diff -u -r -N squid-3.1.0.9/ChangeLog squid-3.1.0.10/ChangeLog
--- squid-3.1.0.9/ChangeLog	2009-06-26 22:35:27.000000000 +1200
+++ squid-3.1.0.10/ChangeLog	2009-07-18 16:16:09.000000000 +1200
@@ -1,3 +1,29 @@
+Changes to squid-3.1.0.10 (18 Jul 2009):
+
+	- Bug 2680: Regression Crash after rotate with no helpers running
+	- Bug 2695: Regression in WCCPv2 L2 mask assignment
+	- Bug 2707: Regression in FTP anonymous auth
+	- Bug 422, 2706: RFC 2616 Date header requirements
+	- Bug 1087: ESI processor not quoting attributes correctly.
+	- Bug 1338: File prefetches aborted despite range_offset
+	- Bug 2080: wbinfo_group.pl - false positive under certain conditions
+	- Bug 2092: select loop 32-bit call counter overflows
+	- Bug 2127: delay pools class 4 crashes with ntlm auth
+	- Bug 2611: document fast/slow acl types
+	- Bug 2614: Potential loss of adapted body data from eCAP adapters
+	- Bug 2658: Missing TextException copy constructor
+	- Bug 2659: String length overflows on append, leading to segfaults
+	- Bug 2699: Build failure NTLM smb_lm helper
+	- Bug 2709: TRANSLATIONS not installed
+	- Bug 2710: squid_kerb_auth non-terminated string
+	- Delay pools 64-bit buckets and IPv6-polish
+	- Break forwarding loops for "transparent" or "intercept" http_ports.
+	- Add --disable-translation option to detatch .po from error negotiation
+	- Add squidclient man(1) page
+	- Add localhost to default permitted networks
+	- http_port allow-direct option to allow direct forwarding in accelerator mode
+	- ... and many testing infrastructure updates
+
 Changes to squid-3.1.0.9 (26 Jun 2009):
 
 	- Bug 2682: Add ftp_epsv control to disable EPSV support.
diff -u -r -N squid-3.1.0.9/configure squid-3.1.0.10/configure
--- squid-3.1.0.9/configure	2009-06-26 22:36:16.000000000 +1200
+++ squid-3.1.0.10/configure	2009-07-18 16:17:06.000000000 +1200
@@ -1,7 +1,7 @@
 #! /bin/sh
 # From configure.in Revision: 1.497 .
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.1.0.9.
+# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.1.0.10.
 #
 # Report bugs to <http://www.squid-cache.org/bugs/>.
 #
@@ -751,8 +751,8 @@
 # Identity of this package.
 PACKAGE_NAME='Squid Web Proxy'
 PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.1.0.9'
-PACKAGE_STRING='Squid Web Proxy 3.1.0.9'
+PACKAGE_VERSION='3.1.0.10'
+PACKAGE_STRING='Squid Web Proxy 3.1.0.10'
 PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/'
 
 ac_unique_file="src/main.cc"
@@ -1104,6 +1104,7 @@
 enable_ipv6
 with_ipv6_split_stack
 enable_gnuregex
+enable_translation
 with_po2html
 enable_auto_locale
 '
@@ -1677,7 +1678,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.1.0.9 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.1.0.10 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1747,7 +1748,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of Squid Web Proxy 3.1.0.9:";;
+     short | recursive ) echo "Configuration of Squid Web Proxy 3.1.0.10:";;
    esac
   cat <<\_ACEOF
 
@@ -1935,6 +1936,13 @@
                           is usually only required on Windows and very old
                           Unix boxes which do not have their own regex library
                           built in.
+  --disable-translation   Prevent Squid generating localized error page
+                          templates and manuals. Which is usually tried, but
+                          may not be needed.
+ if test "$enableval" = "no" ; then
+    use_translation=no
+  fi
+
   --disable-auto-locale   This prevents Squid providing localized error pages
                           based on the clients request headers. When disabled
                           Squid requires explicit language configuration.
@@ -1984,8 +1992,8 @@
   --with-cppunit-basedir=PATH
                           Path where the cppunit headers are libraries are
                           found for unit testing.
-  --with-ipv6-split-stack Enable experimental split-stack support for Windows
-                          XP. Requires IPv6.
+  --with-ipv6-split-stack Force-Enable experimental split-stack support for
+                          Windows XP and *BSD. Requires IPv6.
   --with-po2html=[[PATH]]
                           absolute path to po2html executable
 
@@ -2071,7 +2079,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-Squid Web Proxy configure 3.1.0.9
+Squid Web Proxy configure 3.1.0.10
 generated by GNU Autoconf 2.62
 
 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -2085,7 +2093,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by Squid Web Proxy $as_me 3.1.0.9, which was
+It was created by Squid Web Proxy $as_me 3.1.0.10, which was
 generated by GNU Autoconf 2.62.  Invocation command line was
 
   $ $0 $@
@@ -2803,7 +2811,7 @@
 
 # Define the identity of the package.
  PACKAGE='squid'
- VERSION='3.1.0.9'
+ VERSION='3.1.0.10'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -5656,7 +5664,7 @@
   ;;
 *-*-irix6*)
   # Find out which ABI we are using.
-  echo '#line 5659 "configure"' > conftest.$ac_ext
+  echo '#line 5667 "configure"' > conftest.$ac_ext
   if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
   (eval $ac_compile) 2>&5
   ac_status=$?
@@ -8278,11 +8286,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8281: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8289: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:8285: \$? = $ac_status" >&5
+   echo "$as_me:8293: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -8568,11 +8576,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8571: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8579: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:8575: \$? = $ac_status" >&5
+   echo "$as_me:8583: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -8672,11 +8680,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:8675: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:8683: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:8679: \$? = $ac_status" >&5
+   echo "$as_me:8687: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -11072,7 +11080,7 @@
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 11075 "configure"
+#line 11083 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11172,7 +11180,7 @@
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<EOF
-#line 11175 "configure"
+#line 11183 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -13581,11 +13589,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:13584: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:13592: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:13588: \$? = $ac_status" >&5
+   echo "$as_me:13596: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -13685,11 +13693,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:13688: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:13696: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:13692: \$? = $ac_status" >&5
+   echo "$as_me:13700: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -15268,11 +15276,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:15271: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:15279: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:15275: \$? = $ac_status" >&5
+   echo "$as_me:15283: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -15372,11 +15380,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:15375: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:15383: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:15379: \$? = $ac_status" >&5
+   echo "$as_me:15387: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -17587,11 +17595,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:17590: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:17598: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:17594: \$? = $ac_status" >&5
+   echo "$as_me:17602: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -17877,11 +17885,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:17880: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:17888: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>conftest.err)
    ac_status=$?
    cat conftest.err >&5
-   echo "$as_me:17884: \$? = $ac_status" >&5
+   echo "$as_me:17892: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s "$ac_outfile"; then
      # The compiler can only warn and ignore the option if not recognized
      # So say no if there are warnings other than the usual output.
@@ -17981,11 +17989,11 @@
    -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
    -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
    -e 's:$: $lt_compiler_flag:'`
-   (eval echo "\"\$as_me:17984: $lt_compile\"" >&5)
+   (eval echo "\"\$as_me:17992: $lt_compile\"" >&5)
    (eval "$lt_compile" 2>out/conftest.err)
    ac_status=$?
    cat out/conftest.err >&5
-   echo "$as_me:17988: \$? = $ac_status" >&5
+   echo "$as_me:17996: \$? = $ac_status" >&5
    if (exit $ac_status) && test -s out/conftest2.$ac_objext
    then
      # The compiler can only warn and ignore the option if not recognized
@@ -48801,6 +48809,13 @@
 fi
 fi
 
+use_translation="yes"
+# Check whether --enable-translation was given.
+if test "${enable_translation+set}" = set; then
+  enableval=$enable_translation;
+fi
+
+if test "$use_translation" = "yes" ; then
 
 
 
@@ -48896,6 +48911,10 @@
 
 
 
+else
+  PO2HTML="off"
+fi
+
 
 use_errlocale=yes
 # Check whether --enable-auto-locale was given.
@@ -48922,10 +48941,8 @@
 #define USE_ERR_LOCALES 0
 _ACEOF
 
-        PO2HTML="off"
 fi
 
-
 XTRA_OBJS=''
 if test "$ac_cv_lib_malloc_main" = "yes" ; then
 	if test -r /usr/lib/debug/malloc.o ; then
@@ -49676,7 +49693,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by Squid Web Proxy $as_me 3.1.0.9, which was
+This file was extended by Squid Web Proxy $as_me 3.1.0.10, which was
 generated by GNU Autoconf 2.62.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -49729,7 +49746,7 @@
 _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_version="\\
-Squid Web Proxy config.status 3.1.0.9
+Squid Web Proxy config.status 3.1.0.10
 configured by $0, generated by GNU Autoconf 2.62,
   with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
 
diff -u -r -N squid-3.1.0.9/configure.in squid-3.1.0.10/configure.in
--- squid-3.1.0.9/configure.in	2009-06-26 22:36:16.000000000 +1200
+++ squid-3.1.0.10/configure.in	2009-07-18 16:17:06.000000000 +1200
@@ -2,7 +2,7 @@
 dnl
 dnl  $Id$
 dnl
-AC_INIT(Squid Web Proxy, 3.1.0.9, http://www.squid-cache.org/bugs/, squid)
+AC_INIT(Squid Web Proxy, 3.1.0.10, http://www.squid-cache.org/bugs/, squid)
 AC_PREREQ(2.52)
 AM_CONFIG_HEADER(include/autoconf.h)
 AC_CONFIG_AUX_DIR(cfgaux)
@@ -2616,17 +2616,17 @@
   AC_DEFINE(USE_IPV6,1,[Enable support for IPv6 ])
   use_v4mapped=yes
 
-dnl Check for Windows XP option
+dnl Check for forced split-stack mode
   AC_MSG_CHECKING([for IPv6 split-stack requirement])
   AC_ARG_WITH(ipv6-split-stack,
     AC_HELP_STRING([--with-ipv6-split-stack],
-		   [Enable experimental split-stack support for Windows XP. Requires IPv6.]),
+		   [Force-Enable experimental split-stack support for Windows XP and *BSD. Requires IPv6.]),
     [ use_v4mapped="no"
       AC_MSG_RESULT(yes)],
     [ AC_MSG_RESULT(no) ])
 
-dnl Check for IPv6 Windows Vista option
-dnl Also useful for other OS with hybrid-stack defaults turned OFF
+dnl Check for IPv6 v4-mapping availability
+dnl Useful for other OS with hybrid-stack defaults turned OFF
 dnl But only usable if it actually works...
   if test "$use_v4mapped" = "yes" ; then
     AC_MSG_CHECKING([for IPv6 v4-mapping ability])
@@ -3776,8 +3776,23 @@
 fi
 fi
 
+dnl Squid will usually attempt to translate when packaging or building from VCS 
+use_translation="yes"
+AC_ARG_ENABLE(translation,
+ AC_HELP_STRING([--disable-translation],
+		[Prevent Squid generating localized error page templates and manuals.
+		 Which is usually tried, but may not be needed.])
+[ if test "$enableval" = "no" ; then
+    use_translation=no
+  fi
+])
 dnl Squid now has .po translation capability, given the right toolkit
-AX_WITH_PROG([PO2HTML],[po2html])
+if test "$use_translation" = "yes" ; then
+  AX_WITH_PROG([PO2HTML],[po2html])
+else
+  PO2HTML="off"
+fi
+AC_SUBST(PO2HTML)
 
 dnl Squid now has limited locale handling ...
 dnl on error pages
@@ -3797,10 +3812,7 @@
 else
     AC_MSG_WARN([Disabling Multi-Language Support])
     AC_DEFINE(USE_ERR_LOCALES,0,[Use multi-language support on error pages])
-    dnl So we don't want to even attempt translation if its forcibly disabled.
-    PO2HTML="off"
 fi
-AC_SUBST(PO2HTML)
 
 dnl Need the debugging version of malloc if available
 XTRA_OBJS=''
diff -u -r -N squid-3.1.0.9/errors/aliases squid-3.1.0.10/errors/aliases
--- squid-3.1.0.9/errors/aliases	2009-06-26 22:35:28.000000000 +1200
+++ squid-3.1.0.10/errors/aliases	2009-07-18 16:16:11.000000000 +1200
@@ -1,2 +1,33 @@
-en	en-nz en-au en-gb en-uk en-ca
+ar	ar-ae ar-bh ar-dz ar-eg ar-iq ar-jo ar-kw ar-lb ar-ly ar-ma ar-om ar-qa ar-sa ar-sy ar-tn ar-ye
+az	az-az
+bg	bg-bg
+cs	cs-cz
+da	da-dk
+de	de-de
+el	el-gr
+en	en-au en-ca en-gb en-nz en-tt en-uk
+es	es-es es-pe
+et	et-ee
+fi	fi-fi
+fr	fr-fr
+he	he-il
+hu	hu-hu
+hy	hy-am
+id	id-id
+it	it-it
+ja	ja-jp
+ko	ko-kr
+lt	lt-lt
+lv	lv-lv
+ms	ms-my
+nl	nl-nl
+pl	pl-pl
+pt	pt-pt
+ro	ro-ro
 ru	ru-ru
+sk	sk-sk
+sr	sr-sp
+sv	sv-se
+th	th-th
+tr	tr-tr
+uk	uk-ua
diff -u -r -N squid-3.1.0.9/errors/alias-link.sh squid-3.1.0.10/errors/alias-link.sh
--- squid-3.1.0.9/errors/alias-link.sh	2009-06-26 22:35:28.000000000 +1200
+++ squid-3.1.0.10/errors/alias-link.sh	2009-07-18 16:16:11.000000000 +1200
@@ -28,6 +28,12 @@
 	if test "${base}" = "#" || test "${base}" = ""; then
 		continue;
 	fi
+	# ignore destination languages that do not exist. (no dead links)
+	if ! test -x ${DIR}/${base} ; then
+		echo "WARNING: ${base} translations do not exist. Nothing to do for: ${aliases}"
+		continue;
+	fi
+
 	# split aliases based on whitespace and create a symlink for each
 	# Remove and replace any pre-existing content/link
 	for alia in ${aliases}; do
diff -u -r -N squid-3.1.0.9/errors/Makefile.am squid-3.1.0.10/errors/Makefile.am
--- squid-3.1.0.9/errors/Makefile.am	2009-06-26 22:35:28.000000000 +1200
+++ squid-3.1.0.10/errors/Makefile.am	2009-07-18 16:16:11.000000000 +1200
@@ -5,25 +5,34 @@
 
 errordir = $(datadir)/errors
 
-
 ##dist-hook eveything
 
 DEFAULT_ERROR_DIR	= $(errordir)
 DEFAULT_STYLESHEET	= $(sysconfdir)/errorpage.css
 
 # List of automated translations possible:
-TRANSLATIONS=`ls -1 $(top_srcdir)/errors/*.po | grep -o -E "[a-z\-]+\.po" | sed s/.po//`
+TRANSLATIONPO=`ls -1 $(top_srcdir)/errors/*.po | grep -o -E "[a-z\-]+\.po" | sed s/.po//`
+TRANSLATIONDIR=`ls -1 $(srcdir) $(builddir) | sed -e 's%$(srcdir)/%%' -e 's%$(builddir)/%%' -e 's%.po%%' `
 
-install-data-local: 
-	for l in $(TRANSLATIONS) templates; do \
+install-data-local:
+	for l in $(TRANSLATIONDIR) ; do \
+	  echo "Located $$l for install..."; \
 	  if test -d $(srcdir)/$$l; then \
 		$(mkinstalldirs) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l && \
 		for f in $(srcdir)/$$l/ERR_*; do \
 			echo "$(INSTALL_DATA) $$f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l"; \
 			$(INSTALL_DATA) $$f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l; \
 		done; \
+	  fi ; \
+	  if test -d $(builddir)/$$l; then \
+		$(mkinstalldirs) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l && \
+		for f in $(builddir)/$$l/ERR_*; do \
+			echo "$(INSTALL_DATA) $$f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l"; \
+			$(INSTALL_DATA) $$f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l; \
+		done; \
 	  fi \
 	done; \
+	$(INSTALL_DATA) $(srcdir)/TRANSLATORS $(DESTDIR)TRANSLATORS; \
 	$(INSTALL_DATA) $(srcdir)/errorpage.css $(DESTDIR)$(DEFAULT_STYLESHEET).default; \
 	if test -f $(DESTDIR)$(DEFAULT_STYLESHEET) ; then \
 		echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_STYLESHEET)" ; \
@@ -35,9 +44,17 @@
 
 
 uninstall-local:
-	for l in $(TRANSLATIONS); do \
-	  if test -d $(srcdir)/errors/$$l; then \
-		for f in $(srcdir)/errors/$$l/ERR_*; do \
+	for l in $(TRANSLATIONDIR) ; do \
+	  echo "Located $$l for uninstall ..."; \
+	  if test -d $(srcdir)/$$l; then \
+		for f in $(srcdir)/$$l/ERR_*; do \
+			if test -f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l/`basename $$f`; then \
+		        	$(RM) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l/`basename $$f`; \
+			fi; \
+		done; \
+	  fi ; \
+	  if test -d $(builddir)/$$l; then \
+		for f in $(builddir)/$$l/ERR_*; do \
 			if test -f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l/`basename $$f`; then \
 		        	$(RM) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l/`basename $$f`; \
 			fi; \
@@ -46,6 +63,7 @@
 	done;
 	@$(SHELL) $(top_srcdir)/scripts/remove-cfg.sh "$(RM)" $(DESTDIR)$(DEFAULT_STYLESHEET)
 	rm -f $(DESTDIR)$(DEFAULT_STYLESHEET).default
+	rm -f $(DESTDIR)TRANSLATORS
 
 ## Upgrade requires the new files to be pre-installed
 upgrade: install
@@ -77,7 +95,7 @@
 	fi
 
 dist-hook: translate
-	for lang in $(TRANSLATIONS); do \
+	for lang in $(TRANSLATIONPO) templates; do \
 	  if test -d $$lang ; then \
 		test -d $(distdir)/$$lang \
 		  || mkdir $(distdir)/$$lang \
@@ -86,7 +104,7 @@
 		  || exit 1; \
 	  fi; \
 	done; \
-	for f in aliases alias-link.sh alias-upgrade errorpage.css; do \
+	for f in aliases alias-link.sh alias-upgrade errorpage.css TRANSLATORS; do \
 		cp -p $(srcdir)/$$f $(distdir)/`basename $$f`; \
 	done;
 
