squid: Update to 3.5.25

Submitted by Matthias Fischer on April 3, 2017, 7:26 p.m.

Details

Message ID 20170403192644.32436-1-matthias.fischer@ipfire.org
State New
Headers show

Commit Message

Matthias Fischer April 3, 2017, 7:26 p.m.
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 lfs/squid                                          |  20 +-
 ...=> squid-3.5.25-fix-max-file-descriptors.patch} |   0
 src/patches/squid/squid-3.5-14142.patch            |  72 -----
 src/patches/squid/squid-3.5-14143.patch            |  55 ----
 src/patches/squid/squid-3.5-14144.patch            |  43 ---
 src/patches/squid/squid-3.5-14145.patch            |  33 --
 src/patches/squid/squid-3.5-14146.patch            |  41 ---
 src/patches/squid/squid-3.5-14147.patch            |  37 ---
 src/patches/squid/squid-3.5-14148.patch            |  62 ----
 src/patches/squid/squid-3.5-14149.patch            |  78 -----
 src/patches/squid/squid-3.5-14150.patch            |  32 --
 src/patches/squid/squid-3.5-14151.patch            |  36 ---
 src/patches/squid/squid-3.5-14152.patch            |  35 --
 src/patches/squid/squid-3.5-14153.patch            | 353 ---------------------
 14 files changed, 4 insertions(+), 893 deletions(-)
 rename src/patches/{squid-3.5.24-fix-max-file-descriptors.patch => squid-3.5.25-fix-max-file-descriptors.patch} (100%)
 delete mode 100644 src/patches/squid/squid-3.5-14142.patch
 delete mode 100644 src/patches/squid/squid-3.5-14143.patch
 delete mode 100644 src/patches/squid/squid-3.5-14144.patch
 delete mode 100644 src/patches/squid/squid-3.5-14145.patch
 delete mode 100644 src/patches/squid/squid-3.5-14146.patch
 delete mode 100644 src/patches/squid/squid-3.5-14147.patch
 delete mode 100644 src/patches/squid/squid-3.5-14148.patch
 delete mode 100644 src/patches/squid/squid-3.5-14149.patch
 delete mode 100644 src/patches/squid/squid-3.5-14150.patch
 delete mode 100644 src/patches/squid/squid-3.5-14151.patch
 delete mode 100644 src/patches/squid/squid-3.5-14152.patch
 delete mode 100644 src/patches/squid/squid-3.5-14153.patch

Patch hide | download patch | download mbox

diff --git a/lfs/squid b/lfs/squid
index 269902067..70d83b04c 100644
--- a/lfs/squid
+++ b/lfs/squid
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 3.5.24
+VER        = 3.5.25
 
 THISAPP    = squid-$(VER)
 DL_FILE    = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 3fae511e16b6379b61c011914673973d
+$(DL_FILE)_MD5 = 6b7dd7b42b1adacf08f3155640ea2782
 
 install : $(TARGET)
 
@@ -70,19 +70,7 @@  $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14142.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14143.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14144.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14145.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14146.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14147.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14148.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14149.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14150.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14151.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14152.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5-14153.patch
-	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.24-fix-max-file-descriptors.patch
+	cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid-3.5.25-fix-max-file-descriptors.patch
 
 	cd $(DIR_APP) && autoreconf -vfi
 	cd $(DIR_APP)/libltdl && autoreconf -vfi
@@ -159,7 +147,7 @@  $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cp -f $(DIR_SRC)/config/updxlrator/lscache /var/ipfire/updatexlrator/bin/lscache
 	cp -f $(DIR_SRC)/config/updxlrator/checkdeaddl /var/ipfire/updatexlrator/bin/checkdeaddl
 
-	cp -f $(DIR_SRC)/config/updxlrator/updxlrator-lib.pl /var/ipfire/updatexlrator//updxlrator-lib.pl
+	cp -f $(DIR_SRC)/config/updxlrator/updxlrator-lib.pl /var/ipfire/updatexlrator/updxlrator-lib.pl
 
 	chmod 755 /usr/sbin/updxlrator /var/ipfire/updatexlrator/bin/checkup \
 		/var/ipfire/updatexlrator/bin/download \
diff --git a/src/patches/squid-3.5.24-fix-max-file-descriptors.patch b/src/patches/squid-3.5.25-fix-max-file-descriptors.patch
similarity index 100%
rename from src/patches/squid-3.5.24-fix-max-file-descriptors.patch
rename to src/patches/squid-3.5.25-fix-max-file-descriptors.patch
diff --git a/src/patches/squid/squid-3.5-14142.patch b/src/patches/squid/squid-3.5-14142.patch
deleted file mode 100644
index 8649e27f9..000000000
--- a/src/patches/squid/squid-3.5-14142.patch
+++ /dev/null
@@ -1,72 +0,0 @@ 
-------------------------------------------------------------
-revno: 14142
-revision-id: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq
-parent: squid3@treenet.co.nz-20170128035415-bpwt79jsobv1rqx3
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Wed 2017-02-08 18:40:33 +1300
-message:
-  Bump SSL client on [more] errors encountered before ssl_bump evaluation
-  
-  ... such as ERR_ACCESS_DENIED with HTTP/403 Forbidden triggered by an
-  http_access deny rule match.
-  
-  The old code allowed ssl_bump step1 rules to be evaluated in the
-  presence of an error. An ssl_bump splicing decision would then trigger
-  the useless "send the error to the client now" processing logic instead
-  of going down the "to serve an error, bump the client first" path.
