These patches are borrowed from Debian's squid-2.4.4 patch.  Here's
the README file describing them:
---

Upstream patches against the release, that will be integrated into
the next stable release (http://www.squid-cache.org/Versions/v2/2.4/bugs/)

[currently none]

Debian specific patches:
All patches that were in the debian squid-2.2.5 and squid-2.3.4 have been
applied to squid-2.4.3 as well, if they hadn't been integrated yet.

cf.data.debian.patch	Debian specific squid.conf patches
dfl-error-dir.patch	Default error dir is under /usr/lib/squid for Debian
linux-increase-fds.patch
			A hack to squid.h so that FD_SETSIZE can be
			redefined on Linux for more open filedescriptors.
no_append_domain_localhost.patch
			Don't apply "append_domain" setting to "localhost"
			in unqualified URLs.
pipeline-shutup.patch	Lower priority of some debug msgs of pipelining code
smb_auth.patch		Read password with '-r' so backslashes work
			Patch awk regexp to read correct field from nmblookup
syslog.patch		Log to daemon.log instead of local4.log
unlinkd.patch		Only run unlinkd for diskd and ufs storage methods
debug.c.patch		Fix debug output corruption (and crash) when
			debug_options is set to 11,3
webdav-search.patch	Reckognize SEARCH webdav method - the Exchange 2000
			web frontend uses it (sigh).
pam-auth-reload.patch	Make PAM reload time configurable on command line

--- squid-2.4.4.orig/auth_modules/PAM/pam_auth.c
+++ squid-2.4.4/auth_modules/PAM/pam_auth.c
@@ -42,6 +42,7 @@
 #include <stdio.h>
 #include <assert.h>
 #include <stdlib.h>
+#include <unistd.h>
 #include <string.h>
 #include <signal.h>
 #include <time.h>
@@ -56,8 +57,8 @@
 #define SQUID_PAM_SERVICE "squid"
 #endif
 
-/* How often to reinitialize PAM, in seconds. Undefined = never, 0=always */
-/* #define PAM_CONNECTION_TTL 60 */
+/* How often to reinitialize PAM, in seconds. -1 = never, 0=always */
+#define PAM_CONNECTION_TTL -1
 
 static int reset_pam = 1;	/* Set to one if it is time to reset PAM processing */
 
@@ -111,6 +112,13 @@
 }
 
 int
+usage(void)
+{
+    fprintf(stderr, "Usage: pam_auth [-r seconds]\n");
+    exit(1);
+}
+
+int
 main(int argc, char *argv[])
 {
     pam_handle_t *pamh = NULL;
@@ -119,6 +127,18 @@
     /* char *password; */
     char buf[BUFSIZE];
     time_t pamh_created = 0;
+    int c, pam_connection_ttl = PAM_CONNECTION_TTL;
+    extern char *optarg;
+    extern int optind;
+
+    while ((c = getopt(argc, argv, "r:")) != EOF) switch (c) {
+	case 'r':
+	    pam_connection_ttl = atoi(optarg);
+	    break;
+	default:
+	    usage();
+    }
+    if (optind < argc) usage();
 
     signal(SIGHUP, signal_received);
 
@@ -142,10 +162,10 @@
 	}
 	*password++ = '\0';
 	conv.appdata_ptr = (char *) password;	/* from buf above. not allocated */
-#ifdef PAM_CONNECTION_TTL
-	if (pamh_created + PAM_CONNECTION_TTL >= time(NULL))
+	if (pam_connection_ttl >= 0 &&
+	    pamh_created + pam_connection_ttl <= time(NULL))
 	    reset_pam = 1;
-#endif
+
 	if (reset_pam && pamh) {
 	    /* Close previous PAM connection */
 	    retval = pam_end(pamh, retval);
--- squid-2.4.4.orig/auth_modules/SMB/Makefile.in
+++ squid-2.4.4/auth_modules/SMB/Makefile.in
@@ -11,7 +11,8 @@
 # by using the --prefix option when configuring Samba, you need to change
 # SAMBAPREFIX accordingly.
 
-SAMBAPREFIX=/usr/local/samba
+#SAMBAPREFIX=/usr/local/samba
+SAMBAPREFIX=/usr
 
 prefix		= @prefix@
 exec_prefix	= @exec_prefix@
--- squid-2.4.4.orig/auth_modules/SMB/smb_auth.sh
+++ squid-2.4.4/auth_modules/SMB/smb_auth.sh
@@ -24,7 +24,7 @@
 read AUTHSHARE
 read AUTHFILE
 read SMBUSER
-read SMBPASS
+read -r SMBPASS
 
 # Find domain controller
 echo "Domain name: $DOMAINNAME"
@@ -47,7 +47,7 @@
   addropt=""
 fi
 echo "Query address options: $addropt"
-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
+dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
 echo "Domain controller IP address: $dcip"
 [ -n "$dcip" ] || exit 1
 
--- squid-2.4.4.orig/src/cf.data.pre
+++ squid-2.4.4/src/cf.data.pre
@@ -98,12 +98,12 @@
 NAME: htcp_port
 IFDEF: USE_HTCP
 TYPE: ushort
-DEFAULT: 4827
+DEFAULT: 0
 LOC: Config.Port.htcp
 DOC_START
 	The port number where Squid sends and receives HTCP queries to
-	and from neighbor caches.  Default is 4827.  To disable use
-	"0".
+	and from neighbor caches.  To turn it on you want to set it 4827.
+	By default it is set to "0" (disabled).
 
