[PATCH] squid: Update to 3.5.26

[PATCH] squid: Update to 3.5.26

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 45638 bytes --]

Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
---
 lfs/squid                                          |  19 +--
 ...=> squid-3.5.26-fix-max-file-descriptors.patch} |   0
 src/patches/squid/squid-3.5-14155.patch            |  46 ------
 src/patches/squid/squid-3.5-14156.patch            |  44 -----
 src/patches/squid/squid-3.5-14157.patch            |  34 ----
 src/patches/squid/squid-3.5-14158.patch            |  46 ------
 src/patches/squid/squid-3.5-14159.patch            |  35 ----
 src/patches/squid/squid-3.5-14160.patch            |  39 -----
 src/patches/squid/squid-3.5-14161.patch            |  52 ------
 src/patches/squid/squid-3.5-14162.patch            | 133 ---------------
 src/patches/squid/squid-3.5-14163.patch            | 103 ------------
 src/patches/squid/squid-3.5-14164.patch            | 103 ------------
 src/patches/squid/squid-3.5-14165.patch            |  51 ------
 src/patches/squid/squid-3.5-14166.patch            |  47 ------
 src/patches/squid/squid-3.5-14167.patch            | 181 ---------------------
 15 files changed, 3 insertions(+), 930 deletions(-)
 rename src/patches/{squid-3.5.25-fix-max-file-descriptors.patch => squid-3.5.26-fix-max-file-descriptors.patch} (100%)
 delete mode 100644 src/patches/squid/squid-3.5-14155.patch
 delete mode 100644 src/patches/squid/squid-3.5-14156.patch
 delete mode 100644 src/patches/squid/squid-3.5-14157.patch
 delete mode 100644 src/patches/squid/squid-3.5-14158.patch
 delete mode 100644 src/patches/squid/squid-3.5-14159.patch
 delete mode 100644 src/patches/squid/squid-3.5-14160.patch
 delete mode 100644 src/patches/squid/squid-3.5-14161.patch
 delete mode 100644 src/patches/squid/squid-3.5-14162.patch
 delete mode 100644 src/patches/squid/squid-3.5-14163.patch
 delete mode 100644 src/patches/squid/squid-3.5-14164.patch
 delete mode 100644 src/patches/squid/squid-3.5-14165.patch
 delete mode 100644 src/patches/squid/squid-3.5-14166.patch
 delete mode 100644 src/patches/squid/squid-3.5-14167.patch

diff --git a/lfs/squid b/lfs/squid
index 49db48a65..22659ed84 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.5.25
+VER        = 3.5.26
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 6b7dd7b42b1adacf08f3155640ea2782
+$(DL_FILE)_MD5 = 510e2c84773879c00d0e7ced997864d9
 
 install : $(TARGET)
 
@@ -70,20 +70,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14155.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14156.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14157.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14158.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14159.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14160.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14161.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14162.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14163.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14164.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14165.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14166.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14167.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.25-fix-max-file-descriptors.patch
+	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.26-fix-max-file-descriptors.patch
 
 	cd $(DIR_APP) && autoreconf -vfi
 	cd $(DIR_APP)/libltdl && autoreconf -vfi
diff --git a/src/patches/squid-3.5.25-fix-max-file-descriptors.patch b/src/patches/squid-3.5.26-fix-max-file-descriptors.patch
similarity index 100%
rename from src/patches/squid-3.5.25-fix-max-file-descriptors.patch
rename to src/patches/squid-3.5.26-fix-max-file-descriptors.patch
diff --git a/src/patches/squid/squid-3.5-14155.patch b/src/patches/squid/squid-3.5-14155.patch
deleted file mode 100644
index d110289f7..000000000
--- a/src/patches/squid/squid-3.5-14155.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-------------------------------------------------------------
-revno: 14155
-revision-id: squid3(a)treenet.co.nz-20170504061416-ks61dfut8wyml2qu
-parent: squid3(a)treenet.co.nz-20170402121452-ox6d8ttzlmbov3xm
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4682
-author: Christos Tsantilas <chtsanti(a)users.sourceforge.net>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Thu 2017-05-04 18:14:16 +1200
-message:
-  Bug 4682: Fix ssl_bump "bump" action documentation
-  
-  Fixes squid documentation to correctly describe the squid behavior  when the
-  "bump" action is selected on step SslBump1. In this case squid selects
-  the client-first bumping mode.
-  
-  This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170504061416-ks61dfut8wyml2qu
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: f3b4861a085e069948da25398782237609037c5f
-# timestamp: 2017-05-04 06:16:54 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170402121452-\
-#   ox6d8ttzlmbov3xm
-# 
-# Begin patch
-=== modified file 'src/cf.data.pre'
---- src/cf.data.pre	2017-03-31 23:38:31 +0000
-+++ src/cf.data.pre	2017-05-04 06:14:16 +0000
-@@ -2669,8 +2669,11 @@
- 		This is the default action.
- 
- 	    bump
--		Establish a secure connection with the server and, using a
--		mimicked server certificate, with the client.
-+		When used on step SslBump1, establishes a secure connection
-+		with the client first, then connect to the server.
-+		When used on step SslBump2 or SslBump3, establishes a secure
-+		connection with the server and, using a mimicked server
-+		certificate, with the client.