@@ -96,7 +114,7 @@
 	  exit 0; \
 	fi; \
 	if test "$(PO2HTML)" != "" && test "$(PO2HTML)" != "no" && test "$(PO2HTML)" != "off" && test -f $(top_srcdir)/errors/en.po; then \
-	  for lang in $(TRANSLATIONS); do \
+	  for lang in $(TRANSLATIONPO); do \
 		test -d $(top_builddir)/errors/$$lang && $(RM) -r $(top_builddir)/errors/$$lang; \
 		mkdir $(top_builddir)/errors/$$lang || exit 1; \
 		echo -n "Translate '$$lang' ..."; \
diff -u -r -N squid-3.1.0.9/errors/Makefile.in squid-3.1.0.10/errors/Makefile.in
--- squid-3.1.0.9/errors/Makefile.in	2009-06-26 22:35:52.000000000 +1200
+++ squid-3.1.0.10/errors/Makefile.in	2009-07-18 16:16:41.000000000 +1200
@@ -226,7 +226,8 @@
 DEFAULT_STYLESHEET = $(sysconfdir)/errorpage.css
 
 # List of automated translations possible:
-TRANSLATIONS = `ls -1 $(top_srcdir)/errors/*.po | grep -o -E "[a-z\-]+\.po" | sed s/.po//`
+TRANSLATIONPO = `ls -1 $(top_srcdir)/errors/*.po | grep -o -E "[a-z\-]+\.po" | sed s/.po//`
+TRANSLATIONDIR = `ls -1 $(srcdir) $(builddir) | sed -e 's%$(srcdir)/%%' -e 's%$(builddir)/%%' -e 's%.po%%' `
 all: all-am
 
 .SUFFIXES:
@@ -398,16 +399,25 @@
 	ps ps-am uninstall uninstall-am uninstall-local
 
 
-install-data-local: 
-	for l in $(TRANSLATIONS) templates; do \
+install-data-local:
+	for l in $(TRANSLATIONDIR) ; do \
+	  echo "Located $$l for install..."; \
 	  if test -d $(srcdir)/$$l; then \
 		$(mkinstalldirs) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l && \
 		for f in $(srcdir)/$$l/ERR_*; do \
 			echo "$(INSTALL_DATA) $$f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l"; \
 			$(INSTALL_DATA) $$f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l; \
 		done; \
+	  fi ; \
+	  if test -d $(builddir)/$$l; then \
+		$(mkinstalldirs) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l && \
+		for f in $(builddir)/$$l/ERR_*; do \
+			echo "$(INSTALL_DATA) $$f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l"; \
+			$(INSTALL_DATA) $$f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l; \
+		done; \
 	  fi \
 	done; \
+	$(INSTALL_DATA) $(srcdir)/TRANSLATORS $(DESTDIR)TRANSLATORS; \
 	$(INSTALL_DATA) $(srcdir)/errorpage.css $(DESTDIR)$(DEFAULT_STYLESHEET).default; \
 	if test -f $(DESTDIR)$(DEFAULT_STYLESHEET) ; then \
 		echo "$@ will not overwrite existing $(DESTDIR)$(DEFAULT_STYLESHEET)" ; \
@@ -418,9 +428,17 @@
 	$(SHELL) $(srcdir)/alias-link.sh "$(LN)" "$(RM)" "$(DESTDIR)$(DEFAULT_ERROR_DIR)" "$(srcdir)/aliases" || exit 1 ;
 
 uninstall-local:
-	for l in $(TRANSLATIONS); do \
-	  if test -d $(srcdir)/errors/$$l; then \
-		for f in $(srcdir)/errors/$$l/ERR_*; do \
+	for l in $(TRANSLATIONDIR) ; do \
+	  echo "Located $$l for uninstall ..."; \
+	  if test -d $(srcdir)/$$l; then \
+		for f in $(srcdir)/$$l/ERR_*; do \
+			if test -f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l/`basename $$f`; then \
+		        	$(RM) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l/`basename $$f`; \
+			fi; \
+		done; \
+	  fi ; \
+	  if test -d $(builddir)/$$l; then \
+		for f in $(builddir)/$$l/ERR_*; do \
 			if test -f $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l/`basename $$f`; then \
 		        	$(RM) $(DESTDIR)$(DEFAULT_ERROR_DIR)/$$l/`basename $$f`; \
 			fi; \
@@ -429,6 +447,7 @@
 	done;
 	@$(SHELL) $(top_srcdir)/scripts/remove-cfg.sh "$(RM)" $(DESTDIR)$(DEFAULT_STYLESHEET)
 	rm -f $(DESTDIR)$(DEFAULT_STYLESHEET).default
+	rm -f $(DESTDIR)TRANSLATORS
 
 upgrade: install
 	$(SHELL) $(srcdir)/alias-link.sh "$(LN)" "$(RM)" "$(DESTDIR)$(DEFAULT_ERROR_DIR)" "$(srcdir)/alias-upgrade" || exit 1 ;
@@ -459,7 +478,7 @@
 	fi
 
 dist-hook: translate
-	for lang in $(TRANSLATIONS); do \
+	for lang in $(TRANSLATIONPO) templates; do \
 	  if test -d $$lang ; then \
 		test -d $(distdir)/$$lang \
 		  || mkdir $(distdir)/$$lang \
@@ -468,7 +487,7 @@
 		  || exit 1; \
 	  fi; \
 	done; \
-	for f in aliases alias-link.sh alias-upgrade errorpage.css; do \
+	for f in aliases alias-link.sh alias-upgrade errorpage.css TRANSLATORS; do \
 		cp -p $(srcdir)/$$f $(distdir)/`basename $$f`; \
 	done;
 
@@ -478,7 +497,7 @@
 	  exit 0; \
 	fi; \
 	if test "$(PO2HTML)" != "" && test "$(PO2HTML)" != "no" && test "$(PO2HTML)" != "off" && test -f $(top_srcdir)/errors/en.po; then \
-	  for lang in $(TRANSLATIONS); do \
+	  for lang in $(TRANSLATIONPO); do \
 		test -d $(top_builddir)/errors/$$lang && $(RM) -r $(top_builddir)/errors/$$lang; \
 		mkdir $(top_builddir)/errors/$$lang || exit 1; \
 		echo -n "Translate '$$lang' ..."; \
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_ACCESS_DENIED squid-3.1.0.10/errors/templates/ERR_ACCESS_DENIED
--- squid-3.1.0.9/errors/templates/ERR_ACCESS_DENIED	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_ACCESS_DENIED	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!--
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Access Denied.</b></p>
+</blockquote>
+
+<p>Access control configuration prevents your request from being allowed at this time.  Please contact your service provider if you feel this is incorrect.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_CACHE_ACCESS_DENIED squid-3.1.0.10/errors/templates/ERR_CACHE_ACCESS_DENIED
--- squid-3.1.0.9/errors/templates/ERR_CACHE_ACCESS_DENIED	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_CACHE_ACCESS_DENIED	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: Cache Access Denied</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head>
+<body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>Cache Access Denied.</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Cache Access Denied.</b></p>
+</blockquote>
+
+<p>Sorry, you are not currently allowed to request %U from this cache until you have authenticated yourself.</p>
+
+<p>Please contact the <a href="mailto:%w%W">cache administrator</a> if you have difficulties authenticating yourself or <a href="http://%h/cgi-bin/chpasswd.cgi">change</a> your default password.</p>
+
+<br>
+</div>
+
+<hr> 
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_CACHE_MGR_ACCESS_DENIED squid-3.1.0.10/errors/templates/ERR_CACHE_MGR_ACCESS_DENIED
--- squid-3.1.0.9/errors/templates/ERR_CACHE_MGR_ACCESS_DENIED	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_CACHE_MGR_ACCESS_DENIED	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,38 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: Cache Manager Access Denied</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>Cache Manager Access Denied.</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Cache Manager Access Denied.</b></p>
+</blockquote>
+
+<p>Sorry, you are not currently allowed to request %U from this cache manager until you have authenticated yourself.</p>
+
+<p>Please contact the <a href="mailto:%w%W">cache administrator</a> if you have difficulties authenticating yourself or, if you <em>are</em> the administrator, read Squid documentation on cache manager interface and check cache log for more detailed error messages.</p>
+
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_CANNOT_FORWARD squid-3.1.0.10/errors/templates/ERR_CANNOT_FORWARD
--- squid-3.1.0.9/errors/templates/ERR_CANNOT_FORWARD	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_CANNOT_FORWARD	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head>
+<body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Unable to forward this request at this time.</b></p>
+</blockquote>
+
+<p>This request could not be forwarded to the origin server or to any parent caches.  The most likely cause for this error is that the cache administrator does not allow this cache to make direct connections to origin servers, and all configured parent caches are currently unreachable.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_CONNECT_FAIL squid-3.1.0.10/errors/templates/ERR_CONNECT_FAIL
--- squid-3.1.0.9/errors/templates/ERR_CONNECT_FAIL	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_CONNECT_FAIL	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,40 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" CONTENT="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Connection to %I failed.</b></p>
+</blockquote>
+
+<p id="sysmsg">The system returned: <i>%E</i></p>
+
+<p>The remote host or network may be down.  Please try the request again.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_DNS_FAIL squid-3.1.0.10/errors/templates/ERR_DNS_FAIL
--- squid-3.1.0.9/errors/templates/ERR_DNS_FAIL	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_DNS_FAIL	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Unable to determine IP address from host name <q>%H</q></b></p>
+</blockquote>
+
+<p>The DNS server returned:</p>
+<blockquote id="data">
+<pre>%z</pre>
+</blockquote>
+
+<p>This means that the cache was not able to resolve the hostname presented in the URL. Check if the address is correct.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_ESI squid-3.1.0.10/errors/templates/ERR_ESI
--- squid-3.1.0.9/errors/templates/ERR_ESI	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_ESI	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>ESI Processing failed.</b></p>
+</blockquote>
+
+<p>The ESI processor returned:</p>
+<blockquote id="data">
+<pre>%Z</pre>
+</blockquote>
+
+<p>This means that the surrogate was not able to process the ESI template. Please report this error to the webmaster.</p>
+
+<p>Your webmaster is <a href="mailto:%w">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FORWARDING_DENIED squid-3.1.0.10/errors/templates/ERR_FORWARDING_DENIED
--- squid-3.1.0.9/errors/templates/ERR_FORWARDING_DENIED	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FORWARDING_DENIED	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,38 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Forwarding Denied.</b></p>
+</blockquote>
+
+<p>This cache will not forward your request because it is trying to enforce a sibling relationship.  Perhaps the client at %i is a cache which has been misconfigured.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FTP_DISABLED squid-3.1.0.10/errors/templates/ERR_FTP_DISABLED
--- squid-3.1.0.9/errors/templates/ERR_FTP_DISABLED	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FTP_DISABLED	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>FTP is Disabled</b></p>
+</blockquote>
+
+<p>This cache does not support FTP.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FTP_FAILURE squid-3.1.0.10/errors/templates/ERR_FTP_FAILURE
--- squid-3.1.0.9/errors/templates/ERR_FTP_FAILURE	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FTP_FAILURE	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>An FTP protocol error occurred while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<p>Squid sent the following FTP command:</p>
+<blockquote id="data">
+<pre>%f</pre>
+</blockquote>
+
+<p>The server responded with:</p>
+<blockquote id="error">
+<pre>%F</pre>
+<pre>%g</pre>
+</blockquote>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FTP_FORBIDDEN squid-3.1.0.10/errors/templates/ERR_FTP_FORBIDDEN
--- squid-3.1.0.9/errors/templates/ERR_FTP_FORBIDDEN	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FTP_FORBIDDEN	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,42 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>An FTP authentication failure occurred while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<p>Squid sent the following FTP command:</p>
+<blockquote id="data">
+<pre>%f</pre>
+</blockquote>
+
+<p>The server responded with:</p>
+<blockquote id="sysmsg">
+<pre>%F</pre>
+<pre>%g</pre>
+</blockquote>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FTP_LISTING squid-3.1.0.10/errors/templates/ERR_FTP_LISTING
--- squid-3.1.0.9/errors/templates/ERR_FTP_LISTING	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FTP_LISTING	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,41 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>FTP Directory: %U</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h2>FTP Directory: <a href="/">%U</a>/</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>Directory Content:</p>
+
+<blockquote id="data">
+<pre>%z</pre>
+</blockquote>
+
+<table id="ftplisting" summary="FTP Directory Listing">
+<tr>
+<th><a href="../"><img border="0" src="/squid-internal-static/icons/anthony-dirup.gif" alt="Parent Directory"></a></th>
+<th nowrap="nowrap"><a href="../">Parent Directory</a> (<a href="/">Root Directory</a>)</th>
+</tr>
+
+%g
+
+</table>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FTP_NOT_FOUND squid-3.1.0.10/errors/templates/ERR_FTP_NOT_FOUND
--- squid-3.1.0.9/errors/templates/ERR_FTP_NOT_FOUND	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FTP_NOT_FOUND	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,44 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following URL could not be retrieved: <a href="%U">%U</a></p>
+
+<p>Squid sent the following FTP command:</p>
+<blockquote id="data">
+<pre>%f</pre>
+</blockquote>
+
+<p>The server responded with:</p>
+<blockquote id="sysmsg">
+<pre>%F</pre>
+<pre>%g</pre>
+</blockquote>
+
+<p>This might be caused by an FTP URL with an absolute path (which does not comply with RFC 1738).  If this is the cause, then the file can be found at <a href="%B">%B</a>.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FTP_PUT_CREATED squid-3.1.0.10/errors/templates/ERR_FTP_PUT_CREATED
--- squid-3.1.0.9/errors/templates/ERR_FTP_PUT_CREATED	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FTP_PUT_CREATED	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,26 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>FTP PUT Successful: File Created</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1 id="ftpsuccess">Operation successful</h1>
+<h2>File created</h2>
+</div>
+<hr>
+
+<br>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FTP_PUT_ERROR squid-3.1.0.10/errors/templates/ERR_FTP_PUT_ERROR
--- squid-3.1.0.9/errors/templates/ERR_FTP_PUT_ERROR	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FTP_PUT_ERROR	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,43 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: FTP upload failed</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>FTP PUT/upload failed</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>While trying to PUT the following URL: <a href="%U">%U</a></p>
+
+<p>Squid sent the following FTP command:</p>
+<blockquote id="data">
+<pre>%f</pre>
+</blockquote>
+
+<p>The server responded with:</p>
+<blockquote id="sysmsg">
+<pre>%F</pre>
+</blockquote>
+
+<p>This means that the FTP server may not have permission or space to store the file. Check the path, permissions, diskspace and try again.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FTP_PUT_MODIFIED squid-3.1.0.10/errors/templates/ERR_FTP_PUT_MODIFIED
--- squid-3.1.0.9/errors/templates/ERR_FTP_PUT_MODIFIED	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FTP_PUT_MODIFIED	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,26 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>FTP PUT Successful: File Updated</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1 id="ftpsuccess">Operation successful</h1>
+<h2>File updated</h2>
+</div>
+<hr>
+
+<br>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_FTP_UNAVAILABLE squid-3.1.0.10/errors/templates/ERR_FTP_UNAVAILABLE
--- squid-3.1.0.9/errors/templates/ERR_FTP_UNAVAILABLE	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_FTP_UNAVAILABLE	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,43 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The FTP server was too busy to retrieve the URL: <a href="%U">%U</a></p>
+
+<p>Squid sent the following FTP command:</p>
+
+<blockquote id="data">
+<pre>%f</pre>
+</blockquote>
+
+<p>The server responded with:</p>
+<blockquote id="sysmsg">
+<pre>%F</pre>
+<pre>%g</pre>
+</blockquote>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_ICAP_FAILURE squid-3.1.0.10/errors/templates/ERR_ICAP_FAILURE
--- squid-3.1.0.9/errors/templates/ERR_ICAP_FAILURE	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_ICAP_FAILURE	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,44 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>ICAP protocol error.</b></p>
+</blockquote>
+
+<p id="sysmsg">The system returned: <i>%E</i></p>
+
+<p>This means that some aspect of the ICAP communication failed.</p>
+
+<p>Some possible problems are:</p>
+<ul>
+<li><p>The ICAP server is not reachable.</p></li>
+<li><p>An Illegal response was received from the ICAP server.</p></li>
+</ul>
+
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_INVALID_REQ squid-3.1.0.10/errors/templates/ERR_INVALID_REQ
--- squid-3.1.0.9/errors/templates/ERR_INVALID_REQ	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_INVALID_REQ	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,45 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p><b>Invalid Request</b> error was encountered while trying to process the request:</p>
+
+<blockquote id="data">
+<pre>%R</pre>
+</blockquote>
+
+<p>Some possible problems are:</p>
+<ul>
+<li><p>Missing or unknown request method.</p></li>
+<li><p>Missing URL.</p></li>
+<li><p>Missing HTTP Identifier (HTTP/1.0).</p></li>
+<li><p>Request is too large.</p></li>
+<li><p>Content-Length missing for POST or PUT requests.</p></li>
+<li><p>Illegal character in hostname; underscores are not allowed.</p></li>
+</ul>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_INVALID_RESP squid-3.1.0.10/errors/templates/ERR_INVALID_RESP
--- squid-3.1.0.9/errors/templates/ERR_INVALID_RESP	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_INVALID_RESP	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p><b>Invalid Response</b> error was encountered while trying to process the request:</p>
+
+<blockquote id="data">
+<pre>%R</pre>
+</blockquote>
+
+<p>The HTTP Response message received from the contacted server could not be understood or was otherwise malformed. Please contact the site operator.</p>
+
+<p>Your cache administrator may be able to provide you with more details about the exact nature of the problem if needed.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_INVALID_URL squid-3.1.0.10/errors/templates/ERR_INVALID_URL
--- squid-3.1.0.9/errors/templates/ERR_INVALID_URL	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_INVALID_URL	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,45 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Invalid URL</b></p>
+</blockquote>
+
+<p>Some aspect of the requested URL is incorrect.</p>
+
+<p>Some possible problems are:</p>
+<ul>
+<li><p>Missing or incorrect access protocol (should be <q>http://</q> or similar)</p></li>
+<li><p>Missing hostname</p></li>
+<li><p>Illegal double-escape in the URL-Path</p></li>
+<li><p>Illegal character in hostname; underscores are not allowed.</p></li>
+</ul>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_LIFETIME_EXP squid-3.1.0.10/errors/templates/ERR_LIFETIME_EXP
--- squid-3.1.0.9/errors/templates/ERR_LIFETIME_EXP	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_LIFETIME_EXP	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Connection Lifetime Expired</b></p>
+</blockquote>
+
+<p>Squid has terminated the request because it has exceeded the maximum connection lifetime.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_NO_RELAY squid-3.1.0.10/errors/templates/ERR_NO_RELAY
--- squid-3.1.0.9/errors/templates/ERR_NO_RELAY	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_NO_RELAY	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>No Wais Relay</b></p>
+</blockquote>
+
+<p>There is no WAIS Relay host defined for this Cache!  Yell at the administrator.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_ONLY_IF_CACHED_MISS squid-3.1.0.10/errors/templates/ERR_ONLY_IF_CACHED_MISS
--- squid-3.1.0.9/errors/templates/ERR_ONLY_IF_CACHED_MISS	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_ONLY_IF_CACHED_MISS	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Valid document was not found in the cache and <q>only-if-cached</q> directive was specified.</b></p>
+</blockquote>
+
+<p>You have issued a request with a <q>only-if-cached</q> cache control directive. The document was not found in the cache, <em>or</em> it required revalidation prohibited by the <q>only-if-cached</q> directive.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_READ_ERROR squid-3.1.0.10/errors/templates/ERR_READ_ERROR
--- squid-3.1.0.9/errors/templates/ERR_READ_ERROR	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_READ_ERROR	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Read Error</b></p>
+</blockquote>
+
+<p id="sysmsg">The system returned: <i>%E</i></p>
+
+<p>An error condition occurred while reading data from the network.  Please retry your request.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_READ_TIMEOUT squid-3.1.0.10/errors/templates/ERR_READ_TIMEOUT
--- squid-3.1.0.9/errors/templates/ERR_READ_TIMEOUT	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_READ_TIMEOUT	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Read Timeout</b></p>
+</blockquote>
+
+<p id="sysmsg">The system returned: <i>%E</i></p>
+
+<p>A Timeout occurred while waiting to read data from the network.  The network or server may be down or congested.  Please retry your request.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_SECURE_CONNECT_FAIL squid-3.1.0.10/errors/templates/ERR_SECURE_CONNECT_FAIL
--- squid-3.1.0.9/errors/templates/ERR_SECURE_CONNECT_FAIL	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_SECURE_CONNECT_FAIL	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Failed to establish a secure connection to %I</b></p>
+</blockquote>
+
+<p id="sysmsg">The system returned: <i>%E</i></p>
+
+<p>This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_SHUTTING_DOWN squid-3.1.0.10/errors/templates/ERR_SHUTTING_DOWN
--- squid-3.1.0.9/errors/templates/ERR_SHUTTING_DOWN	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_SHUTTING_DOWN	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,33 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<p>This cache is in the process of shutting down and can not service your request at this time.  Please retry your request again soon.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_SOCKET_FAILURE squid-3.1.0.10/errors/templates/ERR_SOCKET_FAILURE
--- squid-3.1.0.9/errors/templates/ERR_SOCKET_FAILURE	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_SOCKET_FAILURE	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Socket Failure</b></p>
+</blockquote>
+
+<p id="sysmsg">The system returned: <i>%E</i></p>
+
+<p>Squid is unable to create a TCP socket, presumably due to excessive load. Please retry your request.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_TOO_BIG squid-3.1.0.10/errors/templates/ERR_TOO_BIG
--- squid-3.1.0.9/errors/templates/ERR_TOO_BIG	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_TOO_BIG	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>The request or reply is too large.</b></p>
+</blockquote>
+
+<p>If you are making a POST or PUT request, then the item you are trying to upload is too large.</p>
+<p>If you are making a GET request, then the item you are trying to download is too large.</p>
+<p>These limits have been established by the Internet Service Provider who operates this cache.  Please contact them directly if you feel this is an error.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_UNSUP_HTTPVERSION squid-3.1.0.10/errors/templates/ERR_UNSUP_HTTPVERSION
--- squid-3.1.0.9/errors/templates/ERR_UNSUP_HTTPVERSION	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_UNSUP_HTTPVERSION	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>Unsupported HTTP version</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Unsupported HTTP version</b></p>
+</blockquote>
+
+<p>This Squid does not accept the HTTP version you are attempting to use.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_UNSUP_REQ squid-3.1.0.10/errors/templates/ERR_UNSUP_REQ
--- squid-3.1.0.9/errors/templates/ERR_UNSUP_REQ	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_UNSUP_REQ	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Unsupported Request Method and Protocol</b></p>
+</blockquote>
+
+<p>Squid does not support all request methods for all access protocols. For example, you can not POST a Gopher request.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_URN_RESOLVE squid-3.1.0.10/errors/templates/ERR_URN_RESOLVE
--- squid-3.1.0.9/errors/templates/ERR_URN_RESOLVE	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_URN_RESOLVE	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URN not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>A URL for the requested URN could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URN: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Cannot Resolve URN</b></p>
+</blockquote>
+
+<p>Hey, don't expect too much from URNs on %T :)</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_WRITE_ERROR squid-3.1.0.10/errors/templates/ERR_WRITE_ERROR
--- squid-3.1.0.9/errors/templates/ERR_WRITE_ERROR	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_WRITE_ERROR	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,39 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Write Error</b></p>
+</blockquote>
+
+<p id="sysmsg">The system returned: <i>%E</i></p>
+
+<p>An error condition occurred while writing to the network.  Please retry your request.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/templates/ERR_ZERO_SIZE_OBJECT squid-3.1.0.10/errors/templates/ERR_ZERO_SIZE_OBJECT
--- squid-3.1.0.9/errors/templates/ERR_ZERO_SIZE_OBJECT	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/templates/ERR_ZERO_SIZE_OBJECT	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+<html><head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>ERROR: The requested URL could not be retrieved</title>
+<style type="text/css"><!-- 
+ %l
+
+body
+:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; }
+:lang(he) { direction: rtl; float: right; }
+ --></style>
+</head><body>
+<div id="titles">
+<h1>ERROR</h1>
+<h2>The requested URL could not be retrieved</h2>
+</div>
+<hr>
+
+<div id="content">
+<p>The following error was encountered while trying to retrieve the URL: <a href="%U">%U</a></p>
+
+<blockquote id="error">
+<p><b>Zero Sized Reply</b></p>
+</blockquote>
+
+<p>Squid did not receive any data for this request.</p>
+
+<p>Your cache administrator is <a href="mailto:%w%W">%w</a>.</p>
+<br>
+</div>
+
+<hr>
+<div id="footer">
+<p>Generated %T by %h (%s)</p>
+<!-- %c -->
+</div>
+</body></html>
diff -u -r -N squid-3.1.0.9/errors/TRANSLATORS squid-3.1.0.10/errors/TRANSLATORS
--- squid-3.1.0.9/errors/TRANSLATORS	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/errors/TRANSLATORS	2009-07-18 16:16:11.000000000 +1200
@@ -0,0 +1,93 @@
+Special thanks go to people who have volunteered their time, effort,
+and ideas to make Squid available as multi-langual software.
+
+	Adi Sudana
+	Aecio F. Neto
+	Alexandre Correa <ajcorrea@gmail.com>
+	Amos Jeffries
+	Bratislav Ilic
+	Christian Schmidt
+	Constantin Rack
+	Evgeni Gechev
+	Francesco Chemolli
+	Henrik Nordström
+	John 'Profic' Ustiuzhanin
+	Leandro Cesar Nardini Frasson
+	liuyongbing
+	Martin Perner
+	Mohsen Saeedi <mohsen.saeedi@gmail.com>
+	M. Rodrigo Montiero
+	Olivier Wahrenberger
+	Ramdhani Fathurrohman
+	Rene Wijninga
+	Robert Forster
+	Takahiro Kambe
+
+via Rosetta Translation Project and Canonical Ltd.
+
+	Akmal Xushvaqov <akmalxster@gmail.com>
+	Anon Sricharoenchai 
+	Arnis Rukis <Rukicc@apollo.lv>
+	Brie A. Gordon 
+	Daniel Nylander 
+	d.s.div 
+	Félix Gómez 
+	FrenzY <frenzy.ivan@gmail.com>
+	Hasbinur 
+	Iker Sagasti Markina <iker@irontec.com>
+	juancarlospaco 
+	karlag  
+	MaXer 
+	Maxim S. 
+	Mohamad Faizul bin Zulkifli
+	Ricardo Ichizo <n1ghtcr4wler@gmail.com>
+	smsoft 
+	Tobias 
+	zhuravlik 
+
+Thanks also to all the original translators for their great
+work on the old squid translations.
+
+Armenian		Arthur Tumanyan <arthurtumanyan@yahoo.com>
+Azerbaijani		Rauf Kuliyev <rauf@kuliyev.com>
+Bulgarian		Evgeny Gechev <etg@setcom.bg>
+Bulgarian		Svetlin Simeonov <simeonov@netplusdb.bg>
+Catalan			Jordi Bruguera <jordi@dns1.grn.es>
+Czech			Jakub Nantl <Jakub.Nantl@angel.cz>
+Czech			Radek Malcic <malcic@sdc.bno.cdrail.cz>
+Danish			Morten S. Nielsen <mortensn@geocities.com>
+Dutch			Mark Visser <mark@cal026031.student.utwente.nl>
+Dutch			Remco van Mook
+Dutch			Bart Koelman
+Estonian		Toomas Soome <tsoome@ut.ee>
+Finnish			Panu H_llfors <panupa@iki.fi>
+French			Frank DENIS -Jedi/Sector One- <j@4u.net>
+German			Bernd P. Ziller <bziller@ba-stuttgart.de>
+German			Jens Frank <jf@jf.kki.org>
+German			Anke S. <as@kki.org>
+Greek			George Papamichelakis <george@step.gr>
+Hebrew			"yoav" <yoavb@zavit.net.il>
+Hungarian		Bertold Kolics <bertold@sztaki.hu>
+Italian			Alessio Bragadini <alessio@dsnet.it>
+Italian			Marco Mesturino <sw_tools@beatles.cselt.it>
+Japanese		Makoto MATSUSHITA <matusita@ics.es.osaka-u.ac.jp>
+Korean			Jaeyeon Jung <jjung@cosmos.kaist.ac.kr>
+Lithuanian		"DVM" <dvm382@takas.lt>
+Polish			Maciej Kozinski <Maciej.Kozinski@boa.uni.torun.pl>
+Portugese		Pedro Lineu Orso <orso@pop.hsbcbamerindus.com.br>
+Romanian		Iusty Pop Daniel <iusty@netcompsj.ro>
+Russian			Ilia Zadorozhko <falcon@netsy.com>
+Russian			Andrew L. Davydov <davydov@okbmei.msk.su>
+Serbian			Zoran Verovski <zoran@hemofarm.co.yu>
+Serbian			Dragutin Cirkovic <auto@gromnet.net>
+Simplify Chinese	Wang DaQing <wdq@bigfoot.com>
+Slovak			Peter Hanecak <hany@megaloman.sk>
+Spanish			Javier Puche <javier.puche@rediris.es>
+Spanish			Roberto Lumbreras <rover-squid@lander.es>
+Spanish			Juan Nicolas Ruiz N. <nicolas@ula.ve>
+Spanish			Sergio Rua <srua@debian.org>
+Swedish			Stefan M_nsby <stefan@mansby.com>
+Traditional Chinese	Erick C. Chang <erick@mail.thu.edu.tw>
+Turkish			Tural KAPTAN <kaptan@kaptan.ulakbim.gov.tr>
+Ukrainian		<mr.petruccio@gmail.com>
+Ukrainian		Vitaliy Matytsyn <vm@if.bank.gov.ua>
diff -u -r -N squid-3.1.0.9/helpers/external_acl/wbinfo_group/wbinfo_group.pl squid-3.1.0.10/helpers/external_acl/wbinfo_group/wbinfo_group.pl
--- squid-3.1.0.9/helpers/external_acl/wbinfo_group/wbinfo_group.pl	2009-06-26 22:35:31.000000000 +1200
+++ squid-3.1.0.10/helpers/external_acl/wbinfo_group/wbinfo_group.pl	2009-07-18 16:16:12.000000000 +1200
@@ -50,6 +50,8 @@
         $groupGID = `wbinfo -Y "$groupSID"`;
         chop $groupGID;
         &debug( "User:  -$user-\nGroup: -$group-\nSID:   -$groupSID-\nGID:   -$groupGID-");
+        return 'ERR' if($groupGID eq ""); # Verify if groupGID variable is empty.
+        return 'ERR' if(`wbinfo -r \Q$user\E` eq ""); # Verify if "wbinfo -r" command returns no value.
         return 'OK' if(`wbinfo -r \Q$user\E` =~ /^$groupGID$/m);
         return 'ERR';
 }
diff -u -r -N squid-3.1.0.9/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c squid-3.1.0.10/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c
--- squid-3.1.0.9/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c	2009-06-26 22:35:31.000000000 +1200
+++ squid-3.1.0.10/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c	2009-07-18 16:16:12.000000000 +1200
@@ -208,6 +208,7 @@
 {
     char buf[MAX_AUTHTOKEN_LEN];
     char *c;
+    char *user=NULL;
     int length=0;
     static int err=0;
     int opt, debug=0, log=0;
@@ -508,11 +509,20 @@
 