 	To enable this option, you must use --enable-htcp with the
 	configure script.
@@ -1294,7 +1294,7 @@
 	'Max' is an upper limit on how long objects without an explicit
 	expiry time will be considered fresh.
 
-	options: overrsde-expire
+	options: override-expire
 		 override-lastmod
 		 reload-into-ims
 		 ignore-reload
@@ -1730,6 +1730,8 @@
 acl Safe_ports port 488		# gss-http
 acl Safe_ports port 591		# filemaker
 acl Safe_ports port 777		# multiling http
+acl Safe_ports port 901		# SWAT
+acl purge method PURGE
 acl CONNECT method CONNECT
 NOCOMMENT_END
 DOC_END
@@ -1763,6 +1765,9 @@
 # Only allow cachemgr access from localhost
 http_access allow manager localhost
 http_access deny manager
+# Only allow purge requests from localhost
+http_access allow purge localhost
+http_access deny purge
 # Deny requests to unknown ports
 http_access deny !Safe_ports
 # Deny CONNECT to other than SSL ports
@@ -1890,19 +1895,19 @@
 
 NAME: cache_effective_user
 TYPE: string
-DEFAULT: nobody
+DEFAULT: squid
 LOC: Config.effectiveUser
 DOC_NONE
 
 NAME: cache_effective_group
 TYPE: string
-DEFAULT: nogroup
+DEFAULT: squid
 LOC: Config.effectiveGroup
 DOC_START
 
 	If the cache is run as root, it will change its effective/real
 	UID/GID to the UID/GID specified below.  The default is to
-	change to UID to nobody and GID to nogroup.
+	change to UID to squid and GID to squid.
 
 	If Squid is not started as root, the default is to keep the
 	current UID/GID.  Note that if Squid is not started as root then
@@ -2657,12 +2665,15 @@
 NAME: snmp_port
 TYPE: ushort
 LOC: Config.Port.snmp
-DEFAULT: 3401
+DEFAULT: 0
 IFDEF: SQUID_SNMP
 DOC_START
 	Squid can now serve statistics and status information via SNMP.
 	By default it listens to port 3401 on the machine. If you don't
 	wish to use SNMP, set this to "0".
+
+	Note: on Gentoo Linux, the default is zero - you need to
+	set it to 3401 to enable it.
 
 	NOTE: SNMP support requires use the --enable-snmp configure
 	command line option.
--- squid-2.4.4.orig/src/client_side.c
+++ squid-2.4.4/src/client_side.c
@@ -1702,7 +1702,7 @@
 	fd, storeUrl(entry), (int) http->out.offset);
     if (conn->chr != http) {
 	/* there is another object in progress, defer this one */
-	debug(33, 1) ("clientSendMoreData: Deferring %s\n", storeUrl(entry));
+	debug(33, 2) ("clientSendMoreData: Deferring %s\n", storeUrl(entry));
 	memFree(buf, MEM_CLIENT_SOCK_BUF);
 	return;
     } else if (entry && EBIT_TEST(entry->flags, ENTRY_ABORTED)) {
@@ -1876,7 +1876,7 @@
 	 * execution will resume after the operation completes.
 	 */
     } else {
-	debug(33, 1) ("clientKeepaliveNextRequest: FD %d Sending next\n",
+	debug(33, 2) ("clientKeepaliveNextRequest: FD %d Sending next\n",
 	    conn->fd);
 	assert(entry);
 	if (0 == storeClientCopyPending(http->sc, entry, http)) {
--- squid-2.4.4.orig/src/debug.c
+++ squid-2.4.4/src/debug.c
@@ -74,6 +74,9 @@
 #else
     format = va_arg(args1, const char *);
 #endif
+    /* give a chance to context-based debugging to print current context */
+    if (debug_log && !Ctx_Lock)
+	ctx_print();
     snprintf(f, BUFSIZ, "%s| %s",
 	debugLogTime(squid_curtime),
 	format);
@@ -94,9 +97,6 @@
 {
     if (debug_log == NULL)
 	return;
-    /* give a chance to context-based debugging to print current context */
-    if (!Ctx_Lock)
-	ctx_print();
     vfprintf(debug_log, format, args);
     if (!Config.onoff.buffered_logs)
 	fflush(debug_log);
@@ -201,9 +201,9 @@
     }
     debugOpenLog(logfile);
 
-#if HAVE_SYSLOG && defined(LOG_LOCAL4)
+#if HAVE_SYSLOG
     if (opt_syslog_enable)
-	openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
+	openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
 #endif /* HAVE_SYSLOG */
 
 }
--- squid-2.4.4.orig/src/defines.h
+++ squid-2.4.4/src/defines.h
@@ -219,7 +219,7 @@
 #define N_COUNT_HOUR_HIST (86400 * 3) / (60 * COUNT_INTERVAL)
 
