From mboxrd@z Thu Jan 1 00:00:00 1970 From: Matthias Fischer To: development@lists.ipfire.org Subject: [PATCH] squid: Update to 3.5.25 Date: Mon, 03 Apr 2017 21:26:44 +0200 Message-ID: <20170403192644.32436-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0164293849953681092==" List-Id: --===============0164293849953681092== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Signed-off-by: Matthias Fischer --- lfs/squid | 20 +- ...=3D> squid-3.5.25-fix-max-file-descriptors.patch} | 0 src/patches/squid/squid-3.5-14142.patch | 72 ----- src/patches/squid/squid-3.5-14143.patch | 55 ---- src/patches/squid/squid-3.5-14144.patch | 43 --- src/patches/squid/squid-3.5-14145.patch | 33 -- src/patches/squid/squid-3.5-14146.patch | 41 --- src/patches/squid/squid-3.5-14147.patch | 37 --- src/patches/squid/squid-3.5-14148.patch | 62 ---- src/patches/squid/squid-3.5-14149.patch | 78 ----- src/patches/squid/squid-3.5-14150.patch | 32 -- src/patches/squid/squid-3.5-14151.patch | 36 --- src/patches/squid/squid-3.5-14152.patch | 35 -- src/patches/squid/squid-3.5-14153.patch | 353 -------------------= -- 14 files changed, 4 insertions(+), 893 deletions(-) rename src/patches/{squid-3.5.24-fix-max-file-descriptors.patch =3D> squid-3= .5.25-fix-max-file-descriptors.patch} (100%) delete mode 100644 src/patches/squid/squid-3.5-14142.patch delete mode 100644 src/patches/squid/squid-3.5-14143.patch delete mode 100644 src/patches/squid/squid-3.5-14144.patch delete mode 100644 src/patches/squid/squid-3.5-14145.patch delete mode 100644 src/patches/squid/squid-3.5-14146.patch delete mode 100644 src/patches/squid/squid-3.5-14147.patch delete mode 100644 src/patches/squid/squid-3.5-14148.patch delete mode 100644 src/patches/squid/squid-3.5-14149.patch delete mode 100644 src/patches/squid/squid-3.5-14150.patch delete mode 100644 src/patches/squid/squid-3.5-14151.patch delete mode 100644 src/patches/squid/squid-3.5-14152.patch delete mode 100644 src/patches/squid/squid-3.5-14153.patch diff --git a/lfs/squid b/lfs/squid index 269902067..70d83b04c 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 3.5.24 +VER =3D 3.5.25 =20 THISAPP =3D squid-$(VER) DL_FILE =3D $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 3fae511e16b6379b61c011914673973d +$(DL_FILE)_MD5 =3D 6b7dd7b42b1adacf08f3155640ea2782 =20 install : $(TARGET) =20 @@ -70,19 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14142= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14143= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14144= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14145= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14146= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14147= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14148= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14149= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14150= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14151= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14152= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14153= .patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.24-fix-max-= file-descriptors.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.25-fix-max-= file-descriptors.patch =20 cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi @@ -159,7 +147,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cp -f $(DIR_SRC)/config/updxlrator/lscache /var/ipfire/updatexlrator/bin/ls= cache cp -f $(DIR_SRC)/config/updxlrator/checkdeaddl /var/ipfire/updatexlrator/bi= n/checkdeaddl =20 - cp -f $(DIR_SRC)/config/updxlrator/updxlrator-lib.pl /var/ipfire/updatexlra= tor//updxlrator-lib.pl + cp -f $(DIR_SRC)/config/updxlrator/updxlrator-lib.pl /var/ipfire/updatexlra= tor/updxlrator-lib.pl =20 chmod 755 /usr/sbin/updxlrator /var/ipfire/updatexlrator/bin/checkup \ /var/ipfire/updatexlrator/bin/download \ diff --git a/src/patches/squid-3.5.24-fix-max-file-descriptors.patch b/src/pa= tches/squid-3.5.25-fix-max-file-descriptors.patch similarity index 100% rename from src/patches/squid-3.5.24-fix-max-file-descriptors.patch rename to src/patches/squid-3.5.25-fix-max-file-descriptors.patch diff --git a/src/patches/squid/squid-3.5-14142.patch b/src/patches/squid/squi= d-3.5-14142.patch deleted file mode 100644 index 8649e27f9..000000000 --- a/src/patches/squid/squid-3.5-14142.patch +++ /dev/null @@ -1,72 +0,0 @@ ------------------------------------------------------------- -revno: 14142 -revision-id: squid3(a)treenet.co.nz-20170208054033-pxqn8rs4yu713ijq -parent: squid3(a)treenet.co.nz-20170128035415-bpwt79jsobv1rqx3 -author: Christos Tsantilas -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Wed 2017-02-08 18:40:33 +1300 -message: - Bump SSL client on [more] errors encountered before ssl_bump evaluation - =20 - ... such as ERR_ACCESS_DENIED with HTTP/403 Forbidden triggered by an - http_access deny rule match. - =20 - The old code allowed ssl_bump step1 rules to be evaluated in the - presence of an error. An ssl_bump splicing decision would then trigger - the useless "send the error to the client now" processing logic instead - of going down the "to serve an error, bump the client first" path. - =20 - Furthermore, the ssl_bump evaluation result itself could be surprising - to the admin because ssl_bump (and most other) rules are not meant to be - evaluated for a transaction in an error state. This complicated triage. - =20 - Also polished an important comment to clarify that we want to bump on - error if (and only if) the SslBump feature is applicable to the failed - transaction (i.e., if the ssl_bump rules would have been evaluated if - there were no prior errors). The old comment could have been - misinterpreted that ssl_bump rules must be evaluated to allow an - "ssl_bump splice" match to hide the error. - =20 - This is a Measurement Factory project. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170208054033-pxqn8rs4yu713ijq -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8c3f2a03f86aa1b1484195a63742bc4002ba2359 -# timestamp: 2017-02-08 05:51:15 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170128035415-\ -# bpwt79jsobv1rqx3 -#=20 -# Begin patch -=3D=3D=3D modified file 'src/client_side_request.cc' ---- src/client_side_request.cc 2017-01-23 02:05:46 +0000 -+++ src/client_side_request.cc 2017-02-08 05:40:33 +0000 -@@ -1442,6 +1442,13 @@ - return false; - } -=20 -+ if (error) { -+ debugs(85, 5, "SslBump applies. Force bump action on error " << err= _type_str[(error->type >=3D ERR_NONE && error->type < ERR_MAX) ? error->type = : ERR_NONE]); -+ http->sslBumpNeed(Ssl::bumpBump); -+ http->al->ssl.bumpMode =3D Ssl::bumpBump; -+ return false; -+ } -+ - // Do not bump during authentication: clients would not proxy-authentic= ate - // if we delay a 407 response and respond with 200 OK to CONNECT. - if (error && error->httpStatus =3D=3D Http::scProxyAuthenticationRequir= ed) { -@@ -1781,8 +1788,9 @@ - } -=20 - #if USE_OPENSSL -- // We need to check for SslBump even if the calloutContext->error is set -- // because bumping may require delaying the error until after CONNECT. -+ // Even with calloutContext->error, we call sslBumpAccessCheck() to dec= ide -+ // whether SslBump applies to this transaction. If it applies, we will -+ // attempt to bump the client to serve the error. - if (!calloutContext->sslBumpCheckDone) { - calloutContext->sslBumpCheckDone =3D true; - if (calloutContext->sslBumpAccessCheck()) - diff --git a/src/patches/squid/squid-3.5-14143.patch b/src/patches/squid/squi= d-3.5-14143.patch deleted file mode 100644 index 49b3eb8ef..000000000 --- a/src/patches/squid/squid-3.5-14143.patch +++ /dev/null @@ -1,55 +0,0 @@ ------------------------------------------------------------- -revno: 14143 -revision-id: squid3(a)treenet.co.nz-20170225055014-j7v5xax13u4jddr9 -parent: squid3(a)treenet.co.nz-20170208054033-pxqn8rs4yu713ijq -author: Christos Tsantilas -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sat 2017-02-25 18:50:14 +1300 -message: - Fix regression in CONNECT authentication after rev.14142 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170225055014-j7v5xax13u4jddr9 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: bedc99ffdffd1e999c98c33faa830d4e9d1fc01d -# timestamp: 2017-02-25 05:51:22 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170208054033-\ -# pxqn8rs4yu713ijq -#=20 -# Begin patch -=3D=3D=3D modified file 'src/client_side_request.cc' ---- src/client_side_request.cc 2017-02-08 05:40:33 +0000 -+++ src/client_side_request.cc 2017-02-25 05:50:14 +0000 -@@ -1442,6 +1442,14 @@ - return false; - } -=20 -+ // Do not bump during authentication: clients would not proxy-authentic= ate -+ // if we delay a 407 response and respond with 200 OK to CONNECT. -+ if (error && error->httpStatus =3D=3D Http::scProxyAuthenticationRequir= ed) { -+ http->al->ssl.bumpMode =3D Ssl::bumpEnd; // SslBump does not apply;= log - -+ debugs(85, 5, HERE << "no SslBump during proxy authentication"); -+ return false; -+ } -+ - if (error) { - debugs(85, 5, "SslBump applies. Force bump action on error " << err= _type_str[(error->type >=3D ERR_NONE && error->type < ERR_MAX) ? error->type = : ERR_NONE]); - http->sslBumpNeed(Ssl::bumpBump); -@@ -1449,14 +1457,6 @@ - return false; - } -=20 -- // Do not bump during authentication: clients would not proxy-authentic= ate -- // if we delay a 407 response and respond with 200 OK to CONNECT. -- if (error && error->httpStatus =3D=3D Http::scProxyAuthenticationRequir= ed) { -- http->al->ssl.bumpMode =3D Ssl::bumpEnd; // SslBump does not apply;= log - -- debugs(85, 5, HERE << "no SslBump during proxy authentication"); -- return false; -- } -- - debugs(85, 5, HERE << "SslBump possible, checking ACL"); -=20 - ACLFilledChecklist *aclChecklist =3D clientAclChecklistCreate(Config.ac= cessList.ssl_bump, http); - diff --git a/src/patches/squid/squid-3.5-14144.patch b/src/patches/squid/squi= d-3.5-14144.patch deleted file mode 100644 index 592a774d6..000000000 --- a/src/patches/squid/squid-3.5-14144.patch +++ /dev/null @@ -1,43 +0,0 @@ ------------------------------------------------------------- -revno: 14144 -revision-id: squid3(a)treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g -parent: squid3(a)treenet.co.nz-20170225055014-j7v5xax13u4jddr9 -author: Alex Rousskov -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sun 2017-02-26 21:46:24 +1300 -message: - Fix crash when configuring with invalid delay_parameters restore value. - =20 - ... like none/none. Introduced in rev which fixed another, much - bigger delay_parameters parsing bug. - =20 - TODO: Reject all invalid input, including restore/max of "-/100". - =20 - TODO: Fix misleading/wrong associated error messages. For example: - ERROR: invalid delay rate 'none/none'. Expecting restore/max or 'none' - ERROR: restore rate in '1/none' is not a number. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 42f47b8ee1da049d57e6af76ce755e459d2fc9fd -# timestamp: 2017-02-26 08:51:02 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170225055014-\ -# j7v5xax13u4jddr9 -#=20 -# Begin patch -=3D=3D=3D modified file 'src/DelaySpec.cc' ---- src/DelaySpec.cc 2017-01-01 00:16:45 +0000 -+++ src/DelaySpec.cc 2017-02-26 08:46:24 +0000 -@@ -55,7 +55,7 @@ -=20 - // parse the first digits into restore_bps - const char *p =3D NULL; -- if (!StringToInt(token, restore_bps, &p, 10) && *p !=3D '/') { -+ if (!StringToInt(token, restore_bps, &p, 10) || *p !=3D '/') { - debugs(77, DBG_CRITICAL, "ERROR: invalid delay rate '" << token << = "'. Expecting restore/max or 'none'."); - self_destruct(); - } - diff --git a/src/patches/squid/squid-3.5-14145.patch b/src/patches/squid/squi= d-3.5-14145.patch deleted file mode 100644 index aaa56ed33..000000000 --- a/src/patches/squid/squid-3.5-14145.patch +++ /dev/null @@ -1,33 +0,0 @@ ------------------------------------------------------------- -revno: 14145 -revision-id: squid3(a)treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s -parent: squid3(a)treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sun 2017-02-26 21:50:09 +1300 -message: - Fix missing CRLF on FTP timeout ABORT commands ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a290f77545e17012eea87e6315a9d375bff16752 -# timestamp: 2017-02-26 08:51:05 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170226084624-\ -# 5tkl3bdrqz8nlp9g -#=20 -# Begin patch -=3D=3D=3D modified file 'src/clients/FtpGateway.cc' ---- src/clients/FtpGateway.cc 2017-01-01 00:16:45 +0000 -+++ src/clients/FtpGateway.cc 2017-02-26 08:50:09 +0000 -@@ -1775,7 +1775,7 @@ -=20 - // ABORT on timeouts. server may be waiting on a broken TCP link. - if (io.xerrno =3D=3D Comm::TIMEOUT) -- writeCommand("ABOR"); -+ writeCommand("ABOR\r\n"); -=20 - // try another connection attempt with some other method - ftpSendPassive(this); - diff --git a/src/patches/squid/squid-3.5-14146.patch b/src/patches/squid/squi= d-3.5-14146.patch deleted file mode 100644 index 391fa35d8..000000000 --- a/src/patches/squid/squid-3.5-14146.patch +++ /dev/null @@ -1,41 +0,0 @@ ------------------------------------------------------------- -revno: 14146 -revision-id: squid3(a)treenet.co.nz-20170226085245-vcvc7nemupizbe4t -parent: squid3(a)treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sun 2017-02-26 21:52:45 +1300 -message: - Check that -k argument is provided before trying to use it. - =20 - Detected by Coverity Scan. Issue 1364726. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170226085245-vcvc7nemupizbe4t -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 31bba06ced5b67f892e4be897b05ec3744b2a942 -# timestamp: 2017-02-26 09:51:00 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170226085009-\ -# tj3o81s5ybk8ly9s -#=20 -# Begin patch -=3D=3D=3D modified file 'src/main.cc' ---- src/main.cc 2017-01-01 00:16:45 +0000 -+++ src/main.cc 2017-02-26 08:52:45 +0000 -@@ -425,11 +425,11 @@ - /** \par k - * Run the administrative action given following the option */ -=20 -- /** \li When its an unknown option display the usage help. */ -- if ((int) strlen(optarg) < 1) -+ /** \li When it is missing or an unknown option display the usa= ge help. */ -+ if (!optarg || strlen(optarg) < 1) - usage(); -=20 -- if (!strncmp(optarg, "reconfigure", strlen(optarg))) -+ else if (!strncmp(optarg, "reconfigure", strlen(optarg))) - /** \li On reconfigure send SIGHUP. */ - opt_send_signal =3D SIGHUP; - else if (!strncmp(optarg, "rotate", strlen(optarg))) - diff --git a/src/patches/squid/squid-3.5-14147.patch b/src/patches/squid/squi= d-3.5-14147.patch deleted file mode 100644 index a8b52f388..000000000 --- a/src/patches/squid/squid-3.5-14147.patch +++ /dev/null @@ -1,37 +0,0 @@ ------------------------------------------------------------- -revno: 14147 -revision-id: squid3(a)treenet.co.nz-20170226085617-89jfjndt62i83qtn -parent: squid3(a)treenet.co.nz-20170226085245-vcvc7nemupizbe4t -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sun 2017-02-26 21:56:17 +1300 -message: - ext_kerberos_ldap_group_acl: fix unused value warnings - =20 - Detected by Coverity Scan. Issues 1364748 and 1364749. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170226085617-89jfjndt62i83qtn -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: fd770175ba851fc62de4a085414c8fd996b53e46 -# timestamp: 2017-02-26 09:51:04 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170226085245-\ -# vcvc7nemupizbe4t -#=20 -# Begin patch -=3D=3D=3D modified file 'helpers/external_acl/kerberos_ldap_group/support_ld= ap.cc' ---- helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2017-01-01 00:1= 6:45 +0000 -+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2017-02-26 08:5= 6:17 +0000 -@@ -919,8 +919,8 @@ - /* - * Initialise ldap - */ -- ldap_debug =3D 127 /* LDAP_DEBUG_TRACE */ ; -- ldap_debug =3D -1 /* LDAP_DEBUG_ANY */ ; -+// ldap_debug =3D 127 /* LDAP_DEBUG_TRACE */ ; -+// ldap_debug =3D -1 /* LDAP_DEBUG_ANY */ ; - ldap_debug =3D 0; - (void) ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug); - #endif - diff --git a/src/patches/squid/squid-3.5-14148.patch b/src/patches/squid/squi= d-3.5-14148.patch deleted