------------------------------------------------------------
revno: 13757
revision-id: squid3@treenet.co.nz-20150218103007-jm2haogtcwhsqono
parent: squid3@treenet.co.nz-20150218085000-s8y0r1wfw1jpcly2
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Wed 2015-02-18 02:30:07 -0800
message:
  Prep for 3.5.2 and 3.4.12
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20150218103007-jm2haogtcwhsqono
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: 221363d98de318cd23aade6eb2a9ae2963523af0
# timestamp: 2015-02-18 10:51:05 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20150218085000-\
#   s8y0r1wfw1jpcly2
# 
# Begin patch
=== modified file 'ChangeLog'
--- ChangeLog	2015-01-13 11:41:41 +0000
+++ ChangeLog	2015-02-18 10:30:07 +0000
@@ -1,3 +1,21 @@
+Changes to squid-3.5.2 (18 Feb 2015):
+
+	- Regression Bug 4176: Digest auth too many helper lookups
+	- Regression Bug 4180: not-fully-initialized data member in ACLUserData
+	- Bug 4172: Solaris broken krb5-config
+	- Bug 4073: Cygwin compile errors
+	- Bug 3919: remove several never-true / never-false comparisons
+	- HTTPS: Add missing root CAs when validating chains that passed internal checks
+	- Fix some cbdataFree related memory leaks
+	- Quieten CBDATA 'leak' messages
+	- Set SNI information in transparent bumping mode
+	- negotiate_kerberos_auth: fix krb5.conf backward compatibility
+	- Fix memory leaks in cachemgr.cgi URL parser
+	- Fix sslproxy_options in peek-and-splice mode
+	- ... and fix several portability and build issues
+	- ... and some documentation updates
+	- ... and all fixes from squid 3.4.11
+
 Changes to squid-3.5.1 (13 Jan 2015):
 
 	- Fix handling of invalid SSL server certificates when splicing connections
@@ -100,6 +118,18 @@
 	- ... and many error page translation updates
 	- ... and much code cleanup and polishing
 
+Changes to squid-3.4.12 (18 Feb 2015):
+
+	- Bug 4066: Digest auth nonce indefinite rollover
+	- Bug 3997: Excessive NTLM or Negotiate auth helper annotations
+	- Fix several crashes when debugging enabled
+	- Fix silent SSL/TLS failure on split-stack operating systems
+	- HTTP/1.1: Stop emitting (Proxy-)Authentication-Info for Negotiate
+	- HTTPS: Add TLS/SSL option NO_TICKET to http[s]_port
+	- Remove dst ACL dependency on HTTP request message existence
+	- Set cap_net_admin when Squid sets TOS/Diffserv packet values
+	- ... and some documentation updates
+
 Changes to squid-3.4.11 (13 Jan 2015):
 
 	- Bug 4164: SEGFAULT when %W formating code used in errorpages

=== modified file 'doc/release-notes/release-3.0.sgml'
--- doc/release-notes/release-3.0.sgml	2015-01-13 09:13:49 +0000
+++ doc/release-notes/release-3.0.sgml	2015-02-18 10:30:07 +0000
@@ -15,7 +15,7 @@
 <p>
 The Squid Team are pleased to announce the release of Squid-3.0.STABLE26.
 
-This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.0/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
+This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.0/"> or the <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
 
 A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support and additional Languages.
 

=== modified file 'doc/release-notes/release-3.1.sgml'
--- doc/release-notes/release-3.1.sgml	2015-01-13 09:13:49 +0000
+++ doc/release-notes/release-3.1.sgml	2015-02-18 10:30:07 +0000
@@ -15,7 +15,7 @@
 <p>
 The Squid Team are pleased to announce the release of Squid-3.1.23
 
-This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.1/"> or the <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
+This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.1/"> or the <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
 
 A large number of the show-stopper bugs have been fixed along with general improvements to the ICAP support.
 While this release is not fully bug-free we believe it is ready for use in production on many systems.

=== modified file 'doc/release-notes/release-3.2.sgml'
--- doc/release-notes/release-3.2.sgml	2015-01-24 05:00:00 +0000
+++ doc/release-notes/release-3.2.sgml	2015-02-18 10:30:07 +0000
@@ -16,7 +16,7 @@
 The Squid Team are pleased to announce the release of Squid-3.2.13.
 
 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.2/"> or the
- <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
+ <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
 
 <p>A large number of the show-stopper bugs have been fixed along with general improvements to the IPv6 support.
 While this release is not fully bug-free we believe it is ready for use in production on many systems.

=== modified file 'doc/release-notes/release-3.3.sgml'
--- doc/release-notes/release-3.3.sgml	2015-01-13 09:13:49 +0000
+++ doc/release-notes/release-3.3.sgml	2015-02-18 10:30:07 +0000
@@ -16,7 +16,7 @@
 The Squid Team are pleased to announce the release of Squid-3.3.13.
 