- 
- 	    peek
- 		Receive client (step SslBump1) or server (step SslBump2)
-
diff --git a/src/patches/squid/squid-3.5-14156.patch b/src/patches/squid/squid-3.5-14156.patch
deleted file mode 100644
index 59e58a5d7..000000000
--- a/src/patches/squid/squid-3.5-14156.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-------------------------------------------------------------
-revno: 14156
-revision-id: squid3(a)treenet.co.nz-20170508110920-73gma737u4x6ce87
-parent: squid3(a)treenet.co.nz-20170504061416-ks61dfut8wyml2qu
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4695
-author: Lubos Uhliarik <luhliari(a)redhat.com>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-08 23:09:20 +1200
-message:
-  Bug 4695: squidpurge: GCC 7 build errors
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170508110920-73gma737u4x6ce87
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: a0f0c573b5be3d81cf0f8e65ae52bf27bd08dba5
-# timestamp: 2017-05-08 11:51:08 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170504061416-\
-#   ks61dfut8wyml2qu
-# 
-# Begin patch
-=== modified file 'tools/purge/purge.cc'
---- tools/purge/purge.cc	2017-01-01 00:16:45 +0000
-+++ tools/purge/purge.cc	2017-05-08 11:09:20 +0000
-@@ -272,7 +272,7 @@
-         snprintf( md5, sizeof(md5), "%-32s", "(no_md5_data_available)" );
-     }
- 
--    char timeb[64];
-+    char timeb[256];
-     if ( meta && (findings = meta->search( STORE_META_STD )) ) {
-         StoreMetaStd temp;
-         // make data aligned, avoid SIGBUS on RISC machines (ARGH!)
-@@ -283,7 +283,7 @@
-     } else if ( meta && (findings = meta->search( STORE_META_STD_LFS )) ) {
-         StoreMetaStdLFS temp;
-         // make data aligned, avoid SIGBUS on RISC machines (ARGH!)
--        memcpy( &temp, findings->data, sizeof(StoreMetaStd) );
-+        memcpy( &temp, findings->data, sizeof(StoreMetaStdLFS) );
-         snprintf( timeb, sizeof(timeb), "%08lx %08lx %08lx %08lx %04x %5hu ",
-                   (unsigned long)temp.timestamp, (unsigned long)temp.lastref,
-                   (unsigned long)temp.expires, (unsigned long)temp.lastmod, temp.flags, temp.refcount );
-
diff --git a/src/patches/squid/squid-3.5-14157.patch b/src/patches/squid/squid-3.5-14157.patch
deleted file mode 100644
index 39d298c7d..000000000
--- a/src/patches/squid/squid-3.5-14157.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-------------------------------------------------------------
-revno: 14157
-revision-id: squid3(a)treenet.co.nz-20170529042116-kp9naxxmdsqicpjv
-parent: squid3(a)treenet.co.nz-20170508110920-73gma737u4x6ce87
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4589
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 16:21:16 +1200
-message:
-  Bug 4589: ssl_crtd: returning zero on failure
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529042116-kp9naxxmdsqicpjv
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ad29dd184416dc47dee80234c541185cca166bb3
-# timestamp: 2017-05-29 04:39:57 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170508110920-\
-#   73gma737u4x6ce87
-# 
-# Begin patch
-=== modified file 'src/ssl/ssl_crtd.cc'
---- src/ssl/ssl_crtd.cc	2017-01-01 00:16:45 +0000
-+++ src/ssl/ssl_crtd.cc	2017-05-29 04:21:16 +0000
-@@ -350,7 +350,7 @@
-         }
-     } catch (std::runtime_error & error) {
-         std::cerr << argv[0] << ": " << error.what() << std::endl;
--        return 0;
-+        return -1;
-     }
-     return 0;
- }
-
diff --git a/src/patches/squid/squid-3.5-14158.patch b/src/patches/squid/squid-3.5-14158.patch
deleted file mode 100644
index f0ed0f0d6..000000000
--- a/src/patches/squid/squid-3.5-14158.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-------------------------------------------------------------
-revno: 14158
-revision-id: squid3(a)treenet.co.nz-20170529043611-1hyb93ivtu5wrdwg
-parent: squid3(a)treenet.co.nz-20170529042116-kp9naxxmdsqicpjv
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3102
-author: Martin von Gagern <martin.vgagern(a)gmx.net>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 16:36:11 +1200
-message:
-  Bug 3102: FTP directory listing drops fist character of file names
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529043611-1hyb93ivtu5wrdwg
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 60a5f01fc9c9967c55c651c31546cb1067325705
-# timestamp: 2017-05-29 04:39:59 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529042116-\
-#   kp9naxxmdsqicpjv
-# 
-# Begin patch
-=== modified file 'src/clients/FtpGateway.cc'
---- src/clients/FtpGateway.cc	2017-02-26 08:50:09 +0000
-+++ src/clients/FtpGateway.cc	2017-05-29 04:36:11 +0000
-@@ -626,10 +626,17 @@
-                 while (strchr(w_space, *copyFrom))
-                     ++copyFrom;
-             } else {
--                /* XXX assumes a single space between date and filename
-+                /* Handle the following four formats:
-+                 * "MMM DD  YYYY Name"
-+                 * "MMM DD  YYYYName"
-+                 * "MMM DD YYYY  Name"
-+                 * "MMM DD YYYY Name"
-+                 * Assuming a single space between date and filename