 /* were to look for errors if config path fails */
-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors"
+#define DEFAULT_SQUID_ERROR_DIR "/usr/lib/squid/errors/English"
 
 /* gb_type operations */
 #define gb_flush_limit (0x3FFFFFFF)
--- squid-2.4.4.orig/src/enums.h
+++ squid-2.4.4/src/enums.h
@@ -393,6 +393,7 @@
     METHOD_EXT17,
     METHOD_EXT18,
     METHOD_EXT19,
+    METHOD_SEARCH,	/* Exchange 2000 web frontend */
     METHOD_ENUM_END
 };
 typedef unsigned int method_t;
--- squid-2.4.4.orig/src/main.c
+++ squid-2.4.4/src/main.c
@@ -83,7 +83,7 @@
 usage(void)
 {
     fprintf(stderr,
-	"Usage: %s [-dhsvzCDFNRVYX] [-f config-file] [-[au] port] [-k signal]\n"
+	"Usage: %s [-hsvzCDFNRSVXY] [-d level] [-f file] [-[au] port] [-k signal]\n"
 	"       -a port   Specify HTTP port number (default: %d).\n"
 	"       -d level  Write debugging to stderr also.\n"
 	"       -f file   Use given config-file instead of\n"
@@ -320,6 +320,21 @@
     asnFreeMemory();
 }
 
+#if USE_UNLINKD
+static int
+needUnlinkd(void)
+{
+    int i;
+    int r = 0;
+    for (i = 0; i < Config.cacheSwap.n_configured; i++) {
+	if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 ||
+	    strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0)
+	   r++;
+    }
+    return r;
+}
+#endif
+
 static void
 mainReconfigure(void)
 {
@@ -344,6 +359,9 @@
 #endif
     redirectShutdown();
     authenticateShutdown();
+#if USE_UNLINKD
+    unlinkdClose();
+#endif
     storeDirCloseSwapLogs();
     errorClean();
     mimeFreeMemory();
@@ -362,6 +380,9 @@
 #if USE_WCCP
     wccpInit();
 #endif
+#if USE_UNLINKD
+    if (needUnlinkd()) unlinkdInit();
+#endif
     serverConnectionsOpen();
     if (theOutIcpConnection >= 0) {
 	if (!Config2.Accel.on || Config.onoff.accel_with_proxy)
@@ -507,7 +528,7 @@
 
     if (!configured_once) {
 #if USE_UNLINKD
-	unlinkdInit();
+	if (needUnlinkd()) unlinkdInit();
 #endif
 	urlInitialize();
 	cachemgrInit();
@@ -835,7 +856,7 @@
     int nullfd;
     if (*(argv[0]) == '(')
 	return;
-    openlog(appname, LOG_PID | LOG_NDELAY | LOG_CONS, LOG_LOCAL4);
+    openlog(appname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
     if ((pid = fork()) < 0)
 	syslog(LOG_ALERT, "fork failed: %s", xstrerror());
     else if (pid > 0)
--- squid-2.4.4.orig/src/squid.h
+++ squid-2.4.4/src/squid.h
@@ -45,10 +45,24 @@
  */
 #define CHANGE_FD_SETSIZE 1
 
-/* Cannot increase FD_SETSIZE on Linux */
+/*
+ * Cannot increase FD_SETSIZE on Linux, but we can increase __FD_SETSIZE
+ * with glibc 2.2 (or later? remains to be seen). We do this by including
+ * bits/types.h which defines __FD_SETSIZE first, then we redefine
+ * FD_SETSIZE. Ofcourse a user program may NEVER include bits/whatever.h
+ * directly, so this is a dirty hack!
+ */
 #if defined(_SQUID_LINUX_)
-#undef CHANGE_FD_SETSIZE
-#define CHANGE_FD_SETSIZE 0
+#  undef CHANGE_FD_SETSIZE
+#  define CHANGE_FD_SETSIZE 0
+#  include <features.h>
+#  if (__GLIBC__ > 2) || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 2)
+#    if SQUID_MAXFD > DEFAULT_FD_SETSIZE
+#      include <bits/types.h>
+#      undef __FD_SETSIZE
+#      define __FD_SETSIZE SQUID_MAXFD
+#    endif
+#  endif
 #endif
 
 /*
--- squid-2.4.4.orig/src/url.c
+++ squid-2.4.4/src/url.c
@@ -77,6 +77,7 @@
     "%EXT17",
     "%EXT18",
     "%EXT19",
+    "SEARCH", /* Exchange 2000 web frontend */
     "ERROR"
 };
 
@@ -308,7 +309,7 @@
     /* remove duplicate dots */
     while ((t = strstr(host, "..")))
 	xmemmove(t, t + 1, strlen(t));
-    if (Config.appendDomain && !strchr(host, '.'))
+    if (Config.appendDomain && !strchr(host, '.') && strcasecmp(host, "localhost") != 0)
 	strncat(host, Config.appendDomain, SQUIDHOSTNAMELEN);
     if (port == 0) {
 	debug(23, 3) ("urlParse: Invalid port == 0\n");