include Config
-VER = 3.5.24
+VER = 3.5.25
THISAPP = squid-$(VER)
DL_FILE = $(THISAPP).tar.xz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3fae511e16b6379b61c011914673973d
+$(DL_FILE)_MD5 = 6b7dd7b42b1adacf08f3155640ea2782
install : $(TARGET)
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14142.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14143.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14144.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14145.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14146.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14147.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14148.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14149.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14150.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14151.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14152.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14153.patch
- cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.24-fix-max-file-descriptors.patch
+ cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.25-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi
cd $(DIR_APP)/libltdl && autoreconf -vfi
cp -f $(DIR_SRC)/config/updxlrator/lscache /var/ipfire/updatexlrator/bin/lscache
cp -f $(DIR_SRC)/config/updxlrator/checkdeaddl /var/ipfire/updatexlrator/bin/checkdeaddl
- cp -f $(DIR_SRC)/config/updxlrator/updxlrator-lib.pl /var/ipfire/updatexlrator//updxlrator-lib.pl
+ cp -f $(DIR_SRC)/config/updxlrator/updxlrator-lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl
chmod 755 /usr/sbin/updxlrator /var/ipfire/updatexlrator/bin/checkup \
/var/ipfire/updatexlrator/bin/download \
+++ /dev/null
-------------------------------------------------------------
-revno: 14142
-revision-id: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq
-parent: squid3@treenet.co.nz-20170128035415-bpwt79jsobv1rqx3
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Wed 2017-02-08 18:40:33 +1300
-message:
- Bump SSL client on [more] errors encountered before ssl_bump evaluation
-
- ... such as ERR_ACCESS_DENIED with HTTP/403 Forbidden triggered by an
- http_access deny rule match.
-
- The old code allowed ssl_bump step1 rules to be evaluated in the
- presence of an error. An ssl_bump splicing decision would then trigger
- the useless "send the error to the client now" processing logic instead
- of going down the "to serve an error, bump the client first" path.
-
- Furthermore, the ssl_bump evaluation result itself could be surprising
- to the admin because ssl_bump (and most other) rules are not meant to be
- evaluated for a transaction in an error state. This complicated triage.
-
- Also polished an important comment to clarify that we want to bump on
- error if (and only if) the SslBump feature is applicable to the failed
- transaction (i.e., if the ssl_bump rules would have been evaluated if
- there were no prior errors). The old comment could have been
- misinterpreted that ssl_bump rules must be evaluated to allow an
- "ssl_bump splice" match to hide the error.
-
- This is a Measurement Factory project.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 8c3f2a03f86aa1b1484195a63742bc4002ba2359
-# timestamp: 2017-02-08 05:51:15 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170128035415-\
-# bpwt79jsobv1rqx3
-#
-# Begin patch
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc 2017-01-23 02:05:46 +0000
-+++ src/client_side_request.cc 2017-02-08 05:40:33 +0000
-@@ -1442,6 +1442,13 @@
- return false;
- }
-
-+ if (error) {
-+ debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]);
-+ http->sslBumpNeed(Ssl::bumpBump);
-+ http->al->ssl.bumpMode = Ssl::bumpBump;
-+ return false;
-+ }
-+
- // Do not bump during authentication: clients would not proxy-authenticate
- // if we delay a 407 response and respond with 200 OK to CONNECT.
- if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
-@@ -1781,8 +1788,9 @@
- }
-
- #if USE_OPENSSL
-- // We need to check for SslBump even if the calloutContext->error is set
-- // because bumping may require delaying the error until after CONNECT.
-+ // Even with calloutContext->error, we call sslBumpAccessCheck() to decide
-+ // whether SslBump applies to this transaction. If it applies, we will
-+ // attempt to bump the client to serve the error.
- if (!calloutContext->sslBumpCheckDone) {
- calloutContext->sslBumpCheckDone = true;
- if (calloutContext->sslBumpAccessCheck())
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14143
-revision-id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
-parent: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sat 2017-02-25 18:50:14 +1300
-message:
- Fix regression in CONNECT authentication after rev.14142
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: bedc99ffdffd1e999c98c33faa830d4e9d1fc01d
-# timestamp: 2017-02-25 05:51:22 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170208054033-\
-# pxqn8rs4yu713ijq
-#
-# Begin patch
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc 2017-02-08 05:40:33 +0000
-+++ src/client_side_request.cc 2017-02-25 05:50:14 +0000
-@@ -1442,6 +1442,14 @@
- return false;
- }
-
-+ // Do not bump during authentication: clients would not proxy-authenticate
-+ // if we delay a 407 response and respond with 200 OK to CONNECT.