-  
-  Furthermore, the ssl_bump evaluation result itself could be surprising
-  to the admin because ssl_bump (and most other) rules are not meant to be
-  evaluated for a transaction in an error state. This complicated triage.
-  
-  Also polished an important comment to clarify that we want to bump on
-  error if (and only if) the SslBump feature is applicable to the failed
-  transaction (i.e., if the ssl_bump rules would have been evaluated if
-  there were no prior errors). The old comment could have been
-  misinterpreted that ssl_bump rules must be evaluated to allow an
-  "ssl_bump splice" match to hide the error.
-  
-  This is a Measurement Factory project.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 8c3f2a03f86aa1b1484195a63742bc4002ba2359
-# timestamp: 2017-02-08 05:51:15 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170128035415-\
-#   bpwt79jsobv1rqx3
-# 
-# Begin patch
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc	2017-01-23 02:05:46 +0000
-+++ src/client_side_request.cc	2017-02-08 05:40:33 +0000
-@@ -1442,6 +1442,13 @@
-         return false;
-     }
- 
-+    if (error) {
-+        debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]);
-+        http->sslBumpNeed(Ssl::bumpBump);
-+        http->al->ssl.bumpMode = Ssl::bumpBump;
-+        return false;
-+    }
-+
-     // Do not bump during authentication: clients would not proxy-authenticate
-     // if we delay a 407 response and respond with 200 OK to CONNECT.
-     if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
-@@ -1781,8 +1788,9 @@
-     }
- 
- #if USE_OPENSSL
--    // We need to check for SslBump even if the calloutContext->error is set
--    // because bumping may require delaying the error until after CONNECT.
-+    // Even with calloutContext->error, we call sslBumpAccessCheck() to decide
-+    // whether SslBump applies to this transaction. If it applies, we will
-+    // attempt to bump the client to serve the error.
-     if (!calloutContext->sslBumpCheckDone) {
-         calloutContext->sslBumpCheckDone = true;
-         if (calloutContext->sslBumpAccessCheck())
-
diff --git a/src/patches/squid/squid-3.5-14143.patch b/src/patches/squid/squid-3.5-14143.patch
deleted file mode 100644
index 49b3eb8ef..000000000
--- a/src/patches/squid/squid-3.5-14143.patch
+++ /dev/null
@@ -1,55 +0,0 @@ 
-------------------------------------------------------------
-revno: 14143
-revision-id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
-parent: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sat 2017-02-25 18:50:14 +1300
-message:
-  Fix regression in CONNECT authentication after rev.14142
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: bedc99ffdffd1e999c98c33faa830d4e9d1fc01d
-# timestamp: 2017-02-25 05:51:22 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170208054033-\
-#   pxqn8rs4yu713ijq
-# 
-# Begin patch
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc	2017-02-08 05:40:33 +0000
-+++ src/client_side_request.cc	2017-02-25 05:50:14 +0000
-@@ -1442,6 +1442,14 @@
-         return false;
-     }
- 
-+    // Do not bump during authentication: clients would not proxy-authenticate
-+    // if we delay a 407 response and respond with 200 OK to CONNECT.
-+    if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
-+        http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log -
-+        debugs(85, 5, HERE << "no SslBump during proxy authentication");
-+        return false;
-+    }
-+
-     if (error) {
-         debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]);
-         http->sslBumpNeed(Ssl::bumpBump);
-@@ -1449,14 +1457,6 @@
-         return false;
-     }
- 
--    // Do not bump during authentication: clients would not proxy-authenticate
--    // if we delay a 407 response and respond with 200 OK to CONNECT.
--    if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
--        http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log -
--        debugs(85, 5, HERE << "no SslBump during proxy authentication");
--        return false;
--    }
--
-     debugs(85, 5, HERE << "SslBump possible, checking ACL");
- 
-     ACLFilledChecklist *aclChecklist = clientAclChecklistCreate(Config.accessList.ssl_bump, http);
-
diff --git a/src/patches/squid/squid-3.5-14144.patch b/src/patches/squid/squid-3.5-14144.patch
deleted file mode 100644
index 592a774d6..000000000
--- a/src/patches/squid/squid-3.5-14144.patch
+++ /dev/null
@@ -1,43 +0,0 @@ 
-------------------------------------------------------------
-revno: 14144
-revision-id: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g
-parent: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
-author: Alex Rousskov <rousskov@measurement-factory.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2017-02-26 21:46:24 +1300
-message:
-  Fix crash when configuring with invalid delay_parameters restore value.
-  
-  ... like none/none. Introduced in rev which fixed another, much
-  bigger delay_parameters parsing bug.
-  
-  TODO: Reject all invalid input, including restore/max of "-/100".
