This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via bffe0abd5950fb3786e0f0d1785f8dc2091571ac (commit) from 24a80f0c22d2e3c3654ba0168dfd49f4a4de2185 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit bffe0abd5950fb3786e0f0d1785f8dc2091571ac Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Apr 3 21:26:44 2017 +0200
squid: Update to 3.5.25
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: lfs/squid | 20 +- ...=> squid-3.5.25-fix-max-file-descriptors.patch} | 0 src/patches/squid/squid-3.5-14142.patch | 72 ----- src/patches/squid/squid-3.5-14143.patch | 55 ---- src/patches/squid/squid-3.5-14144.patch | 43 --- src/patches/squid/squid-3.5-14145.patch | 33 -- src/patches/squid/squid-3.5-14146.patch | 41 --- src/patches/squid/squid-3.5-14147.patch | 37 --- src/patches/squid/squid-3.5-14148.patch | 62 ---- src/patches/squid/squid-3.5-14149.patch | 78 ----- src/patches/squid/squid-3.5-14150.patch | 32 -- src/patches/squid/squid-3.5-14151.patch | 36 --- src/patches/squid/squid-3.5-14152.patch | 35 -- src/patches/squid/squid-3.5-14153.patch | 353 --------------------- 14 files changed, 4 insertions(+), 893 deletions(-) rename src/patches/{squid-3.5.24-fix-max-file-descriptors.patch => squid-3.5.25-fix-max-file-descriptors.patch} (100%) delete mode 100644 src/patches/squid/squid-3.5-14142.patch delete mode 100644 src/patches/squid/squid-3.5-14143.patch delete mode 100644 src/patches/squid/squid-3.5-14144.patch delete mode 100644 src/patches/squid/squid-3.5-14145.patch delete mode 100644 src/patches/squid/squid-3.5-14146.patch delete mode 100644 src/patches/squid/squid-3.5-14147.patch delete mode 100644 src/patches/squid/squid-3.5-14148.patch delete mode 100644 src/patches/squid/squid-3.5-14149.patch delete mode 100644 src/patches/squid/squid-3.5-14150.patch delete mode 100644 src/patches/squid/squid-3.5-14151.patch delete mode 100644 src/patches/squid/squid-3.5-14152.patch delete mode 100644 src/patches/squid/squid-3.5-14153.patch
Difference in files: diff --git a/lfs/squid b/lfs/squid index 2699020..70d83b0 100644 --- a/lfs/squid +++ b/lfs/squid @@ -24,7 +24,7 @@
include Config
-VER = 3.5.24 +VER = 3.5.25
THISAPP = squid-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3fae511e16b6379b61c011914673973d +$(DL_FILE)_MD5 = 6b7dd7b42b1adacf08f3155640ea2782
install : $(TARGET)
@@ -70,19 +70,7 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14142.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14143.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14144.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14145.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14146.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14147.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14148.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14149.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14150.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14151.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14152.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14153.patch - cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.24-fix-max-file-descriptors.patch + cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.25-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi cd $(DIR_APP)/libltdl && autoreconf -vfi @@ -159,7 +147,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cp -f $(DIR_SRC)/config/updxlrator/lscache /var/ipfire/updatexlrator/bin/lscache cp -f $(DIR_SRC)/config/updxlrator/checkdeaddl /var/ipfire/updatexlrator/bin/checkdeaddl
- cp -f $(DIR_SRC)/config/updxlrator/updxlrator-lib.pl /var/ipfire/updatexlrator//updxlrator-lib.pl + cp -f $(DIR_SRC)/config/updxlrator/updxlrator-lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl
chmod 755 /usr/sbin/updxlrator /var/ipfire/updatexlrator/bin/checkup \ /var/ipfire/updatexlrator/bin/download \ diff --git a/src/patches/squid-3.5.24-fix-max-file-descriptors.patch b/src/patches/squid-3.5.25-fix-max-file-descriptors.patch similarity index 100% rename from src/patches/squid-3.5.24-fix-max-file-descriptors.patch rename to src/patches/squid-3.5.25-fix-max-file-descriptors.patch diff --git a/src/patches/squid/squid-3.5-14142.patch b/src/patches/squid/squid-3.5-14142.patch deleted file mode 100644 index 8649e27..0000000 --- a/src/patches/squid/squid-3.5-14142.patch +++ /dev/null @@ -1,72 +0,0 @@ ------------------------------------------------------------- -revno: 14142 -revision-id: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq -parent: squid3@treenet.co.nz-20170128035415-bpwt79jsobv1rqx3 -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Wed 2017-02-08 18:40:33 +1300 -message: - Bump SSL client on [more] errors encountered before ssl_bump evaluation - - ... such as ERR_ACCESS_DENIED with HTTP/403 Forbidden triggered by an - http_access deny rule match. - - The old code allowed ssl_bump step1 rules to be evaluated in the - presence of an error. An ssl_bump splicing decision would then trigger - the useless "send the error to the client now" processing logic instead - of going down the "to serve an error, bump the client first" path. - - Furthermore, the ssl_bump evaluation result itself could be surprising - to the admin because ssl_bump (and most other) rules are not meant to be - evaluated for a transaction in an error state. This complicated triage. - - Also polished an important comment to clarify that we want to bump on - error if (and only if) the SslBump feature is applicable to the failed - transaction (i.e., if the ssl_bump rules would have been evaluated if - there were no prior errors). The old comment could have been - misinterpreted that ssl_bump rules must be evaluated to allow an - "ssl_bump splice" match to hide the error. - - This is a Measurement Factory project. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8c3f2a03f86aa1b1484195a63742bc4002ba2359 -# timestamp: 2017-02-08 05:51:15 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170128035415-\ -# bpwt79jsobv1rqx3 -# -# Begin patch -=== modified file 'src/client_side_request.cc' ---- src/client_side_request.cc 2017-01-23 02:05:46 +0000 -+++ src/client_side_request.cc 2017-02-08 05:40:33 +0000 -@@ -1442,6 +1442,13 @@ - return false; - } - -+ if (error) { -+ debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]); -+ http->sslBumpNeed(Ssl::bumpBump); -+ http->al->ssl.bumpMode = Ssl::bumpBump; -+ return false; -+ } -+ - // Do not bump during authentication: clients would not proxy-authenticate - // if we delay a 407 response and respond with 200 OK to CONNECT. - if (error && error->httpStatus == Http::scProxyAuthenticationRequired) { -@@ -1781,8 +1788,9 @@ - } - - #if USE_OPENSSL -- // We need to check for SslBump even if the calloutContext->error is set -- // because bumping may require delaying the error until after CONNECT. -+ // Even with calloutContext->error, we call sslBumpAccessCheck() to decide -+ // whether SslBump applies to this transaction. If it applies, we will -+ // attempt to bump the client to serve the error. - if (!calloutContext->sslBumpCheckDone) { - calloutContext->sslBumpCheckDone = true; - if (calloutContext->sslBumpAccessCheck()) - diff --git a/src/patches/squid/squid-3.5-14143.patch b/src/patches/squid/squid-3.5-14143.patch deleted file mode 100644 index 49b3eb8..0000000 --- a/src/patches/squid/squid-3.5-14143.patch +++ /dev/null @@ -1,55 +0,0 @@ ------------------------------------------------------------- -revno: 14143 -revision-id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9 -parent: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2017-02-25 18:50:14 +1300 -message: - Fix regression in CONNECT authentication after rev.14142 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: bedc99ffdffd1e999c98c33faa830d4e9d1fc01d -# timestamp: 2017-02-25 05:51:22 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170208054033-\ -# pxqn8rs4yu713ijq -# -# Begin patch -=== modified file 'src/client_side_request.cc' ---- src/client_side_request.cc 2017-02-08 05:40:33 +0000 -+++ src/client_side_request.cc 2017-02-25 05:50:14 +0000 -@@ -1442,6 +1442,14 @@ - return false; - } - -+ // Do not bump during authentication: clients would not proxy-authenticate -+ // if we delay a 407 response and respond with 200 OK to CONNECT. -+ if (error && error->httpStatus == Http::scProxyAuthenticationRequired) { -+ http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log - -+ debugs(85, 5, HERE << "no SslBump during proxy authentication"); -+ return false; -+ } -+ - if (error) { - debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]); - http->sslBumpNeed(Ssl::bumpBump); -@@ -1449,14 +1457,6 @@ - return false; - } - -- // Do not bump during authentication: clients would not proxy-authenticate -- // if we delay a 407 response and respond with 200 OK to CONNECT. -- if (error && error->httpStatus == Http::scProxyAuthenticationRequired) { -- http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log - -- debugs(85, 5, HERE << "no SslBump during proxy authentication"); -- return false; -- } -- - debugs(85, 5, HERE << "SslBump possible, checking ACL"); - - ACLFilledChecklist *aclChecklist = clientAclChecklistCreate(Config.accessList.ssl_bump, http); - diff --git a/src/patches/squid/squid-3.5-14144.patch b/src/patches/squid/squid-3.5-14144.patch deleted file mode 100644 index 592a774..0000000 --- a/src/patches/squid/squid-3.5-14144.patch +++ /dev/null @@ -1,43 +0,0 @@ ------------------------------------------------------------- -revno: 14144 -revision-id: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g -parent: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9 -author: Alex Rousskov rousskov@measurement-factory.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2017-02-26 21:46:24 +1300 -message: - Fix crash when configuring with invalid delay_parameters restore value. - - ... like none/none. Introduced in rev which fixed another, much - bigger delay_parameters parsing bug. - - TODO: Reject all invalid input, including restore/max of "-/100". - - TODO: Fix misleading/wrong associated error messages. For example: - ERROR: invalid delay rate 'none/none'. Expecting restore/max or 'none' - ERROR: restore rate in '1/none' is not a number. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 42f47b8ee1da049d57e6af76ce755e459d2fc9fd -# timestamp: 2017-02-26 08:51:02 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170225055014-\ -# j7v5xax13u4jddr9 -# -# Begin patch -=== modified file 'src/DelaySpec.cc' ---- src/DelaySpec.cc 2017-01-01 00:16:45 +0000 -+++ src/DelaySpec.cc 2017-02-26 08:46:24 +0000 -@@ -55,7 +55,7 @@ - - // parse the first digits into restore_bps - const char *p = NULL; -- if (!StringToInt(token, restore_bps, &p, 10) && *p != '/') { -+ if (!StringToInt(token, restore_bps, &p, 10) || *p != '/') { - debugs(77, DBG_CRITICAL, "ERROR: invalid delay rate '" << token << "'. Expecting restore/max or 'none'."); - self_destruct(); - } - diff --git a/src/patches/squid/squid-3.5-14145.patch b/src/patches/squid/squid-3.5-14145.patch deleted file mode 100644 index aaa56ed..0000000 --- a/src/patches/squid/squid-3.5-14145.patch +++ /dev/null @@ -1,33 +0,0 @@ ------------------------------------------------------------- -revno: 14145 -revision-id: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s -parent: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2017-02-26 21:50:09 +1300 -message: - Fix missing CRLF on FTP timeout ABORT commands ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a290f77545e17012eea87e6315a9d375bff16752 -# timestamp: 2017-02-26 08:51:05 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170226084624-\ -# 5tkl3bdrqz8nlp9g -# -# Begin patch -=== modified file 'src/clients/FtpGateway.cc' ---- src/clients/FtpGateway.cc 2017-01-01 00:16:45 +0000 -+++ src/clients/FtpGateway.cc 2017-02-26 08:50:09 +0000 -@@ -1775,7 +1775,7 @@ - - // ABORT on timeouts. server may be waiting on a broken TCP link. - if (io.xerrno == Comm::TIMEOUT) -- writeCommand("ABOR"); -+ writeCommand("ABOR\r\n"); - - // try another connection attempt with some other method - ftpSendPassive(this); - diff --git a/src/patches/squid/squid-3.5-14146.patch b/src/patches/squid/squid-3.5-14146.patch deleted file mode 100644 index 391fa35..0000000 --- a/src/patches/squid/squid-3.5-14146.patch +++ /dev/null @@ -1,41 +0,0 @@ ------------------------------------------------------------- -revno: 14146 -revision-id: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t -parent: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2017-02-26 21:52:45 +1300 -message: - Check that -k argument is provided before trying to use it. - - Detected by Coverity Scan. Issue 1364726. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 31bba06ced5b67f892e4be897b05ec3744b2a942 -# timestamp: 2017-02-26 09:51:00 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170226085009-\ -# tj3o81s5ybk8ly9s -# -# Begin patch -=== modified file 'src/main.cc' ---- src/main.cc 2017-01-01 00:16:45 +0000 -+++ src/main.cc 2017-02-26 08:52:45 +0000 -@@ -425,11 +425,11 @@ - /** \par k - * Run the administrative action given following the option */ - -- /** \li When its an unknown option display the usage help. */ -- if ((int) strlen(optarg) < 1) -+ /** \li When it is missing or an unknown option display the usage help. */ -+ if (!optarg || strlen(optarg) < 1) - usage(); - -- if (!strncmp(optarg, "reconfigure", strlen(optarg))) -+ else if (!strncmp(optarg, "reconfigure", strlen(optarg))) - /** \li On reconfigure send SIGHUP. */ - opt_send_signal = SIGHUP; - else if (!strncmp(optarg, "rotate", strlen(optarg))) - diff --git a/src/patches/squid/squid-3.5-14147.patch b/src/patches/squid/squid-3.5-14147.patch deleted file mode 100644 index a8b52f3..0000000 --- a/src/patches/squid/squid-3.5-14147.patch +++ /dev/null @@ -1,37 +0,0 @@ ------------------------------------------------------------- -revno: 14147 -revision-id: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn -parent: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sun 2017-02-26 21:56:17 +1300 -message: - ext_kerberos_ldap_group_acl: fix unused value warnings - - Detected by Coverity Scan. Issues 1364748 and 1364749. ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: fd770175ba851fc62de4a085414c8fd996b53e46 -# timestamp: 2017-02-26 09:51:04 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170226085245-\ -# vcvc7nemupizbe4t -# -# Begin patch -=== modified file 'helpers/external_acl/kerberos_ldap_group/support_ldap.cc' ---- helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2017-01-01 00:16:45 +0000 -+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2017-02-26 08:56:17 +0000 -@@ -919,8 +919,8 @@ - /* - * Initialise ldap - */ -- ldap_debug = 127 /* LDAP_DEBUG_TRACE */ ; -- ldap_debug = -1 /* LDAP_DEBUG_ANY */ ; -+// ldap_debug = 127 /* LDAP_DEBUG_TRACE */ ; -+// ldap_debug = -1 /* LDAP_DEBUG_ANY */ ; - ldap_debug = 0; - (void) ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug); - #endif - diff --git a/src/patches/squid/squid-3.5-14148.patch b/src/patches/squid/squid-3.5-14148.patch deleted file mode 100644 index ce7d966..0000000 --- a/src/patches/squid/squid-3.5-14148.patch +++ /dev/null @@ -1,62 +0,0 @@ ------------------------------------------------------------- -revno: 14148 -revision-id: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is -parent: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn -author: Alexander Gozman a.gozman@securitycode.ru -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Mon 2017-02-27 00:09:42 +1300 -message: - Native FTP relay: NAT and TPROXY interception fixes ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 63f57f0ddddf0f231c3ef88a12728a707828c6ad -# timestamp: 2017-02-26 11:51:04 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170226085617-\ -# 89jfjndt62i83qtn -# -# Begin patch -=== modified file 'src/servers/FtpServer.cc' ---- src/servers/FtpServer.cc 2017-01-01 00:16:45 +0000 -+++ src/servers/FtpServer.cc 2017-02-26 11:09:42 +0000 -@@ -1454,9 +1454,33 @@ - Comm::ConnectionPointer conn = new Comm::Connection(); - conn->flags |= COMM_DOBIND; - -- // Use local IP address of the control connection as the source address -- // of the active data connection, or some clients will refuse to accept. -- conn->setAddrs(clientConnection->local, cltAddr); -+ if (clientConnection->flags & COMM_INTERCEPTION) { -+ // In the case of NAT interception conn->local value is not set -+ // because the TCP stack will automatically pick correct source -+ // address for the data connection. We must only ensure that IP -+ // version matches client's address. -+ conn->local.setAnyAddr(); -+ -+ if (cltAddr.isIPv4()) -+ conn->local.setIPv4(); -+ -+ conn->remote = cltAddr; -+ } else { -+ // In the case of explicit-proxy the local IP of the control connection -+ // is the Squid IP the client is knowingly talking to. -+ // -+ // In the case of TPROXY the IP address of the control connection is -+ // server IP the client is connecting to, it can be spoofed by Squid. -+ // -+ // In both cases some clients may refuse to accept data connections if -+ // these control connectin local-IP's are not used. -+ conn->setAddrs(clientConnection->local, cltAddr); -+ -+ // Using non-local addresses in TPROXY mode requires appropriate socket option. -+ if (clientConnection->flags & COMM_TRANSPARENT) -+ conn->flags |= COMM_TRANSPARENT; -+ } -+ - // RFC 959 requires active FTP connections to originate from port 20 - // but that would preclude us from supporting concurrent transfers! (XXX?) - conn->local.port(0); - diff --git a/src/patches/squid/squid-3.5-14149.patch b/src/patches/squid/squid-3.5-14149.patch deleted file mode 100644 index a9fa597..0000000 --- a/src/patches/squid/squid-3.5-14149.patch +++ /dev/null @@ -1,78 +0,0 @@ ------------------------------------------------------------- -revno: 14149 -revision-id: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3 -parent: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4508 -author: Christos Tsantilas chtsanti@users.sourceforge.net -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2017-03-31 01:31:22 +1200 -message: - Bug 4508: Host forgery stalls intercepted being-spliced connections. - - Most SslBump splicing happens after getting SNI. SNI goes into the - second fake CONNECT request, where it may fail the host forgery check. - A failed check triggers an HTTP error response from Squid. When - attempting to send that response to the TLS client, Squid checks whether - all previously pipelined HTTP requests on the connection have finished. - - Prior to this fix, Squid left the first fake CONNECT request in the - connection pipeline despite adding the second fake CONNECT. That first - CONNECT stalled the error response described above, with Squid waiting, - in vain, for that already handled [fake] transaction to finish. - - Also call quitAfterError() to force Squid to close the connection (after - writing the discussed error response) instead of just logging a - [misleading] "kick abandoning [connection]" message in cache.log. - - TODO: Always pop the first CONNECT when generating a second one. - Unifying CONNECT treatment is difficult because code like tunnel.cc - wants that CONNECT to be in the pipeline. Polishing that would probably - require disassociating ConnStateData from tunnel.cc (at least). - - TODO: Apply the existing "delayed error" logic (that optionally bumps - TLS connections to deliver [some] errors to [some] SSL/TLS clients) to - host forgery errors. Otherwise, the plain HTTP error message cannot be - understood by the intercepted TLS client. - - This is a Measurement Factory project ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3 -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: db616fff2ac0df73cf41d380f07a96b773cf2be5 -# timestamp: 2017-03-30 13:51:17 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170226110942-\ -# 90rcwhx3fwa2l7is -# -# Begin patch -=== modified file 'src/client_side.cc' ---- src/client_side.cc 2017-01-27 13:38:24 +0000 -+++ src/client_side.cc 2017-03-30 13:31:22 +0000 -@@ -4376,7 +4376,12 @@ - fd_table[connState->clientConnection->fd].read_method = &default_read_method; - fd_table[connState->clientConnection->fd].write_method = &default_write_method; - -+ ClientSocketContext::Pointer context = connState->getCurrentContext(); -+ Must(context != NULL); - if (connState->transparent()) { -+ // If we are going to fake the second CONNECT, clear the first one. -+ context->connIsFinished(); -+ - // fake a CONNECT request to force connState to tunnel - // XXX: copy from MemBuf reallocates, not a regression since old code did too - SBuf temp; - -=== modified file 'src/client_side_request.cc' ---- src/client_side_request.cc 2017-02-25 05:50:14 +0000 -+++ src/client_side_request.cc 2017-03-30 13:31:22 +0000 -@@ -561,6 +561,7 @@ - debugs(85, DBG_IMPORTANT, "SECURITY ALERT: on URL: " << urlCanonical(http->request)); - - // IP address validation for Host: failed. reject the connection. -+ http->getConn()->quitAfterError(http->request); - clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->prev->data; - clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw()); - assert (repContext); - diff --git a/src/patches/squid/squid-3.5-14150.patch b/src/patches/squid/squid-3.5-14150.patch deleted file mode 100644 index dfe97a0..0000000 --- a/src/patches/squid/squid-3.5-14150.patch +++ /dev/null @@ -1,32 +0,0 @@ ------------------------------------------------------------- -revno: 14150 -revision-id: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y -parent: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3 -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Fri 2017-03-31 12:51:52 +1200 -message: - Fix variable shadowing after rev.14149 ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: ae1e30fff31cf8b411c62eba344fdc944692aecf -# timestamp: 2017-03-31 01:51:06 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170330133122-\ -# zcpblbvnuq7mjvq3 -# -# Begin patch -=== modified file 'src/client_side.cc' ---- src/client_side.cc 2017-03-30 13:31:22 +0000 -+++ src/client_side.cc 2017-03-31 00:51:52 +0000 -@@ -4390,7 +4390,6 @@ - } else { - // in.buf still has the "CONNECT ..." request data, reset it to SSL hello message - connState->in.buf.append(rbuf.content(), rbuf.contentSize()); -- ClientSocketContext::Pointer context = connState->getCurrentContext(); - ClientHttpRequest *http = context->http; - tunnelStart(http, &http->out.size, &http->al->http.code, http->al); - } - diff --git a/src/patches/squid/squid-3.5-14151.patch b/src/patches/squid/squid-3.5-14151.patch deleted file mode 100644 index d22387d..0000000 --- a/src/patches/squid/squid-3.5-14151.patch +++ /dev/null @@ -1,36 +0,0 @@ ------------------------------------------------------------- -revno: 14151 -revision-id: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id -parent: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y -author: Garri Djavadyan garryd@comnet.uz -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2017-04-01 12:38:31 +1300 -message: - Docs: update refresh_pattern description regarding 'max' option ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: be64101730dcb2deb664d6594d20a7295a666b98 -# timestamp: 2017-03-31 23:40:50 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170331005152-\ -# 8exm3hsly1v1jk8y -# -# Begin patch -=== modified file 'src/cf.data.pre' ---- src/cf.data.pre 2017-01-01 00:16:45 +0000 -+++ src/cf.data.pre 2017-03-31 23:38:31 +0000 -@@ -5401,7 +5401,9 @@ - will be considered fresh. - - 'Max' is an upper limit on how long objects without an explicit -- expiry time will be considered fresh. -+ expiry time will be considered fresh. The value is also used -+ to form Cache-Control: max-age header for a request sent from -+ Squid to origin/parent. - - options: override-expire - override-lastmod - diff --git a/src/patches/squid/squid-3.5-14152.patch b/src/patches/squid/squid-3.5-14152.patch deleted file mode 100644 index 81bd3a0..0000000 --- a/src/patches/squid/squid-3.5-14152.patch +++ /dev/null @@ -1,35 +0,0 @@ ------------------------------------------------------------- -revno: 14152 -revision-id: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl -parent: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2017-04-01 12:39:21 +1300 -message: - libtrie: Fix 'make check' when run before 'make all' ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: 8399bbfe7b517fa6306bdc61d212a9a4fcc9e88b -# timestamp: 2017-03-31 23:40:52 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170331233831-\ -# m3hfrigo82uhz4id -# -# Begin patch -=== modified file 'lib/libTrie/Makefile.am' ---- lib/libTrie/Makefile.am 2017-01-01 00:16:45 +0000 -+++ lib/libTrie/Makefile.am 2017-03-31 23:39:21 +0000 -@@ -8,8 +8,8 @@ - include $(top_srcdir)/src/Common.am - include $(top_srcdir)/src/TestHeaders.am - --DIST_SUBDIRS = test --SUBDIRS = test -+DIST_SUBDIRS = . test -+SUBDIRS = . test - - noinst_LIBRARIES = libTrie.a - - diff --git a/src/patches/squid/squid-3.5-14153.patch b/src/patches/squid/squid-3.5-14153.patch deleted file mode 100644 index c236a61..0000000 --- a/src/patches/squid/squid-3.5-14153.patch +++ /dev/null @@ -1,353 +0,0 @@ ------------------------------------------------------------- -revno: 14153 -revision-id: squid3@treenet.co.nz-20170331234747-59glu40hhx0kf8fx -parent: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl -fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4688 -author: Lubos Uhliarik luhliari@redhat.com -committer: Amos Jeffries squid3@treenet.co.nz -branch nick: 3.5 -timestamp: Sat 2017-04-01 12:47:47 +1300 -message: - Bug 4688: various typo error(s) in man page(s) ------------------------------------------------------------- -# Bazaar merge directive format 2 (Bazaar 0.90) -# revision_id: squid3@treenet.co.nz-20170331234747-59glu40hhx0kf8fx -# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# testament_sha1: a05d98a4e328e39f2a490cfeff72ad8735cc6b6e -# timestamp: 2017-03-31 23:48:51 +0000 -# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 -# base_revision_id: squid3@treenet.co.nz-20170331233921-\ -# efxhs8vy025fvrnl -# -# Begin patch -=== modified file 'compat/compat.h' ---- compat/compat.h 2017-01-01 00:16:45 +0000 -+++ compat/compat.h 2017-03-31 23:47:47 +0000 -@@ -11,7 +11,7 @@ - - /* - * From discussions it was chosen to push compat code as far down as possible. -- * That means we can have a seperate compat for most -+ * That means we can have a separate compat for most - * compatability and portability hacks and resolutions. - * - * This file is meant to collate all those hacks files together and - -=== modified file 'helpers/basic_auth/DB/basic_db_auth.pl.in' ---- helpers/basic_auth/DB/basic_db_auth.pl.in 2017-01-01 00:16:45 +0000 -+++ helpers/basic_auth/DB/basic_db_auth.pl.in 2017-03-31 23:47:47 +0000 -@@ -14,7 +14,7 @@ - - basic_db_auth [options] - --=head1 DESCRIPTOIN -+=head1 DESCRIPTION - - This program verifies username & password to a database - -@@ -97,7 +97,7 @@ - Copyright (C) 2007 Henrik Nordstrom henrik@henriknordstrom.net - Copyright (C) 2010 Luis Daniel Lucio Quiroz dlucio@okay.com.mx (Joomla support) - This program is free software. You may redistribute copies of it under the --terms of the GNU General Public License version 2, or (at youropinion) any -+terms of the GNU General Public License version 2, or (at your opinion) any - later version. - - =head1 QUESTIONS - -=== modified file 'helpers/basic_auth/LDAP/basic_ldap_auth.8' ---- helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-01-01 00:16:45 +0000 -+++ helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-03-31 23:47:47 +0000 -@@ -98,7 +98,7 @@ - .B Note: - This can only be done if all your users are located directly under - the same position in the LDAP tree and the login name is used for naming --each user object. If your LDAP tree does not match these criterias or if -+each user object. If your LDAP tree does not match these criteria or if - you want to filter who are valid users then you need to use a search filter - to search for your users DN ( - .B -f -@@ -186,15 +186,15 @@ - .B never - dereference aliases (default), - .B always --dereference aliases, only while --.B search ing -+dereference aliases, only during a -+.B search - or only to - .B find - the base object. - . - .if !'po4a'hide' .TP - .if !'po4a'hide' .B "-H ldap_uri --Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries). -+Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries). - Servers can also be specified last on the command line. - . - .if !'po4a'hide' .TP - -=== modified file 'helpers/digest_auth/LDAP/digest_pw_auth.cc' ---- helpers/digest_auth/LDAP/digest_pw_auth.cc 2017-01-01 00:16:45 +0000 -+++ helpers/digest_auth/LDAP/digest_pw_auth.cc 2017-03-31 23:47:47 +0000 -@@ -30,7 +30,7 @@ - * the file format. However storing such a triple does little to - * improve security: If compromised the username:realm:HA1 combination - * is "plaintext equivalent" - for the purposes of digest authentication -- * they allow the user access. Password syncronisation is not tackled -+ * they allow the user access. Password synchronization is not tackled - * by digest - just preventing on the wire compromise. - * - * Copyright (c) 2003 Robert Collins robertc@squid-cache.org - -=== modified file 'helpers/digest_auth/eDirectory/digest_pw_auth.cc' ---- helpers/digest_auth/eDirectory/digest_pw_auth.cc 2017-01-01 00:16:45 +0000 -+++ helpers/digest_auth/eDirectory/digest_pw_auth.cc 2017-03-31 23:47:47 +0000 -@@ -30,7 +30,7 @@ - * the file format. However storing such a triple does little to - * improve security: If compromised the username:realm:HA1 combination - * is "plaintext equivalent" - for the purposes of digest authentication -- * they allow the user access. Password syncronisation is not tackled -+ * they allow the user access. Password synchronization is not tackled - * by digest - just preventing on the wire compromise. - * - * Copyright (c) 2003 Robert Collins robertc@squid-cache.org - -=== modified file 'helpers/digest_auth/file/digest_file_auth.8' ---- helpers/digest_auth/file/digest_file_auth.8 2017-01-01 00:16:45 +0000 -+++ helpers/digest_auth/file/digest_file_auth.8 2017-03-31 23:47:47 +0000 -@@ -15,7 +15,7 @@ - is an installed binary authentication program for Squid. It handles digest - authentication protocol and authenticates against a text file backend. - . --This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately. -+This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately. - It may be used with any value 0 or above for the auth_param children concurrency= parameter. - . - .SH OPTIONS -@@ -54,7 +54,7 @@ - improve security: If compromised the - .B username:realm:HA1 - combination is "plaintext equivalent" - for the purposes of digest authentication --they allow the user access. Password syncronisation is not tackled -+they allow the user access. Password synchronization is not tackled - by digest - just preventing on the wire compromise. - . - .SH AUTHOR - -=== modified file 'helpers/digest_auth/file/digest_file_auth.cc' ---- helpers/digest_auth/file/digest_file_auth.cc 2017-01-01 00:16:45 +0000 -+++ helpers/digest_auth/file/digest_file_auth.cc 2017-03-31 23:47:47 +0000 -@@ -33,7 +33,7 @@ - * the file format. However storing such a triple does little to - * improve security: If compromised the username:realm:HA1 combination - * is "plaintext equivalent" - for the purposes of digest authentication -- * they allow the user access. Password syncronisation is not tackled -+ * they allow the user access. Password synchronization is not tackled - * by digest - just preventing on the wire compromise. - * - * Copyright (c) 2003 Robert Collins robertc@squid-cache.org - -=== modified file 'helpers/digest_auth/file/text_backend.cc' ---- helpers/digest_auth/file/text_backend.cc 2017-01-01 00:16:45 +0000 -+++ helpers/digest_auth/file/text_backend.cc 2017-03-31 23:47:47 +0000 -@@ -29,7 +29,7 @@ - * the file format. However storing such a triple does little to - * improve security: If compromised the username:realm:HA1 combination - * is "plaintext equivalent" - for the purposes of digest authentication -- * they allow the user access. Password syncronisation is not tackled -+ * they allow the user access. Password synchronization is not tackled - * by digest - just preventing on the wire compromise. - * - * Copyright (c) 2003 Robert Collins robertc@squid-cache.org - -=== modified file 'helpers/external_acl/LDAP_group/ext_ldap_group_acl.8' ---- helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 2017-01-01 00:16:45 +0000 -+++ helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 2017-03-31 23:47:47 +0000 -@@ -52,8 +52,8 @@ - .BI never - dereference aliases (default), - .BI always --dereference aliases, only while --.BR search ing -+dereference aliases, only during a -+.BR search - or only to - .B find - the base object -@@ -143,7 +143,7 @@ - . - .if !'po4a'hide' .TP - .if !'po4a'hide' .BI -H " ldapuri" --Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries) -+Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries) - . - .if !'po4a'hide' .TP - .if !'po4a'hide' .BI -K - -=== modified file 'helpers/external_acl/kerberos_ldap_group/README' ---- helpers/external_acl/kerberos_ldap_group/README 2010-08-13 10:17:20 +0000 -+++ helpers/external_acl/kerberos_ldap_group/README 2017-03-31 23:47:47 +0000 -@@ -65,7 +65,7 @@ - export KRB5_KTNAME - - If you use a different Kerberos domain than the machine itself is in you can point squid to --the seperate Kerberos config file by setting the following environmnet variable in the startup -+the separate Kerberos config file by setting the following environment variable in the startup - script. - - KRB5_CONFIG=/etc/krb5-squid.conf - -=== modified file 'helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8' ---- helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2015-03-21 06:32:34 +0000 -+++ helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2017-03-31 23:47:47 +0000 -@@ -163,7 +163,7 @@ - .if !'po4a'hide' .ft - . - If you use a different Kerberos domain than the machine itself is in you can point squid to --the seperate Kerberos config file by setting the following environmnet variable in the startup -+the separate Kerberos config file by setting the following environment variable in the startup - script. - .if !'po4a'hide' .P - .if !'po4a'hide' .ft CR - -=== modified file 'helpers/external_acl/session/ext_session_acl.8' ---- helpers/external_acl/session/ext_session_acl.8 2017-01-01 00:16:45 +0000 -+++ helpers/external_acl/session/ext_session_acl.8 2017-03-31 23:47:47 +0000 -@@ -21,7 +21,7 @@ - ) or a fixed period of time ( - .B -T - ). The former is suitable for displaying terms and conditions to a user; the --latter is suitable for the display of advertisments or other notices (both as a -+latter is suitable for the display of advertisements or other notices (both as a - splash page - see config examples in the wiki online). The session helper can also be used - to force users to re-authenticate if the - .B %LOGIN -@@ -55,7 +55,7 @@ - environment is created within the directory. The advantage of the latter - is better database support between multiple instances of the session - helper. Using multiple instances of the session helper with a single --database file will cause synchronisation problems between processes. -+database file will cause synchronization problems between processes. - If this option is not specified the session details will be kept in - memory only and all sessions will reset each time Squid restarts its - helpers (Squid restart or rotation of logs). - -=== modified file 'helpers/log_daemon/DB/log_db_daemon.pl.in' ---- helpers/log_daemon/DB/log_db_daemon.pl.in 2017-01-01 00:16:45 +0000 -+++ helpers/log_daemon/DB/log_db_daemon.pl.in 2017-03-31 23:47:47 +0000 -@@ -18,7 +18,7 @@ - - log_db_daemon DSN [options] - --=head1 DESCRIPTOIN -+=head1 DESCRIPTION - - This program writes Squid access.log entries to a database. - Presently only accepts the B<squid> native format -@@ -373,7 +373,7 @@ - WHERE squid_request_status LIKE '%MISS%') - / - (SELECT COUNT(*) FROM access_log)*100 -- AS pecentage; -+ AS percentage; - - =item Response time ranges - -@@ -433,7 +433,7 @@ - - This script currently implements only the C<L> (i.e. "append a line to the log") command, therefore the log lines are never purged from the table. This approach has an obvious scalability problem. - --One solution would be to implement e.g. the "rotate log" command in a way that would calculate some summary values, put them in a "summary table" and then delete the lines used to caluclate those values. -+One solution would be to implement e.g. the "rotate log" command in a way that would calculate some summary values, put them in a "summary table" and then delete the lines used to calculate those values. - - Similar cleanup code could be implemented in an external script and run periodically independently from squid log commands. - - -=== modified file 'helpers/negotiate_auth/kerberos/README' ---- helpers/negotiate_auth/kerberos/README 2008-10-03 02:25:50 +0000 -+++ helpers/negotiate_auth/kerberos/README 2017-03-31 23:47:47 +0000 -@@ -53,7 +53,7 @@ - export KRB5_KTNAME - - If you use a different Kerberos domain than the machine itself is in you can point squid to --the seperate Kerberos config file by setting the following environmnet variable in the startup -+the separate Kerberos config file by setting the following environment variable in the startup - script. - - KRB5_CONFIG=/etc/krb-squid5.conf - -=== modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8' ---- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 2014-12-20 17:10:25 +0000 -+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 2017-03-31 23:47:47 +0000 -@@ -69,7 +69,7 @@ - export KRB5_KTNAME - - If you use a different Kerberos domain than the machine itself is in you can point squid to --the seperate Kerberos config file by setting the following environmnet variable in the startup -+the separate Kerberos config file by setting the following environment variable in the startup - script. - - KRB5_CONFIG=/etc/krb5-squid.conf - -=== modified file 'helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in' ---- helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2017-01-01 00:16:45 +0000 -+++ helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2017-03-31 23:47:47 +0000 -@@ -29,7 +29,7 @@ - Rewrite rules are matched in the same order as they appear in the rules file. - So for best performance, sort it in order of frequency of occurrence. - --This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately. -+This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately. - It may be used with any value 0 or above for the store_id_children concurrency= parameter. - - =head1 OPTIONS - -=== modified file 'src/StoreFileSystem.h' ---- src/StoreFileSystem.h 2017-01-01 00:16:45 +0000 -+++ src/StoreFileSystem.h 2017-03-31 23:47:47 +0000 -@@ -47,7 +47,7 @@ - \par - * configure will take a list of storage types through the - * --enable-store-io parameter. This parameter takes a list of -- * space seperated storage types. For example, -+ * space separated storage types. For example, - * --enable-store-io="ufs aufs" . - * - \par - -=== modified file 'src/ipcache.cc' ---- src/ipcache.cc 2017-01-01 00:16:45 +0000 -+++ src/ipcache.cc 2017-03-31 23:47:47 +0000 -@@ -50,7 +50,7 @@ - \defgroup IPCacheInternal IP Cache Internals - \ingroup IPCacheAPI - \todo when IP cache is provided as a class. These sub-groups will be obsolete -- * for now they are used to seperate the public and private functions. -+ * for now they are used to separate the public and private functions. - * with the private ones all being in IPCachInternal and public in IPCacheAPI - * - \section InternalOperation Internal Operation - -=== modified file 'src/ssl/ssl_crtd.8' ---- src/ssl/ssl_crtd.8 2017-01-01 00:16:45 +0000 -+++ src/ssl/ssl_crtd.8 2017-03-31 23:47:47 +0000 -@@ -33,7 +33,7 @@ - Because the generation and signing of SSL certificates takes time - Squid must use external process to handle the work. - . --This process generates new SSL certificates and uses a disk cache of certificatess -+This process generates new SSL certificates and uses a disk cache of certificates - to improve response times on repeated requests. - Communication occurs via TCP sockets bound to the loopback interface. - . -@@ -122,7 +122,7 @@ - . - .PP - For simple configuration the helper defaults can be used. --Only HTTP listening port options are required to enable generation and set the signign CA certificate. -+Only HTTP listening port options are required to enable generation and set the signing CA certificate. - For Example: - .if !'po4a'hide' .RS - .if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/www.sample.com.pem -
hooks/post-receive -- IPFire 2.x development tree