             if (check_gss_err(major_status,minor_status,"gss_display_name()",debug,log) )
                 goto cleanup;
-            fprintf(stdout, "AF %s %s\n",token,(char *)output_token.value);
+            user=xmalloc(output_token.length+1);
+            if (user == NULL) {
+               if (debug)
+                  fprintf(stderr, "%s| %s: Not enough memory\n", LogTime(), PROGRAM);
+               fprintf(stdout, "BH Not enough memory\n");
+               goto cleanup;
+            }
+            memcpy(user,output_token.value,output_token.length);
+            user[output_token.length]='\0';
+            fprintf(stdout, "AF %s %s\n",token,user);
             if (debug)
-                fprintf(stderr, "%s| %s: AF %s %s\n", LogTime(), PROGRAM, token,(char *)output_token.value);
+                fprintf(stderr, "%s| %s: AF %s %s\n", LogTime(), PROGRAM, token,user);
             if (log)
-                fprintf(stderr, "%s| %s: User %s authenticated\n", LogTime(), PROGRAM, (char *)output_token.value);
+                fprintf(stderr, "%s| %s: User %s authenticated\n", LogTime(), PROGRAM, user);
             goto cleanup;
         } else {
             if (check_gss_err(major_status,minor_status,"gss_accept_sec_context()",debug,log) )
@@ -532,11 +542,20 @@
             /*
              *  Return dummy token AA. May need an extra return tag then AF
              */
-            fprintf(stdout, "AF %s %s\n","AA==",(char *)output_token.value);
+            user=xmalloc(output_token.length+1);
+            if (user == NULL) {
+               if (debug)
+                  fprintf(stderr, "%s| %s: Not enough memory\n", LogTime(), PROGRAM);
+               fprintf(stdout, "BH Not enough memory\n");
+               goto cleanup;
+            }
+            memcpy(user,output_token.value,output_token.length);
+            user[output_token.length]='\0';
+            fprintf(stdout, "AF %s %s\n","AA==",user);
             if (debug)
-                fprintf(stderr, "%s| %s: AF %s %s\n", LogTime(), PROGRAM, "AA==", (char *)output_token.value);
+                fprintf(stderr, "%s| %s: AF %s %s\n", LogTime(), PROGRAM, "AA==", user);
             if (log)
-                fprintf(stderr, "%s| %s: User %s authenticated\n", LogTime(), PROGRAM, (char *)output_token.value);
+                fprintf(stderr, "%s| %s: User %s authenticated\n", LogTime(), PROGRAM, user);
 
 cleanup:
             gss_release_buffer(&minor_status, &input_token);
@@ -562,6 +581,10 @@
                 xfree(token);
                 token=NULL;
             }
+            if (user) {
+                xfree(user);
+                user=NULL;
+            }
             continue;
         }
     }
diff -u -r -N squid-3.1.0.9/helpers/ntlm_auth/smb_lm/smbval/rfcnb-priv.h squid-3.1.0.10/helpers/ntlm_auth/smb_lm/smbval/rfcnb-priv.h
--- squid-3.1.0.9/helpers/ntlm_auth/smb_lm/smbval/rfcnb-priv.h	2009-06-26 22:35:31.000000000 +1200
+++ squid-3.1.0.10/helpers/ntlm_auth/smb_lm/smbval/rfcnb-priv.h	2009-07-18 16:16:12.000000000 +1200
@@ -28,8 +28,6 @@
 
 /* Defines we need */
 
-typedef unsigned short uint16;
-
 #define GLOBAL extern
 
 #include "rfcnb-error.h"
diff -u -r -N squid-3.1.0.9/helpers/ntlm_auth/smb_lm/smbval/rfcnb-util.c squid-3.1.0.10/helpers/ntlm_auth/smb_lm/smbval/rfcnb-util.c
--- squid-3.1.0.9/helpers/ntlm_auth/smb_lm/smbval/rfcnb-util.c	2009-06-26 22:35:31.000000000 +1200
+++ squid-3.1.0.10/helpers/ntlm_auth/smb_lm/smbval/rfcnb-util.c	2009-07-18 16:16:12.000000000 +1200
@@ -32,6 +32,13 @@
 #include "rfcnb-io.h"
 #include <arpa/inet.h>
 
+#ifndef uint16
+#ifdef u_int16_t
+typedef u_int16_t uint16;
+#else
+typedef unsigned short uint16;
+#endif
+#endif
 
 extern void (*Prot_Print_Routine) ();	/* Pointer to protocol print routine */
 
diff -u -r -N squid-3.1.0.9/include/version.h squid-3.1.0.10/include/version.h
--- squid-3.1.0.9/include/version.h	2009-06-26 22:36:16.000000000 +1200
+++ squid-3.1.0.10/include/version.h	2009-07-18 16:17:06.000000000 +1200
@@ -9,7 +9,7 @@
  */
 
 #ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1246012526
+#define SQUID_RELEASE_TIME 1247890568
 #endif
 