-  
-  TODO: Fix misleading/wrong associated error messages. For example:
-    ERROR: invalid delay rate 'none/none'. Expecting restore/max or 'none'
-    ERROR: restore rate in '1/none' is not a number.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 42f47b8ee1da049d57e6af76ce755e459d2fc9fd
-# timestamp: 2017-02-26 08:51:02 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170225055014-\
-#   j7v5xax13u4jddr9
-# 
-# Begin patch
-=== modified file 'src/DelaySpec.cc'
---- src/DelaySpec.cc	2017-01-01 00:16:45 +0000
-+++ src/DelaySpec.cc	2017-02-26 08:46:24 +0000
-@@ -55,7 +55,7 @@
- 
-     // parse the first digits into restore_bps
-     const char *p = NULL;
--    if (!StringToInt(token, restore_bps, &p, 10) && *p != '/') {
-+    if (!StringToInt(token, restore_bps, &p, 10) || *p != '/') {
-         debugs(77, DBG_CRITICAL, "ERROR: invalid delay rate '" << token << "'. Expecting restore/max or 'none'.");
-         self_destruct();
-     }
-
diff --git a/src/patches/squid/squid-3.5-14145.patch b/src/patches/squid/squid-3.5-14145.patch
deleted file mode 100644
index aaa56ed33..000000000
--- a/src/patches/squid/squid-3.5-14145.patch
+++ /dev/null
@@ -1,33 +0,0 @@ 
-------------------------------------------------------------
-revno: 14145
-revision-id: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s
-parent: squid3@treenet.co.nz-20170226084624-5tkl3bdrqz8nlp9g
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2017-02-26 21:50:09 +1300
-message:
-  Fix missing CRLF on FTP timeout ABORT commands
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: a290f77545e17012eea87e6315a9d375bff16752
-# timestamp: 2017-02-26 08:51:05 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226084624-\
-#   5tkl3bdrqz8nlp9g
-# 
-# Begin patch
-=== modified file 'src/clients/FtpGateway.cc'
---- src/clients/FtpGateway.cc	2017-01-01 00:16:45 +0000
-+++ src/clients/FtpGateway.cc	2017-02-26 08:50:09 +0000
-@@ -1775,7 +1775,7 @@
- 
-         // ABORT on timeouts. server may be waiting on a broken TCP link.
-         if (io.xerrno == Comm::TIMEOUT)
--            writeCommand("ABOR");
-+            writeCommand("ABOR\r\n");
- 
-         // try another connection attempt with some other method
-         ftpSendPassive(this);
-
diff --git a/src/patches/squid/squid-3.5-14146.patch b/src/patches/squid/squid-3.5-14146.patch
deleted file mode 100644
index 391fa35d8..000000000
--- a/src/patches/squid/squid-3.5-14146.patch
+++ /dev/null
@@ -1,41 +0,0 @@ 
-------------------------------------------------------------
-revno: 14146
-revision-id: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t
-parent: squid3@treenet.co.nz-20170226085009-tj3o81s5ybk8ly9s
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2017-02-26 21:52:45 +1300
-message:
-  Check that -k argument is provided before trying to use it.
-  
-   Detected by Coverity Scan. Issue 1364726.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 31bba06ced5b67f892e4be897b05ec3744b2a942
-# timestamp: 2017-02-26 09:51:00 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226085009-\
-#   tj3o81s5ybk8ly9s
-# 
-# Begin patch
-=== modified file 'src/main.cc'
---- src/main.cc	2017-01-01 00:16:45 +0000
-+++ src/main.cc	2017-02-26 08:52:45 +0000
-@@ -425,11 +425,11 @@
-             /** \par k
-              * Run the administrative action given following the option */
- 
--            /** \li When its an unknown option display the usage help. */
--            if ((int) strlen(optarg) < 1)
-+            /** \li When it is missing or an unknown option display the usage help. */
-+            if (!optarg || strlen(optarg) < 1)
-                 usage();
- 
--            if (!strncmp(optarg, "reconfigure", strlen(optarg)))
-+            else if (!strncmp(optarg, "reconfigure", strlen(optarg)))
-                 /** \li On reconfigure send SIGHUP. */
-                 opt_send_signal = SIGHUP;
-             else if (!strncmp(optarg, "rotate", strlen(optarg)))
-
diff --git a/src/patches/squid/squid-3.5-14147.patch b/src/patches/squid/squid-3.5-14147.patch
deleted file mode 100644
index a8b52f388..000000000
--- a/src/patches/squid/squid-3.5-14147.patch
+++ /dev/null
@@ -1,37 +0,0 @@ 
-------------------------------------------------------------
-revno: 14147
-revision-id: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn
-parent: squid3@treenet.co.nz-20170226085245-vcvc7nemupizbe4t
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sun 2017-02-26 21:56:17 +1300
-message:
-  ext_kerberos_ldap_group_acl: fix unused value warnings
-  
-   Detected by Coverity Scan. Issues 1364748 and 1364749.
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: fd770175ba851fc62de4a085414c8fd996b53e46
-# timestamp: 2017-02-26 09:51:04 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226085245-\
-#   vcvc7nemupizbe4t
-# 
-# Begin patch
-=== modified file 'helpers/external_acl/kerberos_ldap_group/support_ldap.cc'
---- helpers/external_acl/kerberos_ldap_group/support_ldap.cc	2017-01-01 00:16:45 +0000
-+++ helpers/external_acl/kerberos_ldap_group/support_ldap.cc	2017-02-26 08:56:17 +0000
-@@ -919,8 +919,8 @@
-     /*
-      * Initialise ldap
-      */
--    ldap_debug = 127 /* LDAP_DEBUG_TRACE */ ;
--    ldap_debug = -1 /* LDAP_DEBUG_ANY */ ;
-+//    ldap_debug = 127 /* LDAP_DEBUG_TRACE */ ;
-+//    ldap_debug = -1 /* LDAP_DEBUG_ANY */ ;
-     ldap_debug = 0;
-     (void) ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, &ldap_debug);
- #endif
-
diff --git a/src/patches/squid/squid-3.5-14148.patch b/src/patches/squid/squid-3.5-14148.patch
deleted file mode 100644
index ce7d9667c..000000000
--- a/src/patches/squid/squid-3.5-14148.patch
+++ /dev/null
@@ -1,62 +0,0 @@ 
-------------------------------------------------------------
-revno: 14148
-revision-id: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is
-parent: squid3@treenet.co.nz-20170226085617-89jfjndt62i83qtn
-author: Alexander Gozman <a.gozman@securitycode.ru>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Mon 2017-02-27 00:09:42 +1300
-message:
-  Native FTP relay: NAT and TPROXY interception fixes
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 63f57f0ddddf0f231c3ef88a12728a707828c6ad
-# timestamp: 2017-02-26 11:51:04 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226085617-\
-#   89jfjndt62i83qtn
-# 
-# Begin patch
-=== modified file 'src/servers/FtpServer.cc'
---- src/servers/FtpServer.cc	2017-01-01 00:16:45 +0000
-+++ src/servers/FtpServer.cc	2017-02-26 11:09:42 +0000
-@@ -1454,9 +1454,33 @@
-     Comm::ConnectionPointer conn = new Comm::Connection();
-     conn->flags |= COMM_DOBIND;
- 
--    // Use local IP address of the control connection as the source address
--    // of the active data connection, or some clients will refuse to accept.
