Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org --- lfs/squid | 5 + src/patches/squid/squid-3.5-14149.patch | 78 +++++++ src/patches/squid/squid-3.5-14150.patch | 32 +++ src/patches/squid/squid-3.5-14151.patch | 36 ++++ src/patches/squid/squid-3.5-14152.patch | 35 ++++ src/patches/squid/squid-3.5-14153.patch | 353 ++++++++++++++++++++++++++++++++ 6 files changed, 539 insertions(+) create mode 100644 src/patches/squid/squid-3.5-14149.patch create mode 100644 src/patches/squid/squid-3.5-14150.patch create mode 100644 src/patches/squid/squid-3.5-14151.patch create mode 100644 src/patches/squid/squid-3.5-14152.patch create mode 100644 src/patches/squid/squid-3.5-14153.patch
diff --git a/lfs/squid b/lfs/squid index 5f12b9b05..269902067 100644 --- a/lfs/squid +++ b/lfs/squid @@ -77,6 +77,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14146.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14147.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14148.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14149.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14150.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14151.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14152.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14153.patch cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.24-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi diff --git a/src/patches/squid/squid-3.5-14149.patch b/src/patches/squid/squid-3.5-14149.patch new file mode 100644 index 000000000..a9fa59754 --- /dev/null +++ b/src/patches/squid/squid-3.5-14149.patch @@ -0,0 +1,78 @@ +------------------------------------------------------------ +revno: 14149 +revision-id: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3 +parent: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4508 +author: Christos Tsantilas chtsanti@users.sourceforge.net +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Fri 2017-03-31 01:31:22 +1200 +message: + Bug 4508: Host forgery stalls intercepted being-spliced connections. + + Most SslBump splicing happens after getting SNI. SNI goes into the + second fake CONNECT request, where it may fail the host forgery check. + A failed check triggers an HTTP error response from Squid. When + attempting to send that response to the TLS client, Squid checks whether + all previously pipelined HTTP requests on the connection have finished. + + Prior to this fix, Squid left the first fake CONNECT request in the + connection pipeline despite adding the second fake CONNECT. That first + CONNECT stalled the error response described above, with Squid waiting, + in vain, for that already handled [fake] transaction to finish. + + Also call quitAfterError() to force Squid to close the connection (after + writing the discussed error response) instead of just logging a + [misleading] "kick abandoning [connection]" message in cache.log. + + TODO: Always pop the first CONNECT when generating a second one. + Unifying CONNECT treatment is difficult because code like tunnel.cc + wants that CONNECT to be in the pipeline. Polishing that would probably + require disassociating ConnStateData from tunnel.cc (at least). + + TODO: Apply the existing "delayed error" logic (that optionally bumps + TLS connections to deliver [some] errors to [some] SSL/TLS clients) to + host forgery errors. Otherwise, the plain HTTP error message cannot be + understood by the intercepted TLS client. + + This is a Measurement Factory project +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: db616fff2ac0df73cf41d380f07a96b773cf2be5 +# timestamp: 2017-03-30 13:51:17 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20170226110942-\ +# 90rcwhx3fwa2l7is +# +# Begin patch +=== modified file 'src/client_side.cc' +--- src/client_side.cc 2017-01-27 13:38:24 +0000 ++++ src/client_side.cc 2017-03-30 13:31:22 +0000 +@@ -4376,7 +4376,12 @@ + fd_table[connState->clientConnection->fd].read_method = &default_read_method; + fd_table[connState->clientConnection->fd].write_method = &default_write_method; + ++ ClientSocketContext::Pointer context = connState->getCurrentContext(); ++ Must(context != NULL); + if (connState->transparent()) { ++ // If we are going to fake the second CONNECT, clear the first one. ++ context->connIsFinished(); ++ + // fake a CONNECT request to force connState to tunnel + // XXX: copy from MemBuf reallocates, not a regression since old code did too + SBuf temp; + +=== modified file 'src/client_side_request.cc' +--- src/client_side_request.cc 2017-02-25 05:50:14 +0000 ++++ src/client_side_request.cc 2017-03-30 13:31:22 +0000 +@@ -561,6 +561,7 @@ + debugs(85, DBG_IMPORTANT, "SECURITY ALERT: on URL: " << urlCanonical(http->request)); + + // IP address validation for Host: failed. reject the connection. ++ http->getConn()->quitAfterError(http->request); + clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->prev->data; + clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw()); + assert (repContext); + diff --git a/src/patches/squid/squid-3.5-14150.patch b/src/patches/squid/squid-3.5-14150.patch new file mode 100644 index 000000000..dfe97a0ef --- /dev/null +++ b/src/patches/squid/squid-3.5-14150.patch @@ -0,0 +1,32 @@ +------------------------------------------------------------ +revno: 14150 +revision-id: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y +parent: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3 +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Fri 2017-03-31 12:51:52 +1200 +message: + Fix variable shadowing after rev.14149 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: ae1e30fff31cf8b411c62eba344fdc944692aecf +# timestamp: 2017-03-31 01:51:06 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20170330133122-\ +# zcpblbvnuq7mjvq3 +# +# Begin patch +=== modified file 'src/client_side.cc' +--- src/client_side.cc 2017-03-30 13:31:22 +0000 ++++ src/client_side.cc 2017-03-31 00:51:52 +0000 +@@ -4390,7 +4390,6 @@ + } else { + // in.buf still has the "CONNECT ..." request data, reset it to SSL hello message + connState->in.buf.append(rbuf.content(), rbuf.contentSize()); +- ClientSocketContext::Pointer context = connState->getCurrentContext(); + ClientHttpRequest *http = context->http; + tunnelStart(http, &http->out.size, &http->al->http.code, http->al); + } + diff --git a/src/patches/squid/squid-3.5-14151.patch b/src/patches/squid/squid-3.5-14151.patch new file mode 100644 index 000000000..d22387d53 --- /dev/null +++ b/src/patches/squid/squid-3.5-14151.patch @@ -0,0 +1,36 @@ +------------------------------------------------------------ +revno: 14151 +revision-id: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id +parent: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y +author: Garri Djavadyan garryd@comnet.uz +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Sat 2017-04-01 12:38:31 +1300 +message: + Docs: update refresh_pattern description regarding 'max' option +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: be64101730dcb2deb664d6594d20a7295a666b98 +# timestamp: 2017-03-31 23:40:50 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20170331005152-\ +# 8exm3hsly1v1jk8y +# +# Begin patch +=== modified file 'src/cf.data.pre' +--- src/cf.data.pre 2017-01-01 00:16:45 +0000 ++++ src/cf.data.pre 2017-03-31 23:38:31 +0000 +@@ -5401,7 +5401,9 @@ + will be considered fresh. + + 'Max' is an upper limit on how long objects without an explicit +- expiry time will be considered fresh. ++ expiry time will be considered fresh. The value is also used ++ to form Cache-Control: max-age header for a request sent from ++ Squid to origin/parent. + + options: override-expire + override-lastmod + diff --git a/src/patches/squid/squid-3.5-14152.patch b/src/patches/squid/squid-3.5-14152.patch new file mode 100644 index 000000000..81bd3a039 --- /dev/null +++ b/src/patches/squid/squid-3.5-14152.patch @@ -0,0 +1,35 @@ +------------------------------------------------------------ +revno: 14152 +revision-id: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl +parent: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Sat 2017-04-01 12:39:21 +1300 +message: + libtrie: Fix 'make check' when run before 