-+ if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
-+ http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log -
-+ debugs(85, 5, HERE << "no SslBump during proxy authentication");
-+ return false;
-+ }
-+
- if (error) {
- debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]);
- http->sslBumpNeed(Ssl::bumpBump);
-@@ -1449,14 +1457,6 @@
- return false;
- }
-
-- // Do not bump during authentication: clients would not proxy-authenticate
-- // if we delay a 407 response and respond with 200 OK to CONNECT.
-- if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
-- http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log -
-- debugs(85, 5, HERE << "no SslBump during proxy authentication");
-- return false;
-- }
--
- debugs(85, 5, HERE << "SslBump possible, checking ACL");
-
- ACLFilledChecklist *aclChecklist = clientAclChecklistCreate(Config.accessList.ssl_bump, http);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14144
-revision-id: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g
-parent: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
-author: Alex Rousskov <rousskov@measurement-factory.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2017-02-26 21:46:24 +1300
-message:
- Fix crash when configuring with invalid delay_parameters restore value.
-
- ... like none/none. Introduced in rev which fixed another, much
- bigger delay_parameters parsing bug.
-
- TODO: Reject all invalid input, including restore/max of "-/100".
-
- TODO: Fix misleading/wrong associated error messages. For example:
- ERROR: invalid delay rate 'none/none'. Expecting restore/max or 'none'
- ERROR: restore rate in '1/none' is not a number.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 42f47b8ee1da049d57e6af76ce755e459d2fc9fd
-# timestamp: 2017-02-26 08:51:02 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170225055014-\
-# j7v5xax13u4jddr9
-#
-# Begin patch
-=== modified file 'src/DelaySpec.cc'
---- src/DelaySpec.cc 2017-01-01 00:16:45 +0000
-+++ src/DelaySpec.cc 2017-02-26 08:46:24 +0000
-@@ -55,7 +55,7 @@
-
- // parse the first digits into restore_bps
- const char *p = NULL;
-- if (!StringToInt(token, restore_bps, &p, 10) && *p != '/') {
-+ if (!StringToInt(token, restore_bps, &p, 10) || *p != '/') {
- debugs(77, DBG_CRITICAL, "ERROR: invalid delay rate '" << token << "'. Expecting restore/max or 'none'.");
- self_destruct();
- }
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14145
-revision-id: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s
-parent: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2017-02-26 21:50:09 +1300
-message:
- Fix missing CRLF on FTP timeout ABORT commands
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: a290f77545e17012eea87e6315a9d375bff16752
-# timestamp: 2017-02-26 08:51:05 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226084624-\
-# 5tkl3bdrqz8nlp9g
-#
-# Begin patch
-=== modified file 'src/clients/FtpGateway.cc'
---- src/clients/FtpGateway.cc 2017-01-01 00:16:45 +0000
-+++ src/clients/FtpGateway.cc 2017-02-26 08:50:09 +0000
-@@ -1775,7 +1775,7 @@
-
- // ABORT on timeouts. server may be waiting on a broken TCP link.
- if (io.xerrno == Comm::TIMEOUT)
-- writeCommand("ABOR");
-+ writeCommand("ABOR\r\n");
-
- // try another connection attempt with some other method
- ftpSendPassive(this);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14146
-revision-id: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t
-parent: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2017-02-26 21:52:45 +1300
-message:
- Check that -k argument is provided before trying to use it.
