeaders
-    if (canReadFromMemory()) {
+    // Send any immediately available body bytes unless we sendHttpHeaders.
+    // TODO: Send those body bytes when we sendHttpHeaders as well.
+    if (!sendHttpHeaders && canReadFromMemory()) {
         readFromMemory();
         noteNews(); // will sendHttpHeaders (if needed) as well
         flags.store_copying = false;
@@ -496,6 +497,7 @@
 {
     const auto &mem = entry->mem();
     const auto memReadOffset = nextHttpReadOffset();
+    // XXX: This (lo <= offset < end) logic does not support Content-Range gaps.
     return mem.inmem_lo <= memReadOffset && memReadOffset < mem.endOffset() &&
            parsingBuffer->spaceSize();
 }
diff -u -r -N squid-6.5/tools/helper-mux/helper-mux.8 squid-6.6/tools/helper-mux/helper-mux.8
--- squid-6.5/tools/helper-mux/helper-mux.8	2023-11-06 17:36:38.000000000 +1300
+++ squid-6.6/tools/helper-mux/helper-mux.8	2023-12-07 16:33:23.000000000 +1300
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "HELPER-MUX 8"
-.TH HELPER-MUX 8 "2023-11-06" "perl v5.36.0" "User Contributed Perl Documentation"
+.TH HELPER-MUX 8 "2023-12-07" "perl v5.36.0" "User Contributed Perl Documentation"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l