 #ifndef APP_SHORTNAME
diff -u -r -N squid-3.1.0.9/Makefile.am squid-3.1.0.10/Makefile.am
--- squid-3.1.0.9/Makefile.am	2009-06-26 22:35:27.000000000 +1200
+++ squid-3.1.0.10/Makefile.am	2009-07-18 16:16:09.000000000 +1200
@@ -40,6 +40,3 @@
 install-pinger:
 	chown root $(DESTDIR)$(DEFAULT_PINGER)
 	chmod 4711 $(DESTDIR)$(DEFAULT_PINGER)
-
-all-am:
-	@echo "Build Successful."
diff -u -r -N squid-3.1.0.9/Makefile.in squid-3.1.0.10/Makefile.in
--- squid-3.1.0.9/Makefile.in	2009-06-26 22:36:00.000000000 +1200
+++ squid-3.1.0.10/Makefile.in	2009-07-18 16:16:50.000000000 +1200
@@ -736,9 +736,6 @@
 install-pinger:
 	chown root $(DESTDIR)$(DEFAULT_PINGER)
 	chmod 4711 $(DESTDIR)$(DEFAULT_PINGER)
-
-all-am:
-	@echo "Build Successful."
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:
diff -u -r -N squid-3.1.0.9/src/acl/Gadgets.cc squid-3.1.0.10/src/acl/Gadgets.cc
--- squid-3.1.0.9/src/acl/Gadgets.cc	2009-06-26 22:35:36.000000000 +1200
+++ squid-3.1.0.10/src/acl/Gadgets.cc	2009-07-18 16:16:22.000000000 +1200
@@ -309,37 +309,3 @@
 
     *list = NULL;
 }
-
-/*
- * This function traverses all ACL elements referenced
- * by an access list (presumably 'http_access').   If
- * it finds a PURGE method ACL, then it returns TRUE,
- * otherwise FALSE.
- */
-/* XXX: refactor this more sensibly. perhaps have the parser detect it ? */
-int
-aclPurgeMethodInUse(acl_access * a)
-{
-    ACLList *b;
-
-    debugs(28, 6, "aclPurgeMethodInUse: invoked for '" << a->cfgline << "'");
-
-    for (; a; a = a->next) {
-        for (b = a->aclList; b; b = b->next) {
-            ACLStrategised<HttpRequestMethod> *tempAcl = dynamic_cast<ACLStrategised<HttpRequestMethod> *>(b->_acl);
-
-            if (!tempAcl) {
-                debugs(28, 7, "aclPurgeMethodInUse: can't create tempAcl");
-                continue;
-            }
-
-            if (tempAcl->match(METHOD_PURGE)) {
-                debugs(28, 6, "aclPurgeMethodInUse: returning true");
-                return true;
-            }
-        }
-    }
-
-    debugs(28, 6, "aclPurgeMethodInUse: returning false");
-    return false;
-}
diff -u -r -N squid-3.1.0.9/src/acl/Gadgets.h squid-3.1.0.10/src/acl/Gadgets.h
--- squid-3.1.0.9/src/acl/Gadgets.h	2009-06-26 22:35:36.000000000 +1200
+++ squid-3.1.0.10/src/acl/Gadgets.h	2009-07-18 16:16:22.000000000 +1200
@@ -37,7 +37,5 @@
 extern void aclCacheMatchFlush(dlink_list * cache);
 /// \ingroup ACLAPI
 extern void dump_acl_access(StoreEntry * entry, const char *name, acl_access * head);
-/// \ingroup ACLAPI
-int aclPurgeMethodInUse(acl_access * a);
 
 #endif /* SQUID_ACL_GADGETS_H */
diff -u -r -N squid-3.1.0.9/src/acl/MethodData.cc squid-3.1.0.10/src/acl/MethodData.cc
--- squid-3.1.0.9/src/acl/MethodData.cc	2009-06-26 22:35:36.000000000 +1200
+++ squid-3.1.0.10/src/acl/MethodData.cc	2009-07-18 16:16:22.000000000 +1200
@@ -89,6 +89,10 @@
 
     for (Tail = &values; *Tail; Tail = &((*Tail)->next));
     while ((t = strtokFile())) {
+        if(strcmp(t, "PURGE") == 0) {
+            // we need to use PURGE, can't just blanket-deny it.
+            Config2.onoff.enable_purge = 1;
+        }
         CbDataList<HttpRequestMethod> *q = new CbDataList<HttpRequestMethod> (HttpRequestMethod(t, NULL));
         *(Tail) = q;
         Tail = &q->next;
diff -u -r -N squid-3.1.0.9/src/adaptation/ecap/XactionRep.cc squid-3.1.0.10/src/adaptation/ecap/XactionRep.cc
--- squid-3.1.0.9/src/adaptation/ecap/XactionRep.cc	2009-06-26 22:35:37.000000000 +1200
+++ squid-3.1.0.10/src/adaptation/ecap/XactionRep.cc	2009-07-18 16:16:23.000000000 +1200
@@ -16,7 +16,8 @@
         AsyncJob("Adaptation::Ecap::XactionRep"),
         Adaptation::Initiate("Adaptation::Ecap::XactionRep", anInitiator, aService),
         theVirginRep(virginHeader), theCauseRep(NULL),
-        proxyingVb(opUndecided), proxyingAb(opUndecided), canAccessVb(false)
+        proxyingVb(opUndecided), proxyingAb(opUndecided), canAccessVb(false),
+        abProductionFinished(false), abProductionAtEnd(false)
 {
     if (virginCause)
         theCauseRep = new MessageRep(virginCause);
@@ -275,15 +276,17 @@
 void
 Adaptation::Ecap::XactionRep::noteAbContentDone(bool atEnd)
 {
-    Must(proxyingAb == opOn);
-    stopProducingFor(answer().body_pipe, atEnd);
-    proxyingAb = opComplete;
+    Must(proxyingAb == opOn && !abProductionFinished);
+    abProductionFinished = true;
+    abProductionAtEnd = atEnd; // store until ready to stop producing ourselves
+    debugs(93,5, HERE << "adapted body production ended");
+    moveAbContent();
 }
 
 void
 Adaptation::Ecap::XactionRep::noteAbContentAvailable()
 {
-    Must(proxyingAb == opOn);
+    Must(proxyingAb == opOn && !abProductionFinished);
     moveAbContent();
 }
 
@@ -374,9 +377,16 @@
 {
     Must(proxyingAb == opOn);
     const libecap::Area c = theMaster->abContent(0, libecap::nsize);
-    debugs(93,5, HERE << " up to " << c.size << " bytes");
-    if (const size_t used = answer().body_pipe->putMoreData(c.start, c.size))
-        theMaster->abContentShift(used);
+    debugs(93,5, HERE << "up to " << c.size << " bytes");
+    if (c.size == 0 && abProductionFinished) { // no ab now and in the future
+        stopProducingFor(answer().body_pipe, abProductionAtEnd);
+        proxyingAb = opComplete;
+        debugs(93,5, HERE << "last adapted body data retrieved");
+    } else
+    if (c.size > 0) {
+        if (const size_t used = answer().body_pipe->putMoreData(c.start, c.size))
+            theMaster->abContentShift(used);
+    }
 }
 
 const char *
diff -u -r -N squid-3.1.0.9/src/adaptation/ecap/XactionRep.h squid-3.1.0.10/src/adaptation/ecap/XactionRep.h
--- squid-3.1.0.9/src/adaptation/ecap/XactionRep.h	2009-06-26 22:35:37.000000000 +1200
+++ squid-3.1.0.10/src/adaptation/ecap/XactionRep.h	2009-07-18 16:16:23.000000000 +1200
@@ -93,6 +93,8 @@
     OperationState proxyingVb; // delivering virgin body from core to adapter
     OperationState proxyingAb; // delivering adapted body from adapter to core
     bool canAccessVb;          // virgin BodyPipe content is accessible
+    bool abProductionFinished; // whether adapter has finished producing ab
+    bool abProductionAtEnd;    // whether adapter produced a complete ab
 
     CBDATA_CLASS2(XactionRep);
 };
diff -u -r -N squid-3.1.0.9/src/cache_cf.cc squid-3.1.0.10/src/cache_cf.cc
--- squid-3.1.0.9/src/cache_cf.cc	2009-06-26 22:35:37.000000000 +1200
+++ squid-3.1.0.10/src/cache_cf.cc	2009-07-18 16:16:24.000000000 +1200
@@ -620,8 +620,10 @@
 
 #endif
 
-    if (aclPurgeMethodInUse(Config.accessList.http))
-        Config2.onoff.enable_purge = 1;
+    // we have reconfigured and in the process disabled any need for PURGE.
+    // turn it off now.
+    if(Config2.onoff.enable_purge == 2)
+        Config2.onoff.enable_purge = 0;
 
     Config2.onoff.mangle_request_headers = httpReqHdrManglersConfigured();
 
@@ -2990,6 +2992,8 @@
         s->accel = 1;
     } else if (strcmp(token, "accel") == 0) {
         s->accel = 1;
+    } else if (strcmp(token, "allow-direct") == 0) {
+        s->allow_direct = 1;
     } else if (strcmp(token, "no-connection-auth") == 0) {
         s->connection_auth_disabled = true;
     } else if (strcmp(token, "connection-auth=off") == 0) {
diff -u -r -N squid-3.1.0.9/src/cf.data.pre squid-3.1.0.10/src/cf.data.pre
--- squid-3.1.0.9/src/cf.data.pre	2009-06-26 22:35:37.000000000 +1200
+++ squid-3.1.0.10/src/cf.data.pre	2009-07-18 16:16:24.000000000 +1200
@@ -1,6 +1,3 @@
-
-#
-# $Id$
 #
 # SQUID Web Proxy Cache		http://www.squid-cache.org/
 # ----------------------------------------------------------
@@ -106,8 +103,8 @@
 	proxy as the client then thinks it is talking to an origin server and
 	not the proxy. This is a limitation of bending the TCP/IP protocol to
 	transparently intercepting port 80, not a limitation in Squid.
-	Ports flagged 'transparent', 'intercept', or 'tproxy' have authentication
-	disabled.
+	Ports flagged 'transparent', 'intercept', or 'tproxy' have
+	authentication disabled.
 
 	=== Parameters for the basic scheme follow. ===
 
@@ -116,7 +113,8 @@
 	reads a line containing "username password" and replies "OK" or
 	"ERR" in an endless loop. "ERR" responses may optionally be followed
 	by a error description available as %m in the returned error page.
-	If you use an authenticator, make sure you have 1 acl of type proxy_auth.
+	If you use an authenticator, make sure you have 1 acl of type
+	proxy_auth.
 
 	By default, the basic authentication scheme is not used unless a
 	program is specified.
@@ -283,9 +281,9 @@
 	the Microsoft Internet Explorer or Mozilla Firefox browsers.
 	Its main purpose is to exchange credentials with the Squid proxy
 	using the Kerberos mechanisms.
-	If you use a Negotiate authenticator, make sure you have at least one acl
-	of type proxy_auth active.  By default, the negotiate authenticator_program
-	is not used.
+	If you use a Negotiate authenticator, make sure you have at least
+	one acl of type proxy_auth active. By default, the negotiate
+	authenticator_program is not used.
 	The only supported program for this role is the ntlm_auth
 	program distributed as part of Samba, version 4 or later.
 
@@ -493,33 +491,47 @@
 	By default, regular expressions are CASE-SENSITIVE.  To make
 	them case-insensitive, use the -i option.
 
+	Some acl types require suspending the current request in order
+	to access some external data source.
+	Those which do are marked with the tag [slow], those which
+	don't are marked as [fast].
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl
+	for further information
 
 	***** ACL TYPES AVAILABLE *****
 
-	acl aclname src ip-address/netmask ...		# clients IP address
-	acl aclname src addr1-addr2/netmask ...		# range of addresses
-	acl aclname dst ip-address/netmask ...		# URL host's IP address
-	acl aclname myip ip-address/netmask ...		# local socket IP address
+	acl aclname src ip-address/netmask ...	# clients IP address [fast]
+	acl aclname src addr1-addr2/netmask ...	# range of addresses [fast]
+	acl aclname dst ip-address/netmask ...	# URL host's IP address [slow]
+	acl aclname myip ip-address/netmask ...	# local socket IP address [fast]
 
 	acl aclname arp      mac-address ... (xx:xx:xx:xx:xx:xx notation)
 	  # The arp ACL requires the special configure option --enable-arp-acl.
 	  # Furthermore, the ARP ACL code is not portable to all operating systems.
-	  # It works on Linux, Solaris, Windows, FreeBSD, and some other *BSD variants.
+	  # It works on Linux, Solaris, Windows, FreeBSD, and some
+	  # other *BSD variants.
+	  # [fast]
 	  #
 	  # NOTE: Squid can only determine the MAC address for clients that are on
-	  # the same subnet. If the client is on a different subnet, then Squid cannot
-	  # find out its MAC address.
+	  # the same subnet. If the client is on a different subnet,
+	  # then Squid cannot find out its MAC address.
 
-	acl aclname srcdomain   .foo.com ...    	# reverse lookup, from client IP
-	acl aclname dstdomain   .foo.com ...    	# Destination server from URL
-	acl aclname srcdom_regex [-i] \.foo\.com ...	# regex matching client name
-	acl aclname dstdom_regex [-i] \.foo\.com ...	# regex matching server
+	acl aclname srcdomain   .foo.com ...
+	  # reverse lookup, from client IP [slow]
+	acl aclname dstdomain   .foo.com ...
+	  # Destination server from URL [slow]
+	acl aclname srcdom_regex [-i] \.foo\.com ...
+	  # regex matching client name [slow]
+	acl aclname dstdom_regex [-i] \.foo\.com ...
+	  # regex matching server [slow]
+	  #
 	  # For dstdomain and dstdom_regex a reverse lookup is tried if a IP
 	  # based URL is used and no match is found. The name "none" is used
 	  # if the reverse lookup fails.
 
 	acl aclname src_as number ...
 	acl aclname dst_as number ...
+	  # [fast]
 	  # Except for access control, AS numbers can be used for
 	  # routing of requests to specific caches. Here's an
 	  # example for routing all requests for AS#1241 and only
@@ -529,10 +541,12 @@
 	  # cache_peer_access mycache_mydomain.net deny all
 
 	acl aclname peername myPeer ...
+	  # [fast]
 	  # match against a named cache_peer entry
 	  # set unique name= on cache_peer lines for reliable use.
 
 	acl aclname time [day-abbrevs] [h1:m1-h2:m2]
+	  # [fast]
 	  #  day-abbrevs:
 	  #	S - Sunday
 	  #	M - Monday
@@ -543,37 +557,46 @@
 	  #	A - Saturday
 	  #  h1:m1 must be less than h2:m2
 
-	acl aclname url_regex [-i] ^http:// ...		# regex matching on whole URL
-	acl aclname urlpath_regex [-i] \.gif$ ...	# regex matching on URL path
+	acl aclname url_regex [-i] ^http:// ...
+	  # regex matching on whole URL [fast]
+	acl aclname urlpath_regex [-i] \.gif$ ...
+	  # regex matching on URL path [fast]
+
+	acl aclname port 80 70 21 0-1024...   # destination TCP port [fast]
+	                                      # ranges are alloed
+	acl aclname myport 3128 ...	          # local socket TCP port [fast]
+	acl aclname myportname 3128 ...       # http(s)_port name [fast]
+
+	acl aclname proto HTTP FTP ...        # request protocol [fast]
+ 
+	acl aclname method GET POST ...       # HTTP request method [fast]
 
-	acl aclname port 80 70 21 ...
-	acl aclname port 0-1024 ...		# ranges allowed
-	acl aclname myport 3128 ...		# (local socket TCP port)
-	acl aclname myportname 3128 ...		# http(s)_port name
-
-	acl aclname proto HTTP FTP ...
-
-	acl aclname method GET POST ...
-
-	acl aclname http_status 200 301 500- 400-403 ...     # status code in reply
+	acl aclname http_status 200 301 500- 400-403 ... 
+	  # status code in reply [fast]
 
 	acl aclname browser [-i] regexp ...
-	  # pattern match on User-Agent header (see also req_header below)
+	  # pattern match on User-Agent header (see also req_header below) [fast]
 
 	acl aclname referer_regex [-i] regexp ...
-	  # pattern match on Referer header
+	  # pattern match on Referer header [fast]
 	  # Referer is highly unreliable, so use with care
 
 	acl aclname ident username ...
 	acl aclname ident_regex [-i] pattern ...
-	  # string match on ident output.
+	  # string match on ident output [slow]
 	  # use REQUIRED to accept any non-null ident.
 
 	acl aclname proxy_auth [-i] username ...
 	acl aclname proxy_auth_regex [-i] pattern ...
-	  # list of valid usernames
+	  # perform http authentication challenge to the client and match against
+	  # supplied credentials [slow]
+	  #
+	  # takes a list of allowed usernames.
 	  # use REQUIRED to accept any valid username.
 	  #
+	  # Will use proxy authentication in forward-proxy scenarios, and plain
+	  # http authenticaiton in reverse-proxy scenarios
+	  #
 	  # NOTE: when a Proxy-Authentication header is sent but it is not
 	  # needed during ACL checking the username is NOT logged
 	  # in access.log.
@@ -587,19 +610,19 @@
 	  # to respond to proxy authentication.
 
 	acl aclname snmp_community string ...
-	  # A community string to limit access to your SNMP Agent
+	  # A community string to limit access to your SNMP Agent [fast]
 	  # Example:
 	  #
 	  #	acl snmppublic snmp_community public
 
 	acl aclname maxconn number
 	  # This will be matched when the client's IP address has
-	  # more than <number> HTTP connections established.
+	  # more than <number> HTTP connections established. [fast]
 
 	acl aclname max_user_ip [-s] number
 	  # This will be matched when the user attempts to log in from more
 	  # than <number> different ip addresses. The authenticate_ip_ttl
-	  # parameter controls the timeout on the ip entries.
+	  # parameter controls the timeout on the ip entries. [fast]
 	  # If -s is specified the limit is strict, denying browsing
 	  # from any further IP addresses until the ttl has expired. Without
 	  # -s Squid will just annoy the user by "randomly" denying requests.
@@ -612,19 +635,19 @@
 	acl aclname req_mime_type [-i] mime-type ...
 	  # regex match against the mime type of the request generated
 	  # by the client. Can be used to detect file upload or some
-	  # types HTTP tunneling requests.
+	  # types HTTP tunneling requests [fast]
 	  # NOTE: This does NOT match the reply. You cannot use this
 	  # to match the returned file type.
 
 	acl aclname req_header header-name [-i] any\.regex\.here
 	  # regex match against any of the known request headers.  May be
 	  # thought of as a superset of "browser", "referer" and "mime-type"
-	  # ACLs.
+	  # ACL [fast]
 
 	acl aclname rep_mime_type [-i] mime-type ...
 	  # regex match against the mime type of the reply received by
 	  # squid. Can be used to detect file download or some
-	  # types HTTP tunneling requests.
+	  # types HTTP tunneling requests. [fast]
 	  # NOTE: This has no effect in http_access rules. It only has
 	  # effect in rules that affect the reply data stream such as
 	  # http_reply_access.
@@ -632,27 +655,27 @@
 	acl aclname rep_header header-name [-i] any\.regex\.here
 	  # regex match against any of the known reply headers. May be
 	  # thought of as a superset of "browser", "referer" and "mime-type"
-	  # ACLs.
+	  # ACLs [fast]
 
 	acl aclname external class_name [arguments...]
 	  # external ACL lookup via a helper class defined by the
-	  # external_acl_type directive.
+	  # external_acl_type directive [slow]
 
 	acl aclname user_cert attribute values...
 	  # match against attributes in a user SSL certificate
-	  # attribute is one of DN/C/O/CN/L/ST
+	  # attribute is one of DN/C/O/CN/L/ST [fast]
 
 	acl aclname ca_cert attribute values...
 	  # match against attributes a users issuing CA SSL certificate
-	  # attribute is one of DN/C/O/CN/L/ST
+	  # attribute is one of DN/C/O/CN/L/ST [fast]
 
 	acl aclname ext_user username ...
 	acl aclname ext_user_regex [-i] pattern ...
-	  # string match on username returned by external acl helper
+	  # string match on username returned by external acl helper [slow]
 	  # use REQUIRED to accept any non-null user name.
-	  #
+
 	acl aclname tag tagvalue ...
-	  # string match on tag returned by external acl helper
+	  # string match on tag returned by external acl helper [slow]
 
 Examples:
 acl macaddress arp 09:00:2b:23:45:67
@@ -722,6 +745,9 @@
 	delay_pool_uses_indirect_client and log_uses_indirect_client
 	options.
 