-                  * suggested by:  Nathan.Bailey(a)cc.monash.edu.au and
-                  * Mike Battersby <mike(a)starbug.bofh.asn.au> */
--                copyFrom += strlen(tbuf) + 1;
-+                copyFrom += strlen(tbuf);
-+                if (strchr(w_space, *copyFrom))
-+                    ++copyFrom;
-             }
- 
-             p->name = xstrdup(copyFrom);
-
diff --git a/src/patches/squid/squid-3.5-14159.patch b/src/patches/squid/squid-3.5-14159.patch
deleted file mode 100644
index a50f470c7..000000000
--- a/src/patches/squid/squid-3.5-14159.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-------------------------------------------------------------
-revno: 14159
-revision-id: squid3(a)treenet.co.nz-20170529043741-9chwfs5onxuip52x
-parent: squid3(a)treenet.co.nz-20170529043611-1hyb93ivtu5wrdwg
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=3772
-author: Rainer Tammer <rainer.tammer(a)schulergroup.com>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 16:37:41 +1200
-message:
-  Bug 3772: message from FTP server gets mangled
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529043741-9chwfs5onxuip52x
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 800db5dab62d996440fd6fccd35e9f1f34f2f0e1
-# timestamp: 2017-05-29 04:40:02 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529043611-\
-#   1hyb93ivtu5wrdwg
-# 
-# Begin patch
-=== modified file 'src/clients/FtpGateway.cc'
---- src/clients/FtpGateway.cc	2017-05-29 04:36:11 +0000
-+++ src/clients/FtpGateway.cc	2017-05-29 04:37:41 +0000
-@@ -1541,7 +1541,7 @@
-         /* Reset cwd_message to only include the last message */
-         ftpState->cwd_message.reset("");
-         for (wordlist *w = ftpState->ctrl.message; w; w = w->next) {
--            ftpState->cwd_message.append(' ');
-+            ftpState->cwd_message.append('\n');
-             ftpState->cwd_message.append(w->key);
-         }
-         ftpState->ctrl.message = NULL;
-
diff --git a/src/patches/squid/squid-3.5-14160.patch b/src/patches/squid/squid-3.5-14160.patch
deleted file mode 100644
index 9f5122c5a..000000000
--- a/src/patches/squid/squid-3.5-14160.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-------------------------------------------------------------
-revno: 14160
-revision-id: squid3(a)treenet.co.nz-20170529043852-zkf91gxhaqdj0rkn
-parent: squid3(a)treenet.co.nz-20170529043741-9chwfs5onxuip52x
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 16:38:52 +1200
-message:
-  Add OpenSSL library details to -v output
-  
-  This is partially to meet the OpenSSL copyright requirement that binaries
-  mention when they are using the library, and partially for admin to see
-  which library their Squid is using when multiple are present in the system.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529043852-zkf91gxhaqdj0rkn
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: c401fe3de5518102ac6a3a4dc7b121ac415c05d4
-# timestamp: 2017-05-29 04:40:04 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529043741-\
-#   9chwfs5onxuip52x
-# 
-# Begin patch
-=== modified file 'src/main.cc'
---- src/main.cc	2017-02-26 08:52:45 +0000
-+++ src/main.cc	2017-05-29 04:38:52 +0000
-@@ -563,6 +563,10 @@
-             printf("Service Name: " SQUIDSBUFPH "\n", SQUIDSBUFPRINT(service_name));
-             if (strlen(SQUID_BUILD_INFO))
-                 printf("%s\n",SQUID_BUILD_INFO);
-+#if USE_OPENSSL
-+            printf("\nThis binary uses %s. ", SSLeay_version(SSLEAY_VERSION));
-+            printf("For legal restrictions on distribution see https://www.openssl.org/source/license.html\n\n");
-+#endif
-             printf( "configure options: %s\n", SQUID_CONFIGURE_OPTIONS);
- 
- #if USE_WIN32_SERVICE
-
diff --git a/src/patches/squid/squid-3.5-14161.patch b/src/patches/squid/squid-3.5-14161.patch
deleted file mode 100644
index d3aaa2d35..000000000
--- a/src/patches/squid/squid-3.5-14161.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-------------------------------------------------------------
-revno: 14161
-revision-id: squid3(a)treenet.co.nz-20170529053359-xtbuev2zwmdfj9mp
-parent: squid3(a)treenet.co.nz-20170529043852-zkf91gxhaqdj0rkn
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4682
-author: Christos Tsantilas <chtsanti(a)users.sourceforge.net>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 17:33:59 +1200
-message:
-  Bug 4653: %st lies about tunneled traffic volumes
-  
-  Squid-5 and squid-4 does not count the "HTTP/1.1 200 Connection Established"
-  header size for %<st formatting code.
-  
-  This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529053359-xtbuev2zwmdfj9mp
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: c340785d0d5042ae0f783d606f0998d605290ac4
-# timestamp: 2017-05-29 05:51:04 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529043852-\
-#   zkf91gxhaqdj0rkn
-# 
-# Begin patch
-=== modified file 'src/tunnel.cc'
---- src/tunnel.cc	2017-01-01 00:16:45 +0000
-+++ src/tunnel.cc	2017-05-29 05:33:59 +0000
-@@ -836,7 +836,7 @@
-  * Call the tunnelStartShoveling to start the blind pump.