'make all' +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 8399bbfe7b517fa6306bdc61d212a9a4fcc9e88b +# timestamp: 2017-03-31 23:40:52 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20170331233831-\ +# m3hfrigo82uhz4id +# +# Begin patch +=== modified file 'lib/libTrie/Makefile.am' +--- lib/libTrie/Makefile.am 2017-01-01 00:16:45 +0000 ++++ lib/libTrie/Makefile.am 2017-03-31 23:39:21 +0000 +@@ -8,8 +8,8 @@ + include $(top_srcdir)/src/Common.am + include $(top_srcdir)/src/TestHeaders.am + +-DIST_SUBDIRS = test +-SUBDIRS = test ++DIST_SUBDIRS = . test ++SUBDIRS = . test + + noinst_LIBRARIES = libTrie.a + + diff --git a/src/patches/squid/squid-3.5-14153.patch b/src/patches/squid/squid-3.5-14153.patch new file mode 100644 index 000000000..c236a6115 --- /dev/null +++ b/src/patches/squid/squid-3.5-14153.patch @@ -0,0 +1,353 @@ +------------------------------------------------------------ +revno: 14153 +revision-id: squid3@treenet.co.nz-20170331234747-59glu40hhx0kf8fx +parent: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4688 +author: Lubos Uhliarik luhliari@redhat.com +committer: Amos Jeffries squid3@treenet.co.nz +branch nick: 3.5 +timestamp: Sat 2017-04-01 12:47:47 +1300 +message: + Bug 4688: various typo error(s) in man page(s) +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20170331234747-59glu40hhx0kf8fx +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: a05d98a4e328e39f2a490cfeff72ad8735cc6b6e +# timestamp: 2017-03-31 23:48:51 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20170331233921-\ +# efxhs8vy025fvrnl +# +# Begin patch +=== modified file 'compat/compat.h' +--- compat/compat.h 2017-01-01 00:16:45 +0000 ++++ compat/compat.h 2017-03-31 23:47:47 +0000 +@@ -11,7 +11,7 @@ + + /* + * From discussions it was chosen to push compat code as far down as possible. +- * That means we can have a seperate compat for most ++ * That means we can have a separate compat for most + * compatability and portability hacks and resolutions. + * + * This file is meant to collate all those hacks files together and + +=== modified file 'helpers/basic_auth/DB/basic_db_auth.pl.in' +--- helpers/basic_auth/DB/basic_db_auth.pl.in 2017-01-01 00:16:45 +0000 ++++ helpers/basic_auth/DB/basic_db_auth.pl.in 2017-03-31 23:47:47 +0000 +@@ -14,7 +14,7 @@ + + basic_db_auth [options] + +-=head1 DESCRIPTOIN ++=head1 DESCRIPTION + + This program verifies username & password to a database + +@@ -97,7 +97,7 @@ + Copyright (C) 2007 Henrik Nordstrom henrik@henriknordstrom.net + Copyright (C) 2010 Luis Daniel Lucio Quiroz dlucio@okay.com.mx (Joomla support) + This program is free software. You may redistribute copies of it under the +-terms of the GNU General Public License version 2, or (at youropinion) any ++terms of the GNU General Public License version 2, or (at your opinion) any + later version. + + =head1 QUESTIONS + +=== modified file 'helpers/basic_auth/LDAP/basic_ldap_auth.8' +--- helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-01-01 00:16:45 +0000 ++++ helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-03-31 23:47:47 +0000 +@@ -98,7 +98,7 @@ + .B Note: + This can only be done if all your users are located directly under + the same position in the LDAP tree and the login name is used for naming +-each user object. If your LDAP tree does not match these criterias or if ++each user object. If your LDAP tree does not match these criteria or if + you want to filter who are valid users then you need to use a search filter + to search for your users DN ( + .B -f +@@ -186,15 +186,15 @@ + .B never + dereference aliases (default), + .B always +-dereference aliases, only while +-.B search ing ++dereference aliases, only during a ++.B search + or only to + .B find + the base object. + . + .if !'po4a'hide' .TP + .if !'po4a'hide' .B "-H ldap_uri +-Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries). ++Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries). + Servers can also be specified last on the command line. + . + .if !'po4a'hide' .TP + +=== modified file 'helpers/digest_auth/LDAP/digest_pw_auth.cc' +--- helpers/digest_auth/LDAP/digest_pw_auth.cc 