-
- Detected by Coverity Scan. Issue 1364726.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 31bba06ced5b67f892e4be897b05ec3744b2a942
-# timestamp: 2017-02-26 09:51:00 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226085009-\
-# tj3o81s5ybk8ly9s
-#
-# Begin patch
-=== modified file 'src/main.cc'
---- src/main.cc 2017-01-01 00:16:45 +0000
-+++ src/main.cc 2017-02-26 08:52:45 +0000
-@@ -425,11 +425,11 @@
- /** \par k
- * Run the administrative action given following the option */
-
-- /** \li When its an unknown option display the usage help. */
-- if ((int) strlen(optarg) < 1)
-+ /** \li When it is missing or an unknown option display the usage help. */
-+ if (!optarg || strlen(optarg) < 1)
- usage();
-
-- if (!strncmp(optarg, "reconfigure", strlen(optarg)))
-+ else if (!strncmp(optarg, "reconfigure", strlen(optarg)))
- /** \li On reconfigure send SIGHUP. */
- opt_send_signal = SIGHUP;
- else if (!strncmp(optarg, "rotate", strlen(optarg)))
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14147
-revision-id: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn
-parent: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2017-02-26 21:56:17 +1300
-message:
- ext_kerberos_ldap_group_acl: fix unused value warnings
-
- Detected by Coverity Scan. Issues 1364748 and 1364749.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: fd770175ba851fc62de4a085414c8fd996b53e46
-# timestamp: 2017-02-26 09:51:04 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226085245-\
-# vcvc7nemupizbe4t
-#
-# Begin patch
-=== modified file 'helpers/external_acl/kerberos_ldap_group/support_ldap.cc'
---- helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2017-01-01 00:16:45 +0000
-+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2017-02-26 08:56:17 +0000
-@@ -919,8 +919,8 @@
- /*
- * Initialise ldap
- */
-- ldap_debug = 127 /* LDAP_DEBUG_TRACE */ ;
-- ldap_debug = -1 /* LDAP_DEBUG_ANY */ ;
-+// ldap_debug = 127 /* LDAP_DEBUG_TRACE */ ;
-+// ldap_debug = -1 /* LDAP_DEBUG_ANY */ ;
- ldap_debug = 0;
- (void) ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug);
- #endif
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14148
-revision-id: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is
-parent: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn
-author: Alexander Gozman <a.gozman@securitycode.ru>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-02-27 00:09:42 +1300
-message:
- Native FTP relay: NAT and TPROXY interception fixes
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 63f57f0ddddf0f231c3ef88a12728a707828c6ad
-# timestamp: 2017-02-26 11:51:04 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226085617-\
-# 89jfjndt62i83qtn
-#
-# Begin patch
-=== modified file 'src/servers/FtpServer.cc'
---- src/servers/FtpServer.cc 2017-01-01 00:16:45 +0000
-+++ src/servers/FtpServer.cc 2017-02-26 11:09:42 +0000
-@@ -1454,9 +1454,33 @@
- Comm::ConnectionPointer conn = new Comm::Connection();
- conn->flags |= COMM_DOBIND;
-
-- // Use local IP address of the control connection as the source address
-- // of the active data connection, or some clients will refuse to accept.
-- conn->setAddrs(clientConnection->local, cltAddr);
-+ if (clientConnection->flags & COMM_INTERCEPTION) {
-+ // In the case of NAT interception conn->local value is not set
-+ // because the TCP stack will automatically pick correct source
-+ // address for the data connection. We must only ensure that IP
-+ // version matches client's address.
-+ conn->local.setAnyAddr();
-+
-+ if (cltAddr.isIPv4())
-+ conn->local.setIPv4();
-+
-+ conn->remote = cltAddr;
-+ } else {
-+ // In the case of explicit-proxy the local IP of the control connection
-+ // is the Squid IP the client is knowingly talking to.
-+ //
-+ // In the case of TPROXY the IP address of the control connection is
-+ // server IP the client is connecting to, it can be spoofed by Squid.
-+ //
-+ // In both cases some clients may refuse to accept data connections if
-+ // these control connectin local-IP's are not used.
-+ conn->setAddrs(clientConnection->local, cltAddr);
-+
-+ // Using non-local addresses in TPROXY mode requires appropriate socket option.
-+ if (clientConnection->flags & COMM_TRANSPARENT)
-+ conn->flags |= COMM_TRANSPARENT;
-+ }
-+
- // RFC 959 requires active FTP connections to originate from port 20
- // but that would preclude us from supporting concurrent transfers! (XXX?)