-  */
- static void
--tunnelConnectedWriteDone(const Comm::ConnectionPointer &conn, char *buf, size_t size, Comm::Flag flag, int xerrno, void *data)
-+tunnelConnectedWriteDone(const Comm::ConnectionPointer &conn, char *, size_t len, Comm::Flag flag, int, void *data)
- {
-     TunnelStateData *tunnelState = (TunnelStateData *)data;
-     debugs(26, 3, HERE << conn << ", flag=" << flag);
-@@ -848,6 +848,11 @@
-         return;
-     }
- 
-+    if (ClientHttpRequest *http = tunnelState->http.get()) {
-+        http->out.headers_sz += len;
-+        http->out.size += len;
-+    }
-+
-     tunnelStartShoveling(tunnelState);
- }
- 
-
diff --git a/src/patches/squid/squid-3.5-14162.patch b/src/patches/squid/squid-3.5-14162.patch
deleted file mode 100644
index 140aea732..000000000
--- a/src/patches/squid/squid-3.5-14162.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-------------------------------------------------------------
-revno: 14162
-revision-id: squid3(a)treenet.co.nz-20170529055234-790hfbazjwy0fmk4
-parent: squid3(a)treenet.co.nz-20170529053359-xtbuev2zwmdfj9mp
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4711
-author: Christos Tsantilas <chtsanti(a)users.sourceforge.net>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 17:52:34 +1200
-message:
-  Bug 4711: SubjectAlternativeNames is missing in some generated certificates
-  
-  Squid may generate certificates which have a Common Name, but do not have
-  a subjectAltName extension. For example when squid generated certificates
-  do not mimic an origin certificate or when the certificate adaptation
-  algorithm sslproxy_cert_adapt/setCommonName is used.
-  
-  This is causes problems to some browsers, which validates a certificate using
-  the SubjectAlternativeNames but ignore the CommonName field.
-  
-  This patch fixes squid to always add a SubjectAlternativeNames extension in
-  generated certificates which do not mimic an origin certificate.
-  
-  Squid still will not add a subjectAltName extension when mimicking an origin
-  server certificate, even if that origin server certificate does not include
-  the subjectAltName extension. Such origin server may have problems when
-  talking directly to browsers, and patched Squid is not trying to fix those
-  problems.
-  
-  This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529055234-790hfbazjwy0fmk4
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: e3162152cf590c8126eb3d189ea1ab90ba9a5c37
-# timestamp: 2017-05-29 05:54:13 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529053359-\
-#   xtbuev2zwmdfj9mp
-# 
-# Begin patch
-=== modified file 'src/ssl/gadgets.cc'
---- src/ssl/gadgets.cc	2017-01-01 00:16:45 +0000
-+++ src/ssl/gadgets.cc	2017-05-29 05:52:34 +0000
-@@ -339,7 +339,40 @@
-     return added;
- }
- 
--static bool buildCertificate(Ssl::X509_Pointer & cert, Ssl::CertificateProperties const &properties)
-+/// Adds a new subjectAltName extension contining Subject CN or returns false
-+/// expects the caller to check for the existing subjectAltName extension
-+static bool
-+addAltNameWithSubjectCn(Ssl::X509_Pointer &cert)
-+{
-+    X509_NAME *name = X509_get_subject_name(cert.get());
-+    if (!name)
-+        return false;
-+
-+    const int loc = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
-+    if (loc < 0)
-+        return false;
-+
-+    ASN1_STRING *cn_data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, loc));
-+    if (!cn_data)
-+        return false;
-+
-+    char dnsName[1024]; // DNS names are limited to 256 characters
-+    const int res = snprintf(dnsName, sizeof(dnsName), "DNS:%*s", cn_data->length, cn_data->data);
-+    if (res <= 0 || res >= static_cast<int>(sizeof(dnsName)))
-+        return false;
-+
-+    X509_EXTENSION *ext = X509V3_EXT_conf_nid(NULL, NULL, NID_subject_alt_name, dnsName);
-+    if (!ext)
-+        return false;
-+
-+    const bool result = X509_add_ext(cert.get(), ext, -1);
-+
-+    X509_EXTENSION_free(ext);
-+    return result;
-+}
-+
-+static bool
-+buildCertificate(Ssl::X509_Pointer & cert, Ssl::CertificateProperties const &properties)
- {
-     // not an Ssl::X509_NAME_Pointer because X509_REQ_get_subject_name()
-     // returns a pointer to the existing subject name. Nothing to clean here.
-@@ -387,6 +420,8 @@
-     } else if (!X509_gmtime_adj(X509_get_notAfter(cert.get()), 60*60*24*356*3))
-         return false;
- 
-+    int addedExtensions = 0;
-+    bool useCommonNameAsAltName = true;
-     // mimic the alias and possibly subjectAltName
-     if (properties.mimicCert.get()) {
-         unsigned char *alStr;
-@@ -396,26 +431,29 @@
-             X509_alias_set1(cert.get(), alStr, alLen);
-         }
- 
--        int addedExtensions = 0;
--
-         // Mimic subjectAltName unless we used a configured CN: browsers reject
-         // certificates with CN unrelated to subjectAltNames.
-         if (!properties.setCommonName) {
--            int pos=X509_get_ext_by_NID (properties.mimicCert.get(), OBJ_sn2nid("subjectAltName"), -1);
-+            int pos = X509_get_ext_by_NID(properties.mimicCert.get(), NID_subject_alt_name, -1);
-             X509_EXTENSION *ext=X509_get_ext(properties.mimicCert.get(), pos);
-             if (ext) {
-                 if (X509_add_ext(cert.get(), ext, -1))
-                     ++addedExtensions;
-             }
-+            // We want to mimic the server-sent subjectAltName, not enhance it.
-+            useCommonNameAsAltName = false;
-         }
- 
-         addedExtensions += mimicExtensions(cert, properties.mimicCert);
--
--        // According to RFC 5280, using extensions requires v3 certificate.
--        if (addedExtensions)
--            X509_set_version(cert.get(), 2); // value 2 means v3
-     }
- 
-+    if (useCommonNameAsAltName && addAltNameWithSubjectCn(cert))
-+        ++addedExtensions;
-+
-+    // According to RFC 5280, using extensions requires v3 certificate.