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
+
 	SECURITY CONSIDERATIONS:
 
 		Any host for which we follow the X-Forwarded-For header
@@ -798,6 +824,9 @@
 	good idea to have an "deny all" or "allow all" entry at the end
 	of your access lists to avoid potential confusion.
 
+	This clause supports both fast and slow acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
+
 NOCOMMENT_START
 #Recommended minimum configuration:
 #
@@ -820,6 +849,7 @@
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
 http_access allow localnet
+http_access allow localhost
 
 # And finally deny all other access to this proxy
 http_access deny all
@@ -841,6 +871,9 @@
 	If none of the access lines cause a match the opposite of the
 	last line will apply. Thus it is good practice to end the rules
 	with an "allow all" or "deny all" entry.
+
+	This clause supports both fast and slow acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 DOC_END
 
 NAME: icp_access
@@ -856,6 +889,8 @@
 
 	See http_access for details
 
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 NOCOMMENT_START
 #Allow ICP queries from local networks only
 #icp_access allow localnet
@@ -881,6 +916,8 @@
 	deny all traffic. This default may cause problems with peers
 	using the htcp or htcp-oldsquid options.
 
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 NOCOMMENT_START
 #Allow HTCP queries from local networks only
 #htcp_access allow localnet
@@ -902,6 +939,8 @@
 
 	See http_access for details
 
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 #Allow HTCP CLR requests from trusted peers
 acl htcp_clr_peer src 172.16.1.2
 htcp_clr_access allow htcp_clr_peer
@@ -924,6 +963,9 @@
 
 	By default, allow all clients who passed the http_access rules
 	to fetch MISSES from us.
+
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 DOC_END
 
 NAME: ident_lookup_access
@@ -950,6 +992,9 @@
 	Only src type ACL checks are fully supported.  A srcdomain
 	ACL might work at times, but it will not always provide
 	the correct result.
+
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 DOC_END
 
 NAME: reply_body_max_size
@@ -1038,6 +1083,10 @@
 	   accel	Accelerator mode. Also needs at least one of
 			vhost / vport / defaultsite.
 
+	   allow-direct	Allow direct forwarding in accelerator mode. Normally
+			accelerated requests are denied direct forwarding as if
+			never_direct was used.
+
 	   defaultsite=domainname
 			What to use for the Host: header if it is not present
 			in a request. Determines what site (not origin server)
@@ -1056,9 +1105,9 @@
 	   protocol=	Protocol to reconstruct accelerated requests with.
 			Defaults to http.
 
-           connection-auth[=on|off]
-                        use connection-auth=off to tell Squid to prevent 
-                        forwarding Microsoft connection oriented authentication
+	   connection-auth[=on|off]
+	                use connection-auth=off to tell Squid to prevent 
+	                forwarding Microsoft connection oriented authentication
 			(NTLM, Negotiate and Kerberos)
 
 	   disable-pmtu-discovery=
@@ -1077,7 +1126,7 @@
 			sporadically hang or never complete requests set
 			disable-pmtu-discovery option to 'transparent'.
 
-           sslBump 	Intercept each CONNECT request matching ssl_bump ACL,
+	   sslBump 	Intercept each CONNECT request matching ssl_bump ACL,
 			establish secure connection with the client and with
 			the server, decrypt HTTP messages as they pass through
 			Squid, and treat them as unencrypted HTTP messages,
@@ -1345,7 +1394,8 @@
 
         IPv6 Magic:
 
-	Squid is built with a capability of bridging the IPv4 and IPv6 internets.
+	Squid is built with a capability of bridging the IPv4 and IPv6 
+	internets.
 	tcp_outgoing_address as exampled above breaks this bridging by forcing
 	all outbound traffic through a certain IPv4 which may be on the wrong
 	side of the IPv4/IPv6 boundary.
@@ -1369,6 +1419,12 @@
 	  If peers are used the peername ACL are needed to select outgoing
 	  address which can link to the peer.
 
+	  'dst ipv6' is a slow ACL. It will only work here if 'dst' is used
+	  previously in the http_access rules to locate the destination IP.
+	  Some more magic may be needed for that:
+	    http_access allow to_ipv6 !all
+	  (meaning, allow if to IPv6 but not from anywhere ;)
+
 DOC_END
 
 COMMENT_START
@@ -1476,6 +1532,8 @@
 
 	See also: http_port sslBump
    
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 NOCOMMENT_START
 # Example: Bump all requests except those originating from localhost and 
 # those going to webax.com or example.com sites.
@@ -1519,9 +1577,9 @@
 		sslproxy_cert_error allow BrokenServersAtTrustedIP
 		sslproxy_cert_error deny all
 
-	This option must use fast ACL expressions only. Expressions that use
-	external lookups or communication result in unpredictable behavior or
-	crashes.
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
+	Using slow acl types may result in server crashes
 
 	Without this option, all server certificate validation errors
 	terminate the transaction. Bypassing validation errors is dangerous
@@ -1623,7 +1681,7 @@
 		     sslcipher=...
 		     ssloptions=...
 		     front-end-https[=on|auto]
-                     connection-auth[=on|off|auto]
+		     connection-auth[=on|off|auto]
 
 		     use 'proxy-only' to specify objects fetched
 		     from this cache should not be saved locally.
@@ -1676,11 +1734,11 @@
 		     distributed among the parents based on the CARP load
 		     balancing hash function based on their weight.
 
-                     use 'userhash' to load-balance amongst a set of parents
-                     based on the client proxy_auth or ident username.
+		     use 'userhash' to load-balance amongst a set of parents
+		     based on the client proxy_auth or ident username.
 
-                     use 'sourcehash' to load-balance amongst a set of parents
-                     based on the client source ip.
+		     use 'sourcehash' to load-balance amongst a set of parents
+		     based on the client source ip.
 
 		     'multicast-responder' indicates the named peer
 		     is a member of a multicast group.  ICP queries will
@@ -1850,12 +1908,12 @@
 		     on this header. If set to auto the header will
 		     only be added if the request is forwarded as a https://
 		     URL.
-                     
-                     use connection-auth=off to tell Squid that this peer does
-                     not support Microsoft connection oriented authentication,
-                     and any such challenges received from there should be
-                     ignored. Default is auto to automatically determine the
-                     status of the peer.
+
+		     use connection-auth=off to tell Squid that this peer does
+		     not support Microsoft connection oriented authentication,
+		     and any such challenges received from there should be
+		     ignored. Default is auto to automatically determine the
+		     status of the peer.
 DOC_END
 
 NAME: cache_peer_domain cache_host_domain
@@ -2395,6 +2453,9 @@
 	This options allows you to control which requests gets logged
 	to access.log (see access_log directive). Requests denied for
 	logging will also not be accounted for in performance counters.
+
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 DOC_END
 
 NAME: cache_store_log
@@ -2721,7 +2782,8 @@
 	translator, as the EPRT command will never be used and therefore,
 	translation of the data portion of the segments will never be needed.
 
-	When a client only expects to do two-way FTP transfers this may be useful.
+	When a client only expects to do two-way FTP transfers this may be
+	useful.
 	If squid finds that it must do a three-way FTP transfer after issuing
 	an EPSV ALL command, the FTP session will fail.
 
@@ -2739,8 +2801,9 @@
 	FTP Protocol extensions permit the use of a special "EPSV" command.
 
 	NATs may be able to put the connection on a "fast path" through the
-	translator using EPSV, as the EPRT command will never be used and therefore,
-	translation of the data portion of the segments will never be needed.
+	translator using EPSV, as the EPRT command will never be used
+	and therefore, translation of the data portion of the segments 
+	will never be needed.
 
 	Turning this OFF will prevent EPSV being attempted.
 	WARNING: Doing so will convert Squid back to the old behavior with all
@@ -2818,7 +2881,8 @@
 IFDEF: USE_ICMP
 DOC_START
 	Control whether the pinger is active at run-time.
-	Enables turning ICMP pinger on and off with a simple squid -k reconfigure.
+	Enables turning ICMP pinger on and off with a simple
+	squid -k reconfigure.
 DOC_END
 
 
@@ -2902,6 +2966,9 @@
 	If defined, this access list specifies which requests are
 	sent to the redirector processes.  By default all requests
 	are sent.
+
+	This clause supports both fast and slow acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 DOC_END
 
 NAME: url_rewrite_bypass redirector_bypass
@@ -2938,6 +3005,9 @@
 	matching the ACL should be allowed or denied into the cache.
 
 	Default is to allow all to be cached.
+
+	This clause supports both fast and slow acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 DOC_END
 
 NAME: refresh_pattern
@@ -3172,11 +3242,16 @@
 	from making Squid fetch the whole object up to that point before
 	sending anything to the client.
 
+	A value of 0 causes Squid to never fetch more than the
+	client requested. (default)
+
 	A value of -1 causes Squid to always fetch the object from the
 	beginning so it may cache the result. (2.0 style)
 
-	A value of 0 causes Squid to never fetch more than the
-	client requested. (default)
+	NP: Using -1 here will override any quick_abort settings that may
+	    otherwise apply to the range request. The range request will
+	    be fully fetched from start to finish regardless of the client
+	    actions. This affects bandwidth usage.
 DOC_END
 
 NAME: minimum_expiry_time
@@ -3279,6 +3354,9 @@
 	  forbidden by the BNF, an HTTP/1.1 client must not preface or follow
 	  a request with an extra CRLF.
 
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
+
 Example:
  acl buggy_server url_regex ^http://....
  broken_posts allow buggy_server
@@ -3940,12 +4018,12 @@
 	delay pools, one of class 2 and one of class 3, the settings above
 	and here would be:
 
-Example:
- delay_pools 4      # 4 delay pools
- delay_class 1 2    # pool 1 is a class 2 pool
- delay_class 2 3    # pool 2 is a class 3 pool
- delay_class 3 4    # pool 3 is a class 4 pool
- delay_class 4 5    # pool 4 is a class 5 pool
+	Example:
+	    delay_pools 4      # 4 delay pools
+	    delay_class 1 2    # pool 1 is a class 2 pool
+	    delay_class 2 3    # pool 2 is a class 3 pool
+	    delay_class 3 4    # pool 3 is a class 4 pool
+	    delay_class 4 5    # pool 4 is a class 5 pool
 
 	The delay pool classes are:
 
@@ -3954,13 +4032,13 @@
 
 		class 2 	Everything is limited by a single aggregate
 				bucket as well as an "individual" bucket chosen
-				from bits 25 through 32 of the IP address.
+				from bits 25 through 32 of the IPv4 address.
 
 		class 3		Everything is limited by a single aggregate
 				bucket as well as a "network" bucket chosen
 				from bits 17 through 24 of the IP address and a
 				"individual" bucket chosen from bits 17 through
-				32 of the IP address.
+				32 of the IPv4 address.
 
 		class 4		Everything in a class 3 delay pool, with an
 				additional limit on a per user basis. This
@@ -3975,6 +4053,9 @@
 		-> bits 25 through 32 are "d"
 		-> bits 17 through 24 are "c"
 		-> bits 17 through 32 are "c * 256 + d"
+
+	NOTE-2: Due to the use of bitmasks in class 2,3,4 pools they only apply to
+		IPv4 traffic. Class 1 and 5 pools may be used with IPv6 traffic.
 DOC_END
 
 NAME: delay_access
@@ -4459,6 +4540,8 @@
 
 	snmp_access allow|deny [!]aclname ...
 
+	This clause only supports fast acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 Example:
  snmp_access allow snmppublic localhost
  snmp_access deny all
@@ -5072,10 +5155,10 @@
 
 	NOTE: This directive is not related to caching. The replies
 	is cached as usual even if you use always_direct. To not cache
-	the replies see no_cache.
+	the replies see the 'cache' directive.
 
-	This option replaces some v1.1 options such as local_domain
-	and local_ip.
+	This clause supports both fast and slow acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 DOC_END
 
 NAME: never_direct
@@ -5106,8 +5189,8 @@
 		always_direct allow local-intranet
 		never_direct allow all
 
-	This option replaces some v1.1 options such as inside_firewall
-	and firewall_ip.
+	This clause supports both fast and slow acl types.
+	See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details.
 DOC_END
 
 COMMENT_START
diff -u -r -N squid-3.1.0.9/src/client_side.cc squid-3.1.0.10/src/client_side.cc
--- squid-3.1.0.9/src/client_side.cc	2009-06-26 22:35:37.000000000 +1200
+++ squid-3.1.0.10/src/client_side.cc	2009-07-18 16:16:24.000000000 +1200
@@ -2275,6 +2275,7 @@
     }
 
     request->flags.accelerated = http->flags.accel;
+    request->flags.no_direct = request->flags.accelerated ? !conn->port->allow_direct : 0;
 
     /** \par
      * If transparent or interception mode is working clone the transparent and interception flags
diff -u -r -N squid-3.1.0.9/src/client_side_reply.cc squid-3.1.0.10/src/client_side_reply.cc
--- squid-3.1.0.9/src/client_side_reply.cc	2009-06-26 22:35:37.000000000 +1200
+++ squid-3.1.0.10/src/client_side_reply.cc	2009-07-18 16:16:24.000000000 +1200
@@ -86,8 +86,9 @@
 clientReplyContext::clientReplyContext(ClientHttpRequest *clientContext) : http (cbdataReference(clientContext)), old_entry (NULL), old_sc(NULL), deleting(false)
 {}
 
-/* create an error in the store awaiting the client side to read it. */
-/* This may be better placed in the clientStream logic, but it has not been
+/** Create an error in the store awaiting the client side to read it.
+ *
+ * This may be better placed in the clientStream logic, but it has not been
  * relocated there yet
  */
 void
@@ -649,10 +650,9 @@
         return;
     }
 
-    /**
-     * Deny loops when running in accelerator/transproxy mode.
-     */
-    if (http->flags.accel && r->flags.loopdetect) {
+    /// Deny loops for accelerator and interceptor. TODO: deny in all modes?
+    if (r->flags.loopdetect &&
+        (http->flags.accel || http->flags.intercepted)) {
         http->al.http.code = HTTP_FORBIDDEN;
         err = clientBuildError(ERR_ACCESS_DENIED, HTTP_FORBIDDEN, NULL, http->getConn()->peer, http->request);
         createStoreEntry(r->method, request_flags());
@@ -1199,10 +1199,12 @@
     return result;
 }
 
-/*
- * filters out unwanted entries from original reply header
- * adds extra entries if we have more info than origin server
- * adds Squid specific entries
+/**
+ * Generate the reply headers sent to client.
+ *
+ * Filters out unwanted entries and hop-by-hop from original reply header
+ * then adds extra entries if we have more info than origin server
+ * then adds Squid specific entries
  */
 void
 clientReplyContext::buildReplyHeader()
@@ -1228,6 +1230,7 @@
 
     //    if (request->range)
     //      clientBuildRangeHeader(http, reply);
+
     /*
      * Add a estimated Age header on cache hits.
      */
@@ -1249,11 +1252,14 @@
          * the objects age, so a Age: 0 header does not add any useful
          * information to the reply in any case.
          */
-
+#if DEAD_CODE
+        // XXX: realy useless? or is there a bug now that this is detatched from the below if-sequence ?
+        // looks like this pre-if was supposed to be the browser workaround...
         if (NULL == http->storeEntry())
             (void) 0;
         else if (http->storeEntry()->timestamp < 0)
             (void) 0;
+#endif
 
         if (EBIT_TEST(http->storeEntry()->flags, ENTRY_SPECIAL)) {
             hdr->delById(HDR_DATE);
@@ -1278,7 +1284,24 @@
                 hdr->putStr(HDR_WARNING, tempbuf);
             }
         }
+    }
 
+    /* RFC 2616: Section 14.18
+     *
+     * Add a Date: header if missing.
+     * We have access to a clock therefore are required to amend any shortcoming in servers.
+     *
+     * NP: done after Age: to prevent ENTRY_SPECIAL double-handling this header.
+     */
+    if ( !hdr->has(HDR_DATE) ) {
+        if (!http->storeEntry())
+            hdr->insertTime(HDR_DATE, squid_curtime);
+        else if (http->storeEntry()->timestamp > 0)
+            hdr->insertTime(HDR_DATE, http->storeEntry()->timestamp);
+        else {
+            debugs(88,1,"WARNING: An error inside Squid has caused an HTTP reply without Date:. Please report this");
+            /* TODO: dump something useful about the problem */
+        }
     }
 