- conn->local.port(0);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14149
-revision-id: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3
-parent: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4508
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Fri 2017-03-31 01:31:22 +1200
-message:
- Bug 4508: Host forgery stalls intercepted being-spliced connections.
-
- Most SslBump splicing happens after getting SNI. SNI goes into the
- second fake CONNECT request, where it may fail the host forgery check.
- A failed check triggers an HTTP error response from Squid. When
- attempting to send that response to the TLS client, Squid checks whether
- all previously pipelined HTTP requests on the connection have finished.
-
- Prior to this fix, Squid left the first fake CONNECT request in the
- connection pipeline despite adding the second fake CONNECT. That first
- CONNECT stalled the error response described above, with Squid waiting,
- in vain, for that already handled [fake] transaction to finish.
-
- Also call quitAfterError() to force Squid to close the connection (after
- writing the discussed error response) instead of just logging a
- [misleading] "kick abandoning [connection]" message in cache.log.
-
- TODO: Always pop the first CONNECT when generating a second one.
- Unifying CONNECT treatment is difficult because code like tunnel.cc
- wants that CONNECT to be in the pipeline. Polishing that would probably
- require disassociating ConnStateData from tunnel.cc (at least).
-
- TODO: Apply the existing "delayed error" logic (that optionally bumps
- TLS connections to deliver [some] errors to [some] SSL/TLS clients) to
- host forgery errors. Otherwise, the plain HTTP error message cannot be
- understood by the intercepted TLS client.
-
- This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: db616fff2ac0df73cf41d380f07a96b773cf2be5
-# timestamp: 2017-03-30 13:51:17 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226110942-\
-# 90rcwhx3fwa2l7is
-#
-# Begin patch
-=== modified file 'src/client_side.cc'
---- src/client_side.cc 2017-01-27 13:38:24 +0000
-+++ src/client_side.cc 2017-03-30 13:31:22 +0000
-@@ -4376,7 +4376,12 @@
- fd_table[connState->clientConnection->fd].read_method = &default_read_method;
- fd_table[connState->clientConnection->fd].write_method = &default_write_method;
-
-+ ClientSocketContext::Pointer context = connState->getCurrentContext();
-+ Must(context != NULL);
- if (connState->transparent()) {
-+ // If we are going to fake the second CONNECT, clear the first one.
-+ context->connIsFinished();
-+
- // fake a CONNECT request to force connState to tunnel
- // XXX: copy from MemBuf reallocates, not a regression since old code did too
- SBuf temp;
-
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc 2017-02-25 05:50:14 +0000
-+++ src/client_side_request.cc 2017-03-30 13:31:22 +0000
-@@ -561,6 +561,7 @@
- debugs(85, DBG_IMPORTANT, "SECURITY ALERT: on URL: " << urlCanonical(http->request));
-
- // IP address validation for Host: failed. reject the connection.
-+ http->getConn()->quitAfterError(http->request);
- clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->prev->data;
- clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
- assert (repContext);
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14150
-revision-id: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y
-parent: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Fri 2017-03-31 12:51:52 +1200
-message:
- Fix variable shadowing after rev.14149
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ae1e30fff31cf8b411c62eba344fdc944692aecf
-# timestamp: 2017-03-31 01:51:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170330133122-\
-# zcpblbvnuq7mjvq3
-#
-# Begin patch
-=== modified file 'src/client_side.cc'
---- src/client_side.cc 2017-03-30 13:31:22 +0000
-+++ src/client_side.cc 2017-03-31 00:51:52 +0000
-@@ -4390,7 +4390,6 @@
- } else {
- // in.buf still has the "CONNECT ..." request data, reset it to SSL hello message
- connState->in.buf.append(rbuf.content(), rbuf.contentSize());
-- ClientSocketContext::Pointer context = connState->getCurrentContext();
- ClientHttpRequest *http = context->http;
- tunnelStart(http, &http->out.size, &http->al->http.code, http->al);
- }
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14151
-revision-id: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id
-parent: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y
-author: Garri Djavadyan <garryd@comnet.uz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sat 2017-04-01 12:38:31 +1300
-message:
- Docs: update refresh_pattern description regarding 'max' option
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: be64101730dcb2deb664d6594d20a7295a666b98
-# timestamp: 2017-03-31 23:40:50 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170331005152-\
-# 8exm3hsly1v1jk8y
-#
-# Begin patch
-=== modified file 'src/cf.data.pre'
---- src/cf.data.pre 2017-01-01 00:16:45 +0000
-+++ src/cf.data.pre 2017-03-31 23:38:31 +0000
-@@ -5401,7 +5401,9 @@
- will be considered fresh.