-+    if (addedExtensions)
-+        X509_set_version(cert.get(), 2); // value 2 means v3
-+
-     return true;
- }
- 
-
diff --git a/src/patches/squid/squid-3.5-14163.patch b/src/patches/squid/squid-3.5-14163.patch
deleted file mode 100644
index d4e27b7eb..000000000
--- a/src/patches/squid/squid-3.5-14163.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-------------------------------------------------------------
-revno: 14163
-revision-id: squid3(a)treenet.co.nz-20170529062945-gf7u7dukaumjof74
-parent: squid3(a)treenet.co.nz-20170529055234-790hfbazjwy0fmk4
-author: Ingo Schwarze, Francesco Chemolli <kinkie(a)squid-cache.org>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 18:29:45 +1200
-message:
-  Docs: Improve formatting of several manual pages
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529062945-gf7u7dukaumjof74
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: b417bbc7ffb2351fb670e7baa721b9d9b8315024
-# timestamp: 2017-05-29 06:33:51 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529055234-\
-#   790hfbazjwy0fmk4
-# 
-# Begin patch
-=== modified file 'helpers/basic_auth/LDAP/basic_ldap_auth.8'
---- helpers/basic_auth/LDAP/basic_ldap_auth.8	2017-03-31 23:47:47 +0000
-+++ helpers/basic_auth/LDAP/basic_ldap_auth.8	2017-05-29 06:29:45 +0000
-@@ -5,9 +5,9 @@
- .
- .SH SYNOPSIS
- .if !'po4a'hide' .B basic_ldap_auth
--.if !'po4a'hide' .B \-b\ \"
-+.if !'po4a'hide' .B \-b\ \(dq
- base DN
--.if !'po4a'hide' .B \"\ [\-u
-+.if !'po4a'hide' .B \(dq\ [\-u
- attribute
- .if !'po4a'hide' .B ]\ [
- options
-@@ -20,11 +20,11 @@
- .if !'po4a'hide' .B ]...
- .br
- .if !'po4a'hide' .B basic_ldap_auth
--.if !'po4a'hide' .B \-b\ \"
-+.if !'po4a'hide' .B \-b\ \(dq
- base DN
--.if !'po4a'hide' .B \"\ \-f\ \"
-+.if !'po4a'hide' .B \(dq\ \-f\ \(dq
- LDAP search filter
--.if !'po4a'hide' .B \"\ [
-+.if !'po4a'hide' .B \(dq\ [
- options
- .if !'po4a'hide' .B ]\ [
- LDAP server name
-@@ -74,7 +74,7 @@
- The search filter can contain up to 15 occurrences of
- .B %s
- which will be replaced by the username, as in
--.B "\"uid\=%s\""
-+.B "\(dquid\=%s\(dq"
- for RFC2037 directories. For a detailed description of LDAP search
- filter syntax see RFC2254.
- .br
-
-=== modified file 'helpers/basic_auth/RADIUS/basic_radius_auth.8'
---- helpers/basic_auth/RADIUS/basic_radius_auth.8	2017-01-01 00:16:45 +0000
-+++ helpers/basic_auth/RADIUS/basic_radius_auth.8	2017-05-29 06:29:45 +0000
-@@ -9,9 +9,9 @@
- config file
- .br
- .if !'po4a'hide' .B basic_radius_auth
--.if !'po4a'hide' .B "\-h \""
-+.if !'po4a'hide' .B "\-h \(dq"
- server name
--.if !'po4a'hide' .B "\" [\-p "
-+.if !'po4a'hide' .B "\(dq [\-p "
- port
- .if !'po4a'hide' .B "] [\-i "
- identifier
-
-=== modified file 'helpers/external_acl/file_userip/ext_file_userip_acl.8'
---- helpers/external_acl/file_userip/ext_file_userip_acl.8	2017-01-01 00:16:45 +0000
-+++ helpers/external_acl/file_userip/ext_file_userip_acl.8	2017-05-29 06:29:45 +0000
-@@ -68,7 +68,7 @@
- .B ALL 
- and 
- .B NONE 
--, which mean \"any user on this IP address may authenticate\" or \"no user on this IP address may authenticate\".
-+, which mean \(dqany user on this IP address may authenticate\(dq or \(dqno user on this IP address may authenticate\(dq.
- .
- .SH AUTHOR
- This program was written by
-
-=== modified file 'tools/squidclient/squidclient.1'
---- tools/squidclient/squidclient.1	2017-01-01 00:16:45 +0000
-+++ tools/squidclient/squidclient.1	2017-05-29 06:29:45 +0000
-@@ -86,7 +86,7 @@
- .if !'po4a'hide' .TP
- .if !'po4a'hide' .B "\-H 'string'"
- Extra headers to send. Use
--.B '\\n'
-+.B '\en'
- for new lines.
- .
- .if !'po4a'hide' .TP
-
diff --git a/src/patches/squid/squid-3.5-14164.patch b/src/patches/squid/squid-3.5-14164.patch
deleted file mode 100644
index 9e64909c3..000000000
--- a/src/patches/squid/squid-3.5-14164.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-------------------------------------------------------------
-revno: 14164
-revision-id: squid3(a)treenet.co.nz-20170529063645-qmu68scq9go0wbqr
-parent: squid3(a)treenet.co.nz-20170529062945-gf7u7dukaumjof74
-author: Alex Rousskov <rousskov(a)measurement-factory.com>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 18:36:45 +1200
-message:
-  Fix xstrndup() documentation, callers. Disclosed implementation bugs.