file mode 100644 index ce7d9667c..000000000 --- a/src/patches/squid/squid-3.5-14148.patch +++ /dev/null @@ -1,62 +0,0 @@ ------------------------------------------------------------- -revno: 14148 -revision-id: squid3(a)treenet.co.nz-20170226110942-90rcwhx3fwa2l7is -parent: squid3(a)treenet.co.nz-20170226085617-89jfjndt62i83qtn -author: Alexander Gozman -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Mon 2017-02-27 00:09:42 +1300 -message: - Native FTP relay: NAT and TPROXY interception fixes ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170226110942-90rcwhx3fwa2l7is -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 63f57f0ddddf0f231c3ef88a12728a707828c6ad -# timestamp: 2017-02-26 11:51:04 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170226085617-\ -# 89jfjndt62i83qtn -#=20 -# Begin patch -=3D=3D=3D modified file 'src/servers/FtpServer.cc' ---- src/servers/FtpServer.cc 2017-01-01 00:16:45 +0000 -+++ src/servers/FtpServer.cc 2017-02-26 11:09:42 +0000 -@@ -1454,9 +1454,33 @@ - Comm::ConnectionPointer conn =3D new Comm::Connection(); - conn->flags |=3D COMM_DOBIND; -=20 -- // Use local IP address of the control connection as the source address -- // of the active data connection, or some clients will refuse to accept. -- conn->setAddrs(clientConnection->local, cltAddr); -+ if (clientConnection->flags & COMM_INTERCEPTION) { -+ // In the case of NAT interception conn->local value is not set -+ // because the TCP stack will automatically pick correct source -+ // address for the data connection. We must only ensure that IP -+ // version matches client's address. -+ conn->local.setAnyAddr(); -+ -+ if (cltAddr.isIPv4()) -+ conn->local.setIPv4(); -+ -+ conn->remote =3D cltAddr; -+ } else { -+ // In the case of explicit-proxy the local IP of the control connec= tion -+ // is the Squid IP the client is knowingly talking to. -+ // -+ // In the case of TPROXY the IP address of the control connection is -+ // server IP the client is connecting to, it can be spoofed by Squi= d. -+ // -+ // In both cases some clients may refuse to accept data connections= if -+ // these control connectin local-IP's are not used. -+ conn->setAddrs(clientConnection->local, cltAddr); -+ -+ // Using non-local addresses in TPROXY mode requires appropriate so= cket option. -+ if (clientConnection->flags & COMM_TRANSPARENT) -+ conn->flags |=3D COMM_TRANSPARENT; -+ } -+ - // RFC 959 requires active FTP connections to originate from port 20 - // but that would preclude us from supporting concurrent transfers! (XX= X?) - conn->local.port(0); - diff --git a/src/patches/squid/squid-3.5-14149.patch b/src/patches/squid/squi= d-3.5-14149.patch deleted file mode 100644 index a9fa59754..000000000 --- a/src/patches/squid/squid-3.5-14149.patch +++ /dev/null @@ -1,78 +0,0 @@ ------------------------------------------------------------- -revno: 14149 -revision-id: squid3(a)treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3 -parent: squid3(a)treenet.co.nz-20170226110942-90rcwhx3fwa2l7is -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3D4508 -author: Christos Tsantilas -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Fri 2017-03-31 01:31:22 +1200 -message: - Bug 4508: Host forgery stalls intercepted being-spliced connections. - =20 - Most SslBump splicing happens after getting SNI. SNI goes into the - second fake CONNECT request, where it may fail the host forgery check. - A failed check triggers an HTTP error response from Squid. When - attempting to send that response to the TLS client, Squid checks whether - all previously pipelined HTTP requests on the connection have finished. - =20 - Prior to this fix, Squid left the first fake CONNECT request in the - connection pipeline despite adding the second fake CONNECT. That first - CONNECT stalled the error response described above, with Squid waiting, - in vain, for that already handled [fake] transaction to finish. - =20 - Also call quitAfterError() to force Squid to close the connection (after - writing the discussed error response) instead of just logging a - [misleading] "kick abandoning [connection]" message in cache.log. - =20 - TODO: Always pop the first CONNECT when generating a second one. - Unifying CONNECT treatment is difficult because code like tunnel.cc - wants that CONNECT to be in the pipeline. Polishing that would probably - require disassociating ConnStateData from tunnel.cc (at least). - =20 - TODO: Apply the existing "delayed error" logic (that optionally bumps - TLS connections to deliver [some] errors to [some] SSL/TLS clients) to - host forgery errors. Otherwise, the plain HTTP error message cannot be - understood by the intercepted TLS client. - =20 - This is a Measurement Factory project ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: db616fff2ac0df73cf41d380f07a96b773cf2be5 -# timestamp: 2017-03-30 13:51:17 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170226110942-\ -# 90rcwhx3fwa2l7is -#=20 -# Begin patch -=3D=3D=3D modified file 'src/client_side.cc' ---- src/client_side.cc 2017-01-27 13:38:24 +0000 -+++ src/client_side.cc 2017-03-30 13:31:22 +0000 -@@ -4376,7 +4376,12 @@ - fd_table[connState->clientConnection->fd].read_method =3D &default_= read_method; - fd_table[connState->clientConnection->fd].write_method =3D &default= _write_method; -=20 -+ ClientSocketContext::Pointer context =3D connState->getCurrentConte= xt(); -+ Must(context !