-
- 'Max' is an upper limit on how long objects without an explicit
-- expiry time will be considered fresh.
-+ expiry time will be considered fresh. The value is also used
-+ to form Cache-Control: max-age header for a request sent from
-+ Squid to origin/parent.
-
- options: override-expire
- override-lastmod
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14152
-revision-id: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl
-parent: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sat 2017-04-01 12:39:21 +1300
-message:
- libtrie: Fix 'make check' when run before 'make all'
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 8399bbfe7b517fa6306bdc61d212a9a4fcc9e88b
-# timestamp: 2017-03-31 23:40:52 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170331233831-\
-# m3hfrigo82uhz4id
-#
-# Begin patch
-=== modified file 'lib/libTrie/Makefile.am'
---- lib/libTrie/Makefile.am 2017-01-01 00:16:45 +0000
-+++ lib/libTrie/Makefile.am 2017-03-31 23:39:21 +0000
-@@ -8,8 +8,8 @@
- include $(top_srcdir)/src/Common.am
- include $(top_srcdir)/src/TestHeaders.am
-
--DIST_SUBDIRS = test
--SUBDIRS = test
-+DIST_SUBDIRS = . test
-+SUBDIRS = . test
-
- noinst_LIBRARIES = libTrie.a
-
-
+++ /dev/null
-------------------------------------------------------------
-revno: 14153
-revision-id: squid3@treenet.co.nz-20170331234747-59glu40hhx0kf8fx
-parent: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4688
-author: Lubos Uhliarik <luhliari@redhat.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sat 2017-04-01 12:47:47 +1300
-message:
- Bug 4688: various typo error(s) in man page(s)
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170331234747-59glu40hhx0kf8fx
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: a05d98a4e328e39f2a490cfeff72ad8735cc6b6e
-# timestamp: 2017-03-31 23:48:51 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170331233921-\
-# efxhs8vy025fvrnl
-#
-# Begin patch
-=== modified file 'compat/compat.h'
---- compat/compat.h 2017-01-01 00:16:45 +0000
-+++ compat/compat.h 2017-03-31 23:47:47 +0000
-@@ -11,7 +11,7 @@
-
- /*
- * From discussions it was chosen to push compat code as far down as possible.
-- * That means we can have a seperate compat for most
-+ * That means we can have a separate compat for most
- * compatability and portability hacks and resolutions.
- *
- * This file is meant to collate all those hacks files together and
-
-=== modified file 'helpers/basic_auth/DB/basic_db_auth.pl.in'
---- helpers/basic_auth/DB/basic_db_auth.pl.in 2017-01-01 00:16:45 +0000
-+++ helpers/basic_auth/DB/basic_db_auth.pl.in 2017-03-31 23:47:47 +0000
-@@ -14,7 +14,7 @@
-
- basic_db_auth [options]
-
--=head1 DESCRIPTOIN
-+=head1 DESCRIPTION
-
- This program verifies username & password to a database
-
-@@ -97,7 +97,7 @@
- Copyright (C) 2007 Henrik Nordstrom <henrik@henriknordstrom.net>
- Copyright (C) 2010 Luis Daniel Lucio Quiroz <dlucio@okay.com.mx> (Joomla support)
- This program is free software. You may redistribute copies of it under the
--terms of the GNU General Public License version 2, or (at youropinion) any
-+terms of the GNU General Public License version 2, or (at your opinion) any
- later version.
