From fa511ad17a593a064e660728d7b5af1805e751c3 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 1 May 2015 04:26:58 -0700
Subject: [PATCH] 3.5.4

---
 configure.ac                       |  2 +-
 doc/release-notes/release-3.5.html |  3 +++
 doc/release-notes/release-3.5.sgml |  3 +++
 src/cf.data.pre                    | 23 ++++++++++++++++-------
 4 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/configure.ac b/configure.ac
index 3d9fb1a508..f224127185 100644
--- a/configure.ac
+++ b/configure.ac
@@ -5,7 +5,7 @@
 ## Please see the COPYING and CONTRIBUTORS files for details.
 ##
 
-AC_INIT([Squid Web Proxy],[3.5.3-BZR],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[3.5.4-BZR],[http://bugs.squid-cache.org/],[squid])
 AC_PREREQ(2.61)
 AC_CONFIG_HEADERS([include/autoconf.h])
 AC_CONFIG_AUX_DIR(cfgaux)
diff --git a/doc/release-notes/release-3.5.html b/doc/release-notes/release-3.5.html
index c77a9b8630..84b5a5f8a4 100644
--- a/doc/release-notes/release-3.5.html
+++ b/doc/release-notes/release-3.5.html
@@ -489,6 +489,9 @@ adaptation_service_chain that Squid has used (or attempted to use)
 for the HTTP transaction so far.</P>
 <P>New type <EM>at_step</EM> to match the current SSL-Bump processing step.
 Never matches and should not be used outside of <EM>ssl_bump</EM>.</P>
+<P>New types <EM>ssl::server_name</EM> and <EM>ssl::server_name_regex</EM>
+to match server name from various sources (CONNECT authority name,
+TLS SNI domain, or X.509 certificate Subject Name).</P>
 
 <DT><B>auth_param</B><DD>
 <P>New parameter <EM>key_extras</EM> to send additional parameters to
diff --git a/doc/release-notes/release-3.5.sgml b/doc/release-notes/release-3.5.sgml
index 32d8ec0319..b0311c50ea 100644
--- a/doc/release-notes/release-3.5.sgml
+++ b/doc/release-notes/release-3.5.sgml
@@ -389,6 +389,9 @@ This section gives a thorough account of those changes in three categories:
 	   for the HTTP transaction so far.
 	<p>New type <em>at_step</em> to match the current SSL-Bump processing step.
 	   Never matches and should not be used outside of <em>ssl_bump</em>.
+	<p>New types <em>ssl::server_name</em> and <em>ssl::server_name_regex</em>
+	   to match server name from various sources (CONNECT authority name,
+	   TLS SNI domain, or X.509 certificate Subject Name).
 
 	<tag>auth_param</tag>
 	<p>New parameter <em>key_extras</em> to send additional parameters to
diff --git a/src/cf.data.pre b/src/cf.data.pre
index 3b08792665..8e7e0207b8 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -2087,9 +2087,10 @@ DOC_START
 	RFC2475, and RFC3260.
 
 	The TOS/DSCP byte must be exactly that - a octet value  0 - 255, or
-	"default" to use whatever default your host has. Note that in
-	practice often only multiples of 4 is usable as the two rightmost bits
-	have been redefined for use by ECN (RFC 3168 section 23.1).
+	"default" to use whatever default your host has.
+	Note that only multiples of 4 are usable as the two rightmost bits have
+	been redefined for use by ECN (RFC 3168 section 23.1).
+	The squid parser will enforce this by masking away the ECN bits.
 
 	Processing proceeds in the order specified, and stops at first fully
 	matching line.
@@ -2102,7 +2103,7 @@ TYPE: acl_tos
 DEFAULT: none
 LOC: Ip::Qos::TheConfig.tosToClient
 DOC_START
-	Allows you to select a TOS/Diffserv value for packets being transmitted
+	Allows you to select a TOS/DSCP value for packets being transmitted
 	on the client-side, based on an ACL.
 
 	clientside_tos ds-field [!]aclname ...
@@ -2117,6 +2118,13 @@ DOC_START
 
 	Note: This feature is incompatible with qos_flows. Any TOS values set here
 	will be overwritten by TOS values in qos_flows.
+
+	The TOS/DSCP byte must be exactly that - a octet value  0 - 255, or
+	"default" to use whatever default your host has.
+	Note that only multiples of 4 are usable as the two rightmost bits have
+	been redefined for use by ECN (RFC 3168 section 23.1).
+	The squid parser will enforce this by masking away the ECN bits.
+
 DOC_END
 
 NAME: tcp_outgoing_mark
@@ -2188,9 +2196,10 @@ DOC_START
 	know what you're specifying. For more information, see RFC2474,
 	RFC2475, and RFC3260.
 
-	The TOS/DSCP byte must be exactly that - a octet value  0 - 255. Note that
-	in practice often only multiples of 4 is usable as the two rightmost bits
-	have been redefined for use by ECN (RFC 3168 section 23.1).
+	The TOS/DSCP byte must be exactly that - a octet value  0 - 255.
+	Note that only multiples of 4 are usable as the two rightmost bits have
+	been redefined for use by ECN (RFC 3168 section 23.1).
+	The squid parser will enforce this by masking away the ECN bits.
 
 	Mark values can be any unsigned 32-bit integer value.
 
-- 
2.47.2