From: Jean Baptiste Favre Date: Sat, 21 May 2022 17:28:31 +0000 (+0100) Subject: trafficserver (8.1.1+ds-1.1+deb11u1) bullseye-security; urgency=high X-Git-Tag: archive/raspbian/8.1.1+ds-1.1+rpi1+deb11u1^2~20 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c23a8b4bf518275d67c52c7999c1b64b9e8b1345;p=trafficserver.git trafficserver (8.1.1+ds-1.1+deb11u1) bullseye-security; urgency=high * Multiple CVE fixes for 8.1.x + CVE-2021-37147: Improper input validation vulnerability + CVE-2021-37148: Improper input validation vulnerability + CVE-2021-37149: Improper Input Validation vulnerability + CVE-2021-38161: Improper Authentication vulnerability in TLS origin verification + CVE-2021-44040: Improper Input Validation vulnerability in request line parsing + CVE-2021-44759: Improper Authentication vulnerability in TLS origin validation [dgit import unpatched trafficserver 8.1.1+ds-1.1+deb11u1] --- c23a8b4bf518275d67c52c7999c1b64b9e8b1345 diff --cc debian/CONFIGURATION.Debian index 00000000,00000000..206614a7 new file mode 100644 --- /dev/null +++ b/debian/CONFIGURATION.Debian @@@ -1,0 -1,0 +1,99 @@@ ++trafficserver for Debian ++------------------------ ++ ++Here are some configuration hints related to Traffic Server. Unless you already ++noted, configuration files are located in /etc/trafficserver. Traffic Server ++has some uncommon behaviour here: Please note, those files are generated auto- ++matically and some may not even be intended to be edited manually. Moreover it ++will rotate and synchronize configuration files if you run a cluster. Hence be ++careful when editing them, chances are Traffic Server WILL OVERWRITE them. This ++is especially true for comments which are not kept when using `traffic_line' ++(as explained below). ++ ++* To get a general idea about traffic server and its architecture, read [4]. It ++ is crucial to understand the internal architecture before trying to start. ++ ++* The main configuration file is `records.config'. You may either edit the main ++ configuration file by hand, but it is suggested to use the `traffic_line' ++ command instead. More on editing configuration files can be found on [1]. The ++ `traffic_line' command is used like this: ++ ++ traffic_line -s proxy.config.proxy_name -v www.example.com ++ ++ You might need to tell Traffic Server about your changes. If it is already ++ running use `traffic_line -x' to inform it about your changes. Please note ++ that you must restart your `traffic_server' daemon for some changes. ++ ++* If you used Squid before you might find [2] helpful which lists Traffic Serv- ++ er configuration directives along their Squid equivalent. Use this as resour- ++ ce to understand Traffic Server. ++ ++* To help you to get started, I am going to introduce you very briefly to Traf- ++ fic Server. Note, lines starting with `#' are remarks: ++ ++ Open `records.config'. ++ ++ # Configure the cluster interface ++ CONFIG proxy.config.cluster.ethernet_interface STRING eth0 ++ ++ ++ # You may also want to bind your proxy server to a specific IP: ++ # Please note the security warning below as well ++ CONFIG proxy.local.incoming_ip_to_bind 1.2.3.4 ++ ++ # Next configure the listening port for incoming connections ++ CONFIG proxy.config.http.server_port INT 80 ++ ++ # Now tell Traffic Server how much Memory it is allowed to consume ++ # Set this value to -1 for best results which will instruct Traffic Server ++ # to consume roughly 1 MB for each GB of your disk backend storage size ++ # for memory caching. If you can afford it, go on and trash as much as ++ # you want and put here any positive value indicating the memory cache ++ # in bytes. ++ CONFIG proxy.config.cache.ram_cache.size LLONG 131072 # (128 MB) ++ ++ Next edit `storage.config'. Debian ships with a default configuration poin- ++ ting to a cache file in `/var/cache/trafficserver' sized 256MB. This is fair- ++ ly ok for testing, otherwise feel free to change (value is in KB): ++ ++ /var/cache/trafficserver 262144 ++ ++ Finally open `remap.config' where you need to tell Traffic Server about ++ your origin server(s): ++ ++ map http://www.example.com/ http://www.example.com:8080/ ++ # ---------------------- ---------------------------- ++ # ^- This is your client This is your origin -^ ++ # Host: header that server. ++ # is to be mappend ++ ++* For a more comprehensive documentation about Traffic Server and its configu- ++ ration directives consult [3]. ++ ++ Yet the documentation on the web page can not be considered up to date for some ++ parts. Feel free to ask for help on the Apache Traffic Server mailing list: ++ ++ E-Mail ++ URL: ++ ++ More information may be found on either resource among those: ++ Project Website: ++ IRC: #traffic-server on irc.freenode.net. ++ Project Wiki: https://cwiki.apache.org/TS/traffic-server.html ++ ++* Traffic Server can basically act in two modes: As forward proxy and as a rever- ++ se proxy. Traffic Servers primary purpose is to act as reverse proxy (e.g. ++ different to Squid). Nonetheless you can Traffic Server still instruct to act ++ as forward proxy as well. If you know what you are doing, you need to set ++ ++ CONFIG proxy.config.url_remap.remap_required INT 0 ++ ++ for that purpose. ++ ++ ++[1] https://docs.trafficserver.apache.org/en/latest/admin-guide/configuring-traffic-server.en.html ++[2] https://cwiki.apache.org/confluence/display/TS/SquidConfigTranslation ++[3] https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html ++[4] https://docs.trafficserver.apache.org/en/latest/admin-guide/introduction.en.html ++ ++ -- Arno Töll Wed, 21 Mar 2012 14:10:21 +0100 diff --cc debian/NEWS index 00000000,00000000..d4253168 new file mode 100644 --- /dev/null +++ b/debian/NEWS @@@ -1,0 -1,0 +1,23 @@@ ++trafficserver (6.0.0-3) unstable; urgency=medium ++ ++ If you are using 32-bits package, please not that upstream has ++ discontinued 32-bit support. ++ 32-bits Debian package will still be built, but is subject to removal ++ whenever 32-bit fails. ++ ++ -- Jean Baptiste Favre Mon, 14 Dec 2015 10:29:12 +0100 ++ ++trafficserver (3.0.0-1) unstable; urgency=low ++ ++ If you are upgrading from v2.1.8 or earlier to ATS 3.0 you need to migrate ++ to the new `records.config' configuration file. If possible, let Debian ++ overwrite your `records.config' configuration file. ++ ++ Moreover you should clear all caches after upgrading (e.g. do "traffic_server ++ -Cclear"). ++ ++ The host.db data abse isn't required anymore. Therefore you can delete ++ `/etc/trafficserver/internal/hostdb.config' and `/var/cache/trafficserver/ ++ host.db'. ++ ++ -- Arno Töll Wed, 15 Jun 2011 16:23:13 +0200 diff --cc debian/README.Debian index 00000000,00000000..cd6a3cae new file mode 100644 --- /dev/null +++ b/debian/README.Debian @@@ -1,0 -1,0 +1,44 @@@ ++trafficserver for Debian ++------------------------ ++ ++* ATS 8.0.0 comes with slight changes in config files. ++ Following ones has been removed: ++ - /etc/trafficserver/vaddrs.config ++ - /etc/trafficserver/metrics.config ++ - /etc/trafficserver/logging.config ++ - /etc/trafficserver/log_hosts.config ++ - /etc/trafficserver/congestion.config ++ - /etc/trafficserver/cluster.config ++ - /etc/trafficserver/body_factory/default/congestion#retryAfter ++ ++* New config files have been added and now use yaml format. ++ More files will be migrated in the future: ++ - /etc/trafficserver/logging.yaml ++ - /etc/trafficserver/ssl_server_name.yaml ++ ++* gzip pluging has been renamed into compress. ++ Existing configuration won't be updated ++ ++* traffic_cop has been removed. Now, init and systemd files use traffic_manager ++ ++ -- Jean Baptiste Favre Fri, 21 Sep 2018 09:04:07 +0200 ++ ++* If you are using 32-bits package, please note that upstream has ++ discontinued 32-bit support. ++ 32-bits Debian package will still be built, but is subject to removal ++ whenever 32-bit fails. ++ ++ -- Jean Baptiste Favre Mon, 14 Dec 2015 10:29:12 +0100 ++ ++* Please read the CONFIGURATION.Debian file to get started with Traffic Server. ++ ++* Currently Apache Traffic Server lacks man pages of binaries shipped along the ++ package. That's a known problem which is being worked on. Please read the ++ upstream documentation on the website instead. ++ ++* If you read upstream's documentation about Traffic Server you will sometimes ++ find references to a program `/usr/bin/trafficserver`. Debian does not ship ++ this script. This is intentional. Use Debian's /etc/init.d/trafficserver ++ script instead. ++ ++ -- Arno Töll Tue, 31 Dec 2011 13:54:18 +0100 diff --cc debian/README.conf-remap.Debian index 00000000,00000000..28d9e4dc new file mode 100644 --- /dev/null +++ b/debian/README.conf-remap.Debian @@@ -1,0 -1,0 +1,26 @@@ ++Trafficserver-plugin-conf-remap for Debian ++----------------------------------------- ++ ++* The conf_remap plug-in allows you to override configuration directives ++ dependent on actual remapping rules. ++* This plug-in replaces older legacy functionality which allowed to achieve a ++ similar behaviour previously by configuring remap rules for example with ++ switches like "@pristine_host_hdr=1" in your remap configuration. ++* If you want to achieve this behaviour now, configure a remap rule like this: ++ ++ map http://cdn.example.com/ http://some-server.example.com \ ++ @plugin=conf_remap.so @pparam=/etc/trafficserver/cdn.conf ++ ++ where cdn.conf would look like records.config, e.g. ++ ++ CONFIG proxy.config.url_remap.pristine_host_hdr INT 1 ++ ++ Doing this, you will override your global default configuration on a per map- ++ ping rule. ++ ++* You may want to look on ++ ++ for a full list of options which are allowed to be overridden and perhaps ++ some updated information. ++ ++ -- Arno Toell Tue, 12 Jan 2011 19:30:18 +0100 diff --cc debian/change_config.pl index 00000000,00000000..01072dfb new file mode 100755 --- /dev/null +++ b/debian/change_config.pl @@@ -1,0 -1,0 +1,32 @@@ ++#! /usr/bin/perl ++ ++use strict; ++ ++our @config_lines; ++our %defaults = ( ++ "proxy.config.alarm_email" => "trafficserver", ++ "proxy.config.admin.user_id" => "trafficserver", ++ "proxy.config.log.max_space_mb_for_logs" => 2000, ++); ++ ++die("Usage: $0 ") unless $#ARGV == 0; ++ ++open(F, "+<", $ARGV[0]) || die("Cannot open $ARGV[0]: $!"); ++while(my $line = ) ++{ ++ if ($line =~ /^CONFIG/) ++ { ++ foreach my $pattern (keys %defaults) ++ { ++ $line =~ s/(?<=CONFIG $pattern)(\s+[A-Z]+)\s+.+$/$1 $defaults{$pattern}/; ++ } ++ } ++ push(@config_lines, $line); ++} ++seek(F, 0, 0); ++foreach my $line (@config_lines) ++{ ++ print F $line; ++} ++print F "CONFIG proxy.config.admin.user_id STRING trafficserver\n"; ++close(F); diff --cc debian/changelog index 00000000,00000000..5720a022 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@ -1,0 -1,0 +1,932 @@@ ++trafficserver (8.1.1+ds-1.1+deb11u1) bullseye-security; urgency=high ++ ++ * Multiple CVE fixes for 8.1.x ++ + CVE-2021-37147: Improper input validation vulnerability ++ + CVE-2021-37148: Improper input validation vulnerability ++ + CVE-2021-37149: Improper Input Validation vulnerability ++ + CVE-2021-38161: Improper Authentication vulnerability in TLS origin verification ++ + CVE-2021-44040: Improper Input Validation vulnerability in request line parsing ++ + CVE-2021-44759: Improper Authentication vulnerability in TLS origin validation ++ ++ -- Jean Baptiste Favre Sat, 21 May 2022 19:28:31 +0200 ++ ++trafficserver (8.1.1+ds-1.1) unstable; urgency=medium ++ ++ * Non-maintainer upload. ++ * Address CVE-2021-27577, CVE-2021-32565, CVE-2021-32566, CVE-2021-32567 and ++ CVE-2021-35474. ++ - CVE-2021-27577: Incorrect handling of url fragment leads to cache ++ poisoning ++ - CVE-2021-32565: HTTP Request Smuggling, content length with invalid ++ charters ++ - CVE-2021-32566: Specific sequence of HTTP/2 frames can cause ATS to ++ crash ++ - CVE-2021-32567: Reading HTTP/2 frames too many times ++ - CVE-2021-35474: Dynamic stack buffer overflow in cachekey plugin ++ (Closes: #990303) ++ ++ -- Salvatore Bonaccorso Thu, 15 Jul 2021 21:48:17 +0200 ++ ++trafficserver (8.1.1+ds-1) unstable; urgency=medium ++ ++ * New upstream version 8.1.0+ds ++ * Update d/watch ++ * Update d/upstream/signing-key.asc ++ * New upstream version 8.1.1+ds ++ * Update Debian Standards-Version ++ ++ -- Jean Baptiste Favre Sun, 06 Dec 2020 16:26:39 +0100 ++ ++trafficserver (8.1.1+ds-1) unstable; urgency=medium ++ ++ * New upstream version 8.1.0+ds ++ * Update d/watch ++ * Update d/upstream/signing-key.asc ++ * New upstream version 8.1.1+ds ++ ++ -- Jean Baptiste Favre Sun, 06 Dec 2020 15:43:35 +0100 ++ ++trafficserver (8.1.0+ds-2) unstable; urgency=medium ++ ++ * Remove autopkgtest (Closes: #974683) ++ ++ -- Jean Baptiste Favre Sun, 22 Nov 2020 18:24:18 +0100 ++ ++trafficserver (8.1.0+ds-1) unstable; urgency=medium ++ ++ * Remove lintian-overrides for trafficserver-experimental-plugins ++ * Fix Salsa CI ++ * Update d/upstream/signing-key.asc ++ * New upstream version 8.1.0+ds ++ * d/patches refresh for 8.1.0 ++ * Update experimental plugins list ++ ++ -- Jean Baptiste Favre Tue, 01 Sep 2020 19:55:21 +0200 ++ ++trafficserver (8.0.8+ds-3) UNRELEASED; urgency=low ++ ++ * Fix day-of-week for changelog entry 2.1.5-unstable-1. ++ ++ -- Debian Janitor Sat, 22 Aug 2020 17:48:33 -0000 ++ ++trafficserver (8.0.8+ds-2) unstable; urgency=medium ++ ++ * Backport upstream patch to fix FTBFS with Sphinx >= 3.0 (Closes: #963664) ++ ++ -- Jean Baptiste Favre Wed, 29 Jul 2020 08:40:43 +0200 ++ ++trafficserver (8.0.8+ds-1) unstable; urgency=medium ++ ++ * New upstream version 8.0.8+ds ++ * Includes fix for CVE-2020-9494 (Closes: #963629) ++ * Update debhelper-compat version in d/control ++ ++ -- Jean Baptiste Favre Thu, 25 Jun 2020 10:01:51 +0200 ++ ++trafficserver (8.0.7+ds-1) unstable; urgency=medium ++ ++ * New upstream version 8.0.7+ds ++ ++ -- Jean Baptiste Favre Thu, 16 Apr 2020 18:32:04 +0200 ++ ++trafficserver (8.0.6+ds-1) unstable; urgency=medium ++ ++ * Update d/watch after upstream changes ++ * Update d/gbp.conf ++ * Update d/gbp.conf ++ * New upstream version 8.0.6+ds ++ * Patches refresh for 8.0.6 ++ ++ -- Jean Baptiste Favre Tue, 03 Mar 2020 09:06:18 +0100 ++ ++trafficserver (8.0.5+ds-3) unstable; urgency=medium ++ ++ * Bump Standards-Version ++ * Add patch for Python 3.8 compatibility (Closes: #950245) ++ * Update build & test dependencies for Python 3.8 ++ ++ -- Jean Baptiste Favre Mon, 03 Feb 2020 11:45:17 +0100 ++ ++trafficserver (8.0.5+ds-2) unstable; urgency=medium ++ ++ * Bump Debian Policy version ++ * Remove Build-Depends against python2 modules (Closes: #943248) ++ ++ -- Jean Baptiste Favre Wed, 23 Oct 2019 10:07:42 +0200 ++ ++trafficserver (8.0.5+ds-1) unstable; urgency=medium ++ ++ * New upstream release ++ - Changes introduced with 8.0.4 include fixes for CVE-2019-9512, ++ CVE-2019-9514, and CVE-2019-9515. (Closes: #934887) ++ - 8.0.5 fixes CVE-2019-9518 (Closes: #935314) ++ ++ -- Emanuele Rocca Sat, 24 Aug 2019 09:00:22 +0200 ++ ++trafficserver (8.0.3+ds-4) unstable; urgency=medium ++ ++ * Fix lintian warning 'skip-systemd-native-flag-missing-pre-depends' ++ * Use debhelper-compat instead of debian/compat ++ ++ -- Jean Baptiste Favre Fri, 02 Aug 2019 09:07:31 +0200 ++ ++trafficserver (8.0.3+ds-3) unstable; urgency=medium ++ ++ * Run upstream testsuite with autopkgtest. ++ * Enable CI tests on salsa (see debian/salsa-ci.yml). ++ * Set debhelper compatibility level to 12. ++ * Add myself to the Uploaders field. ++ * Set Standards-Version to 4.4.0. ++ ++ -- Emanuele Rocca Wed, 31 Jul 2019 11:11:59 +0200 ++ ++trafficserver (8.0.3+ds-2) unstable; urgency=medium ++ ++ * Fix hardeing updating 0015-as-needed-fix.patch from Ubuntu ++ ++ -- Jean Baptiste Favre Tue, 26 Mar 2019 08:44:17 +0100 ++ ++trafficserver (8.0.3+ds-1) unstable; urgency=medium ++ ++ * Use secure URI in Homepage field. ++ * Re-export upstream signing key without extra signatures. ++ * Drop unnecessary dependency on dh-autoconf. ++ * New upstream version 8.0.3+ds ++ * Patches update for 8.0.3 ++ * Add as-needed patch from Ubuntu ++ ++ -- Jean Baptiste Favre Mon, 25 Mar 2019 10:29:35 +0100 ++ ++trafficserver (8.0.2+ds-1) unstable; urgency=medium ++ ++ * Disable testing build in d/gitlab-ci.yml ++ * Update d/copyright to remove unneeded files when importing upstream release ++ * Update upstream GPG keys list ++ * New upstream version 8.0.2+ds ++ * Patches refresh for 8.0.2 ++ * Update patch. Add dep3 headers ++ * Update d/control. Mark trafficserver-dev architecture all ++ * Remove signature from upstream keys. Fix lintian info ++ * Move dpkg-maintscript-helper commands to d/trafficserver.maintscript ++ ++ -- Jean Baptiste Favre Wed, 30 Jan 2019 14:45:09 +0100 ++ ++trafficserver (8.0.1-4) unstable; urgency=medium ++ ++ * Add patch and update d/control, d/rules to use system provided yaml-cpp ++ ++ -- Jean Baptiste Favre Fri, 11 Jan 2019 19:07:28 +0100 ++ ++trafficserver (8.0.1-3) unstable; urgency=medium ++ ++ * Add missed experimental plugin certifier ++ * Add man pages paths to d/not-installed to avoid too verbose dh_missing list. ++ Manpages are compressed before being install. Non-compressed version is in ++ turn erroneously detected as not installed. ++ * Update patch which has been merged upstream ++ ++ -- Jean Baptiste Favre Mon, 07 Jan 2019 15:24:38 +0100 ++ ++trafficserver (8.0.1-2) unstable; urgency=medium ++ ++ * Update Standards Version in d/control. No other changes needed ++ * Update trafficserver-experimental-plugins package descriptions ++ in d/control to fix lintian warnings ++ * Add patch 0012-fix-spelling-checks to fix spellings. Forwarded upstream ++ * Update patch 0006-fix-doc-build to include missing manpages ++ * Remove d/trafficserver.lintian-overrides ++ * Add patch 0013-fix-perl-interpreter-path. Fix lintian error which used ++ to be overridden in d/trafficserver.lintian-overrides ++ * Update d/trafficserver-dev.lintian-overrides ++ ++ -- Jean Baptiste Favre Thu, 03 Jan 2019 10:52:44 +0100 ++ ++trafficserver (8.0.1-1) unstable; urgency=medium ++ ++ * New upstream version 8.0.1 ++ * Patches refresh for 8.0.1 ++ * Removed patches which have been merged upstream: ++ - 0002-add-mips64-support ++ - 0004-fix_arm_build ++ - 0005-fix_build_kfreebsd ++ - 0007-fix-uri_signing ++ - 0010-fix-32bits-build ++ - 0012-fix-traffic_via ++ * Fix lintian warning public-upstream-key-not-minimal ++ ++ -- Jean Baptiste Favre Mon, 03 Dec 2018 14:15:07 +0100 ++ ++trafficserver (8.0.0-4) unstable; urgency=medium ++ ++ [ Emanuele Rocca ] ++ * Update descriptions in d/control ++ ++ [ Jean Baptiste Favre ] ++ * Update patch to fix kfreebsd FTBFS ++ ++ -- Jean Baptiste Favre Mon, 05 Nov 2018 10:13:03 +0100 ++ ++trafficserver (8.0.0-3) unstable; urgency=medium ++ ++ * Remove webptransform experimental plugin ++ * Update patch to fix kfreebsd FTBFS ++ * Update d/copyright to fix lintian error ++ * Update d/rules to fix FTBFS for mips & mipsel archs ++ * Update d/rules to spare call to dpkg-parsechangelog ++ * Update d/copyright after 8.0.0 file moves ++ ++ -- Jean Baptiste Favre Fri, 02 Nov 2018 14:24:38 +0100 ++ ++trafficserver (8.0.0-2) unstable; urgency=medium ++ ++ * Add a patch to fix FTBFS with MySQL 8 (LP: #1795362) ++ * Update 0009-fix-mysql-8-build.patch which has been merged upstream ++ * Bump Standards-Version in d/control ++ * Add patch to fix 32bits arm & mips arch build ++ * Backport upstream patch to fix segmentation fault ++ * Backport upstream patch to fix traffic_via ++ ++ -- Jean Baptiste Favre Wed, 17 Oct 2018 20:40:51 +0200 ++ ++trafficserver (8.0.0-1) unstable; urgency=medium ++ ++ [ Aron Xu ] ++ * Remove .vscode directory ++ * systemd: After=network-online.target ++ ++ [ Jean Baptiste Favre ] ++ * Update d/changelog for 8.0.0 ++ * Update init and service file after traffic_cop removal ++ * Update d/README.Debian to reflect configuration changes ++ * Add d/gitlab-ci.yml to use Salsa CI ++ * Update d/control ++ * Add build-deps against graphviz, python3-sphinxcontrib.plantuml ++ and plantuml to build documentation & manpages ++ * Add build-deps against libcrypto++-dev, libjansson-dev, libcjose-dev to ++ build uri_signing plugin ++ * Update Breaks to manage plugins transition from experimental to stable ++ * Update postinst maintainer script, add postrm & preinst scripts to remove ++ obsolete config files ++ - /etc/trafficserver/vaddrs.config, ++ - /etc/trafficserver/metrics.config, ++ - /etc/trafficserver/logging.config, ++ - /etc/trafficserver/log_hosts.config, ++ - /etc/trafficserver/congestion.config, ++ - /etc/trafficserver/cluster.config, ++ - /etc/trafficserver/body_factory/default/congestion#retryAfter ++ * Update d/trafficserver and d/trafficserver-experimental-plugins install ++ files ++ - Stable plugin gzip renamed to compress ++ - Promoted stable plugins: ++ - cachekey, ++ - cache_promote, ++ - escalate, ++ - test_cppapi, ++ - tslua ++ - Added new experimental plugins: ++ - access_control, ++ - fq_pacing, ++ - prefetch, ++ - server_push_preload, ++ - system_stats, ++ - tls_bridge, ++ - traffic_dump, ++ - uri_signing ++ - Remove deprecated plugins collapsed_connection, epic ++ * Remove obsolete config option --enable-system-luajit from d/rules ++ * Add --with-build-version option to d/rule to have a deterministic ++ build-version ++ * Update d/copyright to remove .vscode during import at repack stage ++ * Update patches for 8.0.0 ++ - Refresh patches for 8.0.0 ++ - Removed patches: ++ - 0004-force-use-luajit-system*, updated upstream ++ - 0005-fix_documentation_build_option, updated upstream ++ - 0008-fix_build_lua, updated upstream ++ - 0009-fix-doc-python3, update upstream ++ - 0010-Remove-custom-memory-barriers-from-header_rewrite-an patches, ++ updated upstream ++ - Renamed remaining patches: ++ - 0006-fix_arm_build -> 0004-fix_arm_build, ++ - 0007-fix_build_kfreebsd -> 0005-fix_build_kfreebsd, ++ - 0009-fix-doc-git -> 0006-fix-doc-build ++ - Add patch to fix uri_signing experimental plugin build ++ - Add patch to fix check-unused-dependencies ++ * New upstream version 8.0.0 ++ ++ -- Jean Baptiste Favre Sat, 06 Oct 2018 12:43:13 +0200 ++ ++trafficserver (7.1.4+ds-1) unstable; urgency=medium ++ ++ [ Aron Xu ] ++ * Use libunwind for mips* ++ ++ [ Jean Baptiste Favre ] ++ * Update Debian standards version ++ * New upstream version 7.1.4+ds ++ * Patches refresh for 7.1.4 ++ * Add lintian override for trafficserver package ++ ++ -- Jean Baptiste Favre Mon, 06 Aug 2018 10:56:14 +0200 ++ ++trafficserver (7.1.3+ds-4) unstable; urgency=medium ++ ++ * Fix FTBS on armel (Closes: #902112) ++ ++ -- Jean Baptiste Favre Fri, 22 Jun 2018 17:13:53 +0200 ++ ++trafficserver (7.1.3+ds-3) unstable; urgency=medium ++ ++ * Add systemd tmpfile support (LP: #1756207) ++ * Update Build-Depends (Closes: #887503) ++ ++ -- Jean Baptiste Favre Wed, 13 Jun 2018 22:39:58 +0200 ++ ++trafficserver (7.1.3+ds-2) unstable; urgency=medium ++ ++ * Update build-deps to libncurses6 ++ * Update patch to fix arm* builds ++ ++ -- Jean Baptiste Favre Fri, 18 May 2018 17:25:22 +0200 ++ ++trafficserver (7.1.3+ds-1) unstable; urgency=medium ++ ++ * Update Vcs URLs. Replace alioth with salsa ++ * Add patch to make documentation build with python3. Fix lintian warning ++ * New upstream version 7.1.3+ds ++ * Update d/gbp.conf ++ * Patches refresh for 7.1.3 ++ * Add a patch to fix doc build outside of git repository ++ * Update standards version ++ * Remove chown command from postinst script. Fix lintian warning ++ ++ -- Jean Baptiste Favre Tue, 24 Apr 2018 10:17:21 +0200 ++ ++trafficserver (7.1.2+ds-3) unstable; urgency=medium ++ ++ * Add upstream changelog file to trafficserver package ++ * Add systemd units file ++ * Fix documentation. Update links ++ * Update d/rules to remove examples binary files from package ++ ++ -- Jean Baptiste Favre Fri, 16 Feb 2018 15:05:07 +0100 ++ ++trafficserver (7.1.2+ds-2) unstable; urgency=medium ++ ++ * Drop patch for lua source code removal (Handled with repack) ++ * Drop patch for documentation build (merged upstream) ++ * Add a patch to make man pages being built ++ * Update d/compat ++ * Fix lintian warnings ++ * Update d/rule to fix lintian warning. ++ * Disable auto_test (again) ++ * Install CHANGELOG file in /usr/share/doc ++ * Enable documentation built (if not, man pages aren't either) ++ ++ -- Jean Baptiste Favre Thu, 25 Jan 2018 23:38:51 +0100 ++ ++trafficserver (7.1.2+ds-1) unstable; urgency=medium ++ ++ * New upstream version 7.1.2+ds ++ * Update d/patches for 7.1.2+ds ++ * Update build dependencies ++ * Update compilation flags ++ * Enable experimental plugin cache_key_genid ++ ++ -- Jean Baptiste Favre Tue, 16 Jan 2018 18:18:40 +0100 ++ ++trafficserver (7.1.1-1) unstable; urgency=medium ++ ++ * Fix trafficserver-dev dependencies. (Closes: #877457) ++ * Fix d/gbp.conf. Remove duplicate filter option ++ * Update standards version in d/control ++ * Fix debian-rules-sets-dpkg-architecture-variable lintian warning ++ * Fix debian-watch-uses-insecure-uri lintian info ++ * Update d/patches ++ * Update d/rules to reflect healthcheck being managed as a stable plugin ++ * Add a patch to fix kfreebsd build ++ * Add a patch to fix arm build ++ * New upstream version 7.1.0 ++ * Remove broken 0008-fix_build_armel patch ++ * Patches refresh for 7.1.0 ++ * Add new patch to fix build with luajit 2.1 (Closes: #873328) ++ * Update experimental modules list ++ * Update Debian Standards-Version & d/compat ++ * Update Vcs-* fields to use secure communication ++ * Lintian fix for d/NEWS ++ * Add new build option to use system luajit ++ * Update build dependencies (Closes: #859750) ++ * Fix lintian warning in d/copyright ++ * New upstream version 7.1.1 ++ * Patches refresh for 7.1.1 ++ ++ -- Jean Baptiste Favre Tue, 02 Jan 2018 13:30:43 +0100 ++ ++trafficserver (7.0.0-5) unstable; urgency=medium ++ ++ * Add patch to fix arm* build. (Closes: #857389) ++ ++ -- Jean Baptiste Favre Wed, 22 Mar 2017 09:31:14 +0100 ++ ++trafficserver (7.0.0-4) unstable; urgency=medium ++ ++ * Add Conflicts for file overwrites (Closes: #850775) ++ ++ -- Aron Xu Wed, 11 Jan 2017 14:49:15 +0800 ++ ++trafficserver (7.0.0-3) unstable; urgency=medium ++ ++ * Fix documentation build for docutils >= 0.13 (Closes: #848800) ++ * Update LuaJIT patches serie to fallback using Lua if LuaJIT not found ++ * Update luajit patch. ++ - Remove hardcoded value ++ - Add luajit dynamic detection ++ ++ -- Jean Baptiste Favre Wed, 04 Jan 2017 15:13:43 +0100 ++ ++trafficserver (7.0.0-2) unstable; urgency=medium ++ ++ * Add patches to use system luajit and not the internal one any more ++ * Update d/rules to remove luajit exception. ++ ++ -- Jean Baptiste Favre Fri, 25 Nov 2016 17:51:25 +0100 ++ ++trafficserver (7.0.0-1) unstable; urgency=medium ++ ++ [ Arno Töll ] ++ * Remove myself as maintainer. Thanks to Aron and Jean Baptiste for stepping ++ in on my place and keeping the package up to date. It makes the confident ++ the package is in good hands now. ++ ++ [ Jean Baptiste Favre ] ++ * New upstream release 7.0.0 ++ * Patches refresh for 7.0.0 ++ * Update plugins list ++ * Update build dependencies ++ * Add pkgconfig .pc file in trafficserver-dev package ++ * Enable experimental plugins webp_transform ++ * Enable traffic_top build (Closes: #836126) ++ * Remove Linux AIO support (Closes: #803661, #836124) ++ * Fix FTBFS for mips64el (Closes: #830856) ++ * Add patch to make the build reproductible (Closes: #833176) ++ ++ [ Aron Xu ] ++ * Set myself as Maintainer at the moment ++ * Build-Depends on default-libmysqlclient-dev ++ ++ -- Jean Baptiste Favre Wed, 16 Nov 2016 09:48:10 +0100 ++ ++trafficserver (6.2.0-1) unstable; urgency=medium ++ ++ * Add upstream gpg keys for uscan pgpsigurlmangle option ++ * Imported Upstream version 6.2.0 ++ * Patch refresh for 6.2.0 ++ * Update trafficserver manpages list ++ * Update trafficserver install list ++ * Update trafficserver-experimental-plugins install list ++ * Update build dependencies (Add libmariadbclient-dev in experimental) ++ * Bump standards version ++ ++ -- Jean Baptiste Favre Sat, 23 Jul 2016 19:15:58 +0200 ++ ++trafficserver (6.1.1-1) unstable; urgency=medium ++ ++ * Imported Upstream version 6.1.1 ++ * Update d/watch for gpg signature check ++ ++ -- Jean Baptiste Favre Sat, 06 Feb 2016 10:37:41 +0100 ++ ++trafficserver (6.1.0-1) unstable; urgency=medium ++ ++ * New upstream release ++ * Use -mcx16 on x86 platforms only (Closes: #805124) ++ ++ -- Aron Xu Tue, 02 Feb 2016 12:18:10 +0800 ++ ++trafficserver (6.0.0-3) unstable; urgency=medium ++ ++ * Update d/NEWS & d/README.Debian with 32-bit upstream support drop ++ ++ -- Jean Baptiste Favre Mon, 14 Dec 2015 10:48:20 +0100 ++ ++trafficserver (6.0.0-2) unstable; urgency=medium ++ ++ * Re-enable 32-bit builds ++ * Add some optional build dependencies ++ * Use -O3 by default ++ ++ -- Aron Xu Sat, 31 Oct 2015 03:05:20 +0800 ++ ++trafficserver (6.0.0-1) unstable; urgency=medium ++ ++ [ Aron Xu ] ++ * Avoid possible-missing-colon-in-closes ++ ++ [ Jean Baptiste Favre ] ++ * Imported Upstream version 6.0.0 ++ * Update experimental plugins list ++ - Remove channel_stats ++ - Add cache promote cache_promote.so ++ - Add cache ranage request cache_range_requests.so ++ - Add mp4 streaming media mp4.so ++ - Add Stream editor stream_editor.so ++ ++ -- Aron Xu Sat, 10 Oct 2015 11:19:19 +0200 ++ ++trafficserver (5.3.1-1) unstable; urgency=medium ++ ++ [ Arno Töll ] ++ * Add proxy.config.admin.user_id setting ++ ++ [ Aron Xu ] ++ * Add myself back to Uploaders ++ * Use dh compat 9 ++ ++ [ Jean Baptiste Favre ] ++ * Imported Upstream version 5.3.1 ++ * Removed patch for TS-3632 (merged upstream) ++ * Upstream changes allow ftbfs with GCC-5 (Closes: #778148) ++ ++ -- Jean Baptiste Favre Sat, 04 Jul 2015 23:20:49 +0200 ++ ++trafficserver (5.3.0-2) unstable; urgency=medium ++ ++ * Avoid installing tslua.so on archs built without LuaJIT ++ (Closes: #770353) ++ ++ -- Aron Xu Thu, 11 Jun 2015 15:28:39 +0800 ++ ++trafficserver (5.3.0-1) unstable; urgency=medium ++ ++ * Imported Upstream version 5.3.0 ++ - CVE-2014-10022: remote DoS ++ * Remove fix_TS3316_i386_build patch ++ * Fix traffic_wccp build, missing OpenSSL symbol ++ * Add experimental plugin generator ++ * Format patch for TS-3632 ++ * Update Uploader field in d/control ++ ++ -- Jean Baptiste Favre Wed, 03 Jun 2015 20:06:13 +0200 ++ ++trafficserver (5.2.0-2) unstable; urgency=medium ++ ++ * Disable LuaJIT for arm64 ++ ++ -- Aron Xu Sat, 28 Feb 2015 23:51:00 +0800 ++ ++trafficserver (5.2.0-1) unstable; urgency=medium ++ ++ [ Jean Baptiste Favre ] ++ * New upstream release. ++ * Add support for following experimental modules: ++ - epic ++ - header_normalize ++ - mysql_remap ++ - ssl_cert_loader ++ - sslheaders ++ * Remove missing file related to removed traffic_shell ++ * Backport patch for TS-3316 to solve i386 build issue ++ * Fix misconfigured call to dh_makeshlibs (used system dir instead ++ of temporary build one) ++ ++ [ Aron Xu ] ++ * Enable all hardening features. ++ * Update copyright file. ++ ++ -- Aron Xu Thu, 12 Feb 2015 22:22:44 +0100 ++ ++trafficserver (5.1.1-1) unstable; urgency=medium ++ ++ * New upstream release. This release includes fixes for these security ++ related vulnerabilities: ++ - CVE-2014-3566: Do not enable SSL3 by default ++ - CVE-2014-3624: Ensure remap requests are properly tunneled using CONNECT ++ requests to avoid an open relay ++ * Add support for ppc64el, patch merged upstream (Closes: #754134, #754808) ++ * Fix "ftbfs on kfreebsd" by conditionally building healthchecks.so on Linux ++ only. Patch supplied by Steven Chamberlain, thanks (Closes: #767287) ++ ++ -- Arno Töll Sun, 02 Nov 2014 12:40:44 -1100 ++ ++trafficserver (5.1.0-1) unstable; urgency=medium ++ ++ * New upstream release ++ * Bump standards version to 3.9.6 (no changes needed) ++ ++ [Jean Baptiste Favre] ++ * Add a debug package with debug symbols for those who need it. ++ * Split out experimental trafficserver plugins into a separate package so ++ that users are aware of their experimental character before using them. ++ * Add a libhwloc b-d so that ATS has a better idea about the underlying ++ hardware it runs at to improve the runtime performance ++ ++ -- Arno Töll Wed, 08 Oct 2014 23:50:49 -1100 ++ ++trafficserver (5.0.1-1) unstable; urgency=medium ++ ++ * New upstream release including a fix for CVE-2014-3525 that allowed ++ attackers by special crafted packets to obtain privileges for services bound ++ to localhost ++ ++ -- Arno Töll Wed, 23 Jul 2014 04:43:00 -1100 ++ ++trafficserver (5.0.0-1) unstable; urgency=medium ++ ++ * Acknowledge previous NMUs, thanks to Anibal Monsalve Salazar for ++ coordination. ++ * New upstream version. Patch changes: ++ + drop 0001-TS-1821.patch: released upstream in 5.0.0 ++ + drop 0001-TS-2454-Fix-undefined-reference-to-__sync_fetch_and_.patch: ++ released upstream in 4.2 ++ + drop add-mips-support.patch: released upstream in 5.0.0 ++ + drop pthread_setname_np.patch: This was a Debian specific issue which is ++ being worked around in eglibc's commit r5460. ++ * Add "support for mips64": merged upstream (Closes: #750807) ++ * Build with dh-autoreconf to avoid build time issues with Automake 1.13 ++ which is not in Debian yet. ++ ++ -- Arno Töll Sun, 06 Jul 2014 00:20:59 -1100 ++ ++trafficserver (4.1.2-1.2) unstable; urgency=medium ++ ++ * Non-maintainer upload. ++ * Add missing prototype for pthread_setname_np() ++ Add pthread_setname_np.patch ++ Patch by Petr Salinger ++ Closes: #743584 ++ ++ -- Anibal Monsalve Salazar Fri, 04 Apr 2014 08:59:48 +0100 ++ ++trafficserver (4.1.2-1.1) unstable; urgency=medium ++ ++ * Non-maintainer upload. ++ * Fix undefined reference to `__sync_fetch_and_sub_8' on ARM 32bit ++ Add 0001-TS-2454-Fix-undefined-reference-to-__sync_fetch_and_.patch ++ from https://issues.apache.org/jira/browse/TS-2454 ++ Patch by Yunkai Zhang ++ * Add support for MIPS ++ Add add-mips-support.patch ++ Submitted: https://issues.apache.org/jira/browse/TS-2687 ++ Merged: https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;h=2f81790 ++ Patch by Dejan Latinovic ++ Closes: 743395 ++ * Build-depend on libboost-dev ++ Patch by Dejan Latinovic ++ Closes: #737510 ++ ++ -- Anibal Monsalve Salazar Thu, 03 Apr 2014 04:18:23 +0100 ++ ++trafficserver (4.1.2-1) unstable; urgency=medium ++ ++ * Merge the experimental branch of trafficserver to unstable ++ * New upstram release (Closes: #711530, #733377) ++ + Refresh 0001-TS-1821.patch until it is fixed upstream ++ + Don't run autoreconf anymore, we do not need it anymore ++ + build depend on libaio-dev to support AIO on Linux systems ++ * Push standards version ++ ++ -- Arno Töll Wed, 29 Jan 2014 03:01:12 -1100 ++ ++trafficserver (3.3.2-1) experimental; urgency=low ++ ++ [ Arno Töll ] ++ * Drop --with-arg-max from configure ++ * Update changelog in view of the new upstream version ++ ++ [ Aron Xu ] ++ * Imported Upstream version 3.3.2 ++ * Drop patch for enabling experimental plugins ++ * Add liblua5.1-dev and liboost1.53-dev to B-D ++ * Try on all archs for experimental builds ++ * Permit parallel building ++ * Fix typo in dep5 copyright file ++ * Do not install staticly linked library ++ * Enable Linux native AIO support for linux-any ++ * Enable reclaimable freelist ++ ++ -- Aron Xu Thu, 09 May 2013 01:00:04 +0800 ++ ++trafficserver (3.3.0+git20121208-0exp1) experimental; urgency=low ++ ++ * Upstream git snapshot. ++ * Enable most of experimental plugins, install related libraries. ++ * Run dh_autoreconf. ++ * Make dh_auto_test errors non-fatal. ++ ++ -- Aron Xu Thu, 06 Dec 2012 23:32:25 +0800 ++ ++trafficserver (3.3.0-1) experimental; urgency=low ++ ++ * Upload upstream development release to experimental. ++ ++ -- Aron Xu Thu, 29 Nov 2012 22:13:55 +0800 ++ ++trafficserver (3.2.5-1) unstable; urgency=low ++ ++ * New upstream release ++ + Fix FTBFS on ARM (Closes: #691179) ++ + Fix FTBS with gcc 4.8 (Closes: #701427) ++ * Promote trafficserver to depend for trafficserver-dev to fix a broken ++ library symlink. The library is not required for all users, but those who ++ need it don't need to install it manually anymore (Closes: #715134) ++ ++ -- Arno Töll Sun, 21 Jul 2013 11:55:38 +0200 ++ ++trafficserver (3.2.4-1) unstable; urgency=low ++ ++ * New upstream release ++ + Delete upstream's .gitignore file in our source tree ++ * Switch packaging repository to Git. ++ + Add gbp.conf file for those using git-buildpackage ++ * Fix "Upgrade fails if purging of cache fails" by not dying in a fire when ++ the postinst fails to purge the cache (Closes: #687698) ++ * Drop --with-arg-max from ./configure, it's not needed anymore. ++ ++ -- Arno Töll Tue, 29 Jan 2013 23:54:44 +0100 ++ ++trafficserver (3.2.0-1) unstable; urgency=low ++ ++ * New upstream release ++ + If you are using SSL or HTTP filtering, please update your configuration. ++ proxy.config.http.quick_filter.mask and ++ proxy.config.ssl.server.cert.filename is not recognized anymore. Please ++ use ip_allow.config and ssl_multicert.config respectively instead. ++ There is no automated migration for this in Debian, as this affects your ++ site-specific configuration files. ++ + See https://cwiki.apache.org/confluence/display/TS/Upgrading+to+3.2 for ++ full upgrade instructions. ++ * Upstream decided to ship more plug-ins with the trafficserver core ++ distribution. These are all bundled into the main package now. Therefore, ++ the trafficserver-plugin-conf-remap package is not provided anymore. ++ * Update the default configuration file to ship with more moderate values ++ for the log configuration. ++ * Now do start ATS by default for fresh installations. The default ++ out-of-the box configuration is much more secure than past defaults. ++ * Purge the host and data cache on upgrades ++ * Let's welcome Aron Xu to the Uploaders of Trafficserver. Hi Aron! :) ++ ++ -- Arno Töll Fri, 14 Sep 2012 22:56:29 +0200 ++ ++trafficserver (3.0.5-1) unstable; urgency=low ++ ++ * New upstream release. ++ * No kudos for the previous hostile NMU, but include the changelog to denote ++ this upload does not introduce a regression. ++ * Update my maintainer address ++ * Make the init script look much better when using fancy outputs. ++ * Fix "status" output of the init script ++ * Remove "DM-Upload-Allowed". I don't need that flag anymore. ++ ++ ++ -- Arno Töll Sat, 09 Jun 2012 18:48:23 +0200 ++ ++trafficserver (3.0.4-1.1) unstable; urgency=low ++ ++ * Non maintainer upload ++ * Fix build failure with GCC 4.7. Closes: #667396. ++ ++ -- Matthias Klose Wed, 30 May 2012 04:40:28 +0000 ++ ++trafficserver (3.0.4-1) unstable; urgency=high ++ ++ * New upstream release ++ + Fix CVE-2012-0256: A request with a very large Host header caused ATS to ++ crash. ++ * Setting urgency to high because of security updates ++ * Push standards to 3.9.3 - no further changes ++ * Stilistic adaptions in debian/copyright, but not content changes ++ * Remove cluster interface warning from README.Configuration. ATS now binds on ++ lo by default ++ ++ -- Arno Töll Wed, 21 Mar 2012 12:34:35 +0100 ++ ++trafficserver (3.0.2-1) unstable; urgency=low ++ ++ * New upstream release ++ + Includes former Debian specific patch which makes sure the upstream ++ configure script does not override any -O flags passed by the user ++ anymore. ++ * Adapt to dpkg 1.16.1 API changes regarding build flags. This enables ++ hardening build flags. This means, trafficserver is now being built with ++ -fstack-protector and other security related build flags. ++ * Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are ++ properly supported. That's guaranteed for Testing, but might be helpful to ++ know for backporters. ++ * Fix several issues in the DEP-5 syntax. Unfortunately there is no way to ++ express that a file is subject to different license agreements so far. ++ * Do not install the upstream changelog twice anymore ++ * Finally run regression checks again, now as build failures are sorted out. ++ ++ -- Arno Töll Sun, 11 Dec 2011 00:45:45 +0100 ++ ++trafficserver (3.0.1-2) unstable; urgency=low ++ ++ * Fix "please add armhf to the arch list" - add armhf to the list of supported ++ architectures. Thanks Konstantinos Margaritis for the hint (Closes: #636338) ++ * Remove IA64 from the list of supported architectures. The upgrade to the gcc ++ 4.6 toolchain disclosed portability issues with it, which caused the resul- ++ ting binary package to produce no-op code in some functions. ++ ++ -- Arno Töll Tue, 02 Aug 2011 22:58:37 +0200 ++ ++trafficserver (3.0.1-1) unstable; urgency=low ++ ++ * New upstream release. Fixes several important issues which caused ++ `traffic_cop' and `traffic_server' to crash. ++ * Fix "FTBFS with ld --as-needed" re-order libraries upon linkage, patch ++ committed upstream. Thanks Ilya Barygin (Closes: #632546) ++ * Fix "trafficserver: Getting rid of unneeded *.la / emptying ++ dependency_libs", remove *.la files from the installation target completely ++ (Closes: #633192) ++ * Set "DM-Upload-Allowed: yes" in agreement with Asheesh Laroia ++ ++ ++ -- Arno Töll Mon, 01 Aug 2011 19:29:58 +0200 ++ ++trafficserver (3.0.0-1) unstable; urgency=low ++ ++ * New upstream release. Major changes (since 2.1.9): ++ + `traffic_server' won't crash anymore when using non-existent plugin in ++ remap rule ++ + Don't cache HTTP 401, 303 and 407 error responses anymore, when negative ++ caching is enabled. ++ * Re-enable kfreebsd support, it was accidentally not available in ++ 2.1.9-unstable-1 because of non installable dependencies, as libcap-dev is ++ installable (and required) on Linux only ++ * debian/rules: ++ + Simplify dh_auto_configure flags (upstream incorporated our build layout) ++ + Enable WCCP (Web Cache Communication Protocol; Linux only) ++ * debian/control: ++ + Add flex and bison to build dependencies, both are required for WCCP ++ (Linux only) ++ ++ -- Arno Töll Wed, 15 Jun 2011 15:56:29 +0200 ++ ++trafficserver (2.1.9-unstable-1) unstable; urgency=low ++ ++ * New upstream release. Major features (since 2.1.8): ++ + Bring back support for $DESTDIR and "make check" which makes Debian ++ patches obsolete ++ + Allow larger working sets than 512G ++ + Disable cluster autodiscovery when cluster mode is disabled ++ + Cleanup `records.config' ++ + Disable SSLv2 by default ++ * debian/control: Add build dependency to libcap-dev, because when running ++ traffic_server standalone, it is unable to bind restricted ports otherwise ++ (Upstream: TS-804) ++ * debian/rules: ++ + Remove override for dh_clean, but put options to debian/source/options ++ instead ++ + Remove DH_OPTIONS (unused anyway) ++ * Source package: Minor change to improving package quality and usability ++ (i.e. grammar, verbosity of comments) ++ * Make the init script more robust ++ * Base the origin of the package source on the untouched upstream tarball, ++ instead of the versioned SVN branch. ++ * Bring back IA64 support, this time actually working (upstream merged my ++ patch TS-783) ++ * Remove patch `build-quirks.patch'. Changes have been committed upstream ++ by now. ++ ++ -- Arno Töll Tue, 31 May 2011 21:56:12 +0200 ++ ++trafficserver (2.1.8-unstable-1) unstable; urgency=low ++ ++ * New upstream release. Major features (since 2.1.5): ++ + Many bug fixes (none reported in Debian's BTS) ++ + Set source address for origin Servers ++ + Major API changes for the SDK ++ + Provide traffic_logstats ++ + traffic_shell does not hang anymore on any command ++ * Fix "FTBFS on architectures not supported upstream": (Closes: #622800) ++ + Don't execute regression checks for now (fixes x86) ++ + Upstream merges a Debian patch originally for 2.1.7 which enables ++ kFreeBSD support (originally provided by myself) ++ + Restrict Architectures (drop S390, IA64, MIPS[EL], PPC, SPARC) ++ * Remove ts-ui-disable-conf.patch (applied upstream) ++ * Update `build-quirks.patch' to make TS handle $DESTDIR correctly ++ (upstream: TS-759) ++ * Remove .deps from SDK binary package examples (they were incidentally ++ included before). ++ * Fix permissions for /var/cache/trafficserver in postinst ++ * Bump standards to 3.9.2, depend on debhelper 8.0, adapt VCS links ++ * Simplify debian/rules ++ ++ -- Arno Töll Thu, 05 May 2011 21:49:52 +0200 ++ ++trafficserver (2.1.5-unstable-1) unstable; urgency=low ++ ++ * Initial release (Closes: #609285) ++ * Added some configuration and informational hints ++ * New upstream release. Major features: ++ + Better AMD64 support ++ + Override configuration per transaction ++ + IPv6 ++ + Support ARM architectures ++ + SDK-API changes ++ * Differences to upstream version: ++ + Ship some documentation. Well, really a few hints ++ + Split source into three packages (core, plug-in, SDK) ++ + Ship our own init script ++ ++ -- Arno Toell Thu, 13 Jan 2011 11:49:18 +0100 diff --cc debian/control index 00000000,00000000..7f4eb7bd new file mode 100644 --- /dev/null +++ b/debian/control @@@ -1,0 -1,0 +1,66 @@@ ++Source: trafficserver ++Section: web ++Priority: optional ++Maintainer: Jean Baptiste Favre ++Uploaders: Aron Xu , Emanuele Rocca ++Build-Depends: debhelper-compat (= 13), libssl-dev, tcl-dev, libexpat1-dev, ++ libpcre3-dev, libtool, libcap-dev [linux-any], graphviz, ++ bison [linux-any], flex [linux-any], dpkg-dev (>= 1.16.1~), pkg-config, libgeoip-dev, ++ libluajit-5.1-dev, libboost-dev, libhwloc-dev, default-libmysqlclient-dev, ++ python3-distro, python3-sphinx, plantuml, python3-sphinxcontrib.plantuml, ++ libxml2-dev, libncurses-dev, libcurl4-openssl-dev, ++ libkyotocabinet-dev, libmemcached-dev, libbrotli-dev, ++ libcrypto++-dev, libjansson-dev, libcjose-dev, libyaml-cpp-dev (>= 0.6.2~), ++ libunwind-dev [i386 amd64 ppc64el armhf arm64 mipsel mips64el mips] ++Standards-Version: 4.5.1 ++Homepage: https://trafficserver.apache.org/ ++Vcs-Git: https://salsa.debian.org/debian/trafficserver.git ++Vcs-Browser: https://salsa.debian.org/debian/trafficserver ++ ++Package: trafficserver ++Architecture: any ++Depends: ${shlibs:Depends}, ${misc:Depends}, lsb-base (>= 3.2-14), adduser, ++ ${perl:Depends} ++Pre-Depends: ${misc:Pre-Depends} ++Provides: trafficserver-plugin-conf-remap ++Replaces: trafficserver-plugin-conf-remap (<< 3.2~), ++ trafficserver-experimental-plugins (<< 8.0.0~) ++Suggests: trafficserver-experimental-plugins (= ${binary:Version}) ++Breaks: trafficserver-plugin-conf-remap (<< 3.2~), ++ trafficserver-experimental-plugins (<< 8.0.0~) ++Description: fast, scalable and extensible HTTP/1.1 and HTTP/2.0 caching proxy server ++ This package provides the Apache Traffic Server, a fast, scalable reverse ++ proxy server which may operate as forward proxy as well. Apache Traffic Server ++ supports: ++ . ++ * Caching: improve response time while reducing server load and bandwidth ++ needs by caching and reusing frequently-requested web pages, images, and ++ web service calls. ++ * Proxying: add keep-alive, filter or anonymize content requests, or add ++ load balancing by adding a proxy layer. ++ * Scaling: handle 10s of thousands of requests per second on modern SMP ++ hardware. ++ * Extensions: use the API to do anything from modifying HTTP headers to ++ handling ESI requests to writing your own cache algorithm. ++ ++Package: trafficserver-experimental-plugins ++Architecture: any ++Depends: ${shlibs:Depends}, ${misc:Depends} ++Pre-Depends: trafficserver (= ${binary:Version}) ++Breaks: trafficserver (<< 8.0.0~) ++Description: experimental plugins for Apache Traffic Server ++ This package provides the Apache Traffic Server plugins marked as ++ experimental. ++ . ++ Please note that these plugins can be removed without priori notice, or ++ promoted as stable plugin. In the last case, they'll be moved from ++ trafficserver-experimental-plugins to trafficserver package. ++ ++Package: trafficserver-dev ++Architecture: any ++Depends: ${misc:Depends}, trafficserver (= ${binary:Version}) ++Description: Apache Traffic Server Software Developers Kit (SDK) ++ This package provides the Apache Traffic Server Software Developers Kit, which ++ consists of: a collection of development header and bindings for the C ++ programming language, the tsxs linking helper and examples to write your own ++ plug-ins for the Apache Traffic Server. diff --cc debian/copyright index 00000000,00000000..eddb9830 new file mode 100644 --- /dev/null +++ b/debian/copyright @@@ -1,0 -1,0 +1,130 @@@ ++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++Upstream-Name: Traffic Server ++Upstream-Contact: dev@trafficserver.apache.org ++Source: http://trafficserver.apache.org/ ++Files-Excluded: ++ .vscode ++ lib/yamlcpp ++Comment: ++ The upstream repository provides libraries which are also available ++ in Debian. Because we'll use libraries packaged in Debian, we don't ++ need embedded ones. ++ ++Files: * ++Copyright: 2010 - 2011 The Apache Software Foundation ++ 2009 Yahoo! Inc. ++License: Apache-2.0 ++ ++Files: debian/* ++Copyright: 2011 Arno Töll ++License: Apache-2.0 ++Comment: Packaging for Debian was done by Arno Toell, and I hereby grant ++ distribution of it under the same terms as Apache Traffic Server itself. ++ ++License: Apache-2.0 ++ Licensed under the Apache License, Version 2.0 (the "License"); ++ you may not use this file except in compliance with the License. ++ You may obtain a copy of the License at ++ . ++ http://www.apache.org/licenses/LICENSE-2.0 ++ . ++ Unless required by applicable law or agreed to in writing, software ++ distributed under the License is distributed on an "AS IS" BASIS, ++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ See the License for the specific language governing permissions and ++ limitations under the License. ++ . ++ On Debian systems, the full text of the e Apache License, Version 2.0 ++ can be found in the file `/usr/share/common-licenses/Apache-2.0'. ++ ++Files: include/tscore/ink_rand.* ++Copyright: 1997 - 2002, Makoto Matsumoto and Takuji Nishimura ++License: BSD-3-clause ++ ++Files: include/tscore/ink_resolver.h src/tscore/ink_res_init.cc src/tscore/ink_res_mkquery.cc ++Copyright: 1983, 1987, 1989 The Regents of the University of California ++License: BSD-3-clause ++ ++License: BSD-3-clause ++ For the University of California part: ++ . ++ Redistribution and use in source and binary forms, with or without ++ modification, are permitted provided that the following conditions ++ are met: ++ 1. Redistributions of source code must retain the above copyright ++ notice, this list of conditions and the following disclaimer. ++ 2. Redistributions in binary form must reproduce the above copyright ++ notice, this list of conditions and the following disclaimer in the ++ documentation and/or other materials provided with the distribution. ++ 3. Neither the name of the University nor the names of its contributors ++ may be used to endorse or promote products derived from this software ++ without specific prior written permission. ++ . ++ THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ SUCH DAMAGE. ++ . ++ For the Internet Systems Consortium, Inc. part: ++ See Apache-2.0 ++ . ++ For the Digital Equipment Corporation part: ++ Permission to use, copy, modify, and distribute this software for any ++ purpose with or without fee is hereby granted, provided that the above ++ copyright notice and this permission notice appear in all copies, and that ++ the name of Digital Equipment Corporation not be used in advertising or ++ publicity pertaining to distribution of the document or software without ++ specific, written prior permission. ++ . ++ THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL ++ WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES ++ OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT ++ CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL ++ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR ++ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ++ ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS ++ SOFTWARE. ++ ++Files: src/tscore/ink_string.cc ++Comment: For the strlcat, strlcpy in inktomi++/ink_string.cc ++Copyright: 1998 Todd C. Miller ++License: ISC ++ Permission to use, copy, modify, and distribute this software for any ++ purpose with or without fee is hereby granted, provided that the above ++ copyright notice and this permission notice appear in all copies. ++ . ++ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES ++ WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF ++ MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ++ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES ++ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ++ ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF ++ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ++ ++Files: include/tscore/fastlz.h src/tscore/fastlz.c ++Copyright: 2005-2007 Ariya Hidayat (ariya@kde.org) ++License: Expat ++ Permission is hereby granted, free of charge, to any person obtaining a copy ++ of this software and associated documentation files (the "Software"), to deal ++ in the Software without restriction, including without limitation the rights ++ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ copies of the Software, and to permit persons to whom the Software is ++ furnished to do so, subject to the following conditions: ++ . ++ The above copyright notice and this permission notice shall be included in ++ all copies or substantial portions of the Software. ++ . ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN ++ THE SOFTWARE. diff --cc debian/docs index 00000000,00000000..356cb60e new file mode 100644 --- /dev/null +++ b/debian/docs @@@ -1,0 -1,0 +1,9 @@@ ++LAYOUT ++NOTICE ++STATUS ++REVIEWERS ++README ++README-EC2 ++debian/README.Debian ++debian/CONFIGURATION.Debian ++debian/README.conf-remap.Debian diff --cc debian/gbp.conf index 00000000,00000000..8164b815 new file mode 100644 --- /dev/null +++ b/debian/gbp.conf @@@ -1,0 -1,0 +1,18 @@@ ++[DEFAULT] ++pristine-tar = True ++builder=dpkg-buildpackage -i\.git -I.git ++#cleaner=true ++ ++[import-orig] ++filter = [ ++ '.gitignore', ++ '.git', ++ '.vscode', ++ '.clang-analyzer', ++ '.clang-format', ++ '.clang-tidy', ++ '.editorconfig', ++ 'emacs-style', ++ '.vimrc', ++ 'Vagrantfile' ] ++merge = True diff --cc debian/not-installed index 00000000,00000000..b97cd0e7 new file mode 100644 --- /dev/null +++ b/debian/not-installed @@@ -1,0 -1,0 +1,2 @@@ ++usr/man/man3 ++usr/share/man diff --cc debian/patches/0001-Use-mcx16-on-x86-platforms-only.patch index 00000000,00000000..ba1110e1 new file mode 100644 --- /dev/null +++ b/debian/patches/0001-Use-mcx16-on-x86-platforms-only.patch @@@ -1,0 -1,0 +1,26 @@@ ++From: Aron Xu ++Date: Tue, 2 Feb 2016 12:17:24 +0800 ++Subject: Use -mcx16 on x86 platforms only ++ ++--- ++ configure.ac | 3 +++ ++ 1 file changed, 3 insertions(+) ++ ++--- a/configure.ac +++++ b/configure.ac ++@@ -1487,12 +1487,15 @@ CFLAGS="${__saved_CFLAGS}" ++ AC_LANG_POP ++ AC_SUBST(has_128bit_cas) ++ +++case "$host_cpu" in +++ amd64|x86_64|i*86) ++ AS_IF([test "x$has_128bit_cas" = "x1"], [ ++ AS_IF([test "x$ax_cv_c_compiler_vendor" != "xintel"], [ ++ TS_ADDTO(AM_CFLAGS, [-mcx16]) ++ TS_ADDTO(AM_CXXFLAGS, [-mcx16]) ++ ]) ++ ]) +++esac ++ ++ # Check for POSIX capabilities library. ++ # If we don't find it, disable checking for header. diff --cc debian/patches/0003-reproductible-build.patch index 00000000,00000000..dc2cc8d9 new file mode 100644 --- /dev/null +++ b/debian/patches/0003-reproductible-build.patch @@@ -1,0 -1,0 +1,22 @@@ ++Description: make the build reproducible ++Author: Reiner Herrmann ++Origin: other, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833176 ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2016-11-18 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/configure.ac +++++ b/configure.ac ++@@ -144,9 +144,9 @@ AC_ARG_WITH([build-number], ++ # ++ # Build environment ++ # ++-build_person="`id -nu | sed -e 's/\\\\/\\\\\\\\/g'`" ++-build_group="`id -ng | sed -e 's/\\\\/\\\\\\\\/g'`" ++-build_machine="`uname -n | sed -e 's/\\\\/\\\\\\\\/g'`" +++build_person="root" +++build_group="root" +++build_machine="localhost" ++ AC_SUBST([build_machine]) ++ AC_SUBST([build_person]) ++ AC_SUBST([build_group]) diff --cc debian/patches/0006-fix-doc-build.patch index 00000000,00000000..21e53917 new file mode 100644 --- /dev/null +++ b/debian/patches/0006-fix-doc-build.patch @@@ -1,0 -1,0 +1,51 @@@ ++Description: Make documentation build works outside of git repository ++ Current documentation build requires git and curl to get some stuff from the internet ++ This patch aims to delete those dependencies, forcing git branch to master, ++ and using Debian provided plantuml instead of downloading it from apache mirror ++Author: Jean Baptiste Favre ++Origin: other ++Last-Update: 2019-01-03 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/doc/ext/traffic-server.py +++++ b/doc/ext/traffic-server.py ++@@ -380,7 +380,7 @@ with open('../configure.ac', 'r') as f: ++ autoconf_version = '.'.join(match.group(1).split('.', 2)[:2] + ['x']) ++ ++ # get the current branch the local repository is on ++-git_branch = subprocess.check_output(['git', 'rev-parse', '--abbrev-ref', 'HEAD']) +++git_branch = "master" ++ ++ ++ def make_github_link(name, rawtext, text, lineno, inliner, options={}, content=[]): ++--- a/doc/Makefile.am +++++ b/doc/Makefile.am ++@@ -61,7 +61,7 @@ I18NSPHINXOPTS = $(SPHINXOPTS) ++ # The PAPER setting variables requires recursive make variable expansion, which automake ++ # detects as non-portable. We bounce this through a shell script and do the expansion there. ++ SBUILD = PAPEROPT_a4="$(PAPEROPT_a4)" PAPEROPT_letter="$(PAPEROPT_letter)" PAPER="$(PAPER)" \ ++- PLANTUML_JAR="$(shell ext/plantuml_fetch.sh | tail -1)" \ +++ PLANTUML_JAR="/usr/share/plantuml/plantuml.jar" \ ++ $(srcdir)/sbuild $(SPHINXBUILD) \ ++ -c $(srcdir) \ ++ $(ALLSPHINXOPTS) ++--- a/doc/uml/Makefile.am +++++ b/doc/uml/Makefile.am ++@@ -18,7 +18,7 @@ ++ ++ if BUILD_DOCS ++ images := $(patsubst %.uml,images/%.svg,$(wildcard *.uml)) ++-PLANTUML_JAR := $(shell ../ext/plantuml_fetch.sh | tail -1) +++PLANTUML_JAR := /usr/share/plantuml/plantuml.jar ++ ++ all-am: jar-check $(images) ++ endif ++@@ -39,7 +39,7 @@ latex: all-am ++ man: all-am ++ ++ images/%.svg : %.uml ++- $(JAVA) -jar $(PLANTUML_JAR) -o images -tsvg $< +++ $(JAVA) -jar $(PLANTUML_JAR) -graphvizdot /usr/bin/dot -o images -tsvg $< ++ ++ clean-local: ++ rm -f images/*.svg diff --cc debian/patches/0008-fix-python-check-unused-dependencies.patch index 00000000,00000000..e1e057c6 new file mode 100644 --- /dev/null +++ b/debian/patches/0008-fix-python-check-unused-dependencies.patch @@@ -1,0 -1,0 +1,18 @@@ ++Description: Force python3 usage, add libfakeroot-sysv to blacklist ++Author: Jean Baptiste Favre ++Origin: other ++Last-Update: 2018-09-24 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/tools/check-unused-dependencies +++++ b/tools/check-unused-dependencies ++@@ -53,7 +53,8 @@ def get_dependencies(program): ++ 'libdl.so.', # Because we add -ldl to LIBS ++ 'libgcc_s.so.', ++ 'libm.so.', # Why does Libtool call ld with -lm? ++- 'libpthread.so.' # Because we add -lpthread to LIBS +++ 'libpthread.so.', # Because we add -lpthread to LIBS +++ 'libfakeroot-sysv.so' ++ ])): ++ continue ++ diff --cc debian/patches/0009-fix-mysql-8-build.patch index 00000000,00000000..b2615e37 new file mode 100644 --- /dev/null +++ b/debian/patches/0009-fix-mysql-8-build.patch @@@ -1,0 -1,0 +1,23 @@@ ++Description: Fix build issue with MySQL 8 ++ The my_bool type is no longer used in MySQL source code. ++ Any third-party code that used this type to represent C ++ boolean variables should use the bool or int C type instead. ++Author: Jean Baptiste Favre ++Origin: other, https://bugs.launchpad.net/ubuntu/+source/trafficserver/+bug/1795362 ++Forwarded: https://github.com/apache/trafficserver/pull/4360 ++Applied-Upstream: https://github.com/apache/trafficserver/commit/05b30527974416768515506f69da338652c23260 ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2018-10-06 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/plugins/experimental/mysql_remap/mysql_remap.cc +++++ b/plugins/experimental/mysql_remap/mysql_remap.cc ++@@ -187,7 +187,7 @@ TSPluginInit(int argc, const char *argv[ ++ my_data *data = (my_data *)malloc(1 * sizeof(my_data)); ++ ++ TSPluginRegistrationInfo info; ++- my_bool reconnect = 1; +++ bool reconnect = 1; ++ ++ info.plugin_name = const_cast(PLUGIN_NAME); ++ info.vendor_name = const_cast("Apache Software Foundation"); diff --cc debian/patches/0011-fix-segfault.patch index 00000000,00000000..d3db7fff new file mode 100644 --- /dev/null +++ b/debian/patches/0011-fix-segfault.patch @@@ -1,0 -1,0 +1,25 @@@ ++Description: Fix Segmentation fault in ShowCache::handleCacheEvent ++Author: zhang <15535135608@163.com> ++Origin: upstream ++Bug: https://github.com/apache/trafficserver/issues/4328 ++Applied-Upstream: https://github.com/apache/trafficserver/commit/616eb10bfc35599a2c93ff30879d584a05ddf83e ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2018-10-17 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/iocore/cache/CachePages.cc +++++ b/iocore/cache/CachePages.cc ++@@ -337,6 +337,13 @@ ShowCache::handleCacheEvent(int event, E ++ CacheHTTPInfoVector *vec = &(cache_vc->vector); ++ int alt_count = vec->count(); ++ if (alt_count) { +++ // check cache_vc->first_buf is NULL, response cache lookup busy. +++ if (cache_vc->first_buf == nullptr) { +++ cache_vc->do_io_close(-1); +++ CHECK_SHOW(show("