-
- =head1 QUESTIONS
-
-=== modified file 'helpers/basic_auth/LDAP/basic_ldap_auth.8'
---- helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-01-01 00:16:45 +0000
-+++ helpers/basic_auth/LDAP/basic_ldap_auth.8 2017-03-31 23:47:47 +0000
-@@ -98,7 +98,7 @@
- .B Note:
- This can only be done if all your users are located directly under
- the same position in the LDAP tree and the login name is used for naming
--each user object. If your LDAP tree does not match these criterias or if
-+each user object. If your LDAP tree does not match these criteria or if
- you want to filter who are valid users then you need to use a search filter
- to search for your users DN (
- .B \-f
-@@ -186,15 +186,15 @@
- .B never
- dereference aliases (default),
- .B always
--dereference aliases, only while
--.B search ing
-+dereference aliases, only during a
-+.B search
- or only to
- .B find
- the base object.
- .
- .if !'po4a'hide' .TP
- .if !'po4a'hide' .B "\-H ldap_uri
--Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries).
-+Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries).
- Servers can also be specified last on the command line.
- .
- .if !'po4a'hide' .TP
-
-=== modified file 'helpers/digest_auth/LDAP/digest_pw_auth.cc'
---- helpers/digest_auth/LDAP/digest_pw_auth.cc 2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/LDAP/digest_pw_auth.cc 2017-03-31 23:47:47 +0000
-@@ -30,7 +30,7 @@
- * the file format. However storing such a triple does little to
- * improve security: If compromised the username:realm:HA1 combination
- * is "plaintext equivalent" - for the purposes of digest authentication
-- * they allow the user access. Password syncronisation is not tackled
-+ * they allow the user access. Password synchronization is not tackled
- * by digest - just preventing on the wire compromise.
- *
- * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
-
-=== modified file 'helpers/digest_auth/eDirectory/digest_pw_auth.cc'
---- helpers/digest_auth/eDirectory/digest_pw_auth.cc 2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/eDirectory/digest_pw_auth.cc 2017-03-31 23:47:47 +0000
-@@ -30,7 +30,7 @@
- * the file format. However storing such a triple does little to
- * improve security: If compromised the username:realm:HA1 combination
- * is "plaintext equivalent" - for the purposes of digest authentication
-- * they allow the user access. Password syncronisation is not tackled
-+ * they allow the user access. Password synchronization is not tackled
- * by digest - just preventing on the wire compromise.
- *
- * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
-
-=== modified file 'helpers/digest_auth/file/digest_file_auth.8'
---- helpers/digest_auth/file/digest_file_auth.8 2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/file/digest_file_auth.8 2017-03-31 23:47:47 +0000
-@@ -15,7 +15,7 @@
- is an installed binary authentication program for Squid. It handles digest
- authentication protocol and authenticates against a text file backend.
- .
--This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately.
-+This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately.
- It may be used with any value 0 or above for the auth_param children concurrency= parameter.
- .
- .SH OPTIONS
-@@ -54,7 +54,7 @@
- improve security: If compromised the
- .B username:realm:HA1
- combination is "plaintext equivalent" - for the purposes of digest authentication
--they allow the user access. Password syncronisation is not tackled
-+they allow the user access. Password synchronization is not tackled
- by digest - just preventing on the wire compromise.
- .
- .SH AUTHOR
-
-=== modified file 'helpers/digest_auth/file/digest_file_auth.cc'
---- helpers/digest_auth/file/digest_file_auth.cc 2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/file/digest_file_auth.cc 2017-03-31 23:47:47 +0000
-@@ -33,7 +33,7 @@
- * the file format. However storing such a triple does little to
- * improve security: If compromised the username:realm:HA1 combination
- * is "plaintext equivalent" - for the purposes of digest authentication
-- * they allow the user access. Password syncronisation is not tackled
-+ * they allow the user access. Password synchronization is not tackled
- * by digest - just preventing on the wire compromise.
- *
- * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
-
-=== modified file 'helpers/digest_auth/file/text_backend.cc'
---- helpers/digest_auth/file/text_backend.cc 2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/file/text_backend.cc 2017-03-31 23:47:47 +0000
-@@ -29,7 +29,7 @@
- * the file format. However storing such a triple does little to
- * improve security: If compromised the username:realm:HA1 combination
- * is "plaintext equivalent" - for the purposes of digest authentication
-- * they allow the user access. Password syncronisation is not tackled
-+ * they allow the user access. Password synchronization is not tackled
- * by digest - just preventing on the wire compromise.
