diff -ruN /home/timp/squid.orig/Makefile squid/Makefile
--- /home/timp/squid.orig/Makefile	2016-03-25 09:04:29.184360000 +0300
+++ squid/Makefile	2016-03-30 09:04:14.812891000 +0300
@@ -2,7 +2,7 @@
 
 PORTNAME=	squid
 PORTVERSION=	3.5.15
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	www ipv6
 MASTER_SITES=	http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
 		http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
@@ -21,7 +21,19 @@
 PATCHFILES=	squid-3.5-13997.patch \
 		squid-3.5-13998.patch \
 		squid-3.5-13999.patch \
-		squid-3.5-14000.patch
+		squid-3.5-14000.patch \
+		squid-3.5-14001.patch \
+		squid-3.5-14002.patch \
+		squid-3.5-14003.patch \
+		squid-3.5-14004.patch \
+		squid-3.5-14005.patch \
+		squid-3.5-14006.patch \
+		squid-3.5-14007.patch \
+		squid-3.5-14008.patch \
+		squid-3.5-14009.patch \
+		squid-3.5-14010.patch \
+		squid-3.5-14011.patch \
+		squid-3.5-14012.patch
 
 MAINTAINER=	timp87@gmail.com
 COMMENT=	HTTP Caching Proxy
@@ -45,8 +57,11 @@
 SUB_FILES+=	pkg-install pkg-message
 
 OPTIONS_SUB=	yes
-OPTIONS_DEFINE=	ARP_ACL AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SMB \
-		AUTH_SQL CACHE_DIGESTS DEBUG DELAY_POOLS ECAP ESI \
+OPTIONS_GROUP=	AUTH
+OPTIONS_RADIO=	SMB
+OPTIONS_GROUP_AUTH=AUTH_LDAP AUTH_NIS AUTH_SASL AUTH_SQL
+OPTIONS_RADIO_SMB=AUTH_SMB3 AUTH_SMB4
+OPTIONS_DEFINE=	ARP_ACL CACHE_DIGESTS DEBUG DELAY_POOLS ECAP ESI \
 		FOLLOW_XFF FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 \
 		KQUEUE LARGEFILE NETTLE SNMP SSL SSL_CRTD STACKTRACES LAX_HTTP \
 		TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 DOCS EXAMPLES
@@ -54,8 +69,10 @@
 OPTIONS_SINGLE=	GSSAPI
 OPTIONS_SINGLE_GSSAPI=	GSSAPI_NONE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
 
-OPTIONS_DEFAULT=GSSAPI_BASE AUTH_NIS FS_AUFS FS_DISKD HTCP IDENT KQUEUE SNMP \
-		WCCP WCCPV2
+OPTIONS_DEFAULT=ARP_ACL AUTH_NIS CACHE_DIGESTS DELAY_POOLS DOCS EXAMPLES FOLLOW_XFF \
+		FS_AUFS FS_DISKD FS_ROCK HTCP ICAP ICMP IDENT IPV6 KQUEUE LARGEFILE \
+		LAX_HTTP SNMP SSL SSL_CRTD TP_IPF TP_IPFW TP_PF VIA_DB WCCP WCCPV2 \
+		GSSAPI_BASE
 