 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.3/"> or the 
-<url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
+<url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
 
 <p>A large number of the design flaws in SSL-Bump feature have been fixed along with general improvements all around.
 While this release is not fully bug-free we believe it is ready for use in production on many systems.

=== modified file 'doc/release-notes/release-3.4.sgml'
--- doc/release-notes/release-3.4.sgml	2015-01-13 11:41:41 +0000
+++ doc/release-notes/release-3.4.sgml	2015-02-18 10:30:07 +0000
@@ -1,6 +1,6 @@
 <!doctype linuxdoc system>
 <article>
-<title>Squid 3.4.11 release notes</title>
+<title>Squid 3.4.12 release notes</title>
 <author>Squid Developers</author>
 
 <abstract>
@@ -13,10 +13,10 @@
 
 <sect>Notice
 <p>
-The Squid Team are pleased to announce the release of Squid-3.4.11 for testing.
+The Squid Team are pleased to announce the release of Squid-3.4.12.
 
 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.4/"> or the
- <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
+ <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
 
 <p>Some interesting new features adding system flexibility have been added along with general improvements all around.
    While this release is not fully bug-free we believe it is ready for use in production on many systems.
@@ -347,6 +347,12 @@
 <sect1>Removed tags<label id="removedtags">
 <p>
 <descrip>
+	<tag>log_access</tag>
+	<p>Removed. Use access_log with ACLs instead
+
+	<tag>log_icap</tag>
+	<p>Removed. Use icap_log with ACLs instead
+
 	<tag>storeurl_access</tag>
 	<p>Replaced by <em>store_id_access</em>.
 

=== modified file 'doc/release-notes/release-3.5.html'
--- doc/release-notes/release-3.5.html	2015-01-13 11:41:41 +0000
+++ doc/release-notes/release-3.5.html	2015-02-18 10:30:07 +0000
@@ -2,10 +2,10 @@
 <HTML>
 <HEAD>
  <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
- <TITLE>Squid 3.5.1 release notes</TITLE>
+ <TITLE>Squid 3.5.2 release notes</TITLE>
 </HEAD>
 <BODY>
-<H1>Squid 3.5.1 release notes</H1>
+<H1>Squid 3.5.2 release notes</H1>
 
 <H2>Squid Developers</H2>
 <HR>
@@ -63,10 +63,10 @@
 <HR>
 <H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
 
-<P>The Squid Team are pleased to announce the release of Squid-3.5.1 for testing.</P>
+<P>The Squid Team are pleased to announce the release of Squid-3.5.2.</P>
 <P>This new release is available for download from 
 <A HREF="http://www.squid-cache.org/Versions/v3/3.5/">http://www.squid-cache.org/Versions/v3/3.5/</A> or the
-<A HREF="http://www.squid-cache.org/Mirrors/http-mirrors.html">mirrors</A>.</P>
+<A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
 
 <P>Some interesting new features adding system flexibility have been added along with general improvements all around.
 While this release is not fully bug-free we believe it is ready for use in production on many systems.</P>
@@ -322,7 +322,7 @@
 receive traffic from client software sending in this protocol.
 HTTP traffic without the PROXY header is not accepted on such a port.</P>
 
-<P>The <EM>accel</EM> and <EM>intercept</EM> options are still used to identify the
+<P>The <EM>accel</EM> and <EM>intercept</EM> options are still used to identify the HTTP
 traffic syntax being delivered by the client proxy.</P>
 
 <P>Squid can be configured by adding an <EM>http_port</EM>
@@ -414,17 +414,13 @@
 Collapsing of requests is performed across SMP workers.</P>
 
 <DT><B>ftp_client_idle_timeout</B><DD>
-<P>This new configuration directive controls how long Squid should
-wait for an FTP request on a connection to an ftp_port.  Many FTP
-clients do not deal with idle connection closures well,
-necessitating a longer default timeout (30 minutes) than
-client_idle_pconn_timeout used for incoming HTTP requests (2
-minutes). The current default may be changed as we get more
-experience with FTP relaying.</P>
-
-<DT><B>ftp_client_idle_timeout</B><DD>
 <P>New directive controlling how long to wait for an FTP request on a
 client connection to Squid <EM>ftp_port</EM>.</P>
+<P>Many FTP clients do not deal with idle connection closures well,
+necessitating a longer default timeout (30 minutes) than
+<EM>client_idle_pconn_timeout</EM> used for incoming HTTP requests (2
+minutes).</P>
+<P>The current default may be changed as we get more experience with FTP relaying.</P>
 
 <DT><B>ftp_port</B><DD>
 <P>New configuration directive to accept and relay native FTP

=== modified file 'doc/release-notes/release-3.5.sgml'
--- doc/release-notes/release-3.5.sgml	2015-01-13 11:41:41 +0000
+++ doc/release-notes/release-3.5.sgml	2015-02-18 10:30:07 +0000
@@ -1,6 +1,6 @@
 <!doctype linuxdoc system>
 <article>
-<title>Squid 3.5.1 release notes</title>
+<title>Squid 3.5.2 release notes</title>
 <author>Squid Developers</author>
 
 <abstract>
@@ -13,10 +13,10 @@
 
 <sect>Notice
 <p>
-The Squid Team are pleased to announce the release of Squid-3.5.1 for testing.
+The Squid Team are pleased to announce the release of Squid-3.5.2.
 