- *
- * Copyright (c) 2003 Robert Collins <robertc@squid-cache.org>
-
-=== modified file 'helpers/external_acl/LDAP_group/ext_ldap_group_acl.8'
---- helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 2017-01-01 00:16:45 +0000
-+++ helpers/external_acl/LDAP_group/ext_ldap_group_acl.8 2017-03-31 23:47:47 +0000
-@@ -52,8 +52,8 @@
- .BI never
- dereference aliases (default),
- .BI always
--dereference aliases, only while
--.BR search ing
-+dereference aliases, only during a
-+.BR search
- or only to
- .B find
- the base object
-@@ -143,7 +143,7 @@
- .
- .if !'po4a'hide' .TP
- .if !'po4a'hide' .BI \-H " ldapuri"
--Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries)
-+Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries)
- .
- .if !'po4a'hide' .TP
- .if !'po4a'hide' .BI \-K
-
-=== modified file 'helpers/external_acl/kerberos_ldap_group/README'
---- helpers/external_acl/kerberos_ldap_group/README 2010-08-13 10:17:20 +0000
-+++ helpers/external_acl/kerberos_ldap_group/README 2017-03-31 23:47:47 +0000
-@@ -65,7 +65,7 @@
- export KRB5_KTNAME
-
- If you use a different Kerberos domain than the machine itself is in you can point squid to
--the seperate Kerberos config file by setting the following environmnet variable in the startup
-+the separate Kerberos config file by setting the following environment variable in the startup
- script.
-
- KRB5_CONFIG=/etc/krb5-squid.conf
-
-=== modified file 'helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8'
---- helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2015-03-21 06:32:34 +0000
-+++ helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8 2017-03-31 23:47:47 +0000
-@@ -163,7 +163,7 @@
- .if !'po4a'hide' .ft
- .
- If you use a different Kerberos domain than the machine itself is in you can point squid to
--the seperate Kerberos config file by setting the following environmnet variable in the startup
-+the separate Kerberos config file by setting the following environment variable in the startup
- script.
- .if !'po4a'hide' .P
- .if !'po4a'hide' .ft CR
-
-=== modified file 'helpers/external_acl/session/ext_session_acl.8'
---- helpers/external_acl/session/ext_session_acl.8 2017-01-01 00:16:45 +0000
-+++ helpers/external_acl/session/ext_session_acl.8 2017-03-31 23:47:47 +0000
-@@ -21,7 +21,7 @@
- ) or a fixed period of time (
- .B \-T
- ). The former is suitable for displaying terms and conditions to a user; the
--latter is suitable for the display of advertisments or other notices (both as a
-+latter is suitable for the display of advertisements or other notices (both as a
- splash page \- see config examples in the wiki online). The session helper can also be used
- to force users to re\-authenticate if the
- .B %LOGIN
-@@ -55,7 +55,7 @@
- environment is created within the directory. The advantage of the latter
- is better database support between multiple instances of the session
- helper. Using multiple instances of the session helper with a single
--database file will cause synchronisation problems between processes.
-+database file will cause synchronization problems between processes.
- If this option is not specified the session details will be kept in
- memory only and all sessions will reset each time Squid restarts its
- helpers (Squid restart or rotation of logs).
-
-=== modified file 'helpers/log_daemon/DB/log_db_daemon.pl.in'
---- helpers/log_daemon/DB/log_db_daemon.pl.in 2017-01-01 00:16:45 +0000
-+++ helpers/log_daemon/DB/log_db_daemon.pl.in 2017-03-31 23:47:47 +0000
-@@ -18,7 +18,7 @@
-
- log_db_daemon DSN [options]
-
--=head1 DESCRIPTOIN
-+=head1 DESCRIPTION
-
- This program writes Squid access.log entries to a database.
- Presently only accepts the B<squid> native format
-@@ -373,7 +373,7 @@
- WHERE squid_request_status LIKE '%MISS%')
- /
- (SELECT COUNT(*) FROM access_log)*100
-- AS pecentage;
-+ AS percentage;
-
- =item Response time ranges
-
-@@ -433,7 +433,7 @@
-
- This script currently implements only the C<L> (i.e. "append a line to the log") command, therefore the log lines are never purged from the table. This approach has an obvious scalability problem.