--    conn->setAddrs(clientConnection->local, cltAddr);
-+    if (clientConnection->flags & COMM_INTERCEPTION) {
-+        // In the case of NAT interception conn->local value is not set
-+        // because the TCP stack will automatically pick correct source
-+        // address for the data connection. We must only ensure that IP
-+        // version matches client's address.
-+        conn->local.setAnyAddr();
-+
-+        if (cltAddr.isIPv4())
-+            conn->local.setIPv4();
-+
-+        conn->remote = cltAddr;
-+    } else {
-+        // In the case of explicit-proxy the local IP of the control connection
-+        // is the Squid IP the client is knowingly talking to.
-+        //
-+        // In the case of TPROXY the IP address of the control connection is
-+        // server IP the client is connecting to, it can be spoofed by Squid.
-+        //
-+        // In both cases some clients may refuse to accept data connections if
-+        // these control connectin local-IP's are not used.
-+        conn->setAddrs(clientConnection->local, cltAddr);
-+
-+        // Using non-local addresses in TPROXY mode requires appropriate socket option.
-+        if (clientConnection->flags & COMM_TRANSPARENT)
-+            conn->flags |= COMM_TRANSPARENT;
-+    }
-+
-     // RFC 959 requires active FTP connections to originate from port 20
-     // but that would preclude us from supporting concurrent transfers! (XXX?)
-     conn->local.port(0);
-
diff --git a/src/patches/squid/squid-3.5-14149.patch b/src/patches/squid/squid-3.5-14149.patch
deleted file mode 100644
index a9fa59754..000000000
--- a/src/patches/squid/squid-3.5-14149.patch
+++ /dev/null
@@ -1,78 +0,0 @@ 
-------------------------------------------------------------
-revno: 14149
-revision-id: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3
-parent: squid3@treenet.co.nz-20170226110942-90rcwhx3fwa2l7is
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4508
-author: Christos Tsantilas <chtsanti@users.sourceforge.net>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Fri 2017-03-31 01:31:22 +1200
-message:
-  Bug 4508: Host forgery stalls intercepted being-spliced connections.
-  
-  Most SslBump splicing happens after getting SNI. SNI goes into the
-  second fake CONNECT request, where it may fail the host forgery check.
-  A failed check triggers an HTTP error response from Squid. When
-  attempting to send that response to the TLS client, Squid checks whether
-  all previously pipelined HTTP requests on the connection have finished.
-  
-  Prior to this fix, Squid left the first fake CONNECT request in the
-  connection pipeline despite adding the second fake CONNECT. That first
-  CONNECT stalled the error response described above, with Squid waiting,
-  in vain, for that already handled [fake] transaction to finish.
-  
-  Also call quitAfterError() to force Squid to close the connection (after
-  writing the discussed error response) instead of just logging a
-  [misleading] "kick abandoning [connection]" message in cache.log.
-  
-  TODO: Always pop the first CONNECT when generating a second one.
-  Unifying CONNECT treatment is difficult because code like tunnel.cc
-  wants that CONNECT to be in the pipeline. Polishing that would probably
-  require disassociating ConnStateData from tunnel.cc (at least).
-  
-  TODO: Apply the existing "delayed error" logic (that optionally bumps
-  TLS connections to deliver [some] errors to [some] SSL/TLS clients) to
-  host forgery errors. Otherwise, the plain HTTP error message cannot be
-  understood by the intercepted TLS client.
-  
-  This is a Measurement Factory project
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: db616fff2ac0df73cf41d380f07a96b773cf2be5
-# timestamp: 2017-03-30 13:51:17 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170226110942-\
-#   90rcwhx3fwa2l7is
-# 
-# Begin patch
-=== modified file 'src/client_side.cc'
---- src/client_side.cc	2017-01-27 13:38:24 +0000
-+++ src/client_side.cc	2017-03-30 13:31:22 +0000
-@@ -4376,7 +4376,12 @@
-         fd_table[connState->clientConnection->fd].read_method = &default_read_method;
-         fd_table[connState->clientConnection->fd].write_method = &default_write_method;
- 
-+        ClientSocketContext::Pointer context = connState->getCurrentContext();
-+        Must(context != NULL);
-         if (connState->transparent()) {
-+            // If we are going to fake the second CONNECT, clear the first one.