2017-01-01 00:16:45 +0000 ++++ helpers/digest_auth/LDAP/digest_pw_auth.cc 2017-03-31 23:47:47 +0000 +@@ -30,7 +30,7 @@ + * the file format. However storing such a triple does little to + * improve security: If compromised the username:realm:HA1 combination + * is "plaintext equivalent" - for the purposes of digest authentication +- * they allow the user access. Password syncronisation is not tackled ++ * they allow the user access. Password synchronization is not tackled + * by digest - just preventing on the wire compromise. + * + * Copyright (c) 2003 Robert Collins robertc@squid-cache.org + +=== modified file 'helpers/digest_auth/eDirectory/digest_pw_auth.cc' +--- helpers/digest_auth/eDirectory/digest_pw_auth.cc 2017-01-01 00:16:45 +0000 ++++ helpers/digest_auth/eDirectory/digest_pw_auth.cc 2017-03-31 23:47:47 +0000 +@@ -30,7 +30,7 @@ + * the file format. However storing such a triple does little to + * improve security: If compromised the username:realm:HA1 combination + * is "plaintext equivalent" - for the purposes of digest authentication +- * they allow the user access. Password syncronisation is not tackled ++ * they allow the user access. Password synchronization is not tackled + * by digest - just preventing on the wire compromise. + * + * Copyright (c) 2003 Robert Collins robertc@squid-cache.org + +=== modified file 'helpers/digest_auth/file/digest_file_auth.8' +--- helpers/digest_auth/file/digest_file_auth.8 2017-01-01 00:16:45 +0000 ++++ helpers/digest_auth/file/digest_file_auth.8 2017-03-31 23:47:47 +0000 +@@ -15,7 +15,7 @@ + is an installed binary authentication program for Squid. It handles digest + authentication protocol and authenticates against a text file backend. + . +-This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately. ++This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately. + It may be used with any value 0 or above for the auth_param children concurrency= parameter. + . + .SH OPTIONS +@@ -54,7 +54,7 @@ + improve security: If compromised the + .B username:realm:HA1 + combination is "plaintext equivalent" - for the purposes of digest authentication +-they allow the user access. Password syncronisation is not tackled ++they allow the user access. Password synchronization is not tackled + by digest - just preventing on the wire compromise. + . + .SH AUTHOR + +=== modified file 'helpers/digest_auth/file/digest_file_auth.cc' +--- helpers/digest_auth/file/digest_file_auth.cc 2017-01-01 00:16:45 +0000 ++++ helpers/digest_auth/file/digest_file_auth.cc 2017-03-31 23:47:47 +0000 +@@ -33,7 +33,7 @@ + * the file format. However storing such a triple does little to + * improve security: If compromised the username:realm:HA1 combination + * is "plaintext equivalent" - for the purposes of digest authentication +- * they allow the user access. Password syncronisation is not tackled ++ * they allow the user access. Password synchronization is not tackled + * by digest - just preventing on the wire compromise. + * + * Copyright (c) 2003 Robert Collins robertc@squid-cache.org + +=== modified file 'helpers/digest_auth/file/text_backend.cc' +--- helpers/digest_auth/file/text_backend.cc 2017-01-01 00:16:45 +0000 ++++ helpers/digest_auth/file/text_backend.cc 2017-03-31 23:47:47 +0000 +@@ -29,7 +29,7 @@ + * the file format. However storing such a triple does little to + * improve security: If compromised the username:realm:HA1 combination + * is "plaintext equivalent" - for the purposes of digest authentication +- * they allow the user access. Password syncronisation is not tackled ++ * they allow the user access. Password synchronization is not tackled + * by digest - just preventing on the wire compromise. + * + * Copyright (c) 2003 Robert Collins robertc@squid-cache.org + +=== modified file 'helpers/external_acl/LDAP_group/ext_ldap_group_acl.8' +--- helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 2017-01-01 00:16:45 +0000 ++++ helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 2017-03-31 23:47:47 +0000 +@@ -52,8 +52,8 @@ + .BI never + dereference aliases (default), + .BI always +-dereference aliases, only while +-.BR search ing ++dereference aliases, only during a ++.BR search + or only to + .B find + the base object +@@ -143,7 +143,7 @@ + . + .if !'po4a'hide' .TP + .if !'po4a'hide' .BI -H " ldapuri" +-Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries) ++Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries) + . + .if !'po4a'hide' .TP + .if !'po4a'hide' .BI -K + +=== modified file 'helpers/external_acl/kerberos_ldap_group/README' +--- helpers/external_acl/kerberos_ldap_group/README 2010-08-13 10:17:20 +0000 ++++ helpers/external_acl/kerberos_ldap_group/README 2017-03-31 23:47:47 +0000 +@@ -65,7 +65,7 @@ + export KRB5_KTNAME + + If you use a different Kerberos domain than the machine itself is in you can point squid to +-the seperate Kerberos config file by setting the following environmnet variable in the startup ++the separate Kerberos config file by setting the following environment variable in the startup + script. + + KRB5_CONFIG=/etc/krb5-squid.conf + +=== modified file 'helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8' +--- helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2015-03-21 06:32:34 +0000 ++++ helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2017-03-31 23:47:47 +0000 +@@ -163,7 +163,7 @@ + .if !'po4a'hide' .ft + . + If you use a different Kerberos domain than the machine itself is in you can point squid to +-the seperate Kerberos config file by setting the following environmnet variable in the startup ++the separate Kerberos config file by setting the following environment variable in the startup + script. + .if !'po4a'hide' .P + .if !'po4a'hide' .ft CR + +=== modified file 'helpers/external_acl/session/ext_session_acl.8' +--- helpers/external_acl/session/ext_session_acl.8 2017-01-01 00:16:45 +0000 ++++ helpers/external_acl/session/ext_session_acl.8 2017-03-31 23:47:47 +0000 +@@ -21,7 +21,7 @@ + ) or a fixed period of time ( + .B -T + ). The former is suitable for displaying terms and conditions to a user; the +-latter is suitable for the display of advertisments or other notices (both as a ++latter is suitable for the display of advertisements or other notices (both as a + splash page - see config examples in the wiki online). The session helper can also be used + to force users to re-authenticate if the + .B %LOGIN +@@ -55,7 +55,7 @@ + environment is created within the directory. The advantage of the latter + is better database support between multiple instances of the session + helper. Using multiple instances of the session helper with a single +-database file will cause synchronisation problems between processes. ++database file will cause synchronization problems between processes. + If this option is not specified the session details will be kept in + memory only and all sessions will reset each time Squid restarts its + helpers (Squid restart or rotation of logs). + +=== modified file 'helpers/log_daemon/DB/log_db_daemon.pl.in' +--- helpers/log_daemon/DB/log_db_daemon.pl.in 2017-01-01 00:16:45 +0000 ++++ helpers/log_daemon/DB/log_db_daemon.pl.in 2017-03-31 23:47:47 +0000 +@@ -18,7 +18,7 @@ + + log_db_daemon DSN [options] + +-=head1 DESCRIPTOIN ++=head1 DESCRIPTION + + This program writes Squid access.log entries to a database. + Presently only accepts the B<squid> native format +@@ -373,7 +373,7 @@ + WHERE squid_request_status LIKE '%MISS%') + / + (SELECT COUNT(*) FROM access_log)*100 +- AS pecentage; ++ AS percentage; + + =item Response time ranges + +@@ -433,7 +433,7 @@ + + This script currently implements only the C<L> (i.e. "append a line to the log") command, therefore the log lines are never purged from the table. This approach has an obvious scalability problem. + +-One solution would be to implement e.g. the "rotate log" command in a way that would calculate some summary values, put them in a "summary table" and then delete the lines used to caluclate those values. ++One solution would be to implement e.g. the "rotate log" command in a way that would calculate some summary values, put