-
--One solution would be to implement e.g. the "rotate log" command in a way that would calculate some summary values, put them in a "summary table" and then delete the lines used to caluclate those values.
-+One solution would be to implement e.g. the "rotate log" command in a way that would calculate some summary values, put them in a "summary table" and then delete the lines used to calculate those values.
-
- Similar cleanup code could be implemented in an external script and run periodically independently from squid log commands.
-
-
-=== modified file 'helpers/negotiate_auth/kerberos/README'
---- helpers/negotiate_auth/kerberos/README 2008-10-03 02:25:50 +0000
-+++ helpers/negotiate_auth/kerberos/README 2017-03-31 23:47:47 +0000
-@@ -53,7 +53,7 @@
- export KRB5_KTNAME
-
- If you use a different Kerberos domain than the machine itself is in you can point squid to
--the seperate Kerberos config file by setting the following environmnet variable in the startup
-+the separate Kerberos config file by setting the following environment variable in the startup
- script.
-
- KRB5_CONFIG=/etc/krb-squid5.conf
-
-=== modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8'
---- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 2014-12-20 17:10:25 +0000
-+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8 2017-03-31 23:47:47 +0000
-@@ -69,7 +69,7 @@
- export KRB5_KTNAME
-
- If you use a different Kerberos domain than the machine itself is in you can point squid to
--the seperate Kerberos config file by setting the following environmnet variable in the startup
-+the separate Kerberos config file by setting the following environment variable in the startup
- script.
-
- KRB5_CONFIG=/etc/krb5\-squid.conf
-
-=== modified file 'helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in'
---- helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2017-01-01 00:16:45 +0000
-+++ helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in 2017-03-31 23:47:47 +0000
-@@ -29,7 +29,7 @@
- Rewrite rules are matched in the same order as they appear in the rules file.
- So for best performance, sort it in order of frequency of occurrence.
-
--This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately.
-+This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately.
- It may be used with any value 0 or above for the store_id_children concurrency= parameter.
-
- =head1 OPTIONS
-
-=== modified file 'src/StoreFileSystem.h'
---- src/StoreFileSystem.h 2017-01-01 00:16:45 +0000
-+++ src/StoreFileSystem.h 2017-03-31 23:47:47 +0000
-@@ -47,7 +47,7 @@
- \par
- * configure will take a list of storage types through the
- * --enable-store-io parameter. This parameter takes a list of
-- * space seperated storage types. For example,
-+ * space separated storage types. For example,
- * --enable-store-io="ufs aufs" .
- *
- \par
-
-=== modified file 'src/ipcache.cc'
---- src/ipcache.cc 2017-01-01 00:16:45 +0000
-+++ src/ipcache.cc 2017-03-31 23:47:47 +0000
-@@ -50,7 +50,7 @@
- \defgroup IPCacheInternal IP Cache Internals
- \ingroup IPCacheAPI
- \todo when IP cache is provided as a class. These sub-groups will be obsolete
-- * for now they are used to seperate the public and private functions.
-+ * for now they are used to separate the public and private functions.
- * with the private ones all being in IPCachInternal and public in IPCacheAPI
- *
- \section InternalOperation Internal Operation
-
-=== modified file 'src/ssl/ssl_crtd.8'
---- src/ssl/ssl_crtd.8 2017-01-01 00:16:45 +0000
-+++ src/ssl/ssl_crtd.8 2017-03-31 23:47:47 +0000
-@@ -33,7 +33,7 @@
- Because the generation and signing of SSL certificates takes time
- Squid must use external process to handle the work.
- .
--This process generates new SSL certificates and uses a disk cache of certificatess
-+This process generates new SSL certificates and uses a disk cache of certificates
- to improve response times on repeated requests.
- Communication occurs via TCP sockets bound to the loopback interface.
- .
-@@ -122,7 +122,7 @@
- .
- .PP
- For simple configuration the helper defaults can be used.
--Only HTTP listening port options are required to enable generation and set the signign CA certificate.
-+Only HTTP listening port options are required to enable generation and set the signing CA certificate.
- For Example:
- .if !'po4a'hide' .RS
- .if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/www.sample.com.pem
-
projects / ipfire-2.x.git / commitdiff