     /* Filter unproxyable authentication types */
diff -u -r -N squid-3.1.0.9/src/comm_epoll.cc squid-3.1.0.10/src/comm_epoll.cc
--- squid-3.1.0.9/src/comm_epoll.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/comm_epoll.cc	2009-07-18 16:16:24.000000000 +1200
@@ -232,7 +232,7 @@
 commIncomingStats(StoreEntry * sentry)
 {
     StatCounters *f = &statCounter;
-    storeAppendPrintf(sentry, "Total number of epoll(2) loops: %d\n", statCounter.select_loops);
+    storeAppendPrintf(sentry, "Total number of epoll(2) loops: %ld\n", statCounter.select_loops);
     storeAppendPrintf(sentry, "Histogram of returned filedescriptors\n");
     statHistDump(&f->select_fds_hist, sentry, statHistIntDumper);
 }
@@ -265,7 +265,7 @@
 
     for (;;) {
         num = epoll_wait(kdpfd, pevents, SQUID_MAXFD, msec);
-        statCounter.select_loops++;
+        ++statCounter.select_loops;
 
         if (num >= 0)
             break;
diff -u -r -N squid-3.1.0.9/src/comm_kqueue.cc squid-3.1.0.10/src/comm_kqueue.cc
--- squid-3.1.0.9/src/comm_kqueue.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/comm_kqueue.cc	2009-07-18 16:16:24.000000000 +1200
@@ -260,7 +260,7 @@
 
     for (;;) {
         num = kevent(kq, kqlst, kqoff, ke, KE_LENGTH, &poll_time);
-        statCounter.select_loops++;
+        ++statCounter.select_loops;
         kqoff = 0;
 
         if (num >= 0)
diff -u -r -N squid-3.1.0.9/src/comm_poll.cc squid-3.1.0.10/src/comm_poll.cc
--- squid-3.1.0.9/src/comm_poll.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/comm_poll.cc	2009-07-18 16:16:25.000000000 +1200
@@ -408,9 +408,9 @@
 
         for (;;) {
             PROF_start(comm_poll_normal);
-            statCounter.syscalls.selects++;
+            ++statCounter.syscalls.selects;
             num = poll(pfds, nfds, msec);
-            statCounter.select_loops++;
+            ++statCounter.select_loops;
             PROF_stop(comm_poll_normal);
 
             if (num >= 0 || npending >= 0)
diff -u -r -N squid-3.1.0.9/src/comm_select.cc squid-3.1.0.10/src/comm_select.cc
--- squid-3.1.0.9/src/comm_select.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/comm_select.cc	2009-07-18 16:16:25.000000000 +1200
@@ -441,7 +441,7 @@
             poll_time.tv_usec = (msec % 1000) * 1000;
             statCounter.syscalls.selects++;
             num = select(maxfd, &readfds, &writefds, NULL, &poll_time);
-            statCounter.select_loops++;
+            ++statCounter.select_loops;
 
             if (num >= 0 || pending > 0)
                 break;
diff -u -r -N squid-3.1.0.9/src/comm_select_win32.cc squid-3.1.0.10/src/comm_select_win32.cc
--- squid-3.1.0.9/src/comm_select_win32.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/comm_select_win32.cc	2009-07-18 16:16:25.000000000 +1200
@@ -439,9 +439,9 @@
         for (;;) {
             poll_time.tv_sec = msec / 1000;
             poll_time.tv_usec = (msec % 1000) * 1000;
-            statCounter.syscalls.selects++;
+            ++statCounter.syscalls.selects;
             num = select(maxfd, &readfds, &writefds, &errfds, &poll_time);
-            statCounter.select_loops++;
+            ++statCounter.select_loops;
 
             if (num >= 0 || pending > 0)
                 break;
diff -u -r -N squid-3.1.0.9/src/delay_pools.cc squid-3.1.0.10/src/delay_pools.cc
--- squid-3.1.0.9/src/delay_pools.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/delay_pools.cc	2009-07-18 16:16:25.000000000 +1200
@@ -159,7 +159,7 @@
 
     virtual char const *label() const = 0;
 
-    virtual unsigned int makeKey (IpAddress &src_addr) const = 0;
+    virtual unsigned int makeKey(IpAddress &src_addr) const = 0;
 
     DelaySpec spec;
 
@@ -186,13 +186,11 @@
 
 public:
     void *operator new(size_t);
-    void operator delete (void *);
+    void operator delete(void *);
 
 protected:
     virtual char const *label() const {return "Individual";}
-
-    virtual unsigned int makeKey (IpAddress &src_addr) const;
-
+    virtual unsigned int makeKey(IpAddress &src_addr) const;
 };
 
 /// \ingroup DelayPoolsInternal
@@ -205,7 +203,6 @@
 
 protected:
     virtual char const *label() const {return "Network";}
-
     virtual unsigned int makeKey (IpAddress &src_addr) const;
 };
 
@@ -293,10 +290,10 @@
 }
 
 void
-CommonPool::operator delete (void *address)
+CommonPool::operator delete(void *address)
 {
-    DelayPools::MemoryUsed -= sizeof (CommonPool);
-    ::operator delete (address);
+    DelayPools::MemoryUsed -= sizeof(CommonPool);
+    ::operator delete(address);
 }
 
 CommonPool *
@@ -322,7 +319,6 @@
             temp->push_back (new Aggregate);
             temp->push_back(new IndividualPool);
         }
-
         break;
 
     case 3:
@@ -334,7 +330,6 @@
             temp->push_back (new ClassCNetPool);
             temp->push_back (new ClassCHostPool);
         }
-
         break;
 
     case 4:
@@ -347,7 +342,6 @@
             temp->push_back (new ClassCHostPool);
             temp->push_back (new DelayUser);
         }
-
         break;
 
     case 5:
@@ -504,7 +498,6 @@
 }
 
 DelayIdComposite::Pointer
-
 Aggregate::id(CompositeSelectionDetails &details)
 {
     if (rate()->restore_bps != -1)
@@ -800,7 +793,7 @@
 VectorMap<Key,Value>::findKeyIndex (Key const key) const
 {
     for (unsigned int index = 0; index < size(); ++index) {
-        assert (indexUsed (index));
+        assert(indexUsed(index));
 
         if (key_map[index] == key)
             return index;
@@ -811,20 +804,23 @@
 }
 
 DelayIdComposite::Pointer
-
 VectorPool::id(CompositeSelectionDetails &details)
 {
     if (rate()->restore_bps == -1)
         return new NullDelayId;
 
-    unsigned int key = makeKey (details.src_addr);
+    /* non-IPv4 are not able to provide IPv4-bitmask for this pool type key. */
+    if ( !details.src_addr.IsIPv4() )
+        return new NullDelayId;
 
-    if (keyAllocated (key))
-        return new Id (this, buckets.findKeyIndex(key));
+    unsigned int key = makeKey(details.src_addr);
+
+    if (keyAllocated(key))
+        return new Id(this, buckets.findKeyIndex(key));
 
     unsigned char const resultIndex = buckets.insert(key);
 
-    buckets.values[resultIndex].init (*rate());
+    buckets.values[resultIndex].init(*rate());
 
     return new Id(this, resultIndex);
 }
@@ -837,13 +833,13 @@
 }
 
 void
-VectorPool::Id::operator delete (void *address)
+VectorPool::Id::operator delete(void *address)
 {
     DelayPools::MemoryUsed -= sizeof (Id);
     ::operator delete (address);
 }
 
-VectorPool::Id::Id (VectorPool::Pointer aPool, int anIndex) : theVector (aPool), theIndex (anIndex)
+VectorPool::Id::Id(VectorPool::Pointer aPool, int anIndex) : theVector (aPool), theIndex (anIndex)
 {}
 
 int
@@ -861,11 +857,10 @@
 unsigned int
 IndividualPool::makeKey (IpAddress &src_addr) const
 {
-    /* FIXME INET6 : IPv6 requires a 64-128 bit result from this function */
+    /* IPv4 required for this pool */
     if ( !src_addr.IsIPv4() )
         return 1;
 
-    /* Temporary bypass for IPv4-only */
     struct in_addr host;
     src_addr.GetInAddr(host);
     return (ntohl(host.s_addr) & 0xff);
@@ -888,11 +883,10 @@
 unsigned int
 ClassCNetPool::makeKey (IpAddress &src_addr) const
 {
-    /* FIXME INET6 : IPv6 requires a 64-128 bit result from this function */
+    /* IPv4 required for this pool */
     if ( !src_addr.IsIPv4() )
         return 1;
 
-    /* Temporary bypass for IPv4-only */
     struct in_addr net;
     src_addr.GetInAddr(net);
     return ( (ntohl(net.s_addr) >> 8) & 0xff);
@@ -962,7 +956,7 @@
 unsigned char
 ClassCHostPool::makeHostKey (IpAddress &src_addr) const
 {
-    /* FIXME INET6 : IPv6 requires a 64-128 bit result from this function */
+    /* IPv4 required for this pool */
     if ( !src_addr.IsIPv4() )
         return 1;
 
@@ -975,23 +969,25 @@
 unsigned int
 ClassCHostPool::makeKey (IpAddress &src_addr) const
 {
-    /* FIXME INET6 : IPv6 requires a 64-128 bit result from this function */
+    /* IPv4 required for this pool */
     if ( !src_addr.IsIPv4() )
         return 1;
 
-    /* Temporary bypass for IPv4-only */
     struct in_addr net;
     src_addr.GetInAddr(net);
     return ( (ntohl(net.s_addr) >> 8) & 0xff);
 }
 
 DelayIdComposite::Pointer
-
 ClassCHostPool::id(CompositeSelectionDetails &details)
 {
     if (rate()->restore_bps == -1)
         return new NullDelayId;
 
+    /* non-IPv4 are not able to provide IPv4-bitmask for this pool type key. */
+    if ( !details.src_addr.IsIPv4() )
+        return new NullDelayId;
+
     unsigned int key = makeKey (details.src_addr);
 
     unsigned char host = makeHostKey (details.src_addr);
diff -u -r -N squid-3.1.0.9/src/DelaySpec.cc squid-3.1.0.10/src/DelaySpec.cc
--- squid-3.1.0.9/src/DelaySpec.cc	2009-06-26 22:35:33.000000000 +1200
+++ squid-3.1.0.10/src/DelaySpec.cc	2009-07-18 16:16:16.000000000 +1200
@@ -57,35 +57,32 @@
     }
 
     storeAppendPrintf(sentry, "\t%s:\n", label);
-    storeAppendPrintf(sentry, "\t\tMax: %d\n", max_bytes);
+    storeAppendPrintf(sentry, "\t\tMax: %"PRId64"\n", max_bytes);
     storeAppendPrintf(sentry, "\t\tRestore: %d\n", restore_bps);
 }
 
 void
 DelaySpec::dump (StoreEntry *entry) const
 {
-    storeAppendPrintf(entry, " %d/%d", restore_bps, max_bytes);
+    storeAppendPrintf(entry, " %d/%"PRId64"", restore_bps, max_bytes);
 }
 
 void
 DelaySpec::parse()
 {
-    int i;
+    int r;
     char *token;
     token = strtok(NULL, "/");
 
     if (token == NULL)
         self_destruct();
 
-    if (sscanf(token, "%d", &i) != 1)
+    if (sscanf(token, "%d", &r) != 1)
         self_destruct();
 
-    restore_bps = i;
+    restore_bps = r;
 
-    i = GetInteger();
-
-    max_bytes = i;
+    max_bytes = GetInteger64();
 }
 
 #endif
-
diff -u -r -N squid-3.1.0.9/src/DelaySpec.h squid-3.1.0.10/src/DelaySpec.h
--- squid-3.1.0.9/src/DelaySpec.h	2009-06-26 22:35:33.000000000 +1200
+++ squid-3.1.0.10/src/DelaySpec.h	2009-07-18 16:16:16.000000000 +1200
@@ -32,6 +32,9 @@
 #ifndef SQUID_DELAYSPEC_H
 #define SQUID_DELAYSPEC_H
 
+/* for int64_t definition */
+#include "config.h"
+
 class StoreEntry;
 
 /// \ingroup DelyPoolsAPI
@@ -44,7 +47,7 @@
     void dump(StoreEntry *) const;
     void parse();
     int restore_bps;
-    int max_bytes;
+    int64_t max_bytes;
 };
 
 #endif /* SQUID_DELAYSPEC_H */
diff -u -r -N squid-3.1.0.9/src/DelayUser.cc squid-3.1.0.10/src/DelayUser.cc
--- squid-3.1.0.9/src/DelayUser.cc	2009-06-26 22:35:33.000000000 +1200
+++ squid-3.1.0.10/src/DelayUser.cc	2009-07-18 16:16:16.000000000 +1200
@@ -77,6 +77,10 @@
 int
 DelayUserCmp(DelayUserBucket::Pointer const &left, DelayUserBucket::Pointer const &right)
 {
+    /* Verify for re-currance of Bug 2127. either of these missing will crash strcasecmp() */
+    assert(left->authUser->username() != NULL);
+    assert(right->authUser->username() != NULL);
+
     /* for rate limiting, case insensitive */
     return strcasecmp(left->authUser->username(), right->authUser->username());
 }
@@ -147,9 +151,10 @@
 DelayIdComposite::Pointer
 DelayUser::id(CompositePoolNode::CompositeSelectionDetails &details)
 {
-    if (!details.user)
+    if (!details.user || !details.user->user() || !details.user->user()->username())
         return new NullDelayId;
 
+    debugs(77, 3, HERE << "Adding a slow-down for User '" << details.user->user()->username() << "'");
     return new Id(this, details.user->user());
 }
 
diff -u -r -N squid-3.1.0.9/src/esi/Esi.cc squid-3.1.0.10/src/esi/Esi.cc
--- squid-3.1.0.9/src/esi/Esi.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/esi/Esi.cc	2009-07-18 16:16:25.000000000 +1200
@@ -1028,10 +1028,19 @@
             assert (xstrncpy (pos, attr[i], sizeof(localbuf) + (pos - localbuf)));
             pos += strlen (pos);
             *pos++ = '=';
-            *pos++ = '\'';
-            assert (xstrncpy (pos, attr[i + 1], sizeof(localbuf) + (pos - localbuf)));
+            *pos++ = '\"';
+            const char *chPtr = attr[i + 1];
+            char ch;
+            while ((ch = *chPtr++) != '\0') {
+                if (ch == '\"') {
+                    assert( xstrncpy(pos, "&quot;", sizeof(localbuf) + (pos-localbuf)) );
+                    pos += 6;
+                } else {
+                    *(pos++) = ch;
+                }
+            }
             pos += strlen (pos);
-            *pos++ = '\'';
+            *pos++ = '\"';
         }
 
         *pos++ = '>';
diff -u -r -N squid-3.1.0.9/src/forward.cc squid-3.1.0.10/src/forward.cc
--- squid-3.1.0.9/src/forward.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/forward.cc	2009-07-18 16:16:26.000000000 +1200
@@ -812,10 +812,12 @@
             if (pinned_connection->pinnedAuth())
                 request->flags.auth = 1;
             comm_add_close_handler(fd, fwdServerClosedWrapper, this);
+            updateHierarchyInfo();
             connectDone(fd, COMM_OK, 0);
             return;
         }
         /* Failure. Fall back on next path */
+        debugs(17,2,HERE << " Pinned connection " << pinned_connection << " not valid. Releasing.");
         request->releasePinnedConnection();
         servers = fs->next;
         fwdServerFree(fs);
@@ -851,7 +853,6 @@
 
 #if URL_CHECKSUM_DEBUG
     entry->mem_obj->checkUrlChecksum();
-
 #endif
 
     outgoing = getOutgoingAddr(request, fs->_peer);
@@ -1260,9 +1261,6 @@
 It does not matter from a functional perspective if it gets called a few
 times more than what is really needed, but calling it too often may
 obviously hurt performance.
-
-\todo Current code looks fine, even if using !fs->_peer as condition
-instead of HIER_DIRECT would be clearer.
 */
 // updates HierarchyLogEntry, guessing nextHop and its format
 void
diff -u -r -N squid-3.1.0.9/src/ftp.cc squid-3.1.0.10/src/ftp.cc
--- squid-3.1.0.9/src/ftp.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/ftp.cc	2009-07-18 16:16:26.000000000 +1200
@@ -93,13 +93,21 @@
 
 /// \ingroup ServerProtocolFTPInternal
 struct _ftp_flags {
+
+    /* passive mode */
+    bool pasv_supported;  ///< PASV command is allowed
+    bool epsv_all_sent;   ///< EPSV ALL has been used. Must abort on failures.
+    bool pasv_only;
+
+    /* authentication */
+    bool authenticated;         ///< authentication success
+    bool tried_auth_anonymous;  ///< auth has tried to use anonymous credentials already.
+    bool tried_auth_nopass;     ///< auth tried username with no password already.
+
+    /* other */
     bool isdir;
-    bool pasv_supported;
-    bool epsv_all_sent;
     bool skip_whitespace;
     bool rest_supported;
-    bool pasv_only;
-    bool authenticated;
     bool http_header_sent;
     bool tried_nlst;
     bool need_base_href;
@@ -1432,6 +1440,9 @@
  *
  * Special Case: A username-only may be provided in the URL and password in the HTTP headers.
  *
+ * TODO: we might be able to do something about locating username from other sources:
+ *       ie, external ACL user=* tag or ident lookup
+ *
  \retval 1	if we have everything needed to complete this request.
  \retval 0	if something is missing.
  */
@@ -1464,10 +1475,16 @@
     /* Setup default FTP password settings */
     /* this has to be done last so that we can have a no-password case above. */
     if (!password[0]) {
-        if (strcmp(user, "anonymous") == 0)
+        if (strcmp(user, "anonymous") == 0 && !flags.tried_auth_anonymous) {
             xstrncpy(password, Config.Ftp.anon_user, MAX_URL);
-        else
+            flags.tried_auth_anonymous=1;
+            return 1;
+        }
+        else if (!flags.tried_auth_nopass) {
             xstrncpy(password, null_string, MAX_URL);
+            flags.tried_auth_nopass=1;
+            return 1;
+        }
     }
 
     return 0;			/* different username */
diff -u -r -N squid-3.1.0.9/src/helper.cc squid-3.1.0.10/src/helper.cc
--- squid-3.1.0.9/src/helper.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/helper.cc	2009-07-18 16:16:27.000000000 +1200
@@ -103,7 +103,7 @@
         shortname = xstrdup(progname);
 
     /* dont ever start more than hlp->n_to_start processes. */
-    int need_new = hlp->n_to_start - hlp->n_running;
+    int need_new = hlp->n_to_start - hlp->n_active;
 
     debugs(84, 1, "helperOpenServers: Starting " << need_new << "/" << hlp->n_to_start << " '" << shortname << "' processes");
 
@@ -209,7 +209,8 @@
         shortname = xstrdup(progname);
 
     /* dont ever start more than hlp->n_to_start processes. */
-    int need_new = hlp->n_to_start - hlp->n_running;
+    /* n_active are the helpers which have not been shut down. */
+    int need_new = hlp->n_to_start - hlp->n_active;
 
     debugs(84, 1, "helperOpenServers: Starting " << need_new << "/" << hlp->n_to_start << " '" << shortname << "' processes");
 