Cache Lookup Busy, please try again

\n")); +++ return complete(event, e); +++ } +++ ++ Doc *d = (Doc *)(cache_vc->first_buf->data()); ++ time_t t; ++ char tmpstr[4096]; diff --cc debian/patches/0012-fix-spelling-checks.patch index 00000000,00000000..44c11cd5 new file mode 100644 --- /dev/null +++ b/debian/patches/0012-fix-spelling-checks.patch @@@ -1,0 -1,0 +1,817 @@@ ++Description: Fix various speeling issues ++Author: Jean Baptiste Favre ++Forwarded: https://github.com/apache/trafficserver/pull/4750 ++Applied-Upstream: https://github.com/apache/trafficserver/commit/af0ad4a1880a21743e98331855bb78e15d5406ef ++Last-Update: 2019-01-03 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/doc/admin-guide/files/ip_allow.config.en.rst +++++ b/doc/admin-guide/files/ip_allow.config.en.rst ++@@ -55,7 +55,7 @@ range with the lower and upper values eq ++ The value of ``method`` is a string which must consist of either HTTP method names separated by the ++ character '|' or the keyword literal ``ALL``. This keyword may omitted in which case it is treated ++ as if it were ``method=ALL``. Methods can also be specified by having multiple instances of the ++-``method`` keyword, each specifiying a single method. E.g., ``method=GET|HEAD`` is the same as +++``method`` keyword, each specifying a single method. E.g., ``method=GET|HEAD`` is the same as ++ ``method=GET method=HEAD``. The method names are not validated which means non-standard method names ++ can be specified. ++ ++@@ -104,7 +104,7 @@ If the entire subnet were to be denied, ++ ++ src_ip=123.45.6.0/24 action=ip_deny ++ ++-The following example allows to any upstream servers:: +++The following example allows one to any upstream servers:: ++ ++ dest_ip=0.0.0.0-255.255.255.255 action=ip_allow ++ ++--- a/doc/admin-guide/files/parent.config.en.rst +++++ b/doc/admin-guide/files/parent.config.en.rst ++@@ -210,7 +210,7 @@ The following list shows the possible ac ++ - ``simple_retry`` - If the parent origin server returns a 404 response on a request ++ a new parent is selected and the request is retried. The number of retries is controlled ++ by ``max_simple_retries`` which is set to 1 by default. ++- - ``unavailable_server_retry`` - If the parent returns a 503 response or if the reponse matches +++ - ``unavailable_server_retry`` - If the parent returns a 503 response or if the response matches ++ a list of http 5xx responses defined in ``unavailable_server_retry_responses``, the currently selected ++ parent is marked down and a new parent is selected to retry the request. The number of ++ retries is controlled by ``max_unavailable_server_retries`` which is set to 1 by default. ++@@ -228,7 +228,7 @@ The following list shows the possible ac ++ ++ ``max_simple_retries`` ++ By default the value for ``max_simple_retries`` is 1. It may be set to any value in the range 1 to 5. ++- If ``parent_retry`` is set to ``simple_retry`` or ``both`` a 404 reponse +++ If ``parent_retry`` is set to ``simple_retry`` or ``both`` a 404 response ++ from a parent origin server will cause the request to be retried using a new parent at most 1 to 5 ++ times as configured by ``max_simple_retries``. ++ ++@@ -236,7 +236,7 @@ The following list shows the possible ac ++ ++ ``max_unavailable_server_retries`` ++ By default the value for ``max_unavailable_server_retries`` is 1. It may be set to any value in the range 1 to 5. ++- If ``parent_retry`` is set to ``unavailable_server_retries`` or ``both`` a 503 reponse +++ If ``parent_retry`` is set to ``unavailable_server_retries`` or ``both`` a 503 response ++ by default or any http 5xx response listed in the list ``unavailable_server_retry_responses`` from a parent origin server will ++ cause the request to be retried using a new parent after first marking the current parent down. The request ++ will be retried at most 1 to 5 times as configured by ``max_unavailable_server_retries``. ++--- a/doc/admin-guide/files/records.config.en.rst +++++ b/doc/admin-guide/files/records.config.en.rst ++@@ -833,7 +833,7 @@ mptcp ++ ===== ====================================================================== ++ Value Description ++ ===== ====================================================================== ++- ``0`` |TS| will buffer the request until the post body has been recieved and +++ ``0`` |TS| will buffer the request until the post body has been received and ++ then send the request to the origin server. ++ ``1`` Immediately return a ``100 Continue`` from |TS| without waiting for ++ the post body. ++@@ -1630,7 +1630,7 @@ Proxy User Variables ++ connection=full Full user agent connection :ref:`protocol tags ` ++ ================== =============================================================== ++ ++- Each paramater in the list must be separated by ``|`` or ``:``. For example, ``for|by=uuid|proto`` is +++ Each parameter in the list must be separated by ``|`` or ``:``. For example, ``for|by=uuid|proto`` is ++ a valid value for this variable. Note that the ``connection`` parameter is a non-standard extension to ++ RFC 7239. Also note that, while Traffic Server allows multiple ``by`` parameters for the same proxy, this ++ is prohibited by RFC 7239. Currently, for the ``host`` parameter to provide the original host from the ++@@ -1658,7 +1658,7 @@ Proxy User Variables ++ information. ++ See :ts:cv:`proxy.config.http.server_ports` for information on how to enable Proxy Protocol on a port. ++ ++- See :ref:`proxy-protocol` for more discussion on how |TS| tranforms the `Forwarded: header. +++ See :ref:`proxy-protocol` for more discussion on how |TS| transforms the `Forwarded: header. ++ ++ .. ts:cv:: CONFIG proxy.config.http.normalize_ae INT 1 ++ :reloadable: ++@@ -2364,7 +2364,7 @@ DNS ++ ++ .. ts:cv:: CONFIG proxy.config.dns.resolv_conf STRING /etc/resolv.conf ++ ++- Allows to specify which ``resolv.conf`` file to use for finding resolvers. While the format of this file must be the same as the +++ Allows one to specify which ``resolv.conf`` file to use for finding resolvers. While the format of this file must be the same as the ++ standard ``resolv.conf`` file, this option allows an administrator to manage the set of resolvers in an external configuration file, ++ without affecting how the rest of the operating system uses DNS. ++ ++@@ -2622,7 +2622,7 @@ HostDB ++ Set the frequency (in seconds) to sync hostdb to disk. ++ ++ Note: hostdb is syncd to disk on a per-partition basis (of which there are 64). ++- This means that the minumum time to sync all data to disk is :ts:cv:`proxy.config.cache.hostdb.sync_frequency` * 64 +++ This means that the minimum time to sync all data to disk is :ts:cv:`proxy.config.cache.hostdb.sync_frequency` * 64 ++ ++ Logging Configuration ++ ===================== ++@@ -2956,7 +2956,7 @@ Diagnostic Logging Configuration ++ ++ .. ts:cv:: CONFIG proxy.config.diags.debug.tags STRING http|dns ++ ++- Each |TS| `diag` and `debug` level message is annotated with a subsytem tag. This configuration +++ Each |TS| `diag` and `debug` level message is annotated with a subsystem tag. This configuration ++ contains an anchored regular expression that filters the messages based on the tag. The ++ expressions are prefix matched which creates an implicit ``.*`` at the end. Therefore the default ++ value ``http|dns`` will match tags such as ``http``, ``http_hdrs``, ``dns``, and ``dns_recv``. ++@@ -2964,7 +2964,7 @@ Diagnostic Logging Configuration ++ Some commonly used debug tags are: ++ ++ ============ ===================================================== ++- Tag Subsytem usage +++ Tag Subsystem usage ++ ============ ===================================================== ++ dns DNS query resolution ++ http_hdrs Logs the headers for HTTP requests and responses ++@@ -3120,7 +3120,7 @@ SSL Termination ++ .. ts:cv:: CONFIG proxy.config.ssl.client.groups_list STRING ++ ++ Configures the list of supported groups provided by OpenSSL which ++- |TS| will use for the "key_share" and "supported groups" extention +++ |TS| will use for the "key_share" and "supported groups" extension ++ of TLSv1.3 connections. The value is a colon separated list of ++ group NIDs or names, for example "P-521:P-384:P-256". For ++ instructions, see "Groups" section of `TLS1.3 - OpenSSLWiki `_. ++@@ -3263,7 +3263,7 @@ SSL Termination ++ ``0`` Disables the session cache entirely. ++ ``1`` Enables the session cache using OpenSSL's implementation. ++ ``2`` Default. Enables the session cache using |TS|'s implementation. This ++- implentation should perform much better than the OpenSSL +++ implementation should perform much better than the OpenSSL ++ implementation. ++ ===== ====================================================================== ++ ++--- a/doc/admin-guide/files/remap.config.en.rst +++++ b/doc/admin-guide/files/remap.config.en.rst ++@@ -415,7 +415,7 @@ Acl Filters ++ ++ Acl filters can be created to control access of specific remap lines. The markup ++ is very similar to that of :file:`ip_allow.config`, with slight changes to ++-accomodate remap markup +++accommodate remap markup ++ ++ Examples ++ -------- ++--- a/doc/admin-guide/files/storage.config.en.rst +++++ b/doc/admin-guide/files/storage.config.en.rst ++@@ -92,7 +92,7 @@ which will effectively clear most of the ++ reboot causes the path names to change. ++ ++ The :arg:`id` option can be used to create a fixed string that an administrator can use to keep the ++-assignment table consistent by maintaing the mapping from physical device to base string even in the presence of hardware changes and failures. +++assignment table consistent by maintaining the mapping from physical device to base string even in the presence of hardware changes and failures. ++ ++ Examples ++ ======== ++--- a/doc/appendices/command-line/traffic_ctl.en.rst +++++ b/doc/appendices/command-line/traffic_ctl.en.rst ++@@ -255,7 +255,7 @@ traffic_ctl host ++ .. program:: traffic_ctl host ++ .. option:: status HOSTNAME [HOSTNAME ...] ++ ++- Get the current status of the hosts used in parent.config as a next hop in a multi-tiered cache heirarchy. The value 0 or 1 is returned indicating that the host is marked as down '0' or marked as up '1'. If a host is marked as down, it will not be used as the next hop parent, another host marked as up will be chosen. +++ Get the current status of the hosts used in parent.config as a next hop in a multi-tiered cache hierarchy. The value 0 or 1 is returned indicating that the host is marked as down '0' or marked as up '1'. If a host is marked as down, it will not be used as the next hop parent, another host marked as up will be chosen. ++ ++ .. program:: traffic_ctl host ++ .. option:: down --time seconds --reason 'active|local|manual' HOSTNAME [HOSTNAME ...] ++--- a/doc/developer-guide/api/functions/TSCacheRemove.en.rst +++++ b/doc/developer-guide/api/functions/TSCacheRemove.en.rst ++@@ -41,4 +41,4 @@ the cache calls :arg:`contp` back with t ++ In both of these callbacks, the user (:arg:`contp`) does not have to do ++ anything. The user does not get any vconnection from the cache, since ++ no data needs to be transferred. When the cache calls :arg:`contp` back with ++-:data:`TS_EVENT_CACHE_REMOVE`, the remove has already been commited. +++:data:`TS_EVENT_CACHE_REMOVE`, the remove has already been committed. ++--- a/doc/developer-guide/api/functions/TSContSchedule.en.rst +++++ b/doc/developer-guide/api/functions/TSContSchedule.en.rst ++@@ -32,7 +32,7 @@ Description ++ =========== ++ ++ Schedules :arg:`contp` to run :arg:`delay` milliseconds in the future. This is approximate. The delay ++-will be at least :arg:`delay` but possibly more. Resultions finer than roughly 5 milliseconds will +++will be at least :arg:`delay` but possibly more. Resolutions finer than roughly 5 milliseconds will ++ not be effective. :arg:`contp` is required to have a mutex, which is provided to ++ :func:`TSContCreate`. ++ ++--- a/doc/developer-guide/api/functions/TSHttpConnectWithPluginId.en.rst +++++ b/doc/developer-guide/api/functions/TSHttpConnectWithPluginId.en.rst ++@@ -79,7 +79,7 @@ virtual connection. ++ ++ The combination of :arg:`tag` and :arg:`id` is intended to enable correlation ++ in log post processing. The :arg:`tag` identifies the connection as related ++-to the plugin and the :arg:`id` can be used in conjuction with plugin +++to the plugin and the :arg:`id` can be used in conjunction with plugin ++ generated logs to correlate the log records. ++ ++ Notes ++--- a/doc/developer-guide/api/functions/TSHttpOverridableConfig.en.rst +++++ b/doc/developer-guide/api/functions/TSHttpOverridableConfig.en.rst ++@@ -43,7 +43,7 @@ Description ++ ++ Some of the values that are set in :file:`records.config` can be changed for a ++ specific transaction. It is important to note that these functions change the ++-configuration values stored for the transation, which is not quite the same as +++configuration values stored for the transaction, which is not quite the same as ++ changing the actual operating values of the transaction. The critical effect is ++ the value must be changed before it is used by the transaction - after that, ++ changes will not have any effect. ++--- a/doc/developer-guide/api/functions/TSHttpTxnErrorBodySet.en.rst +++++ b/doc/developer-guide/api/functions/TSHttpTxnErrorBodySet.en.rst ++@@ -36,4 +36,4 @@ Description ++ Note that both string arguments must be allocated with :c:func:`TSmalloc` or ++ :c:func:`TSstrdup`. The :arg:`mimetype` is optional, and if not provided it ++ defaults to :literal:`text/html`. Sending an empty string would prevent setting ++-a content type header (but that is not adviced). +++a content type header (but that is not advised). ++--- a/doc/developer-guide/api/functions/TSHttpTxnMilestoneGet.en.rst +++++ b/doc/developer-guide/api/functions/TSHttpTxnMilestoneGet.en.rst ++@@ -138,7 +138,7 @@ is successful. ++ ++ .. macro:: TS_MILESTONE_LAST_ENTRY ++ ++- A psuedo index which is set to be one more than the last valid index. This is useful for looping over the data. +++ A pseudo index which is set to be one more than the last valid index. This is useful for looping over the data. ++ ++ ++ * The server connect times predate the transmission of the :literal:`SYN` ++--- a/doc/developer-guide/api/functions/TSHttpTxnServerIntercept.en.rst +++++ b/doc/developer-guide/api/functions/TSHttpTxnServerIntercept.en.rst ++@@ -53,7 +53,7 @@ The response from the plugin is cached s ++ caching rules. Should the plugin wish the response not be cached, the plugin ++ must use appropriate HTTP response headers to prevent caching. The primary ++ purpose of :func:`TSHttpTxnServerIntercept` is allow plugins to provide gateways ++-to other protocols or to allow to plugin to its own transport for the next hop +++to other protocols or to allow one to plugin to its own transport for the next hop ++ to the server. :func:`TSHttpTxnServerIntercept` overrides parent cache ++ configuration. ++ ++--- a/doc/developer-guide/api/functions/TSIOBufferReader.en.rst +++++ b/doc/developer-guide/api/functions/TSIOBufferReader.en.rst ++@@ -59,7 +59,7 @@ has two very important consequences -- ++ * Conversely keeping a reader around unused will pin the buffer data in memory. This can be useful or harmful. ++ ++ A buffer has a fixed amount of possible readers (currently 5) which is determined at compile ++-time. Reader allocation is fast and cheap until this maxium is reached at which point it fails. +++time. Reader allocation is fast and cheap until this maximum is reached at which point it fails. ++ ++ :func:`TSIOBufferReaderAlloc` allocates a reader for the IO buffer :arg:`bufp`. This should only be ++ called on a newly allocated buffer. If not the location of the reader in the buffer will be ++--- a/doc/developer-guide/api/functions/TSSslContext.en.rst +++++ b/doc/developer-guide/api/functions/TSSslContext.en.rst ++@@ -36,11 +36,11 @@ Description ++ =========== ++ ++ :func:`TSSslContextFindByName` searches for a SSL server context ++-created from :file:`ssl_multicert.config`, matching against the +++created from :file:`ssl_multicert.config`, matchingg against the ++ server :arg:`name`. ++ ++ :func:`TSSslContextFindByAddr` searches for a SSL server context ++-created from :file:`ssl_multicert.config` matchin against the server +++created from :file:`ssl_multicert.config` matching against the server ++ :arg:`address`. ++ ++ ++--- a/doc/developer-guide/api/functions/TSSslSession.en.rst +++++ b/doc/developer-guide/api/functions/TSSslSession.en.rst ++@@ -46,7 +46,7 @@ The functions also work with the :type:` ++ ++ These functions perform the appropriate locking on the session cache to avoid errors. ++ ++-The :func:`TSSslSessionGet` and :func:`TSSslSessionGetBuffer` functions retreive the :type:`TSSslSession` object that is identifed by the +++The :func:`TSSslSessionGet` and :func:`TSSslSessionGetBuffer` functions retrieve the :type:`TSSslSession` object that is identifed by the ++ :type:`TSSslSessionID` object. If there is no matching sesion object, :func:`TSSslSessionGet` returns NULL and :func:`TSSslSessionGetBuffer` ++ returns 0. ++ ++--- a/doc/developer-guide/api/functions/TSStat.en.rst +++++ b/doc/developer-guide/api/functions/TSStat.en.rst ++@@ -46,9 +46,9 @@ Description ++ ++ A plugin statistic is created by :func:`TSStatCreate`. The :arg:`name` must be globally unique and ++ should follow the standard dotted tag form. To avoid collisions and for easy of use the first tag ++-should be the plugin name or something easily derived from it. Currently only integers are suppored +++should be the plugin name or something easily derived from it. Currently only integers are supported ++ therefore :arg:`type` must be :macro:`TS_RECORDDATATYPE_INT`. The return value is the index of the ++-statistic. In general thsi should work but if it doesn't it will :code:`assert`. In particular, +++statistic. In general this should work but if it doesn't it will :code:`assert`. In particular, ++ creating the same statistic twice will fail in this way, which can happen if statistics are created ++ as part of or based on configuration files and |TS| is reloaded. ++ ++--- a/doc/developer-guide/api/functions/TSVConnReenable.en.rst +++++ b/doc/developer-guide/api/functions/TSVConnReenable.en.rst ++@@ -32,7 +32,7 @@ Description ++ =========== ++ ++ Reenable the SSL connection :arg:`svc`. If a plugin hook is called, ATS ++-processing on that connnection will not resume until this is invoked for that +++processing on that connection will not resume until this is invoked for that ++ connection. ++ ++ If the server is running OpenSSL 1.0.1 with the appropraite patch installed or ++--- a/doc/developer-guide/api/functions/TSfwrite.en.rst +++++ b/doc/developer-guide/api/functions/TSfwrite.en.rst ++@@ -44,4 +44,4 @@ The behavior is undefined if length is g ++ Return Value ++ ============ ++ ++-Returns the number of bytes actually written, or -1 if an error occured. +++Returns the number of bytes actually written, or -1 if an error occurred. ++--- a/iocore/cache/CacheHosting.cc +++++ b/iocore/cache/CacheHosting.cc ++@@ -715,7 +715,7 @@ ConfigVolumes::BuildListFromString(char ++ // added by YTS Team, yamsat for bug id 59632 ++ total += size; ++ if (size > 100 || total > 100) { ++- err = "Total volume size added upto more than 100 percent, No volumes created"; +++ err = "Total volume size added up to more than 100 percent, No volumes created"; ++ break; ++ } ++ // ends here ++--- a/iocore/eventsystem/IOBuffer.cc +++++ b/iocore/eventsystem/IOBuffer.cc ++@@ -182,7 +182,7 @@ MIOBuffer::puts(char *s, int64_t len) ++ } ++ if (!*pb || *pb == '\n') { ++ int64_t n = (int64_t)(pb - s); ++- memcpy(end(), s, n + 1); // Upto and including '\n' +++ memcpy(end(), s, n + 1); // Up to and including '\n' ++ end()[n + 1] = 0; ++ fill(n + 1); ++ return n + 1; ++--- a/plugins/esi/lib/EsiProcessor.cc +++++ b/plugins/esi/lib/EsiProcessor.cc ++@@ -305,7 +305,7 @@ EsiProcessor::process(const char *&data, ++ ++ /* FAILURE CACHE */ ++ FailureData *data = static_cast(pthread_getspecific(threadKey)); ++- _debugLog("plugin_esi_failureInfo", "[%s]Fetched data related to thread specfic %p", __FUNCTION__, data); +++ _debugLog("plugin_esi_failureInfo", "[%s]Fetched data related to thread specific %p", __FUNCTION__, data); ++ ++ for (iter = try_iter->attempt_nodes.begin(); iter != try_iter->attempt_nodes.end(); ++iter) { ++ if ((iter->type == DocNode::TYPE_INCLUDE) || iter->type == DocNode::TYPE_SPECIAL_INCLUDE) { ++@@ -342,7 +342,7 @@ EsiProcessor::process(const char *&data, ++ } ++ } ++ if (attempt_succeeded) { ++- _debugLog(_debug_tag, "[%s] attempt section succeded; using attempt section", __FUNCTION__); +++ _debugLog(_debug_tag, "[%s] attempt section succeeded; using attempt section", __FUNCTION__); ++ _node_list.splice(try_iter->pos, try_iter->attempt_nodes); ++ } else { ++ _debugLog(_debug_tag, "[%s] attempt section errored; trying except section", __FUNCTION__); ++@@ -436,7 +436,7 @@ EsiProcessor::flush(string &data, int &o ++ ++ /* FAILURE CACHE */ ++ FailureData *fdata = static_cast(pthread_getspecific(threadKey)); ++- _debugLog("plugin_esi_failureInfo", "[%s]Fetched data related to thread specfic %p", __FUNCTION__, fdata); +++ _debugLog("plugin_esi_failureInfo", "[%s]Fetched data related to thread specific %p", __FUNCTION__, fdata); ++ ++ for (iter = try_iter->attempt_nodes.begin(); iter != try_iter->attempt_nodes.end(); ++iter) { ++ if ((iter->type == DocNode::TYPE_INCLUDE) || iter->type == DocNode::TYPE_SPECIAL_INCLUDE) { ++@@ -473,7 +473,7 @@ EsiProcessor::flush(string &data, int &o ++ } ++ } ++ if (attempt_succeeded) { ++- _debugLog(_debug_tag, "[%s] attempt section succeded; using attempt section", __FUNCTION__); +++ _debugLog(_debug_tag, "[%s] attempt section succeeded; using attempt section", __FUNCTION__); ++ _n_prescanned_nodes = _n_prescanned_nodes + try_iter->attempt_nodes.size(); ++ _node_list.splice(try_iter->pos, try_iter->attempt_nodes); ++ } else { ++--- a/plugins/esi/lib/Variables.cc +++++ b/plugins/esi/lib/Variables.cc ++@@ -437,18 +437,18 @@ Variables::_parseDictVariable(const std: ++ for (int i = 0; i < (var_size - 1); ++i) { ++ if (variable[i] == '{') { ++ if (paranth_index != -1) { ++- _debugLog(_debug_tag, "[%s] Cannot have multiple paranthesis in dict variable [%.*s]", __FUNCTION__, var_size, var_ptr); +++ _debugLog(_debug_tag, "[%s] Cannot have multiple parenthesis in dict variable [%.*s]", __FUNCTION__, var_size, var_ptr); ++ return false; ++ } ++ paranth_index = i; ++ } ++ if (variable[i] == '}') { ++- _debugLog(_debug_tag, "[%s] Cannot have multiple paranthesis in dict variable [%.*s]", __FUNCTION__, var_size, var_ptr); +++ _debugLog(_debug_tag, "[%s] Cannot have multiple parenthesis in dict variable [%.*s]", __FUNCTION__, var_size, var_ptr); ++ return false; ++ } ++ } ++ if (paranth_index == -1) { ++- _debugLog(_debug_tag, "[%s] Could not find opening paranthesis in variable [%.*s]", __FUNCTION__, var_size, var_ptr); +++ _debugLog(_debug_tag, "[%s] Could not find opening parenthesis in variable [%.