-+            context->connIsFinished();
-+
-             // fake a CONNECT request to force connState to tunnel
-             // XXX: copy from MemBuf reallocates, not a regression since old code did too
-             SBuf temp;
-
-=== modified file 'src/client_side_request.cc'
---- src/client_side_request.cc	2017-02-25 05:50:14 +0000
-+++ src/client_side_request.cc	2017-03-30 13:31:22 +0000
-@@ -561,6 +561,7 @@
-     debugs(85, DBG_IMPORTANT, "SECURITY ALERT: on URL: " << urlCanonical(http->request));
- 
-     // IP address validation for Host: failed. reject the connection.
-+    http->getConn()->quitAfterError(http->request);
-     clientStreamNode *node = (clientStreamNode *)http->client_stream.tail->prev->data;
-     clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
-     assert (repContext);
-
diff --git a/src/patches/squid/squid-3.5-14150.patch b/src/patches/squid/squid-3.5-14150.patch
deleted file mode 100644
index dfe97a0ef..000000000
--- a/src/patches/squid/squid-3.5-14150.patch
+++ /dev/null
@@ -1,32 +0,0 @@ 
-------------------------------------------------------------
-revno: 14150
-revision-id: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y
-parent: squid3@treenet.co.nz-20170330133122-zcpblbvnuq7mjvq3
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Fri 2017-03-31 12:51:52 +1200
-message:
-  Fix variable shadowing after rev.14149
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: ae1e30fff31cf8b411c62eba344fdc944692aecf
-# timestamp: 2017-03-31 01:51:06 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170330133122-\
-#   zcpblbvnuq7mjvq3
-# 
-# Begin patch
-=== modified file 'src/client_side.cc'
---- src/client_side.cc	2017-03-30 13:31:22 +0000
-+++ src/client_side.cc	2017-03-31 00:51:52 +0000
-@@ -4390,7 +4390,6 @@
-         } else {
-             // in.buf still has the "CONNECT ..." request data, reset it to SSL hello message
-             connState->in.buf.append(rbuf.content(), rbuf.contentSize());
--            ClientSocketContext::Pointer context = connState->getCurrentContext();
-             ClientHttpRequest *http = context->http;
-             tunnelStart(http, &http->out.size, &http->al->http.code, http->al);
-         }
-
diff --git a/src/patches/squid/squid-3.5-14151.patch b/src/patches/squid/squid-3.5-14151.patch
deleted file mode 100644
index d22387d53..000000000
--- a/src/patches/squid/squid-3.5-14151.patch
+++ /dev/null
@@ -1,36 +0,0 @@ 
-------------------------------------------------------------
-revno: 14151
-revision-id: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id
-parent: squid3@treenet.co.nz-20170331005152-8exm3hsly1v1jk8y
-author: Garri Djavadyan <garryd@comnet.uz>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sat 2017-04-01 12:38:31 +1300
-message:
-  Docs: update refresh_pattern description regarding 'max' option
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: be64101730dcb2deb664d6594d20a7295a666b98
-# timestamp: 2017-03-31 23:40:50 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170331005152-\
-#   8exm3hsly1v1jk8y
-# 
-# Begin patch
-=== modified file 'src/cf.data.pre'
---- src/cf.data.pre	2017-01-01 00:16:45 +0000
-+++ src/cf.data.pre	2017-03-31 23:38:31 +0000
-@@ -5401,7 +5401,9 @@
- 	will be considered fresh.
- 
- 	'Max' is an upper limit on how long objects without an explicit
--	expiry time will be considered fresh.
-+	expiry time will be considered fresh. The value is also used
-+	to form Cache-Control: max-age header for a request sent from
-+	Squid to origin/parent.
- 
- 	options: override-expire
- 		 override-lastmod
-
diff --git a/src/patches/squid/squid-3.5-14152.patch b/src/patches/squid/squid-3.5-14152.patch
deleted file mode 100644
index 81bd3a039..000000000
--- a/src/patches/squid/squid-3.5-14152.patch
+++ /dev/null
@@ -1,35 +0,0 @@ 
-------------------------------------------------------------
-revno: 14152
-revision-id: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl
-parent: squid3@treenet.co.nz-20170331233831-m3hfrigo82uhz4id
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sat 2017-04-01 12:39:21 +1300
-message:
-  libtrie: Fix 'make check' when run before 'make all'
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: 8399bbfe7b517fa6306bdc61d212a9a4fcc9e88b
-# timestamp: 2017-03-31 23:40:52 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170331233831-\
-#   m3hfrigo82uhz4id
-# 
-# Begin patch
-=== modified file 'lib/libTrie/Makefile.am'
---- lib/libTrie/Makefile.am	2017-01-01 00:16:45 +0000
-+++ lib/libTrie/Makefile.am	2017-03-31 23:39:21 +0000
-@@ -8,8 +8,8 @@
- include $(top_srcdir)/src/Common.am
- include $(top_srcdir)/src/TestHeaders.am
- 
--DIST_SUBDIRS = test
--SUBDIRS = test
-+DIST_SUBDIRS = . test
-+SUBDIRS = . test
- 
- noinst_LIBRARIES = libTrie.a
- 
-
diff --git a/src/patches/squid/squid-3.5-14153.patch b/src/patches/squid/squid-3.5-14153.patch
deleted file mode 100644
index c236a6115..000000000
--- a/src/patches/squid/squid-3.5-14153.patch
+++ /dev/null
@@ -1,353 +0,0 @@ 
-------------------------------------------------------------
-revno: 14153
-revision-id: squid3@treenet.co.nz-20170331234747-59glu40hhx0kf8fx
-parent: squid3@treenet.co.nz-20170331233921-efxhs8vy025fvrnl
-fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4688
-author: Lubos Uhliarik <luhliari@redhat.com>
-committer: Amos Jeffries <squid3@treenet.co.nz>
-branch nick: 3.5
-timestamp: Sat 2017-04-01 12:47:47 +1300
-message:
-  Bug 4688: various typo error(s) in man page(s)
-------------------------------------------------------------
-# Bazaar merge directive format 2 (Bazaar 0.90)
-# revision_id: squid3@treenet.co.nz-20170331234747-59glu40hhx0kf8fx
-# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# testament_sha1: a05d98a4e328e39f2a490cfeff72ad8735cc6b6e
-# timestamp: 2017-03-31 23:48:51 +0000
-# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
-# base_revision_id: squid3@treenet.co.nz-20170331233921-\
-#   efxhs8vy025fvrnl
-# 
-# Begin patch
-=== modified file 'compat/compat.h'
---- compat/compat.h	2017-01-01 00:16:45 +0000
-+++ compat/compat.h	2017-03-31 23:47:47 +0000
-@@ -11,7 +11,7 @@
- 
- /*
-  * From discussions it was chosen to push compat code as far down as possible.