-  
-  xstrndup() does not work like strndup(3), and some callers got confused:
-  
-  1. When n is the str length or less, standard strndup(str,n) copies all
-     n bytes but our xstrndup(str,n) drops the last one. Thus, all callers
-     must add one to the desired result length when calling xstrndup().
-     Most already do, but it is often hard to see due to low code quality
-     (e.g., one must remember that MAX_URL is not the maximum URL length).
-  
-  2. xstrndup() also assumes that the source string is 0-terminated. This
-     dangerous assumption does not contradict many official strndup(3)
-     descriptions, but that lack of contradiction is actually a recently
-     fixed POSIX documentation bug (i.e., correct implementations must not
-     assume 0-termination): http://austingroupbugs.net/view.php?id=1019
-  
-  The OutOfBoundsException bug led to truncated exception messages.
-  
-  The ESI bug led to truncated 'literal strings', but I do not know what
-  that means in terms of user impact. That ESI fix is untested.
-  
-  cachemgr.cc bug was masked by the fact that the buffer ends with \n
-  that is unused and stripped by the custom xstrtok() implementation.
-  
-  TODO. Fix xstrndup() implementation (and rename the function so that
-  fixed callers do not misbehave if carelessly ported to older Squids).
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529063645-qmu68scq9go0wbqr
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 7321050a4405a155a8fe02f7125e446b9516dd51
-# timestamp: 2017-05-29 06:51:18 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529062945-\
-#   gf7u7dukaumjof74
-# 
-# Begin patch
-=== modified file 'compat/xstring.h'
---- compat/xstring.h	2017-01-01 00:16:45 +0000
-+++ compat/xstring.h	2017-05-29 06:36:45 +0000
-@@ -41,7 +41,10 @@
- char *xstrncpy(char *dst, const char *src, size_t n);
- 
- /**
-- * xstrndup() - same as strndup(3).  Used for portability.
-+ * xstrndup() - Somewhat similar(XXX) to strndup(3): Allocates up to n bytes,
-+ * while strndup(3) copies up to n bytes and allocates up to n+1 bytes
-+ * to fit the terminating character. Assumes s is 0-terminated (another XXX).
-+ *
-  * Never returns NULL; fatal on error.
-  *
-  * Sets errno to EINVAL if a NULL pointer or negative
-
-=== modified file 'src/SBufExceptions.cc'
---- src/SBufExceptions.cc	2017-01-01 00:16:45 +0000
-+++ src/SBufExceptions.cc	2017-05-29 06:36:45 +0000
-@@ -25,9 +25,7 @@
-         explanatoryText.appendf(" in file %s", aFileName);
-     explanatoryText.appendf(" while accessing position %d in a SBuf long %d",
-                             pos, throwingBuf.length());
--    // we can safely alias c_str as both are local to the object
--    //  and will not further manipulated.
--    message = xstrndup(explanatoryText.c_str(),explanatoryText.length());
-+    message = xstrdup(explanatoryText.c_str());
- }
- 
- OutOfBoundsException::~OutOfBoundsException() throw()
-
-=== modified file 'src/esi/Expression.cc'
---- src/esi/Expression.cc	2017-01-01 00:16:45 +0000
-+++ src/esi/Expression.cc	2017-05-29 06:36:45 +0000
-@@ -743,7 +743,7 @@
-             /* Special case for zero length strings */
- 
-             if (t - s - 1)
--                rv.value.string = xstrndup(s + 1, t - s - 1);
-+                rv.value.string = xstrndup(s + 1, t - (s + 1) + 1);
-             else
-                 rv.value.string = static_cast<char *>(xcalloc(1,1));
- 
-
-=== modified file 'tools/cachemgr.cc'
---- tools/cachemgr.cc	2017-01-01 00:16:45 +0000
-+++ tools/cachemgr.cc	2017-05-29 06:36:45 +0000
-@@ -440,7 +440,7 @@
-         return;
-     }
- 
--    buf_copy = x = xstrndup(buf, bufLen);
-+    buf_copy = x = xstrndup(buf, bufLen+1);
- 
-     a = xstrtok(&x, '\t');
- 
-
diff --git a/src/patches/squid/squid-3.5-14165.patch b/src/patches/squid/squid-3.5-14165.patch
deleted file mode 100644
index 317cd8dd3..000000000
--- a/src/patches/squid/squid-3.5-14165.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-------------------------------------------------------------
-revno: 14165
-revision-id: squid3(a)treenet.co.nz-20170529071037-o91o8xvaqata5y2b
-parent: squid3(a)treenet.co.nz-20170529063645-qmu68scq9go0wbqr
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4682
-author: Christos Tsantilas <chtsanti(a)users.sourceforge.net>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-05-29 19:10:37 +1200
-message:
-  Bug 4682: ignoring http_access deny when client-first bumping mode is used
-  
-  Squid fails to identify HTTP requests which are tunneled inside an already
-  established client-first bumped tunnel, and this is results in ignoring
-  http_access denied for these requests.