@@ -545,8 +546,8 @@
 
     storeAppendPrintf(sentry, "program: %s\n",
                       hlp->cmdline->key);
-    storeAppendPrintf(sentry, "number running: %d of %d\n",
-                      hlp->n_running, hlp->n_to_start);
+    storeAppendPrintf(sentry, "number active: %d of %d (%d shutting down)\n",
+                      hlp->n_active, hlp->n_to_start, (hlp->n_running - hlp->n_active) );
     storeAppendPrintf(sentry, "requests sent: %d\n",
                       hlp->stats.requests);
     storeAppendPrintf(sentry, "replies received: %d\n",
@@ -587,7 +588,7 @@
     storeAppendPrintf(sentry, "   B = BUSY\n");
     storeAppendPrintf(sentry, "   W = WRITING\n");
     storeAppendPrintf(sentry, "   C = CLOSING\n");
-    storeAppendPrintf(sentry, "   S = SHUTDOWN\n");
+    storeAppendPrintf(sentry, "   S = SHUTDOWN PENDING\n");
 }
 
 void
@@ -598,8 +599,8 @@
 
     storeAppendPrintf(sentry, "program: %s\n",
                       hlp->cmdline->key);
-    storeAppendPrintf(sentry, "number running: %d of %d\n",
-                      hlp->n_running, hlp->n_to_start);
+    storeAppendPrintf(sentry, "number active: %d of %d (%d shutting down)\n",
+                      hlp->n_active, hlp->n_to_start, (hlp->n_running - hlp->n_active) );
     storeAppendPrintf(sentry, "requests sent: %d\n",
                       hlp->stats.requests);
     storeAppendPrintf(sentry, "replies received: %d\n",
@@ -644,7 +645,7 @@
     storeAppendPrintf(sentry, "   B = BUSY\n");
     storeAppendPrintf(sentry, "   C = CLOSING\n");
     storeAppendPrintf(sentry, "   R = RESERVED or DEFERRED\n");
-    storeAppendPrintf(sentry, "   S = SHUTDOWN\n");
+    storeAppendPrintf(sentry, "   S = SHUTDOWN PENDING\n");
     storeAppendPrintf(sentry, "   P = PLACEHOLDER\n");
 }
 
@@ -671,7 +672,6 @@
 
         hlp->n_active--;
         assert(hlp->n_active >= 0);
-
         srv->flags.shutdown = 1;	/* request it to shut itself down */
 
         if (srv->flags.closing) {
diff -u -r -N squid-3.1.0.9/src/helper.h squid-3.1.0.10/src/helper.h
--- squid-3.1.0.9/src/helper.h	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/helper.h	2009-07-18 16:16:27.000000000 +1200
@@ -58,9 +58,9 @@
     dlink_list servers;
     dlink_list queue;
     const char *id_name;
-    int n_to_start;
-    int n_running;
-    int n_active;
+    int n_to_start;           ///< Configuration setting of how many helper children should be running
+    int n_running;            ///< Total helper children objects currently existing
+    int n_active;             ///< Count of helper children active (not shutting down)
     int ipc_type;
     IpAddress addr;
     unsigned int concurrency;
@@ -80,9 +80,9 @@
     dlink_list servers;
     dlink_list queue;
     const char *id_name;
-    int n_to_start;
-    int n_running;
-    int n_active;
+    int n_to_start;           ///< Configuration setting of how many helper children should be running
+    int n_running;            ///< Total helper children objects currently existing
+    int n_active;             ///< Count of helper children active (not shutting down)
     int ipc_type;
     IpAddress addr;
     MemAllocator *datapool;
diff -u -r -N squid-3.1.0.9/src/http.cc squid-3.1.0.10/src/http.cc
--- squid-3.1.0.9/src/http.cc	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/http.cc	2009-07-18 16:16:27.000000000 +1200
@@ -76,7 +76,8 @@
         HttpHeader * hdr_out, const int we_do_ranges, const http_state_flags);
 
 HttpStateData::HttpStateData(FwdState *theFwdState) : AsyncJob("HttpStateData"), ServerStateData(theFwdState),
-        lastChunk(0), header_bytes_read(0), reply_bytes_read(0), httpChunkDecoder(NULL)
+    lastChunk(0), header_bytes_read(0), reply_bytes_read(0),
+    body_bytes_truncated(0), httpChunkDecoder(NULL)
 {
     debugs(11,5,HERE << "HttpStateData " << this << " created");
     ignoreCacheControl = false;
@@ -976,6 +977,9 @@
 
         if (body_bytes_read < vrep->content_length)
             return INCOMPLETE_MSG;
+
+        if (body_bytes_truncated > 0) // already read more than needed
+            return COMPLETE_NONPERSISTENT_MSG; // disable pconns
     }
 
     /** \par
@@ -1160,6 +1164,33 @@
     return false; // quit on error
 }
 
+/** truncate what we read if we read too much so that writeReplyBody()
+    writes no more than what we should have read */
+void
+HttpStateData::truncateVirginBody()
+{
+    assert(flags.headers_parsed);
+
+    HttpReply *vrep = virginReply();
+    int64_t clen = -1;
+    if (!vrep->expectingBody(request->method, clen) || clen < 0)
+        return; // no body or a body of unknown size, including chunked
+
+    const int64_t body_bytes_read = reply_bytes_read - header_bytes_read;
+    if (body_bytes_read - body_bytes_truncated <= clen) 
+        return; // we did not read too much or already took care of the extras
+
+    if (const int64_t extras = body_bytes_read - body_bytes_truncated - clen) {
+        // server sent more that the advertised content length
+        debugs(11,5, HERE << "body_bytes_read=" << body_bytes_read << 
+            " clen=" << clen << '/' << vrep->content_length <<
+            " body_bytes_truncated=" << body_bytes_truncated << '+' << extras);
+
+        readBuf->truncate(extras);
+        body_bytes_truncated += extras;
+    }
+}
+
 /**
  * Call this when there is data from the origin server
  * which should be sent to either StoreEntry, or to ICAP...
@@ -1167,6 +1198,7 @@
 void
 HttpStateData::writeReplyBody()
 {
+    truncateVirginBody(); // if needed
     const char *data = readBuf->content();
     int len = readBuf->contentSize();
     addVirginReplyBody(data, len);
@@ -1217,6 +1249,7 @@
     }
 
 #if USE_ADAPTATION
+    debugs(11,5, HERE << "adaptationAccessCheckPending=" << adaptationAccessCheckPending);
     if (adaptationAccessCheckPending)
         return;
 
@@ -1419,7 +1452,6 @@
     LOCAL_ARRAY(char, ntoabuf, MAX_IPSTRLEN);
     const HttpHeader *hdr_in = &orig_request->header;
     const HttpHeaderEntry *e = NULL;
-    String strFwd;
     HttpHeaderPos pos = HttpHeaderInitPos;
     assert (hdr_out->owner == hoRequest);
 
@@ -1469,24 +1501,35 @@
     }
 #endif
 
-    strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
-
     /** \pre Handle X-Forwarded-For */
     if (strcmp(opt_forwarded_for, "delete") != 0) {
+
+        String strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
+
+        if (strFwd.size() > 65536/2) {
+            // There is probably a forwarding loop with Via detection disabled.
+            // If we do nothing, String will assert on overflow soon.
+            // TODO: Terminate all transactions with huge XFF?
+            strFwd = "error";
+
+            static int warnedCount = 0;
+            if (warnedCount++ < 100) {
+                const char *url = entry ? entry->url() : urlCanonical(orig_request);
+                debugs(11, 1, "Warning: likely forwarding loop with " << url);
+            }
+        }
+
         if (strcmp(opt_forwarded_for, "on") == 0) {
             /** If set to ON - append client IP or 'unknown'. */
-            strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
             if ( orig_request->client_addr.IsNoAddr() )
                 strListAdd(&strFwd, "unknown", ',');
             else
                 strListAdd(&strFwd, orig_request->client_addr.NtoA(ntoabuf, MAX_IPSTRLEN), ',');
         } else if (strcmp(opt_forwarded_for, "off") == 0) {
             /** If set to OFF - append 'unknown'. */
-            strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
             strListAdd(&strFwd, "unknown", ',');
         } else if (strcmp(opt_forwarded_for, "transparent") == 0) {
             /** If set to TRANSPARENT - pass through unchanged. */
-            strFwd = hdr_in->getList(HDR_X_FORWARDED_FOR);
         } else if (strcmp(opt_forwarded_for, "truncate") == 0) {
             /** If set to TRUNCATE - drop existing list and replace with client IP or 'unknown'. */
             if ( orig_request->client_addr.IsNoAddr() )
@@ -1498,7 +1541,6 @@
             hdr_out->putStr(HDR_X_FORWARDED_FOR, strFwd.termedBuf());
     }
     /** If set to DELETE - do not copy through. */
-    strFwd.clean();
 
     /* append Host if not there already */
     if (!hdr_out->has(HDR_HOST)) {
diff -u -r -N squid-3.1.0.9/src/http.h squid-3.1.0.10/src/http.h
--- squid-3.1.0.9/src/http.h	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/http.h	2009-07-18 16:16:27.000000000 +1200
@@ -71,6 +71,7 @@
     size_t read_sz;
     int header_bytes_read;	// to find end of response,
     int reply_bytes_read;	// without relying on StoreEntry
+    int body_bytes_truncated; // positive when we read more than we wanted
     MemBuf *readBuf;
     bool ignoreCacheControl;
     bool surrogateNoStore;
@@ -93,6 +94,7 @@
     void checkDateSkew(HttpReply *);
 
     bool continueAfterParsingHeader();
+    void truncateVirginBody();
 
     virtual void haveParsedReplyHeaders();
     virtual void closeServer(); // end communication with the server
diff -u -r -N squid-3.1.0.9/src/ip/IpAddress.h squid-3.1.0.10/src/ip/IpAddress.h
--- squid-3.1.0.9/src/ip/IpAddress.h	2009-06-26 22:35:38.000000000 +1200
+++ squid-3.1.0.10/src/ip/IpAddress.h	2009-07-18 16:16:27.000000000 +1200
@@ -73,7 +73,7 @@
  * UPDATE: OpenBSD 4.3 has the same.
  * UPDATE: MacOSX has the same.
  */
-#if USE_IPV6 && ( defined(_SQUID_FREEBSD_) || defined(_SQUID_OPENBSD_) || defined(_SQUID_APPLE_))
+#if USE_IPV6 && ( defined(_SQUID_FREEBSD_) || defined(_SQUID_OPENBSD_) || defined(_SQUID_APPLE_) || defined(_SQUID_NETBSD_))
 //#define s6_addr8  __u6_addr.__u6_addr8
 //#define s6_addr16 __u6_addr.__u6_addr16
 #define s6_addr32 __u6_addr.__u6_addr32
diff -u -r -N squid-3.1.0.9/src/main.cc squid-3.1.0.10/src/main.cc
--- squid-3.1.0.9/src/main.cc	2009-06-26 22:35:39.000000000 +1200
+++ squid-3.1.0.10/src/main.cc	2009-07-18 16:16:27.000000000 +1200
@@ -709,7 +709,13 @@
 
     errorClean();
     enter_suid();		/* root to read config file */
+
+    // we may have disabled the need for PURGE
+    if(Config2.onoff.enable_purge)
+        Config2.onoff.enable_purge = 2;
+
     parseConfigFile(ConfigFile);
+
     setUmask(Config.umask);
     Mem::Report();
     setEffectiveUser();
diff -u -r -N squid-3.1.0.9/src/MemBuf.cc squid-3.1.0.10/src/MemBuf.cc
--- squid-3.1.0.9/src/MemBuf.cc	2009-06-26 22:35:33.000000000 +1200
+++ squid-3.1.0.10/src/MemBuf.cc	2009-07-18 16:16:18.000000000 +1200
@@ -226,6 +226,15 @@
     PROF_stop(MemBuf_consume);
 }
 
+// removes last tailSize bytes
+void MemBuf::truncate(mb_size_t tailSize)
+{
+    const mb_size_t cSize = contentSize();
+    assert(0 <= tailSize && tailSize <= cSize);
+    assert(!stolen); /* not frozen */
+    size -= tailSize;
+}
+
 /**
  * calls memcpy, appends exactly size bytes,
  * extends buffer or creates buffer if needed.
diff -u -r -N squid-3.1.0.9/src/MemBuf.h squid-3.1.0.10/src/MemBuf.h
--- squid-3.1.0.9/src/MemBuf.h	2009-06-26 22:35:33.000000000 +1200
+++ squid-3.1.0.10/src/MemBuf.h	2009-07-18 16:16:18.000000000 +1200
@@ -85,6 +85,7 @@
     void consume(mb_size_t sz);  // removes sz bytes, moving content left
     void append(const char *c, mb_size_t sz); // grows if needed and possible
     void appended(mb_size_t sz); // updates content size after external append
+    void truncate(mb_size_t sz);  // removes sz last bytes
 
     void terminate(); // zero-terminates the buffer w/o increasing contentSize
 
diff -u -r -N squid-3.1.0.9/src/Parsing.cc squid-3.1.0.10/src/Parsing.cc
--- squid-3.1.0.9/src/Parsing.cc	2009-06-26 22:35:34.000000000 +1200
+++ squid-3.1.0.10/src/Parsing.cc	2009-07-18 16:16:18.000000000 +1200
@@ -80,6 +80,20 @@
     return port;
 }
 
+int64_t
+GetInteger64(void)
+{
+    char *token = strtok(NULL, w_space);
+    int i;
+
+    if (token == NULL)
+        self_destruct();
+
+    i = strtoll(token, NULL, 10);
+
+    return i;
+}
+
 int
 GetInteger(void)
 {
diff -u -r -N squid-3.1.0.9/src/Parsing.h squid-3.1.0.10/src/Parsing.h
--- squid-3.1.0.9/src/Parsing.h	2009-06-26 22:35:34.000000000 +1200
+++ squid-3.1.0.10/src/Parsing.h	2009-07-18 16:16:18.000000000 +1200
@@ -42,7 +42,18 @@
 extern int xatoi(const char *token);
 extern long xatol(const char *token);
 extern unsigned short xatos(const char *token);
+
+/**
+ * Parse a 64-bit integer value.
+ */
+extern int64_t GetInteger64(void);
+
+/**
+ * Parses an integer value.
+ * Uses a method that obeys hexadecimal 0xN syntax needed for certain bitmasks.
+ */
 extern int GetInteger(void);
+
 extern u_short GetShort(void);
 
 // on success, returns true and sets *p (if any) to the end of the integer
diff -u -r -N squid-3.1.0.9/src/peer_select.cc squid-3.1.0.10/src/peer_select.cc
--- squid-3.1.0.9/src/peer_select.cc	2009-06-26 22:35:39.000000000 +1200
+++ squid-3.1.0.10/src/peer_select.cc	2009-07-18 16:16:27.000000000 +1200
@@ -315,7 +315,7 @@
         } else if (ps->never_direct > 0) {
             /** if always_direct says NO, do that. */
             ps->direct = DIRECT_NO;
-        } else if (request->flags.accelerated) {
+        } else if (request->flags.no_direct) {
             /** if we are accelerating, direct is not an option. */
             ps->direct = DIRECT_NO;
         } else if (request->flags.loopdetect) {
diff -u -r -N squid-3.1.0.9/src/ProtoPort.h squid-3.1.0.10/src/ProtoPort.h
--- squid-3.1.0.9/src/ProtoPort.h	2009-06-26 22:35:34.000000000 +1200
+++ squid-3.1.0.10/src/ProtoPort.h	2009-07-18 16:16:18.000000000 +1200
@@ -21,6 +21,7 @@
     unsigned int intercepted:1;        /**< intercepting proxy port */
     unsigned int spoof_client_ip:1;    /**< spoof client ip if possible */
     unsigned int accel:1;              /**< HTTP accelerator */
+    unsigned int allow_direct:1;       /**< Allow direct forwarding in accelerator mode */
     unsigned int vhost:1;              /**< uses host header */
     unsigned int sslBump:1;            /**< intercepts CONNECT requests */
 
diff -u -r -N squid-3.1.0.9/src/Server.cc squid-3.1.0.10/src/Server.cc
--- squid-3.1.0.9/src/Server.cc	2009-06-26 22:35:36.000000000 +1200
+++ squid-3.1.0.10/src/Server.cc	2009-07-18 16:16:18.000000000 +1200
@@ -820,6 +820,7 @@
     adaptationAccessCheckPending = Adaptation::AccessCheck::Start(
                                        Adaptation::methodRespmod, Adaptation::pointPreCache,
                                        request, virginReply(), adaptationAclCheckDoneWrapper, this);
+    debugs(11,5, HERE << "adaptationAccessCheckPending=" << adaptationAccessCheckPending);
     if (adaptationAccessCheckPending)
         return;
 #endif
diff -u -r -N squid-3.1.0.9/src/stat.cc squid-3.1.0.10/src/stat.cc
--- squid-3.1.0.9/src/stat.cc	2009-06-26 22:35:39.000000000 +1200
+++ squid-3.1.0.10/src/stat.cc	2009-07-18 16:16:27.000000000 +1200
@@ -514,7 +514,7 @@
     storeAppendPrintf(sentry, "\tAverage ICP messages per minute since start:\t%.1f\n",
                       (statCounter.icp.pkts_sent + statCounter.icp.pkts_recv) / (runtime / 60.0));
 
-    storeAppendPrintf(sentry, "\tSelect loop called: %d times, %0.3f ms avg\n",
+    storeAppendPrintf(sentry, "\tSelect loop called: %ld times, %0.3f ms avg\n",
                       statCounter.select_loops, 1000.0 * runtime / statCounter.select_loops);
 
     storeAppendPrintf(sentry, "Cache information for %s:\n",APP_SHORTNAME);
@@ -1367,7 +1367,7 @@
                       f->unlink.requests);
     storeAppendPrintf(sentry, "page_faults = %d\n",
                       f->page_faults);
-    storeAppendPrintf(sentry, "select_loops = %d\n",
+    storeAppendPrintf(sentry, "select_loops = %ld\n",
                       f->select_loops);
     storeAppendPrintf(sentry, "cpu_time = %f\n",
                       f->cputime);
diff -u -r -N squid-3.1.0.9/src/store_client.cc squid-3.1.0.10/src/store_client.cc
--- squid-3.1.0.9/src/store_client.cc	2009-06-26 22:35:39.000000000 +1200
+++ squid-3.1.0.10/src/store_client.cc	2009-07-18 16:16:27.000000000 +1200
@@ -769,6 +769,12 @@
         return 0;
     }
 
+    if ( Config.rangeOffsetLimit < 0 && mem->request && mem->request->range ) {
+        /* Don't abort if the admin has configured range_ofset -1 to download fully for caching. */
+        debugs(90, 3, "CheckQuickAbort2: NO admin configured range replies to full-download");
+        return 0;
+    }
+
     if (curlen > expectlen) {
         debugs(90, 3, "CheckQuickAbort2: YES bad content length");
         return 1;
diff -u -r -N squid-3.1.0.9/src/String.cc squid-3.1.0.10/src/String.cc
--- squid-3.1.0.9/src/String.cc	2009-06-26 22:35:36.000000000 +1200
+++ squid-3.1.0.10/src/String.cc	2009-07-18 16:16:22.000000000 +1200
@@ -193,6 +193,7 @@
     } else {
         // Create a temporary string and absorb it later.
         String snew;
+        assert(len_ + len < 65536); // otherwise snew.len_ overflows below
         snew.len_ = len_ + len;
         snew.allocBuffer(snew.len_ + 1);
 
diff -u -r -N squid-3.1.0.9/src/structs.h squid-3.1.0.10/src/structs.h
--- squid-3.1.0.9/src/structs.h	2009-06-26 22:35:39.000000000 +1200
+++ squid-3.1.0.10/src/structs.h	2009-07-18 16:16:27.000000000 +1200
@@ -1027,6 +1027,7 @@
     unsigned int connection_proxy_auth:1; /** Request wants connection oriented auth */
     unsigned int pinned:1;      /* Request sent on a pinned connection */
     unsigned int auth_sent:1;   /* Authentication forwarded */
+    unsigned int no_direct:1;	/* Deny direct forwarding unless overriden by always_direct. Used in accelerator mode */
 
     // When adding new flags, please update cloneAdaptationImmune() as needed.
 