-- * That means we can have a seperate compat for most
-+ * That means we can have a separate compat for most
-  *  compatability and portability hacks and resolutions.
-  *
-  * This file is meant to collate all those hacks files together and
-
-=== modified file 'helpers/basic_auth/DB/basic_db_auth.pl.in'
---- helpers/basic_auth/DB/basic_db_auth.pl.in	2017-01-01 00:16:45 +0000
-+++ helpers/basic_auth/DB/basic_db_auth.pl.in	2017-03-31 23:47:47 +0000
-@@ -14,7 +14,7 @@
- 
-  basic_db_auth [options]
- 
--=head1 DESCRIPTOIN
-+=head1 DESCRIPTION
- 
- This program verifies username & password to a database
- 
-@@ -97,7 +97,7 @@
- Copyright (C) 2007 Henrik Nordstrom <henrik@henriknordstrom.net>
- Copyright (C) 2010 Luis Daniel Lucio Quiroz <dlucio@okay.com.mx> (Joomla support)
- This program is free software. You may redistribute copies of it under the
--terms of the GNU General Public License version 2, or (at youropinion) any
-+terms of the GNU General Public License version 2, or (at your opinion) any
- later version.
- 
- =head1 QUESTIONS
-
-=== modified file 'helpers/basic_auth/LDAP/basic_ldap_auth.8'
---- helpers/basic_auth/LDAP/basic_ldap_auth.8	2017-01-01 00:16:45 +0000
-+++ helpers/basic_auth/LDAP/basic_ldap_auth.8	2017-03-31 23:47:47 +0000
-@@ -98,7 +98,7 @@
- .B Note:
- This can only be done if all your users are located directly under
- the same position in the LDAP tree and the login name is used for naming
--each user object. If your LDAP tree does not match these criterias or if
-+each user object. If your LDAP tree does not match these criteria or if
- you want to filter who are valid users then you need to use a search filter
- to search for your users DN (
- .B \-f
-@@ -186,15 +186,15 @@
- .B never
- dereference aliases (default),
- .B always
--dereference aliases, only while
--.B search ing
-+dereference aliases, only during a
-+.B search
- or only to
- .B find
- the base object.
- .
- .if !'po4a'hide' .TP
- .if !'po4a'hide' .B "\-H ldap_uri
--Specity the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries).
-+Specify the LDAP server to connect to by LDAP URI (requires OpenLDAP libraries).
- Servers can also be specified last on the command line.
- .
- .if !'po4a'hide' .TP
-
-=== modified file 'helpers/digest_auth/LDAP/digest_pw_auth.cc'
---- helpers/digest_auth/LDAP/digest_pw_auth.cc	2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/LDAP/digest_pw_auth.cc	2017-03-31 23:47:47 +0000
-@@ -30,7 +30,7 @@
-  * the file format.  However storing such a triple does little to
-  * improve security: If compromised the username:realm:HA1 combination
-  * is "plaintext equivalent" - for the purposes of digest authentication
-- * they allow the user access. Password syncronisation is not tackled
-+ * they allow the user access. Password synchronization is not tackled
-  * by digest - just preventing on the wire compromise.
-  *
-  * Copyright (c) 2003  Robert Collins  <robertc@squid-cache.org>
-
-=== modified file 'helpers/digest_auth/eDirectory/digest_pw_auth.cc'
---- helpers/digest_auth/eDirectory/digest_pw_auth.cc	2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/eDirectory/digest_pw_auth.cc	2017-03-31 23:47:47 +0000
-@@ -30,7 +30,7 @@
-  * the file format.  However storing such a triple does little to
-  * improve security: If compromised the username:realm:HA1 combination
-  * is "plaintext equivalent" - for the purposes of digest authentication
-- * they allow the user access. Password syncronisation is not tackled
-+ * they allow the user access. Password synchronization is not tackled
-  * by digest - just preventing on the wire compromise.
-  *
-  * Copyright (c) 2003  Robert Collins  <robertc@squid-cache.org>
-
-=== modified file 'helpers/digest_auth/file/digest_file_auth.8'
---- helpers/digest_auth/file/digest_file_auth.8	2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/file/digest_file_auth.8	2017-03-31 23:47:47 +0000
-@@ -15,7 +15,7 @@
- is an installed binary authentication program for Squid. It handles digest 
- authentication protocol and authenticates against a text file backend.