-  
-  This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529071037-o91o8xvaqata5y2b
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: f77b81826612d7248fb774ef1ea00747cd04d479
-# timestamp: 2017-05-29 07:51:03 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529063645-\
-#   qmu68scq9go0wbqr
-# 
-# Begin patch
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc	2017-03-30 13:31:22 +0000
-+++ src/client_side_request.cc	2017-05-29 07:10:37 +0000
-@@ -1424,7 +1424,17 @@
-     if (bumpMode != Ssl::bumpEnd) {
-         debugs(85, 5, HERE << "SslBump already decided (" << bumpMode <<
-                "), " << "ignoring ssl_bump for " << http->getConn());
--        if (!http->getConn()->serverBump())
-+
-+        // We need the following "if" for transparently bumped TLS connection,
-+        // because in this case we are running ssl_bump access list before
-+        // the doCallouts runs. It can be removed after the bug #4340 fixed.
-+        // We do not want to proceed to bumping steps:
-+        //  - if the TLS connection with the client is already established
-+        //    because we are accepting normal HTTP requests on TLS port,
-+        //    or because of the client-first bumping mode
-+        //  - When the bumping is already started
-+        if (!http->getConn()->switchedToHttps() &&
-+                !http->getConn()->serverBump())
-             http->sslBumpNeed(bumpMode); // for processRequest() to bump if needed and not already bumped
-         http->al->ssl.bumpMode = bumpMode; // inherited from bumped connection
-         return false;
-
diff --git a/src/patches/squid/squid-3.5-14166.patch b/src/patches/squid/squid-3.5-14166.patch
deleted file mode 100644
index 54aad51b1..000000000
--- a/src/patches/squid/squid-3.5-14166.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-------------------------------------------------------------
-revno: 14166
-revision-id: squid3(a)treenet.co.nz-20170529125748-qt7yhdloygl4xosg
-parent: squid3(a)treenet.co.nz-20170529071037-o91o8xvaqata5y2b
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Tue 2017-05-30 00:57:48 +1200
-message:
-  Revert r14161
-  
-  Wrong patch and commit message.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529125748-qt7yhdloygl4xosg
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ddecde537486c58df04564f3818b8ad9929dd186
-# timestamp: 2017-05-29 13:51:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529071037-\
-#   o91o8xvaqata5y2b
-# 
-# Begin patch
-=== modified file 'src/tunnel.cc'
---- src/tunnel.cc	2017-05-29 05:33:59 +0000
-+++ src/tunnel.cc	2017-05-29 12:57:48 +0000
-@@ -836,7 +836,7 @@
-  * Call the tunnelStartShoveling to start the blind pump.
-  */
- static void
--tunnelConnectedWriteDone(const Comm::ConnectionPointer &conn, char *, size_t len, Comm::Flag flag, int, void *data)
-+tunnelConnectedWriteDone(const Comm::ConnectionPointer &conn, char *buf, size_t size, Comm::Flag flag, int xerrno, void *data)
- {
-     TunnelStateData *tunnelState = (TunnelStateData *)data;
-     debugs(26, 3, HERE << conn << ", flag=" << flag);
-@@ -848,11 +848,6 @@
-         return;
-     }
- 
--    if (ClientHttpRequest *http = tunnelState->http.get()) {
--        http->out.headers_sz += len;
--        http->out.size += len;
--    }
--
-     tunnelStartShoveling(tunnelState);
- }
- 
-
diff --git a/src/patches/squid/squid-3.5-14167.patch b/src/patches/squid/squid-3.5-14167.patch
deleted file mode 100644
index 39c9fd51e..000000000
--- a/src/patches/squid/squid-3.5-14167.patch
+++ /dev/null
@@ -1,181 +0,0 @@
-------------------------------------------------------------
-revno: 14167
-revision-id: squid3(a)treenet.co.nz-20170529131555-kut221f3geb3aczf
-parent: squid3(a)treenet.co.nz-20170529125748-qt7yhdloygl4xosg
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4653
-author: Christos Tsantilas <chtsanti(a)users.sourceforge.net>
-committer: Amos Jeffries <squid3(a)treenet.co.nz>
-branch nick: 3.5
-timestamp: Tue 2017-05-30 01:15:55 +1200
-message:
-  Bug 4653: %st lies about tunneled traffic volumes
-  
-  Squid-3.5 counts only the "CONNECT ..." header size for %>st and does not
-  count the "HTTP/1.1 200" response header for the %<st.