*s]", __FUNCTION__, var_size, var_ptr); ++ return false; ++ } ++ if (paranth_index == 0) { ++--- a/plugins/experimental/collapsed_forwarding/collapsed_forwarding.cc +++++ b/plugins/experimental/collapsed_forwarding/collapsed_forwarding.cc ++@@ -353,7 +353,7 @@ TSRemapInit(TSRemapInterface * /* api_in ++ TSError("Cannot initialize %s as both global and remap plugin", DEBUG_TAG); ++ return TS_ERROR; ++ } else { ++- TSDebug(DEBUG_TAG, "plugin is succesfully initialized for remap"); +++ TSDebug(DEBUG_TAG, "plugin is successfully initialized for remap"); ++ return TS_SUCCESS; ++ } ++ } ++--- a/plugins/experimental/fq_pacing/fq_pacing.c +++++ b/plugins/experimental/fq_pacing/fq_pacing.c ++@@ -118,7 +118,7 @@ TSRemapInit(TSRemapInterface *api_info, ++ return TS_ERROR; ++ } ++ ++- TSDebug(PLUGIN_NAME, "plugin is succesfully initialized"); +++ TSDebug(PLUGIN_NAME, "plugin is successfully initialized"); ++ return TS_SUCCESS; ++ } ++ ++--- a/plugins/experimental/header_normalize/header_normalize.cc +++++ b/plugins/experimental/header_normalize/header_normalize.cc ++@@ -158,7 +158,7 @@ TSRemapInit(TSRemapInterface *api_info, ++ return TS_ERROR; ++ } ++ buildHdrMap(); ++- TSDebug(PLUGIN_NAME, "plugin is succesfully initialized"); +++ TSDebug(PLUGIN_NAME, "plugin is successfully initialized"); ++ return TS_SUCCESS; ++ } ++ ++--- a/plugins/experimental/prefetch/plugin.cc +++++ b/plugins/experimental/prefetch/plugin.cc ++@@ -202,7 +202,7 @@ evaluate(const String &v) ++ } else { ++ stmt.assign(v); ++ } ++- PrefetchDebug("statement: '%s', formating length: %zu", stmt.c_str(), len); +++ PrefetchDebug("statement: '%s', formatting length: %zu", stmt.c_str(), len); ++ ++ int result = 0; ++ pos = stmt.find_first_of("+-"); ++--- a/plugins/experimental/url_sig/url_sig.c +++++ b/plugins/experimental/url_sig/url_sig.c ++@@ -98,7 +98,7 @@ TSRemapInit(TSRemapInterface *api_info, ++ return TS_ERROR; ++ } ++ ++- TSDebug(PLUGIN_NAME, "plugin is succesfully initialized"); +++ TSDebug(PLUGIN_NAME, "plugin is successfully initialized"); ++ return TS_SUCCESS; ++ } ++ ++--- a/plugins/generator/generator.cc +++++ b/plugins/generator/generator.cc ++@@ -609,7 +609,7 @@ GeneratorTxnHook(TSCont contp, TSEvent e ++ TSReleaseAssert(TSHttpTxnCacheLookupStatusGet(arg.txn, &status) == TS_SUCCESS); ++ if (status != TS_CACHE_LOOKUP_HIT_FRESH) { ++ // This transaction is going to be a cache miss, so intercept it. ++- VDEBUG("intercepting orgin server request for txn=%p", arg.txn); +++ VDEBUG("intercepting origin server request for txn=%p", arg.txn); ++ TSHttpTxnServerIntercept(TSContCreate(GeneratorInterceptionHook, TSMutexCreate()), arg.txn); ++ } ++ ++--- a/plugins/header_rewrite/header_rewrite.cc +++++ b/plugins/header_rewrite/header_rewrite.cc ++@@ -339,7 +339,7 @@ TSPluginInit(int argc, const char *argv[ ++ // just appended to the configurations. ++ TSDebug(PLUGIN_NAME, "Loading global configuration file %s", argv[i]); ++ if (conf->parse_config(argv[i], TS_HTTP_READ_RESPONSE_HDR_HOOK)) { ++- TSDebug(PLUGIN_NAME, "Succesfully loaded global config file %s", argv[i]); +++ TSDebug(PLUGIN_NAME, "Successfully loaded global config file %s", argv[i]); ++ got_config = true; ++ } else { ++ TSError("[header_rewrite] failed to parse configuration file %s", argv[i]); ++@@ -410,7 +410,7 @@ TSRemapNewInstance(int argc, char *argv[ ++ delete conf; ++ return TS_ERROR; ++ } else { ++- TSDebug(PLUGIN_NAME, "Succesfully loaded remap config file %s", argv[i]); +++ TSDebug(PLUGIN_NAME, "Successfully loaded remap config file %s", argv[i]); ++ } ++ } ++ ++--- a/plugins/s3_auth/s3_auth.cc +++++ b/plugins/s3_auth/s3_auth.cc ++@@ -869,7 +869,7 @@ event_handler(TSCont cont, TSEvent event ++ } ++ ++ if (TS_HTTP_STATUS_OK == status) { ++- TSDebug(PLUGIN_NAME, "Succesfully signed the AWS S3 URL"); +++ TSDebug(PLUGIN_NAME, "Successfully signed the AWS S3 URL"); ++ } else { ++ TSDebug(PLUGIN_NAME, "Failed to sign the AWS S3 URL, status = %d", status); ++ TSHttpTxnStatusSet(txnp, status); ++--- a/src/traffic_cache_tool/CacheTool.cc +++++ b/src/traffic_cache_tool/CacheTool.cc ++@@ -869,7 +869,7 @@ Span::updateHeader() ++ zret.push(0, errno, "Failed to update span - ", strerror(errno)); ++ } ++ } else { ++- std::cout << "Writing not enabled, no updates perfomed" << std::endl; +++ std::cout << "Writing not enabled, no updates performed" << std::endl; ++ } ++ return zret; ++ } ++--- a/src/traffic_crashlog/traffic_crashlog.cc +++++ b/src/traffic_crashlog/traffic_crashlog.cc ++@@ -198,7 +198,7 @@ main(int /* argc ATS_UNUSED */, const ch ++ mgmterr = TSInit(nullptr, (TSInitOptionT)(TS_MGMT_OPT_NO_EVENTS | TS_MGMT_OPT_NO_SOCK_TESTS)); ++ if (mgmterr != TS_ERR_OKAY) { ++ char *msg = TSGetErrorMessage(mgmterr); ++- Warning("failed to intialize management API: %s", msg); +++ Warning("failed to initialize management API: %s", msg); ++ TSfree(msg); ++ } ++ ++--- a/src/traffic_logstats/logstats.cc +++++ b/src/traffic_logstats/logstats.cc ++@@ -1828,7 +1828,7 @@ process_file(int in_fd, off_t offset, un ++ unsigned second_read_size = sizeof(LogBufferHeader) - first_read_size; ++ nread = read(in_fd, &buffer[first_read_size], second_read_size); ++ if (!nread || EOF == nread) { ++- Debug("logstats", "Second read of header failed (attemped %d bytes at offset %d, got nothing), errno=%d.", second_read_size, +++ Debug("logstats", "Second read of header failed (attempted %d bytes at offset %d, got nothing), errno=%d.", second_read_size, ++ first_read_size, errno); ++ return 1; ++ } ++--- a/src/traffic_manager/traffic_manager.cc +++++ b/src/traffic_manager/traffic_manager.cc ++@@ -142,7 +142,7 @@ rotateLogs() ++ if (kill(tspid, SIGUSR2) != 0) { ++ mgmt_log("Could not send SIGUSR2 to TS: %s", strerror(errno)); ++ } else { ++- mgmt_log("Succesfully sent SIGUSR2 to TS!"); +++ mgmt_log("Successfully sent SIGUSR2 to TS!"); ++ } ++ } ++ } ++--- a/src/traffic_server/CoreUtils.h +++++ b/src/traffic_server/CoreUtils.h ++@@ -44,7 +44,7 @@ ++ #define PC_REGNUM 12 /* Contains program counter EIP */ ++ #define FP_REGNUM 5 /* Virtual frame pointer EBP */ ++ #define NO_OF_ARGS \ ++- 10 /* The argument depth upto which we would be looking into \ +++ 10 /* The argument depth up to which we would be looking into \ ++ the stack */ ++ ++ // contains local and in registers, frame pointer, and stack base ++@@ -63,7 +63,7 @@ struct core_stack_state { ++ #include ++ ++ #define NO_OF_ARGS \ ++- 10 /* The argument depth upto which we would be looking into \ +++ 10 /* The argument depth up to which we would be looking into \ ++ the stack */ ++ ++ // contains local and in registers, frame pointer, and stack base ++--- a/src/traffic_server/InkAPITest.cc +++++ b/src/traffic_server/InkAPITest.cc ++@@ -4225,7 +4225,7 @@ REGRESSION_TEST(SDK_API_TSHttpHdr)(Regre ++ SDK_RPRINT(test, "TSHttpHdrUrlSet&Get", "TestCase1", TC_FAIL, "TSHttpHdrUrlSet returns TS_ERROR"); ++ } else { ++ if (TSHttpHdrUrlGet(bufp1, hdr_loc1, &url_loc_Get) != TS_SUCCESS) { ++- SDK_RPRINT(test, "TSHttpHdrUrlSet&Get", "TestCase1", TC_FAIL, "TSHttpHdrUrlGet retuns TS_ERROR"); +++ SDK_RPRINT(test, "TSHttpHdrUrlSet&Get", "TestCase1", TC_FAIL, "TSHttpHdrUrlGet returns TS_ERROR"); ++ } else { ++ if (url_loc == url_loc_Get) { ++ SDK_RPRINT(test, "TSHttpHdrUrlSet&Get", "TestCase1", TC_PASS, "ok"); ++--- a/src/tscore/ArgParser.cc +++++ b/src/tscore/ArgParser.cc ++@@ -154,7 +154,7 @@ ArgParser::parse(const char **argv) ++ }; ++ // if there is anything left, then output usage ++ if (!args.empty()) { ++- std::string msg = "Unkown command, option or args:"; +++ std::string msg = "Unknown command, option or args:"; ++ for (auto it : args) { ++ msg = msg + " '" + it + "'"; ++ } ++--- a/iocore/net/Socks.cc +++++ b/iocore/net/Socks.cc ++@@ -694,7 +694,7 @@ socks5PasswdAuthHandler(int event, unsig ++ // NEC thinks it is 5 RFC seems to indicate 1. ++ switch (p[1]) { ++ case 0: ++- Debug("Socks", "Username/Passwd succeded"); +++ Debug("Socks", "Username/Passwd succeeded"); ++ *h_ptr = nullptr; ++ break; ++ ++--- a/iocore/net/UnixUDPNet.cc +++++ b/iocore/net/UnixUDPNet.cc ++@@ -628,7 +628,7 @@ UDPNetProcessor::CreateUDPSocket(int *re ++ } ++ ++ if (safe_getsockname(fd, &local_addr.sa, &local_addr_len) < 0) { ++- Debug("udpnet", "CreateUdpsocket: getsockname didnt' work"); +++ Debug("udpnet", "CreateUdpsocket: getsockname didn't work"); ++ goto HardError; ++ } ++ } ++--- a/mgmt/Rollback.cc +++++ b/mgmt/Rollback.cc ++@@ -133,7 +133,7 @@ Rollback::Rollback(const char *fileName_ ++ mgmt_log("[RollBack::Rollback] Automatic Rollback to prior version failed for %s : %s\n", fileName, strerror(errno)); ++ needZeroLength = true; ++ } else { ++- mgmt_log("[RollBack::Rollback] Automatic Rollback to version succeded for %s\n", fileName, strerror(errno)); +++ mgmt_log("[RollBack::Rollback] Automatic Rollback to version succeeded for %s\n", fileName, strerror(errno)); ++ needZeroLength = false; ++ highestSeen--; ++ // Since we've made the highestVersion active ++--- a/proxy/logging/LogBuffer.cc +++++ b/proxy/logging/LogBuffer.cc ++@@ -270,7 +270,7 @@ LogBuffer::checkout_write(size_t *write_ ++ } ++ ++ if (switch_state(old_s, new_s)) { ++- // we succeded in setting the new state +++ // we succeeded in setting the new state ++ break; ++ } ++ } ++--- a/proxy/logging/LogObject.cc +++++ b/proxy/logging/LogObject.cc ++@@ -420,7 +420,7 @@ LogObject::_checkout_write(size_t *write ++ ++ switch (result_code) { ++ case LogBuffer::LB_OK: ++- // checkout succeded +++ // checkout succeeded ++ retry = false; ++ break; ++ ++--- a/doc/admin-guide/plugins/header_rewrite.en.rst +++++ b/doc/admin-guide/plugins/header_rewrite.en.rst ++@@ -330,7 +330,7 @@ The data that can be checked is :: ++ %{INBOUND:REMOTE-PORT} The client port for the connection. ++ %{INBOUND:TLS} The TLS protocol if the connection is over TLS, otherwise the empty string. ++ %{INBOUND:H2} The string "h2" if the connection is HTTP/2, otherwise the empty string. ++- %{INBOUND:IPV4} The string "ipv4" if the connection is IPv4, otherwise the emtpy string. +++ %{INBOUND:IPV4} The string "ipv4" if the connection is IPv4, otherwise the empty string. ++ %{INBOUND:IPV6} The string "ipv6" if the connection is IPv6, otherwise the empty string. ++ %{INBOUND:IP-FAMILY} The IP family, either "ipv4" or "ipv6". ++ %{INBOUND:STACK} The full protocol stack separated by ','. ++@@ -836,7 +836,7 @@ Variable Description ++ % The TLS protocol for the inbound connection if it is over TLS, otherwise the ++ empty string. ++ % The string "h2" if the inbound connection is HTTP/2, otherwise the empty string. ++-% The string "ipv4" if the inbound connection is IPv4, otherwise the emtpy string. +++% The string "ipv4" if the inbound connection is IPv4, otherwise the empty string. ++ % The string "ipv6" if the inbound connection is IPv6, otherwise the empty string. ++ % The IP family of the inbound connection (either "ipv4" or "ipv6"). ++ % The full protocol stack of the inbound connection separated by ','. ++--- a/iocore/dns/SplitDNS.cc +++++ b/iocore/dns/SplitDNS.cc ++@@ -341,7 +341,7 @@ SplitDNSRecord::ProcessDNSHosts(char *va ++ if (tmp - current > (MAXDNAME - 1)) { ++ return "DNS server name (ip) is too long"; ++ } else if (tmp - current == 0) { ++- return "server string is emtpy"; +++ return "server string is empty"; ++ } ++ *tmp = 0; ++ } ++--- a/lib/records/RecHttp.cc +++++ b/lib/records/RecHttp.cc ++@@ -435,7 +435,7 @@ HttpProxyPort::processOptions(const char ++ if (in_ip_set_p && m_family != m_inbound_ip.family()) { ++ std::string_view iname{ats_ip_family_name(m_inbound_ip.family())}; ++ std::string_view fname{ats_ip_family_name(m_family)}; ++- Warning("Invalid port descriptor '%s' - the inbound adddress family [%.*s] is not the same type as the explicit family value " +++ Warning("Invalid port descriptor '%s' - the inbound address family [%.*s] is not the same type as the explicit family value " ++ "[%.*s]", ++ opts, static_cast(iname.size()), iname.data(), static_cast(fname.size()), fname.data()); ++ zret = false; ++--- a/proxy/ParentSelection.cc +++++ b/proxy/ParentSelection.cc ++@@ -517,7 +517,7 @@ ParentRecord::ProcessParents(char *val, ++ errPtr = "Parent hostname is too long"; ++ goto MERROR; ++ } else if (tmp - current == 0) { ++- errPtr = "Parent string is emtpy"; +++ errPtr = "Parent string is empty"; ++ goto MERROR; ++ } ++ // Update the pRecords ++--- a/src/tscore/HostLookup.cc +++++ b/src/tscore/HostLookup.cc ++@@ -50,7 +50,7 @@ domaincmp(const char *hostname, const ch ++ const char *host_cur = hostname + strlen(hostname); ++ const char *domain_cur = domain + strlen(domain); ++ ++- // Check to see if were passed emtpy stings for either +++ // Check to see if were passed empty stings for either ++ // argument. Empty strings do not match anything ++ // ++ if (domain_cur == domain || host_cur == hostname) { ++@@ -380,7 +380,7 @@ charIndex::Insert(const char *match_data ++ ++ // Check to see if are at the level we supposed be at ++ if (*(match_data + 1) == '\0') { ++- // The slot should always be emtpy, no duplicate +++ // The slot should always be empty, no duplicate ++ // keys are allowed ++ ink_assert(cur->branch_array[index] == nullptr); ++ cur->branch_array[index] = toInsert; ++--- a/build/pkg.m4 +++++ b/build/pkg.m4 ++@@ -53,7 +53,7 @@ fi[]dnl ++ # to PKG_CHECK_MODULES(), but does not set variables or print errors. ++ # ++ # Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) ++-# only at the first occurence in configure.ac, so if the first place +++# only at the first occurrence in configure.ac, so if the first place ++ # it's called might be skipped (such as if it is within an "if", you ++ # have to call PKG_CHECK_EXISTS manually ++ # -------------------------------------------------------------- ++--- a/include/tscpp/util/TextView.h +++++ b/include/tscpp/util/TextView.h ++@@ -264,7 +264,7 @@ public: ++ self_type prefix(size_t n) const; ++ /// Convenience overload to avoid ambiguity for literal numbers. ++ self_type prefix(int n) const; ++- /** Get the prefix delimited by the first occurence of the character @a c. +++ /** Get the prefix delimited by the first occurrence of the character @a c. ++ ++ If @a c is not found the entire view is returned. ++ The delimiter character is not included in the returned view. ++@@ -272,7 +272,7 @@ public: ++ @return A view of the prefix. ++ */ ++ self_type prefix(char c) const; ++- /** Get the prefix delimited by the first occurence of a character in @a delimiters. +++ /** Get the prefix delimited by the first occurrence of a character in @a delimiters. ++ ++ If no such character is found the entire view is returned. ++ The delimiter character is not included in the returned view. ++--- a/iocore/cache/CacheVol.cc +++++ b/iocore/cache/CacheVol.cc ++@@ -400,7 +400,7 @@ CacheVC::scanOpenWrite(int /* event ATS_ ++ // get volume lock ++ if (writer_lock_retry > SCAN_WRITER_LOCK_MAX_RETRY) { ++ int r = _action.continuation->handleEvent(CACHE_EVENT_SCAN_OPERATION_BLOCKED, nullptr); ++- Debug("cache_scan", "still havent got the writer lock, asking user.."); +++ Debug("cache_scan", "still haven't got the writer lock, asking user.."); ++ switch (r) { ++ case CACHE_SCAN_RESULT_RETRY: ++ writer_lock_retry = 0; ++--- a/iocore/eventsystem/I_IOBuffer.h +++++ b/iocore/eventsystem/I_IOBuffer.h ++@@ -680,7 +680,7 @@ public: ++ /** ++ Perform a memchr() across the list of IOBufferBlocks. Returns the ++ offset from the current start point of the reader to the first ++- occurence of character 'c' in the buffer. +++ occurrence of character 'c' in the buffer. ++ ++ @param c character to look for. ++ @param len number of characters to check. If len exceeds the number ++--- a/iocore/net/OCSPStapling.cc +++++ b/iocore/net/OCSPStapling.cc ++@@ -99,7 +99,7 @@ stapling_get_issuer(SSL_CTX *ssl_ctx, X5 ++ ++ #ifdef SSL_CTX_select_current_cert ++ if (!SSL_CTX_select_current_cert(ssl_ctx, x)) { ++- Warning("OCSP: could not select current certifcate chain %p", x); +++ Warning("OCSP: could not select current certificate chain %p", x); ++ } ++ #endif ++ ++--- a/mgmt/Alarms.cc +++++ b/mgmt/Alarms.cc ++@@ -297,7 +297,7 @@ Alarms::signalAlarm(alarm_t a, const cha ++ (*(func))(a, ip, desc); ++ } ++ ++- /* Priority 2 alarms get signalled if they are the first unsolved occurence. */ +++ /* Priority 2 alarms get signalled if they are the first unsolved occurrence. */ ++ if (priority == 2 && !ip) { ++ execAlarmBin(desc); ++ } ++--- a/proxy/http/HttpSessionManager.cc +++++ b/proxy/http/HttpSessionManager.cc ++@@ -204,7 +204,7 @@ ServerSessionPool::eventHandler(int even ++ if (connection_count_below_min) { ++ Debug("http_ss", ++ "[%" PRId64 "] [session_bucket] session received io notice [%s], " ++- "reseting timeout to maintain minimum number of connections", +++ "resetting timeout to maintain minimum number of connections", ++ s->con_id, HttpDebugNames::get_event_name(event)); ++ s->get_netvc()->set_inactivity_timeout(s->get_netvc()->get_inactivity_timeout()); ++ s->get_netvc()->set_active_timeout(s->get_netvc()->get_active_timeout()); ++--- a/plugins/lua/ts_lua_transform.c +++++ b/plugins/lua/ts_lua_transform.c ++@@ -89,7 +89,7 @@ ts_lua_transform_handler(TSCont contp, t ++ empty_input = 0; ++ if (!TSVIOBufferGet(input_vio)) { ++ if (transform_ctx->output.vio) { ++- TSDebug(TS_LUA_DEBUG_TAG, "[%s] reenabling ouput VIO after input VIO does not exist", __FUNCTION__); +++ TSDebug(TS_LUA_DEBUG_TAG, "[%s] reenabling output VIO after input VIO does not exist", __FUNCTION__); ++ TSVIONBytesSet(transform_ctx->output.vio, transform_ctx->total); ++ TSVIOReenable(transform_ctx->output.vio); ++ return 0; ++--- a/proxy/hdrs/HdrHeap.cc +++++ b/proxy/hdrs/HdrHeap.cc ++@@ -965,7 +965,7 @@ HdrHeap::unmarshal(int buf_length, int o ++ // Nothing to do ++ break; ++ default: ++- fprintf(stderr, "WARNING: Unmarshal failed due to unknow obj type %d after %d bytes", (int)obj->m_type, +++ fprintf(stderr, "WARNING: Unmarshal failed due to unknown obj type %d after %d bytes", (int)obj->m_type, ++ (int)(obj_data - (char *)this)); ++ dump_heap(unmarshal_size); ++ return -1; diff --cc debian/patches/0013-fix-perl-interpreter-path.patch index 00000000,00000000..4866f34b new file mode 100644 --- /dev/null +++ b/debian/patches/0013-fix-perl-interpreter-path.patch @@@ -1,0 -1,0 +1,14 @@@ ++Description: Fix Perl interpreter path ++Author: Jean Baptiste Favre ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2019-01-03 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/tools/tspush +++++ b/tools/tspush ++@@ -1,4 +1,4 @@ ++-#!/usr/bin/env perl +++#!/usr/bin/perl ++ ++ # ++ # Licensed to the Apache Software Foundation (ASF) under one diff --cc debian/patches/0014-use_system_yaml-cpp.patch index 00000000,00000000..f62ae20e new file mode 100644 --- /dev/null +++ b/debian/patches/0014-use_system_yaml-cpp.patch @@@ -1,0 -1,0 +1,42 @@@ ++Description: Update compilation chain after embedded libyamlcpp removal ++Author: Jean Baptiste Favre ++Origin: other ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2019-01-30 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/CMakeLists.txt +++++ b/CMakeLists.txt ++@@ -41,7 +41,6 @@ include_directories(lib ++ proxy/shared ++ lib/records ++ include/wccp ++- lib/yamlcpp/include ++ iocore/eventsystem ++ iocore/net ++ iocore/dns ++--- a/configure.ac +++++ b/configure.ac ++@@ -2073,7 +2073,6 @@ AC_CONFIG_FILES([ ++ include/tscore/ink_config.h ++ lib/tsconfig/Makefile ++ src/wccp/Makefile ++- lib/yamlcpp/Makefile ++ mgmt/Makefile ++ mgmt/api/Makefile ++ mgmt/api/include/Makefile ++--- a/lib/Makefile.am +++++ b/lib/Makefile.am ++@@ -25,12 +25,6 @@ endif ++ # to prevent Clang Analyzer warning ++ LOCAL = ++ ++-if BUILD_YAML_CPP ++-LOCAL += yamlcpp ++-endif ++- ++ all-local: $(LOCAL) ++- $(MAKE) -C yamlcpp ++ ++ clean-local: ++- $(MAKE) -C yamlcpp clean diff --cc debian/patches/0015-as-needed-fix.patch index 00000000,00000000..43a2f2fb new file mode 100644 --- /dev/null +++ b/debian/patches/0015-as-needed-fix.patch @@@ -1,0 -1,0 +1,30 @@@ ++Description: Fix LDFLAGS usage, ++Author: Gianfranco Costamagna ++ ++Forwarded: https://github.com/apache/trafficserver/pull/4793 ++Last-Update: 2019-01-12 ++ ++--- a/build/common.m4 +++++ b/build/common.m4 ++@@ -196,17 +196,17 @@ AC_DEFUN([TS_TRY_COMPILE_NO_WARNING], ++ ]) ++ ++ dnl ++-dnl TS_LINK_WITH_FLAGS_IFELSE(LDFLAGS, FUNCTION-BODY, +++dnl TS_LINK_WITH_FLAGS_IFELSE(LIBS, FUNCTION-BODY, ++ dnl [ACTIONS-IF-LINKS], [ACTIONS-IF-LINK-FAILS]) ++ dnl ++ dnl Tries a link test with the provided flags. ++ dnl ++ ++ AC_DEFUN([TS_LINK_WITH_FLAGS_IFELSE], ++-[ats_save_LDFLAGS=$LDFLAGS ++- LDFLAGS="$LDFLAGS $1" +++[ats_save_LIBS=$LIBS +++ LIBS="$LIBS $1" ++ AC_LINK_IFELSE([$2],[$3],[$4]) ++- LDFLAGS=$ats_save_LDFLAGS +++ LIBS=$ats_save_LIBS ++ ]) ++ ++ diff --cc debian/patches/0016-fix_python_3.8.patch index 00000000,00000000..5523f6d3 new file mode 100644 --- /dev/null +++ b/debian/patches/0016-fix_python_3.8.patch @@@ -1,0 -1,0 +1,18 @@@ ++Description: Fix test for python 3.8 ++Author: Matthias Klose ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2020-02-03 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/tests/bootstrap.py +++++ b/tests/bootstrap.py ++@@ -81,7 +81,8 @@ def command_output(cmd_str): ++ ++ ++ def get_distro(): ++- return platform.linux_distribution() +++ import distro +++ return distro.linux_distribution() ++ ++ ++ def distro_version(): diff --cc debian/patches/0017-fix_sphinx_3.0.patch index 00000000,00000000..c47b4237 new file mode 100644 --- /dev/null +++ b/debian/patches/0017-fix_sphinx_3.0.patch @@@ -1,0 -1,0 +1,82 @@@ ++Description: Remove python2 vestiges from conf.py, traffic-server.py. ++Author: Alan M. Carroll ++Origin: upstream ++Applied-Upstream: https://github.com/apache/trafficserver/commit/096b2590b6111dd16ec19ca24f88ff41d069f2d0 ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2020-07-29 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++--- a/doc/ext/traffic-server.py +++++ b/doc/ext/traffic-server.py ++@@ -31,7 +31,7 @@ from docutils.parsers import rst ++ from docutils.parsers.rst import directives ++ from sphinx.domains import Domain, ObjType, std ++ from sphinx.roles import XRefRole ++-from sphinx.locale import l_, _ +++from sphinx.locale import _ ++ import sphinx ++ ++ import subprocess ++@@ -301,8 +301,8 @@ class TrafficServerDomain(Domain): ++ data_version = 2 ++ ++ object_types = { ++- 'cv': ObjType(l_('configuration variable'), 'cv'), ++- 'stat': ObjType(l_('statistic'), 'stat') +++ 'cv': ObjType(_('configuration variable'), 'cv'), +++ 'stat': ObjType(_('statistic'), 'stat') ++ } ++ ++ directives = { ++--- a/doc/conf.py +++++ b/doc/conf.py ++@@ -57,7 +57,9 @@ extensions = [ ++ ] ++ ++ # Contains values that are dependent on configure.ac. ++-execfile('ext/local-config.py') +++LOCAL_CONFIG = 'ext/local-config.py' +++with open(LOCAL_CONFIG) as f : +++ exec(compile(f.read(), LOCAL_CONFIG, 'exec')) ++ ++ if version_info >= (1, 4): ++ extensions.append('sphinx.ext.imgmath') ++@@ -114,7 +116,7 @@ gettext_compact = False ++ # Generate .mo files just in time ++ if os.environ.get('READTHEDOCS') == 'True': ++ import polib ++- print "Generating .mo files", +++ print("Generating .mo files"), ++ for locale_dir in locale_dirs: ++ for path, dummy, filenames in os.walk(locale_dir): ++ for filename in filenames: ++@@ -124,7 +126,7 @@ if os.environ.get('READTHEDOCS') == 'Tru ++ mo_file = base + ".mo" ++ po = polib.pofile(po_file) ++ po.save_as_mofile(fpath=mo_file) ++- print "done" +++ print("done") ++ else: ++ # On RedHat-based distributions, install the python-sphinx_rtd_theme package ++ # to get an end result tht looks more like readthedoc.org. ++@@ -213,7 +215,7 @@ class Inliner(states.Inliner): ++ punctuation_chars.closers)) ++ ++ issue = re.compile( ++- ur''' +++ r''' ++ {start_string_prefix} ++ TS-\d+ ++ {end_string_suffix}'''.format( ++@@ -344,9 +346,9 @@ latex_elements = { ++ #'preamble': '', ++ } ++ ++-if tags.has('latex_a4'): +++if 'latex_a4' in tags: ++ latex_elements['papersize'] = 'a4paper' ++-elif tags.has('latex_paper'): +++elif 'latex_paper' in tags: ++ latex_elements['papersiize'] = 'letterpaper' ++ ++ # Grouping the document tree into LaTeX files. List of tuples diff --cc debian/patches/0018-Fixes-7971.patch index 00000000,00000000..c862438f new file mode 100644 --- /dev/null +++ b/debian/patches/0018-Fixes-7971.patch @@@ -1,0 -1,0 +1,153 @@@ ++From: Evan Zelkowitz ++Date: Tue, 22 Jun 2021 14:32:55 -0700 ++Subject: Fixes (#7971) ++Origin: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 ++Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-27577 ++Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32565 ++Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32566 ++Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32567 ++Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-35474 ++Bug-Debian: https://bugs.debian.org/990303 ++ ++* String the url fragment for outgoing requests (#7966) ++ ++Co-authored-by: Susan Hinrichs ++(cherry picked from commit 2b13eb33794574e62249997b4ba654d943a10f2d) ++ ++* Ensure that the content-length value is only digits (#7964) ++ ++Co-authored-by: Susan Hinrichs ++(cherry picked from commit 668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca) ++ ++* Schedule H2 reenable event only if it's necessary ++ ++Co-authored-by: Katsutoshi Ikenoya ++ ++* Fix dynamic-stack-buffer-overflow of cachekey plugin (#7945) ++ ++* Fix dynamic-stack-buffer-overflow of cachekey plugin ++ ++* Check dst_size include null termination ++ ++(cherry picked from commit 5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b) ++ ++Co-authored-by: Bryan Call ++Co-authored-by: Masakazu Kitajo ++Co-authored-by: Katsutoshi Ikenoya ++Co-authored-by: Masaori Koshiba ++--- ++ plugins/cachekey/cachekey.cc | 2 +- ++ proxy/hdrs/HTTP.cc | 11 +++++++++++ ++ proxy/http/HttpTransact.cc | 5 ++++- ++ proxy/http2/Http2ClientSession.cc | 14 +++++++------- ++ proxy/logging/LogUtils.cc | 2 +- ++ 5 files changed, 24 insertions(+), 10 deletions(-) ++ ++diff --git a/plugins/cachekey/cachekey.cc b/plugins/cachekey/cachekey.cc ++index 5f128894bfa8..44925b3db280 100644 ++--- a/plugins/cachekey/cachekey.cc +++++ b/plugins/cachekey/cachekey.cc ++@@ -41,7 +41,7 @@ appendEncoded(String &target, const char *s, size_t len) ++ return; ++ } ++ ++- char tmp[len * 2]; +++ char tmp[len * 3 + 1]; ++ size_t written; ++ ++ /* The default table does not encode the comma, so we need to use our own table here. */ ++diff --git a/proxy/hdrs/HTTP.cc b/proxy/hdrs/HTTP.cc ++index 6a2ecc41d3ad..48032dd9ddf4 100644 ++--- a/proxy/hdrs/HTTP.cc +++++ b/proxy/hdrs/HTTP.cc ++@@ -1202,6 +1202,17 @@ validate_hdr_content_length(HdrHeap *heap, HTTPHdrImpl *hh) ++ int content_length_len = 0; ++ const char *content_length_val = content_length_field->value_get(&content_length_len); ++ +++ // RFC 7230 section 3.3.2 +++ // Content-Length = 1*DIGIT +++ // +++ // If the content-length value contains a non-numeric value, the header is invalid +++ for (int i = 0; i < content_length_len; i++) { +++ if (!isdigit(content_length_val[i])) { +++ Debug("http", "Content-Length value contains non-digit, returning parse error"); +++ return PARSE_RESULT_ERROR; +++ } +++ } +++ ++ while (content_length_field->has_dups()) { ++ int content_length_len_2 = 0; ++ const char *content_length_val_2 = content_length_field->m_next_dup->value_get(&content_length_len_2); ++diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc ++index c3d135b98e88..2de29a8d08d8 100644 ++--- a/proxy/http/HttpTransact.cc +++++ b/proxy/http/HttpTransact.cc ++@@ -7619,9 +7619,12 @@ HttpTransact::build_request(State *s, HTTPHdr *base_request, HTTPHdr *outgoing_r ++ ++ // HttpTransactHeaders::convert_request(outgoing_version, outgoing_request); // commented out this idea ++ +++ URL *url = outgoing_request->url_get(); +++ // Remove fragment from upstream URL +++ url->fragment_set(NULL, 0); +++ ++ // Check whether a Host header field is missing from a 1.0 or 1.1 request. ++ if (outgoing_version != HTTPVersion(0, 9) && !outgoing_request->presence(MIME_PRESENCE_HOST)) { ++- URL *url = outgoing_request->url_get(); ++ int host_len; ++ const char *host = url->host_get(&host_len); ++ ++diff --git a/proxy/http2/Http2ClientSession.cc b/proxy/http2/Http2ClientSession.cc ++index 6d7d3de79923..ee952b8a2753 100644 ++--- a/proxy/http2/Http2ClientSession.cc +++++ b/proxy/http2/Http2ClientSession.cc ++@@ -82,11 +82,6 @@ Http2ClientSession::destroy() ++ void ++ Http2ClientSession::free() ++ { ++- if (this->_reenable_event) { ++- this->_reenable_event->cancel(); ++- this->_reenable_event = nullptr; ++- } ++- ++ if (h2_pushed_urls) { ++ this->h2_pushed_urls = ink_hash_table_destroy(this->h2_pushed_urls); ++ } ++@@ -107,6 +102,11 @@ Http2ClientSession::free() ++ REMEMBER(NO_EVENT, this->recursion) ++ Http2SsnDebug("session free"); ++ +++ if (this->_reenable_event) { +++ this->_reenable_event->cancel(); +++ this->_reenable_event = nullptr; +++ } +++ ++ // Don't free active ProxySession ++ ink_release_assert(is_active() == false); ++ ++@@ -653,8 +653,8 @@ Http2ClientSession::remember(const SourceLocation &location, int event, int reen ++ bool ++ Http2ClientSession::_should_do_something_else() ++ { ++- // Do something else every 128 incoming frames ++- return (this->_n_frame_read & 0x7F) == 0; +++ // Do something else every 128 incoming frames if connection state isn't closed +++ return (this->_n_frame_read & 0x7F) == 0 && !connection_state.is_state_closed(); ++ } ++ ++ int64_t ++diff --git a/proxy/logging/LogUtils.cc b/proxy/logging/LogUtils.cc ++index 94becf250ac2..475bee87cad4 100644 ++--- a/proxy/logging/LogUtils.cc +++++ b/proxy/logging/LogUtils.cc ++@@ -343,7 +343,7 @@ escapify_url_common(Arena *arena, char *url, size_t len_in, int *len_out, char * ++ // ++ size_t out_len = len_in + 2 * count; ++ ++- if (dst && out_len > dst_size) { +++ if (dst && (out_len + 1) > dst_size) { ++ *len_out = 0; ++ return nullptr; ++ } ++-- ++2.32.0 ++ diff --cc debian/patches/0019-CVE_2021_37147.patch index 00000000,00000000..4f7978d3 new file mode 100644 --- /dev/null +++ b/debian/patches/0019-CVE_2021_37147.patch @@@ -1,0 -1,0 +1,49 @@@ ++Description: Fix output '\n' HTTP field line endings ++ This is another attempt to fix what was initially addressed in #8096 but ++ got backed out via #8305. That more extensive patch was considered too ++ invasive and potentially risky. This more targeted patch will fix ++ clients that only send the \n endings but it will force the \r\n line ++ ending on output. ++ This was mostly in place except for header lines that get ++ m_n_v_raw_printable set, which seems to be most header lines. The ++ addition checks to see if the header line ends in \r\n. If it does not ++ the m_n_v_raw_printable flag gets cleared and the logic that explicitly ++ adds the line endings while be invoked on output. ++Author: Brian Neradt ++Origin: upstream ++Applied-Upstream: https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2022-05-21 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++Index: trafficserver/proxy/hdrs/MIME.cc ++=================================================================== ++--- trafficserver.orig/proxy/hdrs/MIME.cc 2022-05-21 19:01:36.000000000 +0200 +++++ trafficserver/proxy/hdrs/MIME.cc 2022-05-21 19:02:12.210230747 +0200 ++@@ -2652,8 +2652,17 @@ ++ ++ // find_value_last ++ field_value_last = line_e - 1; +++ int suffix_count = 0; ++ while ((field_value_last >= field_value_first) && ParseRules::is_wslfcr(*field_value_last)) { ++ --field_value_last; +++ ++suffix_count; +++ } +++ +++ // Make sure the field ends in CRLF. If not, we'll fix the field via the n_v_raw_printable +++ // flag. +++ bool raw_print_field = true; +++ if (suffix_count < 2 || *(line_e - 2) != '\r' || *(line_e - 1) != '\n') { +++ raw_print_field = false; ++ } ++ ++ field_name_length = (int)(field_name_last - field_name_first + 1); ++@@ -2690,7 +2699,7 @@ ++ ++ MIMEField *field = mime_field_create(heap, mh); ++ mime_field_name_value_set(heap, mh, field, field_name_wks_idx, field_name_first, field_name_length, field_value_first, ++- field_value_length, true, total_line_length, false); +++ field_value_length, raw_print_field, total_line_length, false); ++ mime_hdr_field_attach(mh, field, 1, nullptr); ++ } ++ } diff --cc debian/patches/0019-CVE_2021_37148.patch index 00000000,00000000..eea3a3bc new file mode 100644 --- /dev/null +++ b/debian/patches/0019-CVE_2021_37148.patch @@@ -1,0 -1,0 +1,37 @@@ ++Description: Reject Transfer-Encoding in pre-HTTP/1.1 requests ++ Per spec, Transfer-Encoding is only supported in HTTP/1.1. For earlier ++ versions, we must reject Transfer-Encoding rather than interpret it ++ since downstream proxies may ignore the chunk header and rely upon the ++ Content-Length, or interpret the body some other way. These differences ++ in interpretation may open up the door to compatibility issues. To ++ protect against this, we reply with a 4xx if the client uses ++ Transfer-Encoding with HTTP versions that do not support it. ++Author: Brian Neradt ++Origin: upstream ++Applied-Upstream: https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2022-05-21 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++Index: trafficserver/proxy/http/HttpTransact.cc ++=================================================================== ++--- trafficserver.orig/proxy/http/HttpTransact.cc 2022-05-21 18:55:58.801202772 +0200 +++++ trafficserver/proxy/http/HttpTransact.cc 2022-05-21 19:06:47.056189813 +0200 ++@@ -5174,6 +5174,17 @@ ++ return BAD_CONNECT_PORT; ++ } ++ +++ if (s->client_info.transfer_encoding == CHUNKED_ENCODING && incoming_hdr->version_get() < HTTPVersion(1, 1)) { +++ // Per spec, Transfer-Encoding is only supported in HTTP/1.1. For earlier +++ // versions, we must reject Transfer-Encoding rather than interpret it +++ // since downstream proxies may ignore the chunk header and rely upon the +++ // Content-Length, or interpret the body some other way. These +++ // differences in interpretation may open up the door to compatibility +++ // issues. To protect against this, we reply with a 4xx if the client +++ // uses Transfer-Encoding with HTTP versions that do not support it. +++ return UNACCEPTABLE_TE_REQUIRED; +++ } +++ ++ // Require Content-Length/Transfer-Encoding for POST/PUSH/PUT ++ if ((scheme == URL_WKSIDX_HTTP || scheme == URL_WKSIDX_HTTPS) && ++ (method == HTTP_WKSIDX_POST || method == HTTP_WKSIDX_PUSH || method == HTTP_WKSIDX_PUT) && diff --cc debian/patches/0019-CVE_2021_37149.patch index 00000000,00000000..71b8c105 new file mode 100644 --- /dev/null +++ b/debian/patches/0019-CVE_2021_37149.patch @@@ -1,0 -1,0 +1,235 @@@ ++Description: Detect and handle chunk header size truncation ++ This detects if a chunk header size is too large and, if so, closes the ++ connection. ++Author: Brian Neradt ++Origin: upstream ++Applied-Upstream: https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2022-05-21 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++Index: trafficserver/include/tscore/ink_memory.h ++=================================================================== ++--- trafficserver.orig/include/tscore/ink_memory.h 2022-05-21 18:55:58.637203619 +0200 +++++ trafficserver/include/tscore/ink_memory.h 2022-05-21 19:10:10.978804602 +0200 ++@@ -26,6 +26,7 @@ ++ #include ++ #include ++ #include +++#include ++ #include ++ #include ++ ++@@ -204,6 +205,24 @@ ++ memset(static_cast(&t), 0, sizeof(t)); ++ } ++ +++/** Verify that we can safely shift value num_places places left. +++ * +++ * This checks that the shift will not cause the variable to overflow and that +++ * the value will not become negative. +++ * +++ * @param[in] value The value against which to check whether the shift is safe. +++ * +++ * @param[in] num_places The number of places to check that shifting left is safe. +++ * +++ */ +++template +++inline constexpr bool +++can_safely_shift_left(T value, int num_places) +++{ +++ constexpr auto max_value = std::numeric_limits::max(); +++ return value >= 0 && value <= (max_value >> num_places); +++} +++ ++ /** Scoped resources. ++ ++ An instance of this class is used to hold a contingent resource. When this object goes out of scope ++Index: trafficserver/proxy/http/HttpTunnel.cc ++=================================================================== ++--- trafficserver.orig/proxy/http/HttpTunnel.cc 2022-05-21 18:55:58.801202772 +0200 +++++ trafficserver/proxy/http/HttpTunnel.cc 2022-05-21 19:10:10.982804575 +0200 ++@@ -36,6 +36,7 @@ ++ #include "HttpSM.h" ++ #include "HttpDebugNames.h" ++ #include "tscore/ParseRules.h" +++#include "tscore/ink_memory.h" ++ ++ static const int min_block_transfer_bytes = 256; ++ static const char *const CHUNK_HEADER_FMT = "%" PRIx64 "\r\n"; ++@@ -153,8 +154,16 @@ ++ if (state == CHUNK_READ_SIZE) { ++ // The http spec says the chunked size is always in hex ++ if (ParseRules::is_hex(*tmp)) { +++ // Make sure we will not overflow running_sum with our shift. +++ if (!can_safely_shift_left(running_sum, 4)) { +++ // We have no more space in our variable for the shift. +++ state = CHUNK_READ_ERROR; +++ done = true; +++ break; +++ } ++ num_digits++; ++- running_sum *= 16; +++ // Shift over one hex value. +++ running_sum <<= 4; ++ ++ if (ParseRules::is_digit(*tmp)) { ++ running_sum += *tmp - '0'; ++Index: trafficserver/src/tscore/Makefile.am ++=================================================================== ++--- trafficserver.orig/src/tscore/Makefile.am 2022-05-21 18:55:58.853202502 +0200 +++++ trafficserver/src/tscore/Makefile.am 2022-05-21 19:10:10.982804575 +0200 ++@@ -258,6 +258,7 @@ ++ unit_tests/test_BufferWriter.cc \ ++ unit_tests/test_BufferWriterFormat.cc \ ++ unit_tests/test_ink_inet.cc \ +++ unit_tests/test_ink_memory.cc \ ++ unit_tests/test_IntrusivePtr.cc \ ++ unit_tests/test_IpMap.cc \ ++ unit_tests/test_layout.cc \ ++Index: trafficserver/src/tscore/unit_tests/test_ink_memory.cc ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ trafficserver/src/tscore/unit_tests/test_ink_memory.cc 2022-05-21 19:10:10.982804575 +0200 ++@@ -0,0 +1,141 @@ +++/** @file +++ +++ ink_memory unit tests. +++ +++ @section license License +++ +++ Licensed to the Apache Software Foundation (ASF) under one +++ or more contributor license agreements. See the NOTICE file +++ distributed with this work for additional information +++ regarding copyright ownership. The ASF licenses this file +++ to you under the Apache License, Version 2.0 (the +++ "License"); you may not use this file except in compliance +++ with the License. You may obtain a copy of the License at +++ +++ http://www.apache.org/licenses/LICENSE-2.0 +++ +++ Unless required by applicable law or agreed to in writing, software +++ distributed under the License is distributed on an "AS IS" BASIS, +++ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +++ See the License for the specific language governing permissions and +++ limitations under the License. +++*/ +++ +++#include +++#include +++#include "tscore/ink_memory.h" +++ +++constexpr void +++test_can_safely_shift_int8_t() +++{ +++ constexpr int8_t a = 0; +++ static_assert(can_safely_shift_left(a, 0) == true, "shifting 0 is safe"); +++ static_assert(can_safely_shift_left(a, 4) == true, "shifting 0 is safe"); +++ static_assert(can_safely_shift_left(a, 8) == true, "shifting 0 is safe"); +++ +++ constexpr int8_t b = 1; +++ static_assert(can_safely_shift_left(b, 0) == true, "shifting int8_t 1 0 places is safe"); +++ static_assert(can_safely_shift_left(b, 1) == true, "shifting int8_t 1 1 places is safe"); +++ static_assert(can_safely_shift_left(b, 6) == true, "shifting int8_t 1 6 places is safe"); +++ static_assert(can_safely_shift_left(b, 7) == false, "shifting int8_t 1 7 places becomes negative"); +++ static_assert(can_safely_shift_left(b, 8) == false, "shifting int8_t 1 8 places overflows"); +++ +++ constexpr int8_t c = 0xff; +++ static_assert(can_safely_shift_left(c, 0) == false, "int8_t 0xff is already negative"); +++ static_assert(can_safely_shift_left(c, 1) == false, "shifting int8_t 0xff 1 place overflows"); +++} +++ +++constexpr void +++test_can_safely_shift_uint8_t() +++{ +++ constexpr uint8_t a = 0; +++ static_assert(can_safely_shift_left(a, 0) == true, "shifting 0 is safe"); +++ static_assert(can_safely_shift_left(a, 4) == true, "shifting 0 is safe"); +++ static_assert(can_safely_shift_left(a, 8) == true, "shifting 0 is safe"); +++ +++ constexpr uint8_t b = 1; +++ static_assert(can_safely_shift_left(b, 0) == true, "shifting uint8_t 1 0 places is safe"); +++ static_assert(can_safely_shift_left(b, 1) == true, "shifting uint8_t 1 1 places is safe"); +++ static_assert(can_safely_shift_left(b, 6) == true, "shifting uint8_t 1 6 places is safe"); +++ static_assert(can_safely_shift_left(b, 7) == true, "shifting uint8_t 1 7 is safe"); +++ static_assert(can_safely_shift_left(b, 8) == false, "shifting uint8_t 1 8 places overflows"); +++ +++ constexpr uint8_t c = 0xff; +++ static_assert(can_safely_shift_left(c, 0) == true, "shifting int8_t 0xff 0 places is safe"); +++ static_assert(can_safely_shift_left(c, 1) == false, "shifting int8_t 0xff 1 place overflows"); +++} +++ +++constexpr void +++test_can_safely_shift_int32_t() +++{ +++ constexpr int32_t a = 0; +++ static_assert(can_safely_shift_left(a, 4) == true, "shifting 0 is safe"); +++ +++ constexpr int32_t b = 1; +++ static_assert(can_safely_shift_left(b, 4) == true, "shifting 1 is safe"); +++ +++ constexpr int32_t c = 0x00ff'ffff; +++ static_assert(can_safely_shift_left(c, 4) == true, "shifting 0x00ff'ffff is safe"); +++ +++ constexpr int32_t d = 0x07ff'ffff; +++ static_assert(can_safely_shift_left(d, 4) == true, "shifting 0x07ff'ffff is safe"); +++ +++ constexpr int32_t e = -1; +++ static_assert(can_safely_shift_left(e, 4) == false, "shifting -1 will result in truncation"); +++ +++ constexpr int32_t f = 0x0800'0000; +++ static_assert(can_safely_shift_left(f, 4) == false, "shifting 0x0801'0000 will become negative"); +++ +++ constexpr int32_t g = 0x0fff'ffff; +++ static_assert(can_safely_shift_left(g, 4) == false, "shifting 0x0fff'ffff will become negative"); +++ +++ constexpr int32_t h = 0x1000'0000; +++ static_assert(can_safely_shift_left(h, 4) == false, "shifting 0x1000'0000 will overflow"); +++ +++ constexpr int32_t i = 0xf000'0000; +++ static_assert(can_safely_shift_left(i, 4) == false, "shifting 0xf000'0000 will overflow"); +++ +++ constexpr int32_t j = 0xf800'0000; +++ static_assert(can_safely_shift_left(j, 4) == false, "shifting 0xf800'0000 will become negative"); +++} +++ +++constexpr void +++test_can_safely_shift_uint32_t() +++{ +++ constexpr uint32_t a = 0; +++ static_assert(can_safely_shift_left(a, 4) == true, "shifting 0 is safe"); +++ +++ constexpr uint32_t b = 1; +++ static_assert(can_safely_shift_left(b, 4) == true, "shifting 1 is safe"); +++ +++ constexpr uint32_t c = 0x00ff'ffff; +++ static_assert(can_safely_shift_left(c, 4) == true, "shifting 0x00ff'ffff is safe"); +++ +++ constexpr uint32_t d = 0x07ff'ffff; +++ static_assert(can_safely_shift_left(d, 4) == true, "shifting 0x07ff'ffff is safe"); +++ +++ constexpr uint32_t e = 0x0800'0000; +++ static_assert(can_safely_shift_left(e, 4) == true, "shifting unisgned 0x0800'0000 is safe"); +++ +++ constexpr uint32_t f = 0x0fff'ffff; +++ static_assert(can_safely_shift_left(f, 4) == true, "shifting unsigned 0x0fff'ffff is safe"); +++ +++ constexpr uint32_t g = 0x1000'0000; +++ static_assert(can_safely_shift_left(g, 4) == false, "shifting 0x1000'0000 will overflow"); +++ +++ constexpr uint32_t h = 0xf000'0000; +++ static_assert(can_safely_shift_left(h, 4) == false, "shifting 0xf000'0000 will overflow"); +++ +++ constexpr uint32_t i = 0xf800'0000; +++ static_assert(can_safely_shift_left(i, 4) == false, "shifting 0xf800'0000 will become negative"); +++} +++ +++TEST_CASE("can_safely_shift", "[libts][ink_inet][memory]") +++{ +++ // can_safely_shift_left is a constexpr function, therefore all these checks are +++ // done at compile time and REQUIRES calls are not necessary. +++ test_can_safely_shift_int8_t(); +++ test_can_safely_shift_uint8_t(); +++ test_can_safely_shift_int32_t(); +++ test_can_safely_shift_uint32_t(); +++} diff --cc debian/patches/0019-CVE_2021_38161.patch index 00000000,00000000..5dc61785 new file mode 100644 --- /dev/null +++ b/debian/patches/0019-CVE_2021_38161.patch @@@ -1,0 -1,0 +1,30 @@@ ++Description: Add some checking to validate the scheme matches the wire protocol. ++Author: Alan M. Carroll ++Origin: upstream ++Applied-Upstream: https://github.com/apache/trafficserver/commit/feefc5e4abc5011dfad5dcfef3f22998faf6e2d4 ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2022-05-21 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++Index: trafficserver/proxy/http/HttpSM.cc ++=================================================================== ++--- trafficserver.orig/proxy/http/HttpSM.cc 2022-05-21 18:55:58.793202813 +0200 +++++ trafficserver/proxy/http/HttpSM.cc 2022-05-21 19:12:07.438046649 +0200 ++@@ -732,6 +732,17 @@ ++ case PARSE_RESULT_DONE: ++ SMDebug("http", "[%" PRId64 "] done parsing client request header", sm_id); ++ +++ if (!is_internal) { +++ auto scheme = t_state.hdr_info.client_request.url_get()->scheme_get_wksidx(); +++ if ((client_connection_is_ssl && (scheme == URL_WKSIDX_HTTP || scheme == URL_WKSIDX_WS)) || +++ (!client_connection_is_ssl && (scheme == URL_WKSIDX_HTTPS || scheme == URL_WKSIDX_WSS))) { +++ SMDebug("http", "scheme [%s] vs. protocol [%s] mismatch", hdrtoken_index_to_wks(scheme), +++ client_connection_is_ssl ? "tls" : "plaintext"); +++ t_state.http_return_code = HTTP_STATUS_BAD_REQUEST; +++ call_transact_and_set_next_state(HttpTransact::BadRequest); +++ break; +++ } +++ } ++ ua_txn->set_session_active(); ++ ++ if (t_state.hdr_info.client_request.version_get() == HTTPVersion(1, 1) && diff --cc debian/patches/0019-CVE_2021_44040.patch index 00000000,00000000..0f87d1a8 new file mode 100644 --- /dev/null +++ b/debian/patches/0019-CVE_2021_44040.patch @@@ -1,0 -1,0 +1,513 @@@ ++Description: Improper Input Validation vulnerability in request line parsing ++Author: ++Origin: upstream ++Applied-Upstream: 85c319a7f7c0537bee408ea25df6f1a5ed0a4071, c4e6661a5a205b1f60279f0e66aa496023185967, 8c6f2ed84ba0d8e6255baceb99ee891ebe1ce473 ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2022-05-21 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++Index: trafficserver/doc/admin-guide/files/records.config.en.rst ++=================================================================== ++--- trafficserver.orig/doc/admin-guide/files/records.config.en.rst 2022-05-21 19:01:54.422372252 +0200 +++++ trafficserver/doc/admin-guide/files/records.config.en.rst 2022-05-21 19:18:52.251530553 +0200 ++@@ -1134,10 +1134,12 @@ ++ An arbitrary string value that, if set, will be used to replace any request ++ ``User-Agent`` header. ++ ++-.. ts:cv:: CONFIG proxy.config.http.strict_uri_parsing INT 0 +++.. ts:cv:: CONFIG proxy.config.http.strict_uri_parsing INT 2 ++ ++- Enables (``1``) or disables (``0``) Traffic Server to return a 400 Bad Request ++- if client's request URI includes character which is not RFC 3986 compliant +++ Takes a value between 0 and 2. ``0`` disables strict_uri_parsing. Any character can appears +++ in the URI. ``1`` causes |TS| to return 400 Bad Request +++ if client's request URI includes character which is not RFC 3986 compliant. ``2`` directs |TS| +++ to reject the clients request if it contains whitespace or non-printable characters. ++ ++ .. ts:cv:: CONFIG proxy.config.http.errors.log_error_pages INT 1 ++ :reloadable: ++Index: trafficserver/mgmt/RecordsConfig.cc ++=================================================================== ++--- trafficserver.orig/mgmt/RecordsConfig.cc 2022-05-21 18:55:58.701203288 +0200 +++++ trafficserver/mgmt/RecordsConfig.cc 2022-05-21 19:18:52.251530553 +0200 ++@@ -354,7 +354,7 @@ ++ , ++ {RECT_CONFIG, "proxy.config.http.post.check.content_length.enabled", RECD_INT, "1", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} ++ , ++- {RECT_CONFIG, "proxy.config.http.strict_uri_parsing", RECD_INT, "0", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-1]", RECA_NULL} +++ {RECT_CONFIG, "proxy.config.http.strict_uri_parsing", RECD_INT, "2", RECU_DYNAMIC, RR_NULL, RECC_INT, "[0-2]", RECA_NULL} ++ , ++ // # Send http11 requests ++ // # ++Index: trafficserver/proxy/hdrs/HTTP.cc ++=================================================================== ++--- trafficserver.orig/proxy/hdrs/HTTP.cc 2022-05-21 18:55:58.781202874 +0200 +++++ trafficserver/proxy/hdrs/HTTP.cc 2022-05-21 19:18:41.927593091 +0200 ++@@ -885,7 +885,7 @@ ++ ++ ParseResult ++ http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const char **start, const char *end, ++- bool must_copy_strings, bool eof, bool strict_uri_parsing) +++ bool must_copy_strings, bool eof, int strict_uri_parsing) ++ { ++ if (parser->m_parsing_http) { ++ MIMEScanner *scanner = &parser->m_mime_parser.m_scanner; ++Index: trafficserver/proxy/hdrs/HTTP.h ++=================================================================== ++--- trafficserver.orig/proxy/hdrs/HTTP.h 2022-05-21 18:55:58.781202874 +0200 +++++ trafficserver/proxy/hdrs/HTTP.h 2022-05-21 19:18:41.927593091 +0200 ++@@ -445,7 +445,7 @@ ++ void http_parser_init(HTTPParser *parser); ++ void http_parser_clear(HTTPParser *parser); ++ ParseResult http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const char **start, const char *end, ++- bool must_copy_strings, bool eof, bool strict_uri_parsing); +++ bool must_copy_strings, bool eof, int strict_uri_parsing); ++ ParseResult validate_hdr_host(HTTPHdrImpl *hh); ++ ParseResult validate_hdr_content_length(HdrHeap *heap, HTTPHdrImpl *hh); ++ ParseResult http_parser_parse_resp(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const char **start, const char *end, ++@@ -624,10 +624,10 @@ ++ const char *reason_get(int *length); ++ void reason_set(const char *value, int length); ++ ++- ParseResult parse_req(HTTPParser *parser, const char **start, const char *end, bool eof, bool strict_uri_parsing = false); +++ ParseResult parse_req(HTTPParser *parser, const char **start, const char *end, bool eof, int strict_uri_parsing = 0); ++ ParseResult parse_resp(HTTPParser *parser, const char **start, const char *end, bool eof); ++ ++- ParseResult parse_req(HTTPParser *parser, IOBufferReader *r, int *bytes_used, bool eof, bool strict_uri_parsing = false); +++ ParseResult parse_req(HTTPParser *parser, IOBufferReader *r, int *bytes_used, bool eof, int strict_uri_parsing = 0); ++ ParseResult parse_resp(HTTPParser *parser, IOBufferReader *r, int *bytes_used, bool eof); ++ ++ public: ++@@ -1225,7 +1225,7 @@ ++ -------------------------------------------------------------------------*/ ++ ++ inline ParseResult ++-HTTPHdr::parse_req(HTTPParser *parser, const char **start, const char *end, bool eof, bool strict_uri_parsing) +++HTTPHdr::parse_req(HTTPParser *parser, const char **start, const char *end, bool eof, int strict_uri_parsing) ++ { ++ ink_assert(valid()); ++ ink_assert(m_http->m_polarity == HTTP_TYPE_REQUEST); ++Index: trafficserver/proxy/hdrs/HdrTSOnly.cc ++=================================================================== ++--- trafficserver.orig/proxy/hdrs/HdrTSOnly.cc 2022-05-21 18:55:58.781202874 +0200 +++++ trafficserver/proxy/hdrs/HdrTSOnly.cc 2022-05-21 19:18:41.927593091 +0200 ++@@ -45,7 +45,7 @@ ++ -------------------------------------------------------------------------*/ ++ ++ ParseResult ++-HTTPHdr::parse_req(HTTPParser *parser, IOBufferReader *r, int *bytes_used, bool eof, bool strict_uri_parsing) +++HTTPHdr::parse_req(HTTPParser *parser, IOBufferReader *r, int *bytes_used, bool eof, int strict_uri_parsing) ++ { ++ const char *start; ++ const char *tmp; ++Index: trafficserver/proxy/hdrs/URL.cc ++=================================================================== ++--- trafficserver.orig/proxy/hdrs/URL.cc 2022-05-21 18:55:58.789202833 +0200 +++++ trafficserver/proxy/hdrs/URL.cc 2022-05-21 19:18:41.927593091 +0200 ++@@ -1179,10 +1179,34 @@ ++ return true; ++ } ++ +++/** +++ * This method will return TRUE if the uri is mostly compliant with +++ * RFC 3986 and it will return FALSE if not. Specifically denying white +++ * space an unprintable characters +++ */ +++static bool +++url_is_mostly_compliant(const char *start, const char *end) +++{ +++ for (const char *i = start; i < end; ++i) { +++ if (isspace(*i)) { +++ Debug("http", "Whitespace character [0x%.2X] found in URL", (unsigned char)*i); +++ return false; +++ } +++ if (!isprint(*i)) { +++ Debug("http", "Non-printable character [0x%.2X] found in URL", (unsigned char)*i); +++ return false; +++ } +++ } +++ return true; +++} +++ ++ ParseResult ++-url_parse(HdrHeap *heap, URLImpl *url, const char **start, const char *end, bool copy_strings_p, bool strict_uri_parsing) +++url_parse(HdrHeap *heap, URLImpl *url, const char **start, const char *end, bool copy_strings_p, int strict_uri_parsing) ++ { ++- if (strict_uri_parsing && !url_is_strictly_compliant(*start, end)) { +++ if (strict_uri_parsing == 1 && !url_is_strictly_compliant(*start, end)) { +++ return PARSE_RESULT_ERROR; +++ } +++ if (strict_uri_parsing == 2 && !url_is_mostly_compliant(*start, end)) { ++ return PARSE_RESULT_ERROR; ++ } ++ ++Index: trafficserver/proxy/hdrs/URL.h ++=================================================================== ++--- trafficserver.orig/proxy/hdrs/URL.h 2022-05-21 18:55:58.789202833 +0200 +++++ trafficserver/proxy/hdrs/URL.h 2022-05-21 19:18:41.927593091 +0200 ++@@ -198,14 +198,13 @@ ++ void url_fragment_set(HdrHeap *heap, URLImpl *url, const char *value, int length, bool copy_string); ++ ++ ParseResult url_parse(HdrHeap *heap, URLImpl *url, const char **start, const char *end, bool copy_strings, ++- bool strict_uri_parsing = false); +++ int strict_uri_parsing = false); ++ ParseResult url_parse_no_path_component_breakdown(HdrHeap *heap, URLImpl *url, const char **start, const char *end, ++ bool copy_strings); ++ ParseResult url_parse_internet(HdrHeap *heap, URLImpl *url, const char **start, const char *end, bool copy_strings); ++ ParseResult url_parse_http(HdrHeap *heap, URLImpl *url, const char **start, const char *end, bool copy_strings); ++ ParseResult url_parse_http_no_path_component_breakdown(HdrHeap *heap, URLImpl *url, const char **start, const char *end, ++ bool copy_strings); ++- ++ char *url_unescapify(Arena *arena, const char *str, int length); ++ ++ void unescape_str(char *&buf, char *buf_e, const char *&str, const char *str_e, int &state); ++Index: trafficserver/proxy/http/HttpConfig.cc ++=================================================================== ++--- trafficserver.orig/proxy/http/HttpConfig.cc 2022-05-21 18:55:58.789202833 +0200 +++++ trafficserver/proxy/http/HttpConfig.cc 2022-05-21 19:18:41.927593091 +0200 ++@@ -1473,7 +1473,7 @@ ++ params->referer_filter_enabled = INT_TO_BOOL(m_master.referer_filter_enabled); ++ params->referer_format_redirect = INT_TO_BOOL(m_master.referer_format_redirect); ++ ++- params->strict_uri_parsing = INT_TO_BOOL(m_master.strict_uri_parsing); +++ params->strict_uri_parsing = m_master.strict_uri_parsing; ++ ++ params->oride.down_server_timeout = m_master.oride.down_server_timeout; ++ params->oride.client_abort_threshold = m_master.oride.client_abort_threshold; ++Index: trafficserver/proxy/http/HttpConfig.h ++=================================================================== ++--- trafficserver.orig/proxy/http/HttpConfig.h 2022-05-21 18:55:58.789202833 +0200 +++++ trafficserver/proxy/http/HttpConfig.h 2022-05-21 19:18:52.251530553 +0200 ++@@ -847,7 +847,7 @@ ++ MgmtByte referer_filter_enabled = 0; ++ MgmtByte referer_format_redirect = 0; ++ ++- MgmtByte strict_uri_parsing = 0; +++ MgmtByte strict_uri_parsing = 2; ++ ++ MgmtByte reverse_proxy_enabled = 0; ++ MgmtByte url_remap_required = 1; ++Index: trafficserver/tests/gold_tests/headers/gold/bad_good_request.gold ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ trafficserver/tests/gold_tests/headers/gold/bad_good_request.gold 2022-05-21 19:18:41.931593066 +0200 ++@@ -0,0 +1,9 @@ +++``HTTP/1.1 400 Invalid HTTP Request +++``Connection: close +++``Server: ATS/`` +++``Content-Length: 219 +++`` +++Bad Request +++``