- .
--This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately.
-+This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately.
- It may be used with any value 0 or above for the auth_param children concurrency= parameter.
- .
- .SH OPTIONS
-@@ -54,7 +54,7 @@
- improve security: If compromised the
- .B username:realm:HA1 
- combination is "plaintext equivalent" - for the purposes of digest authentication
--they allow the user access. Password syncronisation is not tackled
-+they allow the user access. Password synchronization is not tackled
- by digest - just preventing on the wire compromise.
- .
- .SH AUTHOR
-
-=== modified file 'helpers/digest_auth/file/digest_file_auth.cc'
---- helpers/digest_auth/file/digest_file_auth.cc	2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/file/digest_file_auth.cc	2017-03-31 23:47:47 +0000
-@@ -33,7 +33,7 @@
-  * the file format.  However storing such a triple does little to
-  * improve security: If compromised the username:realm:HA1 combination
-  * is "plaintext equivalent" - for the purposes of digest authentication
-- * they allow the user access. Password syncronisation is not tackled
-+ * they allow the user access. Password synchronization is not tackled
-  * by digest - just preventing on the wire compromise.
-  *
-  * Copyright (c) 2003  Robert Collins  <robertc@squid-cache.org>
-
-=== modified file 'helpers/digest_auth/file/text_backend.cc'
---- helpers/digest_auth/file/text_backend.cc	2017-01-01 00:16:45 +0000
-+++ helpers/digest_auth/file/text_backend.cc	2017-03-31 23:47:47 +0000
-@@ -29,7 +29,7 @@
-  * the file format.  However storing such a triple does little to
-  * improve security: If compromised the username:realm:HA1 combination
-  * is "plaintext equivalent" - for the purposes of digest authentication
-- * they allow the user access. Password syncronisation is not tackled
-+ * they allow the user access. Password synchronization is not tackled
-  * by digest - just preventing on the wire compromise.
-  *
-  * Copyright (c) 2003  Robert Collins  <robertc@squid-cache.org>
-
-=== modified file 'helpers/external_acl/LDAP_group/ext_ldap_group_acl.8'
---- helpers/external_acl/LDAP_group/ext_ldap_group_acl.8	2017-01-01 00:16:45 +0000
-+++ helpers/external_acl/LDAP_group/ext_ldap_group_acl.8	2017-03-31 23:47:47 +0000
-@@ -52,8 +52,8 @@
- .BI never
- dereference aliases (default),
- .BI always
--dereference aliases, only while
--.BR search ing
-+dereference aliases, only during a
-+.BR search
- or only to
- .B find
- the base object
-@@ -143,7 +143,7 @@
- .
- .if !'po4a'hide' .TP
- .if !'po4a'hide' .BI \-H " ldapuri"
--Specity the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries)
-+Specify the LDAP server to connect to by a LDAP URI (requires OpenLDAP libraries)
- .
- .if !'po4a'hide' .TP
- .if !'po4a'hide' .BI \-K
-
-=== modified file 'helpers/external_acl/kerberos_ldap_group/README'
---- helpers/external_acl/kerberos_ldap_group/README	2010-08-13 10:17:20 +0000
-+++ helpers/external_acl/kerberos_ldap_group/README	2017-03-31 23:47:47 +0000
-@@ -65,7 +65,7 @@
- export KRB5_KTNAME
- 
- If you use a different Kerberos domain than the machine itself is in you can point squid to 
--the seperate Kerberos config file by setting the following environmnet variable in the startup 
-+the separate Kerberos config file by setting the following environment variable in the startup 
- script.
- 
- KRB5_CONFIG=/etc/krb5-squid.conf
-
-=== modified file 'helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8'
---- helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8	2015-03-21 06:32:34 +0000
-+++ helpers/external_acl/kerberos_ldap_group/ext_kerberos_ldap_group_acl.8	2017-03-31 23:47:47 +0000
-@@ -163,7 +163,7 @@
- .if !'po4a'hide' .ft
- .
- If you use a different Kerberos domain than the machine itself is in you can point squid to
--the seperate Kerberos config file by setting the following environmnet variable in the startup
-+the separate Kerberos config file by setting the following environment variable in the startup
- script.
- .if !'po4a'hide' .P
- .if !'po4a'hide' .ft CR
-
-=== modified file 'helpers/external_acl/session/ext_session_acl.8'
---- helpers/external_acl/session/ext_session_acl.8	2017-01-01 00:16:45 +0000
-+++ helpers/external_acl/session/ext_session_acl.8	2017-03-31 23:47:47 +0000
-@@ -21,7 +21,7 @@
- ) or a fixed period of time (
- .B \-T
- ). The former is suitable for displaying terms and conditions to a user; the
--latter is suitable for the display of advertisments or other notices (both as a
-+latter is suitable for the display of advertisements or other notices (both as a
- splash page \- see config examples in the wiki online). The session helper can also be used
- to force users to re\-authenticate if the 
- .B %LOGIN 
-@@ -55,7 +55,7 @@
- environment is created within the directory. The advantage of the latter
- is better database support between multiple instances of the session
- helper. Using multiple instances of the session helper with a single
--database file will cause synchronisation problems between processes.
-+database file will cause synchronization problems between processes.
- If this option is not specified the session details will be kept in
- memory only and all sessions will reset each time Squid restarts its
- helpers (Squid restart or rotation of logs).
