diff --git a/net/squid/files/extra-patch-gen-stacktrace b/net/squid/files/extra-patch-gen-stacktrace
new file mode 100644
index 00000000..e1631e23
--- /dev/null
+++ b/net/squid/files/extra-patch-gen-stacktrace
@@ -0,0 +1,62 @@
+--- src/tools.cc.orig	2014-10-31 12:36:43.000000000 +0300
++++ src/tools.cc	2014-11-21 14:11:25.000000000 +0300
+@@ -71,6 +71,13 @@
+ #include <errno.h>
+ #endif
+ 
++#if PRINT_STACK_TRACE
++#ifdef __FreeBSD__
++#define UNW_LOCAL_ONLY
++#include <libunwind.h>
++#endif
++#endif
++
+ #define DEAD_MSG "\
+ The Squid Cache (version %s) died.\n\
+ \n\
+@@ -411,6 +418,45 @@
+     }
+ 
+ #endif
++#ifdef __FreeBSD__
++    do {
++	unw_context_t unw_ctx;
++	unw_cursor_t unw_cp;
++	unw_word_t sp, ip, off;
++	int rc = 0;
++	char procname[256];
++	size_t frame;
++
++	bzero((void *)&unw_ctx, sizeof(unw_ctx));
++	bzero((void *)&unw_cp, sizeof(unw_cp));
++
++	if ((rc = unw_getcontext(&unw_ctx))) {
++            fprintf(debug_log, "Failed to trace own stack: "
++		    "unw_context() said '%s'.\n", unw_strerror(rc));
++	    break;
++	}
++	if ((rc = unw_init_local(&unw_cp, &unw_ctx))) {
++            fprintf(debug_log, "Failed to trace own stack: "
++		    "unw_init_local() said '%s'.\n", unw_strerror(rc));
++	    break;
++	}
++	frame = 0;
++	fprintf(debug_log, "Backtrace follows (deepest frame first):\n");
++	while ((rc = unw_step(&unw_cp)) > 0) {
++	    frame++;
++	    ip = 0; sp = 0;
++	    unw_get_reg(&unw_cp, UNW_REG_IP, &ip);
++	    unw_get_reg(&unw_cp, UNW_REG_SP, &sp);
++	    off = 0;
++	    rc = unw_get_proc_name(&unw_cp, procname, sizeof(procname), &off);
++	    if (rc)
++		snprintf (procname, sizeof(procname), "[unknown]");
++	    fprintf(debug_log, "#%zd: %s + 0x%zx, ip = 0x%zx, sp = 0x%zx\n",
++		    frame, procname, (size_t)off, (size_t)ip, (size_t)sp);
++	}
++	fprintf(debug_log, "Use addr2line of similar to translate offsets to line information.\n");
++    } while (0);
++#endif /* __FreeBSD__ */
+ #endif /* PRINT_STACK_TRACE */
+ 
+ #if SA_RESETHAND == 0 && !_SQUID_WINDOWS_
diff --git a/net/squid/files/patch-compat_compat.h b/net/squid/files/patch-compat_compat.h
new file mode 100644
index 00000000..88504672
--- /dev/null
+++ b/net/squid/files/patch-compat_compat.h
@@ -0,0 +1,20 @@
+--- compat/compat.h.orig	2016-12-16 10:06:20 UTC
++++ compat/compat.h
+@@ -29,17 +29,6 @@
+ /******************************************************/
+ #include "compat/osdetect.h"
+ 
+-/* Solaris 10 has a broken definition for minor_t in IPFilter compat.
+- * We must pre-define before doing anything with OS headers so the OS
+- * do not. Then un-define it before using the IPFilter *_compat.h headers.
+- */
+-#if IPF_TRANSPARENT && USE_SOLARIS_IPFILTER_MINOR_T_HACK
+-/* But we only need do this nasty thing for src/ip/Intercept.cc */
+-#if BUILDING_SQUID_IP_INTERCEPT_CC
+-#define minor_t solaris_minor_t_fubar
+-#endif
+-#endif
+-
+ /*****************************************************/
+ /* FDSETSIZE is messy and needs to be done before    */
+ /* sys/types.h are defined.                          */
diff --git a/net/squid/files/patch-compat_shm.cc b/net/squid/files/patch-compat_shm.cc
new file mode 100644
index 00000000..c220f4de
--- /dev/null
+++ b/net/squid/files/patch-compat_shm.cc
@@ -0,0 +1,11 @@
+--- compat/shm.cc.orig	2016-12-16 10:06:20 UTC
++++ compat/shm.cc
+@@ -29,6 +29,8 @@ shm_portable_segment_name_is_path()
+     size_t len = sizeof(jailed);
+     ::sysctlbyname("security.jail.jailed", &jailed, &len, NULL, 0);
+     return !jailed;
++#elif defined (__DragonFly__)
++    return true;
+ #else
+     return false;
+ #endif
diff --git a/net/squid/files/patch-configure b/net/squid/files/patch-configure
new file mode 100644
index 00000000..dd9c909b
--- /dev/null
+++ b/net/squid/files/patch-configure
@@ -0,0 +1,92 @@
+--- configure.orig	2019-02-19 03:04:42 UTC
++++ configure
+@@ -34701,7 +34701,7 @@ done
+ ##
+ 
+ BUILD_HELPER="NIS"
+-for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h crypt.h
++for ac_header in sys/types.h rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h rpcsvc/crypt.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "
+@@ -34716,8 +34716,10 @@ if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+ _ACEOF
+ 
+-else
+-  BUILD_HELPER=""
++# XXX: On FreeBSD we have to do this to make NIS work
++# until https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188247
++# is resolved.