 ARP_ACL_CONFIGURE_ENABLE=	eui
 AUTH_LDAP_CFLAGS=		-I${LOCALBASE}/include
@@ -65,10 +82,9 @@
 AUTH_SASL_CPPFLAGS=		-I${LOCALBASE}/include
 AUTH_SASL_LDFLAGS=		-L${LOCALBASE}/lib
 AUTH_SASL_LIB_DEPENDS=		libsasl2.so:${PORTSDIR}/security/cyrus-sasl2
-AUTH_SMB_BUILD_DEPENDS=		smbclient:${PORTSDIR}/net/samba36
-AUTH_SMB_RUN_DEPENDS=		smbclient:${PORTSDIR}/net/samba36
-AUTH_SQL_RUN_DEPENDS=		p5-DBD-mysql>=0:${PORTSDIR}/databases/p5-DBD-mysql
-AUTH_SQL_USE=			MYSQL=yes
+AUTH_SMB3_RUN_DEPENDS=		smbclient:${PORTSDIR}/net/samba36
+AUTH_SMB4_RUN_DEPENDS=		smbclient:${PORTSDIR}/net/samba42
+AUTH_SQL_RUN_DEPENDS=		p5-DBI>=1.08:${PORTSDIR}/databases/p5-DBI
 CACHE_DIGESTS_CONFIGURE_ENABLE=	cache-digests
 DELAY_POOLS_CONFIGURE_ENABLE=	delay-pools
 ECAP_CFLAGS=			-I${LOCALBASE}/include
@@ -123,6 +139,7 @@
 # add an option for external_acl/session (requires some kind of external
 # Berkeley DB support, unsure which one)
 ARP_ACL_DESC=		ARP/MAC/EUI based authentification
+AUTH_DESC=		Authentication helpers
 GSSAPI_DESC=		Install Kerberos authentication helpers
 GSSAPI_NONE_DESC=	Build without Kerberos support
 GSSAPI_BASE_DESC=	Build with Kerberos support from base
@@ -131,8 +148,9 @@
 AUTH_LDAP_DESC=		Install LDAP authentication helpers
 AUTH_NIS_DESC=		Install NIS/YP authentication helpers
 AUTH_SASL_DESC=		Install SASL authentication helpers
-AUTH_SMB_DESC=		Install SMB auth. helpers (req. Samba)
-AUTH_SQL_DESC=		Install SQL based auth (uses MySQL)
+AUTH_SMB3_DESC=		Install SMB3 auth. helpers (req. net/samba36)
+AUTH_SMB4_DESC=		Install SMB4 auth. helpers (req. net/samba42)
+AUTH_SQL_DESC=		Install SQL based auth
 CACHE_DIGESTS_DESC=	Use cache digests
 DEBUG_DESC=		Build with extended debugging support
 DELAY_POOLS_DESC=	Delay pools (bandwidth limiting)
@@ -149,6 +167,7 @@
 KQUEUE_DESC=		Kqueue(2) support
 LARGEFILE_DESC=		Support large (>2GB) cache and log files
 NETTLE_DESC=		Nettle MD5 algorithm support
+SMB_DESC=		Samba authentication helpers
 SNMP_DESC=		SNMP support
 SSL_CRTD_DESC=		Use ssl_crtd to handle SSL cert requests
 SSL_DESC=		SSL gatewaying support
@@ -221,9 +240,12 @@
 basic_auth+=	SASL
 .endif
 
-.if ${PORT_OPTIONS:MAUTH_SMB}
+.if ${PORT_OPTIONS:MAUTH_SMB3} || ${PORT_OPTIONS:MAUTH_SMB4}
+PLIST_SUB+=	AUTH_SMB=""
 basic_auth+=	SMB
 external_acl+=	wbinfo_group
+.else
+PLIST_SUB+=	AUTH_SMB="@comment "
 .endif
 