=3D NULL); - if (connState->transparent()) { -+ // If we are going to fake the second CONNECT, clear the first = one. -+ context->connIsFinished(); -+ - // fake a CONNECT request to force connState to tunnel - // XXX: copy from MemBuf reallocates, not a regression since ol= d code did too - SBuf temp; - -=3D=3D=3D modified file 'src/client_side_request.cc' ---- src/client_side_request.cc 2017-02-25 05:50:14 +0000 -+++ src/client_side_request.cc 2017-03-30 13:31:22 +0000 -@@ -561,6 +561,7 @@ - debugs(85, DBG_IMPORTANT, "SECURITY ALERT: on URL: " << urlCanonical(ht= tp->request)); -=20 - // IP address validation for Host: failed. reject the connection. -+ http->getConn()->quitAfterError(http->request); - clientStreamNode *node =3D (clientStreamNode *)http->client_stream.tail= ->prev->data; - clientReplyContext *repContext =3D dynamic_cast(n= ode->data.getRaw()); - assert (repContext); - diff --git a/src/patches/squid/squid-3.5-14150.patch b/src/patches/squid/squi= d-3.5-14150.patch deleted file mode 100644 index dfe97a0ef..000000000 --- a/src/patches/squid/squid-3.5-14150.patch +++ /dev/null @@ -1,32 +0,0 @@ ------------------------------------------------------------- -revno: 14150 -revision-id: squid3(a)treenet.co.nz-20170331005152-8exm3hsly1v1jk8y -parent: squid3(a)treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3 -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Fri 2017-03-31 12:51:52 +1200 -message: - Fix variable shadowing after rev.14149 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170331005152-8exm3hsly1v1jk8y -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ae1e30fff31cf8b411c62eba344fdc944692aecf -# timestamp: 2017-03-31 01:51:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170330133122-\ -# zcpblbvnuq7mjvq3 -#=20 -# Begin patch -=3D=3D=3D modified file 'src/client_side.cc' ---- src/client_side.cc 2017-03-30 13:31:22 +0000 -+++ src/client_side.cc 2017-03-31 00:51:52 +0000 -@@ -4390,7 +4390,6 @@ - } else { - // in.buf still has the "CONNECT ..." request data, reset it to= SSL hello message - connState->in.buf.append(rbuf.content(), rbuf.contentSize()); -- ClientSocketContext::Pointer context =3D connState->getCurrentC= ontext(); - ClientHttpRequest *http =3D context->http; - tunnelStart(http, &http->out.size, &http->al->http.code, http->= al); - } - diff --git a/src/patches/squid/squid-3.5-14151.patch b/src/patches/squid/squi= d-3.5-14151.patch deleted file mode 100644 index d22387d53..000000000 --- a/src/patches/squid/squid-3.5-14151.patch +++ /dev/null @@ -1,36 +0,0 @@ ------------------------------------------------------------- -revno: 14151 -revision-id: squid3(a)treenet.co.nz-20170331233831-m3hfrigo82uhz4id -parent: squid3(a)treenet.co.nz-20170331005152-8exm3hsly1v1jk8y -author: Garri Djavadyan -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sat 2017-04-01 12:38:31 +1300 -message: - Docs: update refresh_pattern description regarding 'max' option ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170331233831-m3hfrigo82uhz4id -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: be64101730dcb2deb664d6594d20a7295a666b98 -# timestamp: 2017-03-31 23:40:50 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170331005152-\ -# 8exm3hsly1v1jk8y -#=20 -# Begin patch -=3D=3D=3D modified file 'src/cf.data.pre' ---- src/cf.data.pre 2017-01-01 00:16:45 +0000 -+++ src/cf.data.pre 2017-03-31 23:38:31 +0000 -@@ -5401,7 +5401,9 @@ - will be considered fresh. -=20 - 'Max' is an upper limit on how long objects without an explicit -- expiry time will be considered fresh. -+ expiry time will be considered fresh. The value is also used -+ to form Cache-Control: max-age header for a request sent from -+ Squid to origin/parent. -=20 - options: override-expire - override-lastmod - diff --git a/src/patches/squid/squid-3.5-14152.patch b/src/patches/squid/squi= d-3.5-14152.patch deleted file mode 100644 index 81bd3a039..000000000 --- a/src/patches/squid/squid-3.5-14152.patch +++ /dev/null @@ -1,35 +0,0 @@ ------------------------------------------------------------- -revno: 14152 -revision-id: squid3(a)treenet.co.nz-20170331233921-efxhs8vy025fvrnl -parent: squid3(a)treenet.co.nz-20170331233831-m3hfrigo82uhz4id -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sat 2017-04-01 12:39:21 +1300 -message: - libtrie: Fix 'make check' when run before 'make all' ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170331233921-efxhs8vy025fvrnl -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8399bbfe7b517fa6306bdc61d212a9a4fcc9e88b -# timestamp: 2017-03-31 23:40:52 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170331233831-\ -# m3hfrigo82uhz4id -#=20 -# Begin patch -=3D=3D=3D modified file 'lib/libTrie/Makefile.am' ---- lib/libTrie/Makefile.am 2017-01-01 00:16:45 +0000 -+++ lib/libTrie/Makefile.am 2017-03-31 23:39:21 +0000 -@@ -8,8 +8,8 @@ - include $(top_srcdir)/src/Common.am - include $(top_srcdir)/src/TestHeaders.am -=20 --DIST_SUBDIRS =3D test --SUBDIRS =3D test -+DIST_SUBDIRS =3D . test -+SUBDIRS =3D . test -=20 - noinst_LIBRARIES =3D libTrie.a -=20 - diff --git a/src/patches/squid/squid-3.5-14153.patch b/src/patches/squid/squi= d-3.5-14153.patch deleted file mode 100644 index c236a6115..000000000 --- a/src/patches/squid/squid-3.5-14153.patch +++ /dev/null @@ -1,353 +0,0 @@ ------------------------------------------------------------- -revno: 14153 -revision-id: squid3(a)treenet.co.nz-20170331234747-59glu40hhx0kf8fx -parent: squid3(a)treenet.co.nz-20170331233921-efxhs8vy025fvrnl -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3D4688 -author: Lubos Uhliarik -committer: Amos Jeffries -branch nick: 3.5 -timestamp: Sat 2017-04-01 12:47:47 +1300 -message: - Bug 4688: various typo error(s) in man page(s) ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3(a)treenet.co.nz-20170331234747-59glu40hhx0kf8fx -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a05d98a4e328e39f2a490cfeff72ad8735cc6b6e -# timestamp: 2017-03-31 23:48:51 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3(a)treenet.co.nz-20170331233921-\ -# efxhs8vy025fvrnl -#=20 -# Begin patch -=3D=3D=3D modified file 'compat/compat.h' ---- compat/compat.h 2017-01-01 00:16:45 +0000 -+++ compat/compat.h 2017-03-31 23:47:47 +0000 -@@ -11,7 +11,7 @@ -=20 - /* - * From discussions it was chosen to push compat code as far down as possib= le. -- * That means we can have a seperate compat for most -+ * That means we can have a separate compat for most - * compatability and portability hacks and resolutions. - * - * This file is meant to collate all those hacks files together and - -=3D=3D=3D modified file 'helpers/basic_auth/DB/basic_db_auth.pl.in' ---- helpers/basic_auth/DB/basic_db_auth.pl.in 2017-01-01 00:16:45 +0000 -+++ helpers/basic_auth/DB/basic_db_auth.pl.in 2017-03-31 23:47:47 +0000 -@@ -14,7 +14,7 @@ -=20 - basic_db_auth [options] -=20 --=3Dhead1 DESCRIPTOIN -+=3Dhead1 DESCRIPTION -=20 - This program verifies username & password to a database -=20 -@@ -97,7 +97,7 @@ - Copyright (C) 2007 Henrik Nordstrom - Copyright (C) 2010 Luis Daniel Lucio Quiroz (Joomla = support) - This program is free software. You may redistribute copies of it under the --terms of the GNU General Public License version 2, or (at youropinion) any -+terms of the GNU General Public License version 2, or (at your opinion) any - later version. -=20 - =3Dhead1 QUESTIONS - -=3D=3D=3D modified file 'helpers/basic_auth/LDAP/basic_ldap_auth.8' ---- helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-01-01 00:16:45 +0000 -+++ helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-03-31 23:47:47 +0000 -@@ -98,7 +98,7 @@ - .B Note: - This can only be done if all your users are located directly under - the same position in the LDAP tree and the login name is used for naming --each user object. If your LDAP tree does not match these criterias or if -+each user object. If your LDAP tree does not match these criteria or if - you want to filter who are valid users then you need to use a search filter - to search for your users DN ( - .B \-f -@@ -186,15 +186,15 @@ - .B never - dereference aliases (default), - .B always --dereference aliases, only while --.B search ing -+dereference aliases, only during a -+.B search - or only to - .B find - the base object. - . - .if !'po4a'hide' .TP - .if !'po4a'hide' .B "\-H ldap_uri --Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP librar= ies). -+Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP librar= ies). - Servers can also be specified last on the command line. - . - .if !'po4a'hide' .TP - -=3D=3D=3D modified file 'helpers/digest_auth/LDAP/digest_pw_auth.cc' ---- helpers/digest_auth/LDAP/digest_pw_auth.cc 2017-01-01 00:16:45 +0000 -+++ helpers/digest_auth/LDAP/digest_pw_auth.cc 2017-03-31 23:47:47 +0000 -@@ -30,7 +30,7 @@ - * the file format. However storing such a triple does little to - * improve security: If compromised the username:realm:HA1 combination - * is "plaintext equivalent" - for the purposes of digest authentication -- * they allow the user access. Password syncronisation is not tackled -+ * they allow the user access. Password synchronization is not tackled - * by digest - just preventing on the wire compromise. - * - * Copyright (c) 2003 Robert Collins - -=3D=3D=3D modified file 'helpers/digest_auth/eDirectory/digest_pw_auth.cc' ---- helpers/digest_auth/eDirectory/digest_pw_auth.cc 2017-01-01 00:16:45 +00= 00 -+++ helpers/digest_auth/eDirectory/digest_pw_auth.cc 2017-03-31 23:47:47 +00= 00 -@@ -30,7 +30,7 @@ - * the file format. However storing such a triple does little to - * improve security: If compromised the username:realm:HA1 combination - * is "plaintext equivalent" - for the purposes of digest authentication -- * they allow the user access. Password syncronisation is not tackled -+ * they allow the user access. Password synchronization is not tackled - * by digest - just preventing on the wire compromise. - * - * Copyright (c) 2003 Robert Collins - -=3D=3D=3D modified file 'helpers/digest_auth/file/digest_file_auth.8' ---- helpers/digest_auth/file/digest_file_auth.8 2017-01-01 00:16:45 +0000 -+++ helpers/digest_auth/file/digest_file_auth.8 2017-03-31 23:47:47 +0000 -@@ -15,7 +15,7 @@ - is an installed binary authentication program for Squid. It handles digest = - authentication protocol and authenticates against a text file backend. - . --This program will automatically detect the existence of a concurrecy channe= l-ID and adjust appropriately. -+This program will automatically detect the existence of a concurrency chann= el-ID and adjust appropriately. - It may be used with any value 0 or above for the auth_param children concur= rency=3D parameter. - . - .SH