them in a "summary table" and then delete the lines used to calculate those values. + + Similar cleanup code could be implemented in an external script and run periodically independently from squid log commands. + + +=== modified file 'helpers/negotiate_auth/kerberos/README' +--- helpers/negotiate_auth/kerberos/README 2008-10-03 02:25:50 +0000 ++++ helpers/negotiate_auth/kerberos/README 2017-03-31 23:47:47 +0000 +@@ -53,7 +53,7 @@ + export KRB5_KTNAME + + If you use a different Kerberos domain than the machine itself is in you can point squid to +-the seperate Kerberos config file by setting the following environmnet variable in the startup ++the separate Kerberos config file by setting the following environment variable in the startup + script. + + KRB5_CONFIG=/etc/krb-squid5.conf + +=== modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8' +--- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 2014-12-20 17:10:25 +0000 ++++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 2017-03-31 23:47:47 +0000 +@@ -69,7 +69,7 @@ + export KRB5_KTNAME + + If you use a different Kerberos domain than the machine itself is in you can point squid to +-the seperate Kerberos config file by setting the following environmnet variable in the startup ++the separate Kerberos config file by setting the following environment variable in the startup + script. + + KRB5_CONFIG=/etc/krb5-squid.conf + +=== modified file 'helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in' +--- helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2017-01-01 00:16:45 +0000 ++++ helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2017-03-31 23:47:47 +0000 +@@ -29,7 +29,7 @@ + Rewrite rules are matched in the same order as they appear in the rules file. + So for best performance, sort it in order of frequency of occurrence. + +-This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately. ++This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately. + It may be used with any value 0 or above for the store_id_children concurrency= parameter. + + =head1 OPTIONS + +=== modified file 'src/StoreFileSystem.h' +--- src/StoreFileSystem.h 2017-01-01 00:16:45 +0000 ++++ src/StoreFileSystem.h 2017-03-31 23:47:47 +0000 +@@ -47,7 +47,7 @@ + \par + * configure will take a list of storage types through the + * --enable-store-io parameter. This parameter takes a list of +- * space seperated storage types. For example, ++ * space separated storage types. For example, + * --enable-store-io="ufs aufs" . + * + \par + +=== modified file 'src/ipcache.cc' +--- src/ipcache.cc 2017-01-01 00:16:45 +0000 ++++ src/ipcache.cc 2017-03-31 23:47:47 +0000 +@@ -50,7 +50,7 @@ + \defgroup IPCacheInternal IP Cache Internals + \ingroup IPCacheAPI + \todo when IP cache is provided as a class. These sub-groups will be obsolete +- * for now they are used to seperate the public and private functions. ++ * for now they are used to separate the public and private functions. + * with the private ones all being in IPCachInternal and public in IPCacheAPI + * + \section InternalOperation Internal Operation + +=== modified file 'src/ssl/ssl_crtd.8' +--- src/ssl/ssl_crtd.8 2017-01-01 00:16:45 +0000 ++++ src/ssl/ssl_crtd.8 2017-03-31 23:47:47 +0000 +@@ -33,7 +33,7 @@ + Because the generation and signing of SSL certificates takes time + Squid must use external process to handle the work. + . +-This process generates new SSL certificates and uses a disk cache of certificatess ++This process generates new SSL certificates and uses a disk cache of certificates + to improve response times on repeated requests. + Communication occurs via TCP sockets bound to the loopback interface. + . +@@ -122,7 +122,7 @@ + . + .PP + For simple configuration the helper defaults can be used. +-Only HTTP listening port options are required to enable generation and set the signign CA certificate. ++Only HTTP listening port options are required to enable generation and set the signing CA certificate. + For Example: + .if !'po4a'hide' .RS + .if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/www.sample.com.pem +