-
-=== modified file 'helpers/log_daemon/DB/log_db_daemon.pl.in'
---- helpers/log_daemon/DB/log_db_daemon.pl.in	2017-01-01 00:16:45 +0000
-+++ helpers/log_daemon/DB/log_db_daemon.pl.in	2017-03-31 23:47:47 +0000
-@@ -18,7 +18,7 @@
- 
- log_db_daemon DSN [options]
- 
--=head1 DESCRIPTOIN
-+=head1 DESCRIPTION
- 
- This program writes Squid access.log entries to a database.
- Presently only accepts the B<squid> native format
-@@ -373,7 +373,7 @@
-     WHERE squid_request_status LIKE '%MISS%')
-     /
-     (SELECT COUNT(*) FROM access_log)*100
--    AS pecentage;
-+    AS percentage;
- 
- =item Response time ranges
- 
-@@ -433,7 +433,7 @@
- 
- This script currently implements only the C<L> (i.e. "append a line to the log") command, therefore the log lines are never purged from the table. This approach has an obvious scalability problem.
- 
--One solution would be to implement e.g. the "rotate log" command in a way that would calculate some summary values, put them in a "summary table" and then delete the lines used to caluclate those values.
-+One solution would be to implement e.g. the "rotate log" command in a way that would calculate some summary values, put them in a "summary table" and then delete the lines used to calculate those values.
- 
- Similar cleanup code could be implemented in an external script and run periodically independently from squid log commands.
- 
-
-=== modified file 'helpers/negotiate_auth/kerberos/README'
---- helpers/negotiate_auth/kerberos/README	2008-10-03 02:25:50 +0000
-+++ helpers/negotiate_auth/kerberos/README	2017-03-31 23:47:47 +0000
-@@ -53,7 +53,7 @@
- export KRB5_KTNAME
- 
- If you use a different Kerberos domain than the machine itself is in you can point squid to 
--the seperate Kerberos config file by setting the following environmnet variable in the startup 
-+the separate Kerberos config file by setting the following environment variable in the startup 
- script.
- 
- KRB5_CONFIG=/etc/krb-squid5.conf
-
-=== modified file 'helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8'
---- helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8	2014-12-20 17:10:25 +0000
-+++ helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.8	2017-03-31 23:47:47 +0000
-@@ -69,7 +69,7 @@
- export KRB5_KTNAME
- 
- If you use a different Kerberos domain than the machine itself is in you can point squid to
--the seperate Kerberos config file by setting the following environmnet variable in the startup
-+the separate Kerberos config file by setting the following environment variable in the startup
- script.
- 
- KRB5_CONFIG=/etc/krb5\-squid.conf
-
-=== modified file 'helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in'
---- helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in	2017-01-01 00:16:45 +0000
-+++ helpers/storeid_rewrite/file/storeid_file_rewrite.pl.in	2017-03-31 23:47:47 +0000
-@@ -29,7 +29,7 @@
- Rewrite rules are matched in the same order as they appear in the rules file.
- So for best performance, sort it in order of frequency of occurrence.
- 
--This program will automatically detect the existence of a concurrecy channel-ID and adjust appropriately.
-+This program will automatically detect the existence of a concurrency channel-ID and adjust appropriately.
- It may be used with any value 0 or above for the store_id_children concurrency= parameter.
- 
- =head1 OPTIONS
-
-=== modified file 'src/StoreFileSystem.h'
---- src/StoreFileSystem.h	2017-01-01 00:16:45 +0000
-+++ src/StoreFileSystem.h	2017-03-31 23:47:47 +0000
-@@ -47,7 +47,7 @@
-  \par
-  * configure will take a list of storage types through the
-  * --enable-store-io parameter. This parameter takes a list of
-- * space seperated storage types. For example,
-+ * space separated storage types. For example,
-  * --enable-store-io="ufs aufs" .
-  *
-  \par
-
-=== modified file 'src/ipcache.cc'
---- src/ipcache.cc	2017-01-01 00:16:45 +0000
-+++ src/ipcache.cc	2017-03-31 23:47:47 +0000
-@@ -50,7 +50,7 @@
-  \defgroup IPCacheInternal IP Cache Internals
-  \ingroup IPCacheAPI
-  \todo  when IP cache is provided as a class. These sub-groups will be obsolete
-- *  for now they are used to seperate the public and private functions.
-+ *  for now they are used to separate the public and private functions.
-  *  with the private ones all being in IPCachInternal and public in IPCacheAPI
-  *
-  \section InternalOperation Internal Operation
-
-=== modified file 'src/ssl/ssl_crtd.8'
---- src/ssl/ssl_crtd.8	2017-01-01 00:16:45 +0000
-+++ src/ssl/ssl_crtd.8	2017-03-31 23:47:47 +0000
-@@ -33,7 +33,7 @@
- Because the generation and signing of SSL certificates takes time
- Squid must use external process to handle the work.
- .
--This process generates new SSL certificates and uses a disk cache of certificatess
-+This process generates new SSL certificates and uses a disk cache of certificates
- to improve response times on repeated requests.
- Communication occurs via TCP sockets bound to the loopback interface.
- .
-@@ -122,7 +122,7 @@
- .
- .PP
- For simple configuration the helper defaults can be used.
--Only HTTP listening port options are required to enable generation and set the signign CA certificate.
-+Only HTTP listening port options are required to enable generation and set the signing CA certificate.
- For Example:
- .if !'po4a'hide' .RS
- .if !'po4a'hide' .B http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/ssl_cert/www.sample.com.pem
-