@@ -1190,7 +1191,7 @@
         int times_used;
     } netdb;
     int page_faults;
-    int select_loops;
+    unsigned long int select_loops;
     int select_fds;
     double select_time;
     double cputime;
diff -u -r -N squid-3.1.0.9/src/TextException.cc squid-3.1.0.10/src/TextException.cc
--- squid-3.1.0.9/src/TextException.cc	2009-06-26 22:35:36.000000000 +1200
+++ squid-3.1.0.10/src/TextException.cc	2009-07-18 16:16:22.000000000 +1200
@@ -1,13 +1,36 @@
 #include "squid.h"
 #include "TextException.h"
 
+TextException::TextException()
+{
+	message=NULL;
+	theFileName=NULL;
+	theLineNo=0;
+}
+
+TextException::TextException(const TextException& right) :
+	message((right.message?xstrdup(right.message):NULL)), theFileName(right.theFileName), theLineNo(right.theLineNo)
+{
+}
+
 TextException::TextException(const char *aMsg, const char *aFileName, int aLineNo):
         message(xstrdup(aMsg)), theFileName(aFileName), theLineNo(aLineNo)
 {}
 
 TextException::~TextException() throw()
 {
-    xfree(message);
+    if(message) xfree(message);
+}
+
+TextException& TextException::operator=(const TextException &right)
+{
+	if(this==&right) return *this;
+	if(message) xfree(message);
+    message=(right.message?xstrdup(right.message):NULL);
+    theFileName=right.theFileName;
+    theLineNo=right.theLineNo;
+
+	return *this;	
 }
 
 const char *TextException::what() const throw()
diff -u -r -N squid-3.1.0.9/src/TextException.h squid-3.1.0.10/src/TextException.h
--- squid-3.1.0.9/src/TextException.h	2009-06-26 22:35:36.000000000 +1200
+++ squid-3.1.0.10/src/TextException.h	2009-07-18 16:16:22.000000000 +1200
@@ -13,11 +13,15 @@
 {
 
 public:
+    TextException();
     TextException(const char *aMessage, const char *aFileName = 0, int aLineNo = -1);
+    TextException(const TextException& right);
     virtual ~TextException() throw();
 
     virtual const char *what() const throw();
 
+	TextException& operator=(const TextException &right);
+
 public:
     char *message; // read-only
 
diff -u -r -N squid-3.1.0.9/src/wccp2.cc squid-3.1.0.10/src/wccp2.cc
--- squid-3.1.0.9/src/wccp2.cc	2009-06-26 22:35:39.000000000 +1200
+++ squid-3.1.0.10/src/wccp2.cc	2009-07-18 16:16:28.000000000 +1200
@@ -200,8 +200,7 @@
 struct wccp2_cache_identity_info_t {
     struct in_addr addr;
     uint16_t hash_revision;
-    char bits[2];
-//    uint16_t bits;
+    uint16_t bits;
 //#define WCCP2_HASH_ASSIGNMENT_DATA  0x0
 
     /* 5.7.2 Hash Assignment Data Element */
@@ -241,7 +240,7 @@
     struct in_addr addr;
     uint16_t hash_revision;
     uint16_t bits;
-#define WCCP2_MASK_ASSIGNMENT_DATA  (0x1 <<14)
+#define WCCP2_MASK_ASSIGNMENT_DATA  (0x2)
 
     /* Sect 5.7.2 Mask Assignment Data Element
      *
@@ -796,7 +795,7 @@
             wccp2_mask_identity_info.cache_identity_type = htons(WCCP2_WC_ID_INFO);
             wccp2_mask_identity_info.cache_identity_length = htons(sizeof(wccp2_mask_identity_info.cache_identity));
             memset(&wccp2_mask_identity_info.cache_identity.addr, '\0', sizeof(struct in_addr));
-            wccp2_mask_identity_info.cache_identity.bits = WCCP2_MASK_ASSIGNMENT_DATA; // num1 = htonl(2);
+            wccp2_mask_identity_info.cache_identity.bits = htons(WCCP2_MASK_ASSIGNMENT_DATA);
             wccp2_mask_identity_info.cache_identity.mask_element_count = htonl(1);
             service_flags = ntohl(service_list_ptr->service_info->service_flags);
 
diff -u -r -N squid-3.1.0.9/tools/Makefile.am squid-3.1.0.10/tools/Makefile.am
--- squid-3.1.0.9/tools/Makefile.am	2009-06-26 22:35:40.000000000 +1200
+++ squid-3.1.0.10/tools/Makefile.am	2009-07-18 16:16:28.000000000 +1200
@@ -20,6 +20,9 @@
 libexec_PROGRAMS = \
 	cachemgr$(CGIEXT)
 
+man_MANS = \
+	squidclient.1
+
 DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf
 
 squidclient_SOURCES = squidclient.cc
@@ -33,7 +36,8 @@
 	$(XTRA_LIBS)
 
 EXTRA_DIST = \
-	cachemgr.conf
+	cachemgr.conf \
+	squidclient.1
 
 $(OBJS): $(top_srcdir)/include/version.h ../include/autoconf.h
 
diff -u -r -N squid-3.1.0.9/tools/Makefile.in squid-3.1.0.10/tools/Makefile.in
--- squid-3.1.0.9/tools/Makefile.in	2009-06-26 22:36:00.000000000 +1200
+++ squid-3.1.0.10/tools/Makefile.in	2009-07-18 16:16:50.000000000 +1200
@@ -53,7 +53,8 @@
 mkinstalldirs = $(install_sh) -d
 CONFIG_HEADER = $(top_builddir)/include/autoconf.h
 CONFIG_CLEAN_FILES =
-am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" \
+	"$(DESTDIR)$(man1dir)"
 binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
 PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
@@ -93,6 +94,9 @@
 	install-pdf-recursive install-ps-recursive install-recursive \
 	installcheck-recursive installdirs-recursive pdf-recursive \
 	ps-recursive uninstall-recursive
+man1dir = $(mandir)/man1
+NROFF = nroff
+MANS = $(man_MANS)
 RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
   distclean-recursive maintainer-clean-recursive
 ETAGS = etags
@@ -279,6 +283,9 @@
 	-I$(top_builddir)/include @SQUID_CPPUNIT_INC@ -I$(srcdir)
 AUTOMAKE_OPTIONS = subdir-objects
 SUBDIRS = 
+man_MANS = \
+	squidclient.1
+
 DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/cachemgr.conf
 squidclient_SOURCES = squidclient.cc
 cachemgr__CGIEXT__SOURCES = cachemgr.cc
@@ -290,7 +297,8 @@
 	$(XTRA_LIBS)
 
 EXTRA_DIST = \
-	cachemgr.conf
+	cachemgr.conf \
+	squidclient.1
 
 DISTCLEANFILES = 
 all: all-recursive
@@ -448,6 +456,51 @@
 
 clean-libtool:
 	-rm -rf .libs _libs
+install-man1: $(man1_MANS) $(man_MANS)
+	@$(NORMAL_INSTALL)
+	test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
+	  else file=$$i; fi; \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    1*) ;; \
+	    *) ext='1' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+	  $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst"; \
+	done
+uninstall-man1:
+	@$(NORMAL_UNINSTALL)
+	@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
+	l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
+	for i in $$l2; do \
+	  case "$$i" in \
+	    *.1*) list="$$list $$i" ;; \
+	  esac; \
+	done; \
+	for i in $$list; do \
+	  ext=`echo $$i | sed -e 's/^.*\\.//'`; \
+	  case "$$ext" in \
+	    1*) ;; \
+	    *) ext='1' ;; \
+	  esac; \
+	  inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
+	  inst=`echo $$inst | sed -e 's/^.*\///'`; \
+	  inst=`echo $$inst | sed '$(transform)'`.$$ext; \
+	  echo " rm -f '$(DESTDIR)$(man1dir)/$$inst'"; \
+	  rm -f "$(DESTDIR)$(man1dir)/$$inst"; \
+	done
 
 # This directory's subdirectories are mostly independent; you can cd
 # into them and run `make' without going through this Makefile.
@@ -699,10 +752,10 @@
 	$(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS)
 	$(MAKE) $(AM_MAKEFLAGS) check-TESTS
 check: check-recursive
-all-am: Makefile $(PROGRAMS)
+all-am: Makefile $(PROGRAMS) $(MANS)
 installdirs: installdirs-recursive
 installdirs-am:
-	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)"; do \
+	for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(man1dir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-recursive
@@ -752,7 +805,7 @@
 
 info-am:
 
-install-data-am: install-data-local
+install-data-am: install-data-local install-man
 
 install-dvi: install-dvi-recursive
 
@@ -762,7 +815,7 @@
 
 install-info: install-info-recursive
 
-install-man:
+install-man: install-man1
 
 install-pdf: install-pdf-recursive
 
@@ -789,7 +842,9 @@
 ps-am:
 
 uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
-	uninstall-local
+	uninstall-local uninstall-man
+
+uninstall-man: uninstall-man1
 
 .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) install-am \
 	install-strip
@@ -804,14 +859,14 @@
 	install-data-am install-data-local install-dvi install-dvi-am \
 	install-exec install-exec-am install-html install-html-am \
 	install-info install-info-am install-libexecPROGRAMS \
-	install-man install-pdf install-pdf-am install-ps \
+	install-man install-man1 install-pdf install-pdf-am install-ps \
 	install-ps-am install-strip installcheck installcheck-am \
 	installdirs installdirs-am maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-compile \
 	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
 	tags tags-recursive uninstall uninstall-am \
 	uninstall-binPROGRAMS uninstall-libexecPROGRAMS \
-	uninstall-local
+	uninstall-local uninstall-man uninstall-man1
 
 
 $(OBJS): $(top_srcdir)/include/version.h $(top_builddir)/include/autoconf.h
diff -u -r -N squid-3.1.0.9/tools/squidclient.1 squid-3.1.0.10/tools/squidclient.1
--- squid-3.1.0.9/tools/squidclient.1	1970-01-01 12:00:00.000000000 +1200
+++ squid-3.1.0.10/tools/squidclient.1	2009-07-18 16:16:28.000000000 +1200
@@ -0,0 +1,109 @@
+.TH squidclient 1 "Squid Web Client Tool"
+.SH NAME
+squidclient -- a simple HTTP web client
+.SH SYNOPSIS
+.B squidclient
+.RB [ \-arsv ]
+.RB [ \-g
+.IR count ]
+.RB [ \-h
+.IR remote\-host ]
+.RB [ \-H
+.IR 'string' ]
+.RB [ \-i
+.IR IMS ]
+.RB [ \-I
+.IR ping\-interval ]
+.RB [ \-j
+.IR 'Host\-header' ]
+.RB [ \-l
+.IR local\-host ]
+.RB [ \-m
+.IR method ]
+.RB [ \-p
+.IR port ]
+.RB [ \-P
+.IR file ]
+.RB [ \-t
+.IR count ]
+.RB [ \-T
+.IR timeout ]
+.RB [ \-u
+.IR proxy-user ]
+.RB [ \-U
+.IR www-user ]
+.RB [ \-V
+.IR version ]
+.RB [ \-w
+.IR proxy-password ]
+.RB [ \-W
+.IR www-password ]
+.B url
+.SH DESCRIPTION
+.B squidclient
+is a tool providing a command line interface for retrieving URLs.
+Designed for testing any HTTP 0.9, 1.0, or 1.1 web server or proxy.
+This tool can be combined scripts to perform any basic HTTP operation.
+Some additional features for access to the 
+.B Squid
+proxy object cache and management information are provided.
+.SH OPTIONS
+.IP "\-a"
+Do NOT include Accept: header.
+.IP "\-g \fIcount\fP"
+Ping mode, perform
+.I count
+iterations (0 to loop until interrupted).
+.IP "\-h \fIhost\fP"
+Retrieve URL from cache on hostname.  Default is localhost.
+.IP "\-H \fI'string'\fP"
+Extra headers to send. Use '\\n' for new lines.
+.IP "\-i \fItime\fP"
+If-Modified-Since time (in Epoch seconds).
+.IP "-I \fIinterval\fP"
+Ping interval in seconds (default 1 second).
+.IP "\-j \fIhosthdr\fP"
+Host header content
+.IP "\-l \fIhost\fP"
+Specify a local IP address to bind to.  Default is none.
+.IP "\-m \fImethod\fP"
+Request method, default is GET. Squid also supports a non-standard method
+called \fBPURGE\fP. You can use that to purge a specific URL from the cache.
+You need to have \fIpurge\fP access setup in squid.conf similar to
+\fImanager\fP access. Here is an example:
+.nf
+      acl purge method PURGE
+      http_access deny purge !localhost
+.fi
+.IP "\-p \fIport\fP"
+Port number of cache.  Default is 3128.
+.IP "\-P \fIfile"
+PUT request. Using the named file.
+.IP "\-r"
+Force cache to reload URL.
+.IP "\-s"
+Silent.  Do not print data to stdout.
+.IP "\-t \fIcount\fP"
+Trace count cache-hops
+.IP "\-T \fItimeout\fP"
+Timeout value (seconds) for read/write operations.
+.IP "\-u \fIuser\fP"
+Proxy authentication username
+.IP "\-U \fIuser\fP"
+WWW authentication username
+.IP "\-v"
+Verbose. Print outgoing message to stderr.
+.IP "\-w \fIpassword\fP"
+Proxy authentication password
+.IP "\-W \fIpassword\fP"
+WWW authentication password
+.IP "\-V \fIversion\fP"
+HTTP Version. Use '-' for HTTP/0.9 omitted case
+.SH SEE ALSO
+.BR cachemgr.cgi "(8), "
+.BR squid "(8)"
+.SH AUTHOR
+Derived from Harvest. Further developed by by numerous individuals from
+the internet community. Development is led by Duane Wessels of the
+National Laboratory for Applied Network Research and funded by
+the National Science Foundation.
diff -u -r -N squid-3.1.0.9/tools/squidclient.cc squid-3.1.0.10/tools/squidclient.cc
--- squid-3.1.0.9/tools/squidclient.cc	2009-06-26 22:35:40.000000000 +1200
+++ squid-3.1.0.10/tools/squidclient.cc	2009-07-18 16:16:28.000000000 +1200
@@ -132,29 +132,32 @@
 {
     fprintf(stderr,
             "Version: %s\n"
-            "Usage: %s [-arsv] [-i IMS] [-h remote host] [-l local host] [-p port] [-m method] [-t count] [-I ping-interval] [-H 'strings'] [-T timeout] [-j 'hostheader'] [-V version] url\n"
+            "Usage: %s [-arsv] [-g count] [-h remote host] [-H 'string'] [-i IMS] [-I ping-interval] [-j 'Host-header']"
+            "[-l local-host] [-m method] [-p port] [-P file] [-t count] [-T timeout] [-u proxy-user] [-U www-user] "
+            "[-V version] [-w proxy-password] [-W www-password] url\n"
+            "\n"
             "Options:\n"
-            "    -P file      PUT request.\n"
             "    -a           Do NOT include Accept: header.\n"
-            "    -r           Force cache to reload URL.\n"
-            "    -s           Silent.  Do not print data to stdout.\n"
-            "    -v           Verbose. Print outgoing message to stderr.\n"
-            "    -i IMS       If-Modified-Since time (in Epoch seconds).\n"
+            "    -g count     Ping mode, perform \"count\" iterations (0 to loop until interrupted).\n"
             "    -h host      Retrieve URL from cache on hostname.  Default is localhost.\n"
-            "    -l host      Specify a local IP address to bind to.  Default is none.\n"
+            "    -H 'string'  Extra headers to send. Use '\\n' for new lines.\n"
+            "    -i IMS       If-Modified-Since time (in Epoch seconds).\n"
+            "    -I interval  Ping interval in seconds (default 1 second).\n"
             "    -j hosthdr   Host header content\n"
-            "    -p port      Port number of cache.  Default is %d.\n"
+            "    -l host      Specify a local IP address to bind to.  Default is none.\n"
             "    -m method    Request method, default is GET.\n"
+            "    -p port      Port number of cache.  Default is %d.\n"
+            "    -P file      PUT request. Using the named file\n"
+            "    -r           Force cache to reload URL.\n"
+            "    -s           Silent.  Do not print data to stdout.\n"
             "    -t count     Trace count cache-hops\n"
-            "    -g count     Ping mode, \"count\" iterations (0 to loop until interrupted).\n"
-            "    -I interval  Ping interval in seconds (default 1 second).\n"
-            "    -H 'string'  Extra headers to send. Use '\\n' for new lines.\n"
             "    -T timeout   Timeout value (seconds) for read/write operations.\n"
             "    -u user      Proxy authentication username\n"
-            "    -w password  Proxy authentication password\n"
             "    -U user      WWW authentication username\n"
-            "    -W password  WWW authentication password\n"
+            "    -v           Verbose. Print outgoing message to stderr.\n"
             "    -V version   HTTP Version. Use '-' for HTTP/0.9 omitted case\n",
+            "    -w password  Proxy authentication password\n"
+            "    -W password  WWW authentication password\n"
             VERSION, progname, CACHE_HTTP_PORT);
     exit(1);
 }
