diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7491249
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,74 @@
+*~
+*.a
+aclocal
+aclocal.m4
+autoconf.h
+autom4te*
+autom4te.cache
+cfgaux
+config.*
+config.guess
+config.h
+config.log
+config.status
+config.sub
+configure
+.deps
+.dirstamp
+ID
+install-sh
+*.la
+.libs
+libtool
+*.lo
+*.swp
+ltmain.sh
+Makefile
+merge.log
+missing
+*.o
+scripts/RunAccel
+scripts/RunCache
+src/cf.data
+src/cf_gen_defines.h
+src/cf_parser.h
+src/repl_modules.cc
+src/squid.conf.default
+stamp-h1
+tags
+doc/cachemgr.cgi.8
+doc/squid.8
+helpers/digest_auth/password/digest_pw_auth
+helpers/external_acl/ip_user/ip_user_check
+helpers/external_acl/unix_group/squid_unix_group
+src/DiskIO/DiskDaemon/diskd
+src/cf_gen
+*.lo
+src/DiskIO/DiskDaemon/diskd
+src/cf_gen
+*.la
+src/squid
+src/ufsdump
+tools/cachemgr.cgi
+tools/squidclient
+errors/translate-warn
+helpers/basic_auth/DB/squid_db_auth
+helpers/basic_auth/DB/squid_db_auth.8
+helpers/basic_auth/LDAP/squid_ldap_auth
+helpers/basic_auth/MSNT/msnt_auth
+helpers/basic_auth/NCSA/ncsa_auth
+helpers/basic_auth/PAM/pam_auth
+helpers/basic_auth/SMB/smb_auth
+helpers/basic_auth/YP/yp_auth
+helpers/basic_auth/getpwnam/getpwname_auth
+helpers/basic_auth/squid_radius_auth/squid_radius_auth
+helpers/negotiate_auth/squid_kerb_auth/ska_config.h
+src/DiskIO/DiskIOModules_gen.cc
+src/cf_gen_defines.cci
+src/cf_parser.cci
+src/globals.cc
+src/squid.conf.documented
+src/string_arrays.c
+tools/stub_debug.cc
+tools/time.cc
+
diff --git a/src/HttpHeaderTools.cc b/src/HttpHeaderTools.cc
index 09e7b90..2f0819d 100644
--- a/src/HttpHeaderTools.cc
+++ b/src/HttpHeaderTools.cc
@@ -301,23 +301,33 @@ getStringPrefix(const char *str, const char *end)
 int
 httpHeaderParseInt(const char *start, int *value)
 {
-    assert(value);
-    *value = atoi(start);
+    char *endptr;
 
-    if (!*value && !xisdigit(*start)) {
+    assert(value);
+    errno = 0;
+    long res = strtol(start, &endptr, 10);
+    if (errno || (endptr == start)) {
         debugs(66, 2, "failed to parse an int header field near '" << start << "'");
         return 0;
     }
 
+    if ((res < INT_MIN) || (res > INT_MAX)) {
+        debugs(66, 2, "integer overflow while parsing '" << start << "'");
+        return 0;
+    }
+    *value = res;
+
     return 1;
 }
 
 int
 httpHeaderParseOffset(const char *start, int64_t * value)
 {
+    char *endptr;
+
     errno = 0;
-    int64_t res = strtoll(start, NULL, 10);
-    if (!res && EINVAL == errno)	/* maybe not portable? */
+    int64_t res = strtoll(start, &endptr, 10);
+    if (errno || (endptr == start))
         return 0;
     *value = res;
     return 1;
diff --git a/src/SwapDir.cc b/src/SwapDir.cc
index 581e4ba..0f80cfa 100644
--- a/src/SwapDir.cc
+++ b/src/SwapDir.cc
@@ -239,13 +239,21 @@ SwapDir::optionReadOnlyDump(StoreEntry * e) const
 bool
 SwapDir::optionMaxSizeParse(char const *option, const char *value, int isaReconfig)
 {
+    char *endptr;
+
     if (strcmp(option, "max-size") != 0)
         return false;
 
     if (!value)
         self_destruct();
 
-    int64_t size = strtoll(value, NULL, 10);
+    errno = 0;
+    int64_t size = strtoll(value, &endptr, 10);
+    if (errno || (value == endptr)) {
+        debugs(3, 1, "Invalid max-size for cache dir '" << path << "' ignored");
+        return false;
+    }
+
 
     if (isaReconfig && max_objsize != size)
         debugs(3, 1, "Cache dir '" << path << "' max object size now " << size);
diff --git a/src/comm.cc b/src/comm.cc
index b5e927f..8a573a3 100644
--- a/src/comm.cc
+++ b/src/comm.cc
@@ -2206,11 +2206,15 @@ int
 comm_listen(int sock)
 {
     int x;
+    int defer = 30;
 
     if ((x = listen(sock, Squid_MaxFD >> 2)) < 0) {
         debugs(50, 0, "comm_listen: listen(" << (Squid_MaxFD >> 2) << ", " << sock << "): " << xstrerror());
         return x;
     }
+#ifdef TCP_DEFER_ACCEPT
+    setsockopt(sock, SOL_TCP, TCP_DEFER_ACCEPT, &defer, sizeof(defer));
+#endif
 
     if (Config.accept_filter && strcmp(Config.accept_filter, "none") != 0) {
 #ifdef SO_ACCEPTFILTER
diff --git a/src/ftp.cc b/src/ftp.cc
index 60848b2..ad8b32a 100644
--- a/src/ftp.cc
+++ b/src/ftp.cc
@@ -2420,10 +2420,13 @@ ftpReadSize(FtpStateData * ftpState)
     debugs(9, 3, HERE);
 
     if (code == 213) {
+        char *endptr;
+
         ftpState->unhack();
-        ftpState->theSize = strtoll(ftpState->ctrl.last_reply, NULL, 10);
+        errno = 0;
+        ftpState->theSize = strtoll(ftpState->ctrl.last_reply, &endptr, 10);
 
-        if (ftpState->theSize == 0) {
+        if (ftpState->theSize < 0 || errno || (ftpState->ctrl.last_reply == endptr)) {
             debugs(9, 2, "SIZE reported " <<
                    ftpState->ctrl.last_reply << " on " <<
                    ftpState->title_url);
diff --git a/src/wccp2.cc b/src/wccp2.cc
index 0f79cf3..5f45f56 100644
--- a/src/wccp2.cc
+++ b/src/wccp2.cc
@@ -2254,7 +2254,7 @@ static void
 parse_wccp2_service_ports(char *options, int portlist[])
 {
     int i = 0;
-    int p;
+    long p;
     char *tmp, *tmp2, *port, *end;
 
     if (!options) {
@@ -2295,7 +2295,7 @@ parse_wccp2_service_info(void *v)
     int protocol = -1;		/* IPPROTO_TCP | IPPROTO_UDP */
 
     struct wccp2_service_list_t *srv;
-    int priority = -1;
+    long priority = -1;
 
     if (wccp2_connected == 1) {
         debugs(80, 1, "WCCPv2: Somehow reparsing the configuration without having shut down WCCP! Try reloading squid again.");