-  
-  This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3(a)treenet.co.nz-20170529131555-kut221f3geb3aczf
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: dd5783b425c7c7125303a1bd1a5685bc28011754
-# timestamp: 2017-05-29 13:51:09 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3(a)treenet.co.nz-20170529125748-\
-#   qt7yhdloygl4xosg
-# 
-# Begin patch
-=== modified file 'src/client_side.cc'
---- src/client_side.cc	2017-03-31 00:51:52 +0000
-+++ src/client_side.cc	2017-05-29 13:15:55 +0000
-@@ -4391,7 +4391,7 @@
-             // in.buf still has the "CONNECT ..." request data, reset it to SSL hello message
-             connState->in.buf.append(rbuf.content(), rbuf.contentSize());
-             ClientHttpRequest *http = context->http;
--            tunnelStart(http, &http->out.size, &http->al->http.code, http->al);
-+            tunnelStart(http);
-         }
-     }
- }
-
-=== modified file 'src/client_side_reply.cc'
---- src/client_side_reply.cc	2017-01-01 00:16:45 +0000
-+++ src/client_side_reply.cc	2017-05-29 13:15:55 +0000
-@@ -1179,7 +1179,7 @@
-     if (curReply->content_length < 0)
-         return 0;
- 
--    int64_t expectedLength = curReply->content_length + http->out.headers_sz;
-+    uint64_t expectedLength = curReply->content_length + http->out.headers_sz;
- 
-     if (http->out.size < expectedLength)
-         return 0;
-
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc	2017-05-29 07:10:37 +0000
-+++ src/client_side_request.cc	2017-05-29 13:15:55 +0000
-@@ -1522,7 +1522,7 @@
-         }
- #endif
-         getConn()->stopReading(); // tunnels read for themselves
--        tunnelStart(this, &out.size, &al->http.code, al);
-+        tunnelStart(this);
-         return;
-     }
- 
-
-=== modified file 'src/client_side_request.h'
---- src/client_side_request.h	2017-01-23 02:05:46 +0000
-+++ src/client_side_request.h	2017-05-29 13:15:55 +0000
-@@ -73,7 +73,7 @@
- 
-     struct {
-         int64_t offset;
--        int64_t size;
-+        uint64_t size;
-         size_t headers_sz;
-     } out;
- 
-@@ -182,7 +182,7 @@
- void clientAccessCheck(ClientHttpRequest *);
- 
- /* ones that should be elsewhere */
--void tunnelStart(ClientHttpRequest *, int64_t *, int *, const AccessLogEntry::Pointer &al);
-+void tunnelStart(ClientHttpRequest *);
- 
- #if _USE_INLINE_
- #include "client_side_request.cci"
-
-=== modified file 'src/tests/stub_tunnel.cc'
---- src/tests/stub_tunnel.cc	2017-01-01 00:16:45 +0000
-+++ src/tests/stub_tunnel.cc	2017-05-29 13:15:55 +0000
-@@ -14,7 +14,7 @@
- #include "FwdState.h"
- class ClientHttpRequest;
- 
--void tunnelStart(ClientHttpRequest *, int64_t *, int *, const AccessLogEntryPointer &al) STUB
-+void tunnelStart(ClientHttpRequest *) STUB
- 
- void switchToTunnel(HttpRequest *request, Comm::ConnectionPointer &clientConn, Comm::ConnectionPointer &srvConn) STUB
- 
-
-=== modified file 'src/tunnel.cc'
---- src/tunnel.cc	2017-05-29 12:57:48 +0000
-+++ src/tunnel.cc	2017-05-29 13:15:55 +0000
-@@ -139,7 +139,7 @@
-         int len;
-         char *buf;
-         AsyncCall::Pointer writer; ///< pending Comm::Write callback
--        int64_t *size_ptr;      /* pointer to size in an ConnStateData for logging */
-+        uint64_t *size_ptr;      /* pointer to size in an ConnStateData for logging */
- 
-         Comm::ConnectionPointer conn;    ///< The currently connected connection.
-         uint8_t delayedLoops; ///< how many times a read on this connection has been postponed.
-@@ -848,6 +848,11 @@
-         return;
-     }
- 
-+    if (ClientHttpRequest *http = tunnelState->http.get()) {
-+        http->out.headers_sz += size;
-+        http->out.size += size;
-+    }
-+
-     tunnelStartShoveling(tunnelState);
- }
- 
-@@ -995,7 +1000,7 @@
- }
- 
- void
--tunnelStart(ClientHttpRequest * http, int64_t * size_ptr, int *status_ptr, const AccessLogEntryPointer &al)
-+tunnelStart(ClientHttpRequest * http)
- {
-     debugs(26, 3, HERE);
-     /* Create state structure. */
-@@ -1021,7 +1026,7 @@
-         if (ch.fastCheck() == ACCESS_DENIED) {
-             debugs(26, 4, HERE << "MISS access forbidden.");
-             err = new ErrorState(ERR_FORWARDING_DENIED, Http::scForbidden, request);
--            *status_ptr = Http::scForbidden;
-+            http->al->http.code = Http::scForbidden;
-             errorSend(http->getConn()->clientConnection, err);
-             return;
-         }
-@@ -1037,12 +1042,13 @@
- #endif
-     tunnelState->url = xstrdup(url);
-     tunnelState->request = request;
--    tunnelState->server.size_ptr = size_ptr;
--    tunnelState->status_ptr = status_ptr;
-+    tunnelState->server.size_ptr = &http->out.size;
-+    tunnelState->client.size_ptr = &http->al->http.clientRequestSz.payloadData;
-+    tunnelState->status_ptr = &http->al->http.code;
-     tunnelState->logTag_ptr = &http->logType;
-     tunnelState->client.conn = http->getConn()->clientConnection;
-     tunnelState->http = http;
--    tunnelState->al = al;
-+    tunnelState->al = http->al ;
-     tunnelState->started = squid_curtime;
- 
-     comm_add_close_handler(tunnelState->client.conn->fd,
-@@ -1053,7 +1059,7 @@
-                                      CommTimeoutCbPtrFun(tunnelTimeout, tunnelState));
-     commSetConnTimeout(tunnelState->client.conn, Config.Timeout.lifetime, timeoutCall);
- 
--    peerSelect(&(tunnelState->serverDestinations), request, al,
-+    peerSelect(&(tunnelState->serverDestinations), request, tunnelState->al,
-                NULL,
-                tunnelPeerSelectComplete,
-                tunnelState);
-@@ -1226,6 +1232,10 @@
-         if (context != NULL && context->http != NULL) {
-             tunnelState->logTag_ptr = &context->http->logType;
-             tunnelState->server.size_ptr = &context->http->out.size;
-+            if (context->http->al != NULL) {
-+                tunnelState->al = context->http->al;
-+                tunnelState->client.size_ptr = &context->http->al->http.clientRequestSz.payloadData;
-+            }
- 
- #if USE_DELAY_POOLS
-             /* no point using the delayIsNoDelay stuff since tunnel is nice and simple */
-
-- 
2.13.0