OPTIONS -@@ -54,7 +54,7 @@ - improve security: If compromised the - .B username:realm:HA1=20 - combination is "plaintext equivalent" - for the purposes of digest authenti= cation --they allow the user access. Password syncronisation is not tackled -+they allow the user access. Password synchronization is not tackled - by digest - just preventing on the wire compromise. - . - .SH AUTHOR - -=3D=3D=3D modified file 'helpers/digest_auth/file/digest_file_auth.cc' ---- helpers/digest_auth/file/digest_file_auth.cc 2017-01-01 00:16:45 +0000 -+++ helpers/digest_auth/file/digest_file_auth.cc 2017-03-31 23:47:47 +0000 -@@ -33,7 +33,7 @@ - * the file format. However storing such a triple does little to - * improve security: If compromised the username:realm:HA1 combination - * is "plaintext equivalent" - for the purposes of digest authentication -- * they allow the user access. Password syncronisation is not tackled -+ * they allow the user access. Password synchronization is not tackled - * by digest - just preventing on the wire compromise. - * - * Copyright (c) 2003 Robert Collins - -=3D=3D=3D modified file 'helpers/digest_auth/file/text_backend.cc' ---- helpers/digest_auth/file/text_backend.cc 2017-01-01 00:16:45 +0000 -+++ helpers/digest_auth/file/text_backend.cc 2017-03-31 23:47:47 +0000 -@@ -29,7 +29,7 @@ - * the file format. However storing such a triple does little to - * improve security: If compromised the username:realm:HA1 combination - * is "plaintext equivalent" - for the purposes of digest authentication -- * they allow the user access. Password syncronisation is not tackled -+ * they allow the user access. Password synchronization is not tackled - * by digest - just preventing on the wire compromise. - * - * Copyright (c) 2003 Robert Collins - -=3D=3D=3D modified file 'helpers/external_acl/LDAP_group/ext_ldap_group_acl.= 8' ---- helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 2017-01-01 00:16:45= +0000 -+++ helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 2017-03-31 23:47:47= +0000 -@@ -52,8 +52,8 @@ - .BI never - dereference aliases (default), - .BI always --dereference aliases, only while --.BR search ing -+dereference aliases, only during a -+.BR search - or only to - .B find - the base object -@@ -143,7 +143,7 @@ - . - .if !'po4a'hide' .TP - .if !'po4a'hide' .BI \-H " ldapuri" --Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP libr= aries) -+Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP libr= aries) - . - .if !'po4a'hide' .TP - .if !'po4a'hide' .BI \-K - -=3D=3D=3D modified file 'helpers/external_acl/kerberos_ldap_group/README' ---- helpers/external_acl/kerberos_ldap_group/README 2010-08-13 10:17:20 +0000 -+++ helpers/external_acl/kerberos_ldap_group/README 2017-03-31 23:47:47 +0000 -@@ -65,7 +65,7 @@ - export KRB5_KTNAME -=20 - If you use a different Kerberos domain than the machine itself is in you ca= n point squid to=20 --the seperate Kerberos config file by setting the following environmnet vari= able in the startup=20 -+the separate Kerberos config file by setting the following environment vari= able in the startup=20 - script. -=20 - KRB5_CONFIG=3D/etc/krb5-squid.conf - -=3D=3D=3D modified file 'helpers/external_acl/kerberos_ldap_group/ext_kerber= os_ldap_group_acl.8' ---- helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2= 015-03-21 06:32:34 +0000 -+++ helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2= 017-03-31 23:47:47 +0000 -@@ -163,7 +163,7 @@ - .if !'po4a'hide' .ft - . - If you use a different Kerberos domain than the machine itself is in you ca= n point squid to --the seperate Kerberos config file by setting the following environmnet vari= able in the startup -+the separate Kerberos config file by setting the following environment vari= able in the startup - script. - .if !'po4a'hide' .P - .if !'po4a'hide' .ft CR - -=3D=3D=3D modified file 'helpers/external_acl/session/ext_session_acl.8' ---- helpers/external_acl/session/ext_session_acl.8 2017-01-01 00:16:45 +0000 -+++ helpers/external_acl/session/ext_session_acl.8 2017-03-31 23:47:47 +0000 -@@ -21,7 +21,7 @@ - ) or a fixed period of time ( - .B \-T - ). The former is suitable for displaying terms and conditions to a user; the --latter is suitable for the display of advertisments or other notices (both = as a -+latter is suitable for the display of advertisements or other notices (both= as a - splash page \- see config examples in the wiki online). The session helper = can also be used - to force users to re\-authenticate if the=20 - .B %LOGIN=20 -@@ -55,7 +55,7 @@ - environment is created within the directory. The advantage of the latter - is better database support between multiple instances of the session - helper. Using multiple instances of the session helper with a single --database file will cause synchronisation problems between processes. -+database file will cause synchronization problems between processes. - If this option is not specified the session details will be kept in - memory only and all sessions will reset each time Squid restarts its - helpers (Squid restart or rotation of logs). - -=3D=3D=3D modified file 'helpers/log_daemon/DB/log_db_daemon.pl.in' ---- helpers/log_daemon/DB/log_db_daemon.pl.in 2017-01-01 00:16:45 +0000 -+++ helpers/log_daemon/DB/log_db_daemon.pl.in 2017-03-31 23:47:47 +0000 -@@ -18,7 +18,7 @@ -=20 - log_db_daemon