++  BUILD_HELPER="NIS"
+ fi
+ 
+ done
+@@ -35190,7 +35192,7 @@ done
+ 
+   # unconditionally requires crypt(3), for now
+   if test "x$ac_cv_func_crypt" != "x"; then
+-    for ac_header in unistd.h crypt.h shadow.h
++    for ac_header in unistd.h rpcsvc/crypt.h shadow.h
+ do :
+   as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_cxx_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+@@ -37582,7 +37584,7 @@ for ac_header in \
+   arpa/nameser.h \
+   assert.h \
+   bstring.h \
+-  crypt.h \
++  rpcsvc/crypt.h \
+   ctype.h \
+   direct.h \
+   errno.h \
+@@ -37790,6 +37792,7 @@ ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" 
+ #include <netinet/ip.h>
+ #endif
+ #if HAVE_NETINET_IP_COMPAT_H
++#include <net/if.h>	/* IFNAMSIZ */
+ #include <netinet/ip_compat.h>
+ #endif
+ #if HAVE_NETINET_IP_FIL_H
+@@ -41819,6 +41822,7 @@ if test "x$enable_ipf_transparent" != "xno" ; then
+ #     include <sys/ioccom.h>
+ #     include <netinet/in.h>
+ 
++#     include <net/if.h>	/* IFNAMSIZ */
+ #     include <netinet/ip_compat.h>
+ #     include <netinet/ip_fil.h>
+ #     include <netinet/ip_nat.h>
+@@ -41849,6 +41853,7 @@ else
+ #       include <sys/ioccom.h>
+ #       include <netinet/in.h>
+ #undef minor_t
++#       include <net/if.h>	/* IFNAMSIZ */
+ #       include <netinet/ip_compat.h>
+ #       include <netinet/ip_fil.h>
+ #       include <netinet/ip_nat.h>
+@@ -41893,6 +41898,7 @@ _ACEOF
+ 	ip_fil_compat.h \
+ 	ip_fil.h \
+ 	ip_nat.h \
++	net/if.h \
+ 	netinet/ip_compat.h \
+ 	netinet/ip_fil_compat.h \
+ 	netinet/ip_fil.h \
+@@ -41922,6 +41928,7 @@ ac_fn_cxx_check_header_compile "$LINENO" "$ac_header" 
+ #if HAVE_IP_COMPAT_H
+ #include <ip_compat.h>
+ #elif HAVE_NETINET_IP_COMPAT_H
++#include <net/if.h>	/* IFNAMSIZ */
+ #include <netinet/ip_compat.h>
+ #endif
+ #if HAVE_IP_FIL_H
+@@ -41985,8 +41992,7 @@ _ACEOF
+ 
+ 
+ fi
+-ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_realipaddr.in6"
+-   "ac_cv_member_struct_natlookup_nl_realipaddr_in6___" "
++ac_fn_cxx_check_member "$LINENO" "struct natlookup" "nl_realipaddr.in6" "ac_cv_member_struct_natlookup_nl_realipaddr_in6___" "
+ #if USE_SOLARIS_IPFILTER_MINOR_T_HACK
+ #define minor_t fubar
+ #endif
diff --git a/net/squid/files/patch-src-cf.data.pre b/net/squid/files/patch-src-cf.data.pre
new file mode 100644
index 00000000..9fb9b773
--- /dev/null
+++ b/net/squid/files/patch-src-cf.data.pre
@@ -0,0 +1,13 @@
+--- src/cf.data.pre.orig	2018-06-11 16:30:57 UTC
++++ src/cf.data.pre
+@@ -4947,6 +4947,10 @@ DEFAULT: @DEFAULT_PID_FILE@
+ LOC: Config.pidFilename
+ DOC_START
+ 	A filename to write the process-id to.  To disable, enter "none".
++
++	Note: If you change this setting, you need to set squid_pidfile
++	in /etc/rc.conf to reflect the new value. Please see
++	/usr/local/etc/rc.d/squid for details.