 .if ${PORT_OPTIONS:MAUTH_SQL}
@@ -312,6 +334,10 @@
 LDFLAGS+=		-L${OPENSSLLIB}
 .endif
 
+.if ${PORT_OPTIONS:MSSL_CRTD} && !${PORT_OPTIONS:MSSL}
+IGNORE=SSL_CRTD option can be used only if SSL option is enabled
+.endif
+
 .if ${PORT_OPTIONS:MSTACKTRACES}
 CFLAGS+=	-g
 LDFLAGS+=	-lunwind -L${LOCALBASE}/lib
diff -ruN /home/timp/squid.orig/distinfo squid/distinfo
--- /home/timp/squid.orig/distinfo	2016-03-25 09:04:29.184669000 +0300
+++ squid/distinfo	2016-03-30 08:40:42.866696000 +0300
@@ -8,3 +8,27 @@
 SIZE (squid3.5/squid-3.5-13999.patch) = 1585
 SHA256 (squid3.5/squid-3.5-14000.patch) = 36578a13e87150d1604b543c68b419de1c941be3f90e80fbf464f9c23139e2de
 SIZE (squid3.5/squid-3.5-14000.patch) = 1676
+SHA256 (squid3.5/squid-3.5-14001.patch) = 127720c408c368070b7807092faae7980d900888f8bbaee0e2689b86573fea94
+SIZE (squid3.5/squid-3.5-14001.patch) = 14099
+SHA256 (squid3.5/squid-3.5-14002.patch) = 49c8dea344473c103fefce2b830e96fe94af14bc20640a0c244eea01ac03469d
+SIZE (squid3.5/squid-3.5-14002.patch) = 2054
+SHA256 (squid3.5/squid-3.5-14003.patch) = 27ccd9aeabf4e66fbf25a914cc614c8f8020c8010e94d2b6bf499def79fce8b6
+SIZE (squid3.5/squid-3.5-14003.patch) = 1636
+SHA256 (squid3.5/squid-3.5-14004.patch) = fc515a51866d518f4ff7e57ef92f2554d2715b59f547927af63192302238690f
+SIZE (squid3.5/squid-3.5-14004.patch) = 1948
+SHA256 (squid3.5/squid-3.5-14005.patch) = e7f17a11cb49742f6b535e8e4e8558e03f71335524c524f84f1ef68f71f99b93
+SIZE (squid3.5/squid-3.5-14005.patch) = 1249
+SHA256 (squid3.5/squid-3.5-14006.patch) = 88dd50a459ed68fb7c797a840f92a0ada6655b3fb92052f679088704eb1d9f32
+SIZE (squid3.5/squid-3.5-14006.patch) = 2500
+SHA256 (squid3.5/squid-3.5-14007.patch) = 1e2e14809e7ca8608300cfc3be027cd55c21fbe3084cc4568c8091adebc256c0
+SIZE (squid3.5/squid-3.5-14007.patch) = 1214
+SHA256 (squid3.5/squid-3.5-14008.patch) = 6c2f511ee33d74d1c91cae5ef0a9645facf0104067397866dd542bf3ff975255
+SIZE (squid3.5/squid-3.5-14008.patch) = 1559
+SHA256 (squid3.5/squid-3.5-14009.patch) = addc7dd78c5632b428f747eab93382195d2d4a820742afd2661ec920f1dc9a77
+SIZE (squid3.5/squid-3.5-14009.patch) = 1902
+SHA256 (squid3.5/squid-3.5-14010.patch) = bed1fb437b3f3925293d42c7032c44c7aa4e1944cc6ed17e9cc9e498a06ada7c
+SIZE (squid3.5/squid-3.5-14010.patch) = 2974
+SHA256 (squid3.5/squid-3.5-14011.patch) = c87ce0edb4dcb1f0ae49fb10006009534ce1e5922a4ceb8d784386681ce4b164
+SIZE (squid3.5/squid-3.5-14011.patch) = 2400
+SHA256 (squid3.5/squid-3.5-14012.patch) = 6f749e014907150cc9692b16edcb9d9a73fdb3831c718d908bd7c48561702b3c
+SIZE (squid3.5/squid-3.5-14012.patch) = 1287
diff -ruN /home/timp/squid.orig/files/patch-configure squid/files/patch-configure
--- /home/timp/squid.orig/files/patch-configure	2016-03-25 09:04:29.186429000 +0300
+++ squid/files/patch-configure	2016-03-30 08:24:39.997649000 +0300
@@ -1,11 +1,7 @@
 --- configure.orig	2015-11-01 10:46:19 UTC
 +++ configure
-@@ -27729,9 +27729,11 @@
-   $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
-   test $ac_status = 0; }; then
+@@ -27731,7 +27731,7 @@
    squid_pc_krb5_name="heimdal-gssapi"
-+    else
-+      squid_pc_krb5_name="heimdal-gssapi"
  fi
    fi
 -  if test "x$squid_pc_krb5_name" != "x" -a "$cross_compiling" = "no"; then
@@ -13,6 +9,15 @@
      # Look for krb5-config (unless cross-compiling)
      # Extract the first word of "krb5-config", so it can be a program name with args.
  set dummy krb5-config; ac_word=$2
+@@ -27777,7 +27777,7 @@
+     if test "x$ac_cv_path_krb5_config" != "xno" ; then
+       krb5confpath="`dirname $ac_cv_path_krb5_config`"
+       ac_heimdal="`$ac_cv_path_krb5_config --version 2>/dev/null | grep -c -i heimdal`"
+-      if test "x$with_heimdal_krb5" = "xyes"; then
++      if test "x$with_heimdal_krb5" = "xyes" -a $ac_heimdal = 0; then
+         as_fn_error $? "Could not find pkg-config or krb5-config for Heimdal Kerberos" "$LINENO" 5
+       fi
+     else
 @@ -32038,7 +32040,7 @@ done
  ##
  