DSN [options] -=20 --=3Dhead1 DESCRIPTOIN -+=3Dhead1 DESCRIPTION -=20 - This program writes Squid access.log entries to a database. - Presently only accepts the B native format -@@ -373,7 +373,7 @@ - WHERE squid_request_status LIKE '%MISS%') - / - (SELECT COUNT(*) FROM access_log)*100 -- AS pecentage; -+ AS percentage; -=20 - =3Ditem Response time ranges -=20 -@@ -433,7 +433,7 @@ -=20 - This script currently implements only the C (i.e. "append a line to the = log") command, therefore the log lines are never purged from the table. This = approach has an obvious scalability problem. -=20 --One solution would be to implement e.g. the "rotate log" command in a way t= hat would calculate some summary values, put them in a "summary table" and th= en delete the lines used to caluclate those values. -+One solution would be to implement e.g. the "rotate log" command in a way t= hat would calculate some summary values, put them in a "summary table" and th= en delete the lines used to calculate those values. -=20 - Similar cleanup code could be implemented in an external script and run per= iodically independently from squid log commands. -=20 - -=3D=3D=3D modified file 'helpers/negotiate_auth/kerberos/README' ---- helpers/negotiate_auth/kerberos/README 2008-10-03 02:25:50 +0000 -+++ helpers/negotiate_auth/kerberos/README 2017-03-31 23:47:47 +0000 -@@ -53,7 +53,7 @@ - export KRB5_KTNAME -=20 - If you use a different Kerberos domain than the machine itself is in you ca= n point squid to=20 --the seperate Kerberos config file by setting the following environmnet vari= able in the startup=20 -+the separate Kerberos config file by setting the following environment vari= able in the startup=20 - script. -=20 - KRB5_CONFIG=3D/etc/krb-squid5.conf - -=3D=3D=3D modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_= auth.8' ---- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 2014-12-20 17:= 10:25 +0000 -+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 2017-03-31 23:= 47:47 +0000 -@@ -69,7 +69,7 @@ - export KRB5_KTNAME -=20 - If you use a different Kerberos domain than the machine itself is in you ca= n point squid to --the seperate Kerberos config file by setting the following environmnet vari= able in the startup -+the separate Kerberos config file by setting the following environment vari= able in the startup - script. -=20 - KRB5_CONFIG=3D/etc/krb5\-squid.conf - -=3D=3D=3D modified file 'helpers/storeid_rewrite/file/storeid_file_rewrite.p= l.in' ---- helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2017-01-01 00:16= :45 +0000 -+++ helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2017-03-31 23:47= :47 +0000 -@@ -29,7 +29,7 @@ - Rewrite rules are matched in the same order as they appear in the rules fil= e. - So for best performance, sort it in order of frequency of occurrence. -=20 --This program will automatically detect the existence of a concurrecy channe= l-ID and adjust appropriately. -+This program will automatically detect the existence of a concurrency chann= el-ID and adjust appropriately. - It may be used with any value 0 or above for the store_id_children concurre= ncy=3D parameter. -=20 - =3Dhead1 OPTIONS - -=3D=3D=3D modified file 'src/StoreFileSystem.h' ---- src/StoreFileSystem.h 2017-01-01 00:16:45 +0000 -+++ src/StoreFileSystem.h 2017-03-31 23:47:47 +0000 -@@ -47,7 +47,7 @@ - \par - * configure will take a list of storage types through the - * --enable-store-io parameter. This parameter takes a list of -- * space seperated storage types. For example, -+ * space separated storage types. For example, - * --enable-store-io=3D"ufs aufs" . - * - \par - -=3D=3D=3D modified file 'src/ipcache.cc' ---- src/ipcache.cc 2017-01-01 00:16:45 +0000 -+++ src/ipcache.cc 2017-03-31 23:47:47 +0000 -@@ -50,7 +50,7 @@ - \defgroup IPCacheInternal IP Cache Internals - \ingroup IPCacheAPI - \todo when IP cache is provided as a class. These sub-groups will be obso= lete -- * for now they are used to seperate the public and private functions. -+ * for now they are used to separate the public and private functions. - * with the private ones all being in IPCachInternal and public in IPCache= API - * - \section InternalOperation Internal Operation - -=3D=3D=3D modified file 'src/ssl/ssl_crtd.8' ---- src/ssl/ssl_crtd.8 2017-01-01 00:16:45 +0000 -+++ src/ssl/ssl_crtd.8 2017-03-31 23:47:47 +0000 -@@ -33,7 +33,7 @@ - Because the generation and signing of SSL certificates takes time - Squid must use external process to handle the work. - . --This process generates new SSL certificates and uses a disk cache of certif= icatess -+This process generates new SSL certificates and uses a disk cache of certif= icates - to improve response times on repeated requests. - Communication occurs via TCP sockets bound to the loopback interface. - . -@@ -122,7 +122,7 @@ - . - .PP - For simple configuration the helper defaults can be used. --Only HTTP listening port options are required to enable generation and set = the signign CA certificate. -+Only HTTP listening port options are required to enable generation and set = the signing CA certificate. - For Example: - .if !'po4a'hide' .RS - .if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=3Don= dynamic_cert_mem_cache_size=3D4MB cert=3D/usr/local/squid/ssl_cert/www.sampl= e.com.pem - --=20 2.11.0 --===============0164293849953681092==--