+ DOC_END
+ 
+ NAME: client_netmask
diff --git a/net/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc b/net/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc
new file mode 100644
index 00000000..9005a091
--- /dev/null
+++ b/net/squid/files/patch-src_DiskIO_Mmapped_MmappedFile.cc
@@ -0,0 +1,11 @@
+--- src/DiskIO/Mmapped/MmappedFile.cc.orig	2016-12-16 10:06:20 UTC
++++ src/DiskIO/Mmapped/MmappedFile.cc
+@@ -236,7 +236,7 @@ Mmapping::map()
+     static const int pageSize = getpagesize();
+     delta = offset % pageSize;
+ 
+-    buf = mmap(NULL, length + delta, prot, flags, fd, offset - delta);
++    buf = mmap(NULL, length + delta, prot, flags | MAP_NOSYNC, fd, offset - delta);
+ 
+     if (buf == MAP_FAILED) {
+         const int errNo = errno;
diff --git a/net/squid/files/patch-src_enums.h b/net/squid/files/patch-src_enums.h
new file mode 100644
index 00000000..c9225908
--- /dev/null
+++ b/net/squid/files/patch-src_enums.h
@@ -0,0 +1,12 @@
+--- src/enums.h.orig	2019-02-18 18:46:22.000000000 -0800
++++ src/enums.h	2019-04-17 22:22:05.123445000 -0700
+@@ -9,6 +9,9 @@
+ #ifndef SQUID_ENUMS_H
+ #define SQUID_ENUMS_H
+ 
++/* Namespace pollution from fcntl.h as of FreeBSD r345982 */
++#undef FD_NONE
++
+ enum fd_type {
+     FD_NONE,
+     FD_LOG,
diff --git a/net/squid/files/patch-src_ip_Intercept.cc b/net/squid/files/patch-src_ip_Intercept.cc
new file mode 100644
index 00000000..7635d3c5
--- /dev/null
+++ b/net/squid/files/patch-src_ip_Intercept.cc
@@ -0,0 +1,15 @@
+--- src/ip/Intercept.cc.orig	2018-07-02 03:26:07 UTC
++++ src/ip/Intercept.cc
+@@ -215,10 +215,10 @@ Ip::Intercept::IpfInterception(const Comm::ConnectionP
+         newConn->remote.getInAddr(natLookup.nl_outipaddr.in4);
+     }
+ #else
+-        // warn once every 10 at critical level, then push down a level each repeated event
++        // warn once every million at critical level, then push down a level each repeated event
+         static int warningLevel = DBG_CRITICAL;
+         debugs(89, warningLevel, "Your IPF (IPFilter) NAT does not support IPv6. Please upgrade it.");
+-        warningLevel = (warningLevel + 1) % 10;
++        warningLevel = (warningLevel + 1) % 1048576;
+         return false;
+     }
+     newConn->local.getInAddr(natLookup.nl_inip);
diff --git a/net/squid/files/patch-src_ipc_mem_Segment.cc b/net/squid/files/patch-src_ipc_mem_Segment.cc
new file mode 100644
index 00000000..88431a56
--- /dev/null
+++ b/net/squid/files/patch-src_ipc_mem_Segment.cc
@@ -0,0 +1,11 @@
+--- src/ipc/mem/Segment.cc.orig	2016-12-16 10:06:20 UTC
++++ src/ipc/mem/Segment.cc
+@@ -173,7 +173,7 @@ Ipc::Mem::Segment::attach()
+     assert(theSize == static_cast<off_t>(static_cast<size_t>(theSize)));
+ 
+     void *const p =
+-        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED, theFD, 0);
++        mmap(NULL, theSize, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_NOSYNC, theFD, 0);
+     if (p == MAP_FAILED) {
+         int xerrno = errno;
+         debugs(54, 5, "mmap " << theName << ": " << xstrerr(xerrno));
diff --git a/net/squid/files/patch-src_security_ServerOptions.h b/net/squid/files/patch-src_security_ServerOptions.h
new file mode 100644
index 00000000..a27e9769
--- /dev/null
+++ b/net/squid/files/patch-src_security_ServerOptions.h
@@ -0,0 +1,11 @@
+--- src/security/ServerOptions.h.orig	2019-02-19 02:46:22 UTC
++++ src/security/ServerOptions.h
+@@ -35,7 +35,7 @@ class ServerOptions : public PeerOptions (public)
+         // is more secure to have only a small set of trusted CA.
+         flags.tlsDefaultCa.defaultTo(false);
+     }
+-    ServerOptions(const ServerOptions &) = default;
++    ServerOptions(const ServerOptions &) = delete;
+     ServerOptions &operator =(const ServerOptions &);
+     ServerOptions(ServerOptions &&o) { this->operator =(o); }
+     ServerOptions &operator =(ServerOptions &&o) { this->operator =(o); return *this; }
diff --git a/net/squid/files/patch-src_tools.cc b/net/squid/files/patch-src_tools.cc
new file mode 100644
index 00000000..19c4e981
--- /dev/null
+++ b/net/squid/files/patch-src_tools.cc
@@ -0,0 +1,11 @@
+--- src/tools.cc.orig	2018-06-11 16:30:57 UTC
++++ src/tools.cc
+@@ -605,7 +605,7 @@ no_suid(void)
+     uid = geteuid();
+     debugs(21, 3, "no_suid: PID " << getpid() << " giving up root privileges forever");
+ 
+-    if (setuid(0) < 0) {
++    if (setuid(0) < 0 && TheProcessKind != pkHelper) {
+         int xerrno = errno;
+         debugs(50, DBG_IMPORTANT, "WARNING: no_suid: setuid(0): " << xstrerr(xerrno));
+     }