 This new release is available for download from <url url="http://www.squid-cache.org/Versions/v3/3.5/"> or the
- <url url="http://www.squid-cache.org/Mirrors/http-mirrors.html" name="mirrors">.
+ <url url="http://www.squid-cache.org/Download/http-mirrors.html" name="mirrors">.
 
 <p>Some interesting new features adding system flexibility have been added along with general improvements all around.
    While this release is not fully bug-free we believe it is ready for use in production on many systems.
@@ -239,7 +239,7 @@
    receive traffic from client software sending in this protocol.
    HTTP traffic without the PROXY header is not accepted on such a port.
 
-<p>The <em>accel</em> and <em>intercept</em> options are still used to identify the
+<p>The <em>accel</em> and <em>intercept</em> options are still used to identify the HTTP
    traffic syntax being delivered by the client proxy.
 
 <p>Squid can be configured by adding an <em>http_port</em>
@@ -321,17 +321,13 @@
            Collapsing of requests is performed across SMP workers.
 
 	<tag>ftp_client_idle_timeout</tag>
-	<p>This new configuration directive controls how long Squid should
-	   wait for an FTP request on a connection to an ftp_port.  Many FTP
-	   clients do not deal with idle connection closures well,
-	   necessitating a longer default timeout (30 minutes) than
-	   client_idle_pconn_timeout used for incoming HTTP requests (2
-	   minutes). The current default may be changed as we get more
-	   experience with FTP relaying.
-
-	<tag>ftp_client_idle_timeout</tag>
 	<p>New directive controlling how long to wait for an FTP request on a
 	   client connection to Squid <em>ftp_port</em>.
+	<p>Many FTP clients do not deal with idle connection closures well,
+	   necessitating a longer default timeout (30 minutes) than
+	   <em>client_idle_pconn_timeout</em> used for incoming HTTP requests (2
+	   minutes).
+	<p>The current default may be changed as we get more experience with FTP relaying.
 
 	<tag>ftp_port</tag>
 	<p>New configuration directive to accept and relay native FTP

=== modified file 'helpers/external_acl/LDAP_group/ext_ldap_group_acl.8'
--- helpers/external_acl/LDAP_group/ext_ldap_group_acl.8	2015-01-13 09:13:49 +0000
+++ helpers/external_acl/LDAP_group/ext_ldap_group_acl.8	2015-02-18 10:30:07 +0000
@@ -7,19 +7,19 @@
 .
 .SH SYNOPSIS
 .if !'po4a'hide' .B ext_ldap_group_acl
-.if !'po4a'hide' .B "\-b \""
-base DN
-.if !'po4a'hide' .B "\" \-f \""
-LDAP search filter
-.if !'po4a'hide' .B "\" ["
+.if !'po4a'hide' .B \-b
+base\-DN
+.if !'po4a'hide' .B \-f
+filter
+.if !'po4a'hide' .B "["
 options
 .if !'po4a'hide' .B "] ["
-LDAP server name
-.if !'po4a'hide' .B "[:"
+server
+.if !'po4a'hide' .B "[ ':' "
 port
-.if !'po4a'hide' .B "]|"
+.if !'po4a'hide' .B "] |"
 URI
-.if !'po4a'hide' .B "]..."
+.if !'po4a'hide' .B "] ..."
 .
 .SH DESCRIPTION
 .B ext_ldap_group_acl
@@ -100,7 +100,7 @@
 configuration file without getting the secretfile.
 .
 .if !'po4a'hide' .TP
-.if !'po4a'hide' .BI \-E certpath
+.if !'po4a'hide' .BI "\-E " certpath
 Enable LDAP over SSL (requires Netscape LDAP API libraries)
 .
 .if !'po4a'hide' .TP

=== modified file 'src/cf.data.pre'
--- src/cf.data.pre	2015-01-24 05:00:00 +0000
+++ src/cf.data.pre	2015-02-18 10:30:07 +0000
@@ -155,6 +155,7 @@
 	Remove this line. Use always_direct or cache_peer_access ACLs instead if you need to prevent cache_peer use.
 DOC_END
 
+# Options removed in 3.4
 NAME: log_access
 TYPE: obsolete
 DOC_START