Bad Request

+++``Description: Could not process this request. +++`` ++Index: trafficserver/tests/gold_tests/headers/gold/bad_good_request_header.gold ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ trafficserver/tests/gold_tests/headers/gold/bad_good_request_header.gold 2022-05-21 19:18:41.931593066 +0200 ++@@ -0,0 +1,5 @@ +++``HTTP/1.1 400 Invalid HTTP Request +++``Connection: close +++``Server: ATS/`` +++``Content-Length: 219 +++`` ++Index: trafficserver/tests/gold_tests/headers/gold/bad_good_request_http1.gold ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ trafficserver/tests/gold_tests/headers/gold/bad_good_request_http1.gold 2022-05-21 19:18:41.931593066 +0200 ++@@ -0,0 +1,8 @@ +++``HTTP/1.0 400 Invalid HTTP Request +++``Server: ATS/`` +++``Content-Length: 219 +++`` +++Bad Request +++``

Bad Request

+++``Description: Could not process this request. +++`` ++Index: trafficserver/tests/gold_tests/headers/gold/bad_method.gold ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ trafficserver/tests/gold_tests/headers/gold/bad_method.gold 2022-05-21 19:18:41.931593066 +0200 ++@@ -0,0 +1,24 @@ +++HTTP/1.1 501 Unsupported method ('gET') +++Content-Type: text/html;charset=utf-8 +++Content-Length: 496 +++Date: `` +++Age: 0 +++Connection: keep-alive +++Server: ATS/`` +++ +++ +++ +++ +++ +++ Error response +++ +++ +++

Error response

+++

Error code: 501

+++

Message: Unsupported method ('gET').

+++

Error code explanation: HTTPStatus.NOT_IMPLEMENTED - Server does not support this operation.