diff -ruN /home/timp/squid.orig/files/patch-src__ip__Intercept.cc squid/files/patch-src__ip__Intercept.cc
--- /home/timp/squid.orig/files/patch-src__ip__Intercept.cc	2016-03-25 09:04:29.187259000 +0300
+++ squid/files/patch-src__ip__Intercept.cc	2016-03-30 08:45:57.859751000 +0300
@@ -13,3 +13,41 @@
          return false;
  #else
          natLookup.nl_v = 6;
+@@ -323,13 +323,21 @@
+     }
+ 
+     memset(&nl, 0, sizeof(struct pfioc_natlook));
+-    newConn->remote.getInAddr(nl.saddr.v4);
++    if (newConn->remote.isIPv4()) {
++        newConn->remote.getInAddr(nl.saddr.v4);
++    } else {
++        newConn->remote.getInAddr(nl.saddr.v6);
++    }
+     nl.sport = htons(newConn->remote.port());
+ 
+-    newConn->local.getInAddr(nl.daddr.v4);
++    if (newConn->local.isIPv4()) {
++        newConn->local.getInAddr(nl.daddr.v4);
++    } else {
++        newConn->local.getInAddr(nl.daddr.v6);
++    }
+     nl.dport = htons(newConn->local.port());
+ 
+-    nl.af = AF_INET;
++    nl.af = newConn->remote.isIPv4() ? AF_INET : AF_INET6;
+     nl.proto = IPPROTO_TCP;
+     nl.direction = PF_OUT;
+ 
+@@ -345,7 +353,11 @@
+         debugs(89, 9, HERE << "address: " << newConn);
+         return false;
+     } else {
+-        newConn->local = nl.rdaddr.v4;
++        if (nl.af == AF_INET) {
++            newConn->local = nl.rdaddr.v4;
++        } else {
++            newConn->local = nl.rdaddr.v6;
++        }
+         newConn->local.port(ntohs(nl.rdport));
+         debugs(89, 5, HERE << "address NAT: " << newConn);
+         return true;
diff -ruN /home/timp/squid.orig/files/pkg-message.in squid/files/pkg-message.in
--- /home/timp/squid.orig/files/pkg-message.in	2016-03-25 09:04:29.188402000 +0300
+++ squid/files/pkg-message.in	2016-03-29 18:21:37.976596000 +0300
@@ -10,7 +10,7 @@
        If your cache directories are already initialized (e.g. after an
        upgrade of squid) you do not need to initialize them again.
 
-     0 When using DiskD storage scheme remember to read documentation:
+     o When using DiskD storage scheme remember to read documentation:
          http://wiki.squid-cache.org/Features/DiskDaemon
        and alter your kern.ipc defaults in /boot/loader.conf. DiskD will not
        work reliably without this. Last recomendations were:
@@ -25,6 +25,12 @@
        allow/deny" directives in %%PREFIX%%/etc/squid/squid.conf
        to suit your needs.
 
+     o If AUTH_SQL option is set, please, don't forget to install one of
+       following perl modules depending on database you like:
+         databases/p5-DBD-mysql
+         databases/p5-DBD-Pg
+         databases/p5-DBD-SQLite
+
      To enable Squid, set squid_enable=yes in either
      /etc/rc.conf, /etc/rc.conf.local or /etc/rc.conf.d/squid
      Please see %%PREFIX%%/etc/rc.d/squid for further details.
diff -ruN /home/timp/squid.orig/files/squid.in squid/files/squid.in
--- /home/timp/squid.orig/files/squid.in	2016-03-25 09:04:29.188656000 +0300
+++ squid/files/squid.in	2016-03-25 10:07:48.724402000 +0300
@@ -108,13 +108,11 @@
 
 squid_reload()
 {
-
 	$command $required_args $squid_flags -k reconfigure
 }
 
 squid_configtest()
 {
-
 	echo "Performing sanity check on ${name} configuration."
 	if $command $required_args $squid_flags -k check; then
 		echo "Configuration for ${name} passes."
@@ -142,7 +140,7 @@
 squid_prestop()
 {
 	command_args="$command_args -k shutdown"
-	$command $required_args $squid_flags -k check 2>/dev/null
+	squid_configtest
 }
 
 load_rc_config $name