+++ +++ +++HTTP/1.1 200 OK +++`` ++Index: trafficserver/tests/gold_tests/headers/gold/bad_protocol_number.gold ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ trafficserver/tests/gold_tests/headers/gold/bad_protocol_number.gold 2022-05-21 19:18:41.931593066 +0200 ++@@ -0,0 +1,22 @@ +++HTTP/1.1 505 Unsupported HTTP Version +++Date: `` +++Server: ATS/`` +++Cache-Control: no-store +++Content-Type: text/html +++Content-Language: en +++Content-Length: 219 +++ +++ +++ +++Bad Request +++ +++ +++ +++

Bad Request

+++
+++ +++ +++Description: Could not process this request. +++ +++
+++ ++Index: trafficserver/tests/gold_tests/headers/gold/bad_te_value.gold ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ trafficserver/tests/gold_tests/headers/gold/bad_te_value.gold 2022-05-21 19:18:41.931593066 +0200 ++@@ -0,0 +1,25 @@ +++HTTP/1.1 501 Field not implemented +++Date: `` +++Connection: keep-alive +++Server: ATS/`` +++Cache-Control: no-store +++Content-Type: text/html +++Content-Language: en +++Content-Length: 289 +++ +++ +++ +++Transcoding Not Available +++ +++ +++ +++

Transcoding Not Available

+++
+++ +++ +++ +++ Description: Unable to provide the document in the +++format requested by your browser. +++ +++
+++ ++Index: trafficserver/tests/gold_tests/headers/good_request_after_bad.test.py ++=================================================================== ++--- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++++ trafficserver/tests/gold_tests/headers/good_request_after_bad.test.py 2022-05-21 19:18:41.931593066 +0200 ++@@ -0,0 +1,196 @@ +++''' +++Verify that request following a ill-formed request is not processed +++''' +++# Licensed to the Apache Software Foundation (ASF) under one +++# or more contributor license agreements. See the NOTICE file +++# distributed with this work for additional information +++# regarding copyright ownership. The ASF licenses this file +++# to you under the Apache License, Version 2.0 (the +++# "License"); you may not use this file except in compliance +++# with the License. You may obtain a copy of the License at +++# +++# http://www.apache.org/licenses/LICENSE-2.0 +++# +++# Unless required by applicable law or agreed to in writing, software +++# distributed under the License is distributed on an "AS IS" BASIS, +++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +++# See the License for the specific language governing permissions and +++# limitations under the License. +++ +++import os +++ +++Test.Summary = ''' +++Verify that request following a ill-formed request is not processed +++''' +++Test.ContinueOnFail = True +++ts = Test.MakeATSProcess("ts") +++Test.ContinueOnFail = True +++ts.Disk.records_config.update({'proxy.config.diags.debug.tags': 'http', +++ 'proxy.config.diags.debug.enabled': 0, +++ 'proxy.config.http.strict_uri_parsing': 1 +++ }) +++ +++ts2 = Test.MakeATSProcess("ts2") +++ +++ts2.Disk.records_config.update({'proxy.config.diags.debug.tags': 'http', +++ 'proxy.config.diags.debug.enabled': 0, +++ 'proxy.config.http.strict_uri_parsing': 2 +++ }) +++ +++ +++server = Test.MakeOriginServer("server") +++request_header = {"headers": "GET / HTTP/1.1\r\nHost: www.example.com\r\n\r\n", "timestamp": "1469733493.993", "body": ""} +++response_header = { +++ "headers": "HTTP/1.1 200 OK\r\nConnection: close\r\nLast-Modified: Tue, 08 May 2018 15:49:41 GMT\r\nCache-Control: max-age=1000\r\n\r\n", +++ "timestamp": "1469733493.993", +++ "body": "xxx"} +++server.addResponse("sessionlog.json", request_header, response_header) +++ +++ts.Disk.remap_config.AddLine( +++ 'map / http://127.0.0.1:{0}'.format(server.Variables.Port) +++) +++ts.Disk.remap_config.AddLine( +++ 'map /bob<> http://127.0.0.1:{0}'.format(server.Variables.Port) +++) +++ts2.Disk.remap_config.AddLine( +++ 'map / http://127.0.0.1:{0}'.format(server.Variables.Port) +++) +++ts2.Disk.remap_config.AddLine( +++ 'map /bob<> http://127.0.0.1:{0}'.format(server.Variables.Port) +++) +++ +++trace_out = Test.Disk.File("trace_curl.txt") +++ +++# Make a good request to get item in the cache for later tests +++tr = Test.AddTestRun("Good control") +++tr.Processes.Default.StartBefore(server) +++tr.Processes.Default.StartBefore(Test.Processes.ts) +++tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nHost: bob\r\n\r\n" | nc 127.0.0.1 {}'.format(ts.Variables.port) +++tr.Processes.Default.ReturnCode = 0 +++ +++tr = Test.AddTestRun("Good control") +++tr.Processes.Default.StartBefore(server) +++tr.Processes.Default.StartBefore(Test.Processes.ts2) +++tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nHost: bob\r\n\r\n" | nc 127.0.0.1 {}'.format(ts2.Variables.port) +++tr.Processes.Default.ReturnCode = 0 +++ +++tr = Test.AddTestRun("space after header name") +++tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nHost : bob\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++ ts.Variables.port) +++tr.Processes.Default.ReturnCode = 0 +++tr.Processes.Default.Streams.stdout = 'gold/bad_good_request.gold' +++ +++# Commenting out a bunch of tests on master whose fixes are not in 8.1.x. +++#tr = Test.AddTestRun("Bad protocol number") +++#tr.Processes.Default.Command = 'printf "GET / HTTP/11.1\r\nhost: bob\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.stdout = 'gold/bad_protocol_number.gold' +++# +++#tr = Test.AddTestRun("Unsupported Transfer Encoding value") +++#tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nhost: bob\r\ntransfer-encoding: random\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.stdout = 'gold/bad_te_value.gold' +++# +++#tr = Test.AddTestRun("Another unsupported Transfer Encoding value") +++#tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nhost: bob\r\ntransfer-encoding: \x08chunked\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.stdout = 'gold/bad_te_value.gold' +++# +++#tr = Test.AddTestRun("Extra characters in content-length") +++#tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nhost: bob\r\ncontent-length:+3\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.stdout = 'gold/bad_good_request_header.gold' +++# +++#tr = Test.AddTestRun("Different extra characters in content-length") +++#tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nhost: bob\r\ncontent-length:\x0c3\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.stdout = 'gold/bad_good_request_header.gold' +++# +++# +++## TRACE request with a body +++#tr = Test.AddTestRun("Trace request with a body") +++#tr.Processes.Default.Command = 'printf "TRACE /foo HTTP/1.1\r\nHost: bob\r\nContent-length:2\r\n\r\nokGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.stdout = 'gold/bad_good_request.gold' +++# +++#tr = Test.AddTestRun("Trace request with a chunked body") +++#tr.Processes.Default.Command = 'printf "TRACE /foo HTTP/1.1\r\nHost: bob\r\ntransfer-encoding: chunked\r\n\r\n2\r\nokGGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.stdout = 'gold/bad_good_request.gold' +++# +++#tr = Test.AddTestRun("Trace request with a chunked body via curl") +++#tr.Processes.Default.Command = 'curl -v --http1.1 --header "Transfer-Encoding: chunked" -d aaa -X TRACE -o trace_curl.txt -k http://127.0.0.1:{}/foo'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.All = 'gold/bad_good_request_header.gold' +++#trace_out.Content = Testers.ContainsExpression("Bad Request", "ATS error msg") +++#trace_out.Content += Testers.ContainsExpression("Description: Could not process this request.", "ATS error msg") +++# +++#tr = Test.AddTestRun("Trace request via curl") +++#tr.Processes.Default.Command = 'curl -v --http1.1 -X TRACE -k http://127.0.0.1:{}/bar'.format(ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.All = Testers.ContainsExpression( +++# r"HTTP/1.1 501 Unsupported method \('TRACE'\)", +++# "microserver does not support TRACE") +++# +++## Methods are case sensitive. Verify that "gET" is not confused with "GET". +++#tr = Test.AddTestRun("mixed case method") +++#tr.Processes.Default.Command = 'printf "gET / HTTP/1.1\r\nHost:bob\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.stdout = 'gold/bad_method.gold' +++# +++## mangled termination +++#tr = Test.AddTestRun("mangled line termination") +++#tr.Processes.Default.Command = 'printf "GET / HTTP/1.1\r\nHost:bob\r\n \r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++# ts.Variables.port) +++#tr.Processes.Default.ReturnCode = 0 +++#tr.Processes.Default.Streams.stdout = 'gold/bad_good_request.gold' +++ +++tr = Test.AddTestRun("Catch bad URL characters") +++tr.Processes.Default.Command = 'printf "GET /bob<> HTTP/1.1\r\nhost: bob\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++ ts.Variables.port) +++tr.Processes.Default.ReturnCode = 0 +++# Since the request line is messsed up ATS will reply with HTTP/1.0 +++tr.Processes.Default.Streams.stdout = 'gold/bad_good_request_http1.gold' +++ +++tr = Test.AddTestRun("Catch whitespace in URL") +++tr.Processes.Default.Command = 'printf "GET /bob foo HTTP/1.1\r\nhost: bob\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++ ts.Variables.port) +++tr.Processes.Default.ReturnCode = 0 +++# Since the request line is messsed up ATS will reply with HTTP/1.0 +++tr.Processes.Default.Streams.stdout = 'gold/bad_good_request_http1.gold' +++ +++tr = Test.AddTestRun("Extra characters in protocol") +++tr.Processes.Default.Command = 'printf "GET / HTP/1.1\r\nhost: bob\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++ ts.Variables.port) +++tr.Processes.Default.ReturnCode = 0 +++# Since the request line is messsed up ATS will reply with HTTP/1.0 +++tr.Processes.Default.Streams.stdout = 'gold/bad_good_request_http1.gold' +++ +++tr = Test.AddTestRun("Characters that are strict but not case 2 bad") +++tr.Processes.Default.Command = 'printf "GET /bob<> HTTP/1.1\r\nhost: bob\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++ ts2.Variables.port) +++tr.Processes.Default.ReturnCode = 0 +++tr.Processes.Default.Streams.All = Testers.ContainsExpression("HTTP/1.1 200 OK", "Success") +++ +++tr = Test.AddTestRun("Catch whitespace in URL") +++tr.Processes.Default.Command = 'printf "GET /bob foo HTTP/1.1\r\nhost: bob\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++ ts2.Variables.port) +++tr.Processes.Default.ReturnCode = 0 +++# Since the request line is messsed up ATS will reply with HTTP/1.0 +++tr.Processes.Default.Streams.stdout = 'gold/bad_good_request_http1.gold' +++ +++tr = Test.AddTestRun("Extra characters in protocol") +++tr.Processes.Default.Command = 'printf "GET / HTP/1.1\r\nhost: bob\r\n\r\nGET / HTTP/1.1\r\nHost: boa\r\n\r\n" | nc 127.0.0.1 {}'.format( +++ ts2.Variables.port) +++tr.Processes.Default.ReturnCode = 0 +++# Since the request line is messsed up ATS will reply with HTTP/1.0 +++tr.Processes.Default.Streams.stdout = 'gold/bad_good_request_http1.gold' diff --cc debian/patches/0019-CVE_2021_44759.patch index 00000000,00000000..d0e2328b new file mode 100644 --- /dev/null +++ b/debian/patches/0019-CVE_2021_44759.patch @@@ -1,0 -1,0 +1,79 @@@ ++Description: Bug fix in origin connection handling ++Origin: upstream ++Applied-Upstream: https://github.com/apache/trafficserver/commit/d3f36f79820ea10c26573c742b1bbc370c351716 ++Reviewed-by: Jean Baptiste Favre ++Last-Update: 2022-05-21 ++--- ++This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ++Index: trafficserver/iocore/net/SSLNetVConnection.cc ++=================================================================== ++--- trafficserver.orig/iocore/net/SSLNetVConnection.cc 2022-05-21 18:55:58.677203412 +0200 +++++ trafficserver/iocore/net/SSLNetVConnection.cc 2022-05-21 19:22:11.594334167 +0200 ++@@ -1041,8 +1041,7 @@ ++ // Making the check here instead of later, so we only ++ // do this setting immediately after we create the SSL object ++ SNIConfig::scoped_config sniParam; ++- int8_t clientVerify = 0; ++- cchar *serverKey = this->options.sni_servername; +++ cchar *serverKey = this->options.sni_servername; ++ if (!serverKey) { ++ ats_ip_ntop(this->get_remote_addr(), buff, INET6_ADDRSTRLEN); ++ serverKey = buff; ++@@ -1051,25 +1050,30 @@ ++ SSL_CTX *clientCTX = nullptr; ++ ++ if (nps) { ++- clientCTX = nps->ctx; ++- clientVerify = nps->verifyLevel; +++ clientCTX = nps->ctx; ++ } else { ++ clientCTX = params->client_ctx; ++- // Keeping backwards compatability on the proxy.config.ssl.client.verify.server setting ++- clientVerify = params->clientVerify ? (params->clientVerify == 1 ? 2 : 1) : 0; ++ } +++ ++ if (!clientCTX) { ++ SSLErrorVC(this, "failed to create SSL client session"); ++ return EVENT_ERROR; ++ } ++ +++ if (nps && nps->verifyLevel != static_cast(YamlSNIConfig::Level::UNSET)) { +++ this->options.clientVerificationFlag = nps->verifyLevel; +++ } else { +++ // Keeping backwards compatibility on the proxy.config.ssl.client.verify.server setting +++ this->options.clientVerificationFlag = params->clientVerify ? (params->clientVerify == 1 ? 2 : 1) : 0; +++ } +++ ++ this->ssl = make_ssl_connection(clientCTX, this); ++ if (this->ssl == nullptr) { ++ SSLErrorVC(this, "failed to create SSL client session"); ++ return EVENT_ERROR; ++ } ++ int verify_op; ++- if (clientVerify) { +++ if (this->options.clientVerificationFlag) { ++ verify_op = SSL_VERIFY_PEER; ++ SSL_set_verify(this->ssl, verify_op, verify_callback); ++ } else { ++Index: trafficserver/iocore/net/YamlSNIConfig.h ++=================================================================== ++--- trafficserver.orig/iocore/net/YamlSNIConfig.h 2022-05-21 18:55:58.681203391 +0200 +++++ trafficserver/iocore/net/YamlSNIConfig.h 2022-05-21 19:22:11.594334167 +0200 ++@@ -45,7 +45,7 @@ ++ client_cert ++ ++ }; ++- enum class Level { NONE = 0, MODERATE, STRICT }; +++ enum class Level { NONE = 0, MODERATE, STRICT, UNSET }; ++ enum class TLSProtocol : uint8_t { TLSv1 = 0, TLSv1_1, TLSv1_2, TLSv1_3, TLS_MAX = TLSv1_3 }; ++ ++ YamlSNIConfig() {} ++@@ -55,7 +55,7 @@ ++ bool disable_h2 = false; ++ uint8_t verify_client_level = 0; ++ std::string tunnel_destination; ++- uint8_t verify_origin_server = 0; +++ uint8_t verify_origin_server = static_cast(Level::UNSET); ++ std::string client_cert; ++ std::string ip_allow; ++ bool protocol_unset = true; diff --cc debian/patches/series index 00000000,00000000..5d4ca8c4 new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@ -1,0 -1,0 +1,19 @@@ ++0001-Use-mcx16-on-x86-platforms-only.patch ++0003-reproductible-build.patch ++0006-fix-doc-build.patch ++0008-fix-python-check-unused-dependencies.patch ++0009-fix-mysql-8-build.patch ++0011-fix-segfault.patch ++0012-fix-spelling-checks.patch ++0013-fix-perl-interpreter-path.patch ++0014-use_system_yaml-cpp.patch ++0015-as-needed-fix.patch ++0016-fix_python_3.8.patch ++0017-fix_sphinx_3.0.patch ++0018-Fixes-7971.patch ++0019-CVE_2021_37147.patch ++0019-CVE_2021_37148.patch ++0019-CVE_2021_37149.patch ++0019-CVE_2021_38161.patch ++0019-CVE_2021_44040.patch ++0019-CVE_2021_44759.patch diff --cc debian/rules index 00000000,00000000..1e772682 new file mode 100755 --- /dev/null +++ b/debian/rules @@@ -1,0 -1,0 +1,80 @@@ ++#!/usr/bin/make -f ++# -*- makefile -*- ++ ++# Uncomment this to turn on verbose mode. ++#export DH_VERBOSE=1 ++ ++export DEB_BUILD_MAINT_OPTIONS = hardening=+all ++export DEB_CFLAGS_MAINT_APPEND = -O3 ++export DEB_CXXFLAGS_MAINT_APPEND = -O3 ++# mips & mipsel need explicit libatomic link ++ifeq ($(DEB_HOST_ARCH),$(filter $(DEB_HOST_ARCH),mips mipsel)) ++ export DEB_LDFLAGS_MAINT_APPEND += -latomic ++endif ++ ++# Get build architecture. ./configure is different on Linux ++include /usr/share/dpkg/architecture.mk ++# Get rid f dpkg-parsechangelog ++include /usr/share/dpkg/pkg-info.mk ++ ++configure_flags = \ ++ --enable-layout=Debian \ ++ --sysconfdir=/etc/trafficserver --libdir=/usr/lib/trafficserver \ ++ --libexecdir=/usr/lib/trafficserver/modules \ ++ --with-user=root --with-group=root --disable-silent-rules \ ++ --enable-experimental-plugins --enable-32bit-build \ ++ --enable-mime-sanity-check --enable-docs \ ++ --with-build-version=$(DEB_VERSION) \ ++ --with-yaml-cpp=/usr \ ++ $(shell dpkg-buildflags --export=configure) ++ ++ifeq ($(DEB_HOST_ARCH_OS),linux) ++ configure_flags += --enable-wccp ++endif ++ ++%: ++ dh $@ ++ ++override_dh_auto_configure: ++ dh_auto_configure -- $(configure_flags) ++ ++override_dh_auto_install: ++ dh_auto_install -- INSTALLDIRS=vendor ++ rm -f debian/tmp/usr/bin/trafficserver # We install our own ++ # Satisfy §10.2 (http://wiki.debian.org/ReleaseGoals/LAFileRemoval) ++ rm -f debian/tmp/usr/lib/trafficserver/lib*.la ++ rm -f debian/tmp/usr/lib/trafficserver/modules/*.la ++ rm -f debian/tmp/usr/lib/trafficserver/lib*.a ++ifneq ($(DEB_HOST_ARCH_OS),linux) ++ # Remove Linux-specific plugin ++ sed -i '/\/healthchecks\.so$$/d' \ ++ debian/trafficserver.install ++endif ++ ++override_dh_install: ++ dh_install ++ dh_missing --list-missing ++ ./debian/change_config.pl debian/trafficserver/etc/trafficserver/records.config ++ # Lintian fixes ++ mkdir -p debian/trafficserver/usr/share/doc/trafficserver ++ cat CHANGELOG-* >> debian/trafficserver/usr/share/doc/trafficserver/changelog ++ #rm debian/trafficserver-dev/usr/share/doc/trafficserver-dev/examples/ssl-preaccept/ssl_preaccept.config ++ #(cd debian/trafficserver-dev/usr/share/doc/trafficserver-dev/examples/ssl-preaccept/; \ ++ #ln -s ssl_preaccept.config ssl_sni.config) ++ ++override_dh_fixperms: ++ dh_fixperms -Xvar/lib/trafficserver \ ++ -Xvar/log/trafficserver \ ++ -Xvar/cache/trafficserver \ ++ -Xvar/run/trafficserver ++ # Fix lintian warning ++ chmod -x debian/trafficserver-dev/usr/share/doc/trafficserver-dev/examples/remap_header_add/build.txt ++ ++override_dh_installexamples: ++ dh_installexamples -XMakefile -X.libs -X.dirstamp -X.deps -X.la -X.lo ++ ++override_dh_makeshlibs: ++ dh_makeshlibs -Xdebian/tmp/usr/lib/trafficserver ++ ++override_dh_auto_test: ++ -dh_auto_test diff --cc debian/salsa-ci.yml index 00000000,00000000..5a21243c new file mode 100644 --- /dev/null +++ b/debian/salsa-ci.yml @@@ -1,0 -1,0 +1,10 @@@ ++--- ++include: ++ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml ++ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml ++ ++variables: ++ SALSA_CI_DISABLE_APTLY: 1 ++ ++reprotest: ++ allow_failure: true diff --cc debian/source/format index 00000000,00000000..163aaf8d new file mode 100644 --- /dev/null +++ b/debian/source/format @@@ -1,0 -1,0 +1,1 @@@ ++3.0 (quilt) diff --cc debian/source/options index 00000000,00000000..9693b2ab new file mode 100644 --- /dev/null +++ b/debian/source/options @@@ -1,0 -1,0 +1,1 @@@ ++--extend-diff-ignore='examples/|diags.log|lib/perl/' diff --cc debian/trafficserver-dev.examples index 00000000,00000000..0bbe99ef new file mode 100644 --- /dev/null +++ b/debian/trafficserver-dev.examples @@@ -1,0 -1,0 +1,1 @@@ ++example/* diff --cc debian/trafficserver-dev.install index 00000000,00000000..973eea9a new file mode 100644 --- /dev/null +++ b/debian/trafficserver-dev.install @@@ -1,0 -1,0 +1,4 @@@ ++debian/tmp/usr/include/* ++debian/tmp/usr/bin/tsxs ++debian/tmp/usr/lib/trafficserver/lib*.so ++debian/tmp/usr/lib/trafficserver/pkgconfig/trafficserver.pc diff --cc debian/trafficserver-dev.manpages index 00000000,00000000..c1687793 new file mode 100644 --- /dev/null +++ b/debian/trafficserver-dev.manpages @@@ -1,0 -1,0 +1,2 @@@ ++debian/tmp/usr/share/man/man1/tsxs.1 ++debian/tmp/usr/share/man/man3/* diff --cc debian/trafficserver-experimental-plugins.install index 00000000,00000000..dfb2d111 new file mode 100644 --- /dev/null +++ b/debian/trafficserver-experimental-plugins.install @@@ -1,0 -1,0 +1,37 @@@ ++usr/lib/trafficserver/modules/access_control.so ++usr/lib/trafficserver/modules/acme.so ++usr/lib/trafficserver/modules/balancer.so ++usr/lib/trafficserver/modules/buffer_upload.so ++usr/lib/trafficserver/modules/cache_key_genid.so ++usr/lib/trafficserver/modules/cache_range_requests.so ++usr/lib/trafficserver/modules/certifier.so ++usr/lib/trafficserver/modules/collapsed_forwarding.so ++usr/lib/trafficserver/modules/custom_redirect.so ++usr/lib/trafficserver/modules/fq_pacing.so ++usr/lib/trafficserver/modules/geoip_acl.so ++usr/lib/trafficserver/modules/header_freq.so ++usr/lib/trafficserver/modules/header_normalize.so ++usr/lib/trafficserver/modules/hipes.so ++usr/lib/trafficserver/modules/hook-trace.so ++usr/lib/trafficserver/modules/inliner.so ++usr/lib/trafficserver/modules/tsmemcache.so ++usr/lib/trafficserver/modules/memcached_remap.so ++usr/lib/trafficserver/modules/metalink.so ++usr/lib/trafficserver/modules/money_trace.so ++usr/lib/trafficserver/modules/mp4.so ++usr/lib/trafficserver/modules/multiplexer.so ++usr/lib/trafficserver/modules/mysql_remap.so ++usr/lib/trafficserver/modules/prefetch.so ++usr/lib/trafficserver/modules/remap_purge.so ++usr/lib/trafficserver/modules/remap_stats.so ++usr/lib/trafficserver/modules/server_push_preload.so ++usr/lib/trafficserver/modules/slice.so ++usr/lib/trafficserver/modules/ssl_cert_loader.so ++usr/lib/trafficserver/modules/sslheaders.so ++usr/lib/trafficserver/modules/stale_while_revalidate.so ++usr/lib/trafficserver/modules/stream_editor.so ++usr/lib/trafficserver/modules/system_stats.so ++usr/lib/trafficserver/modules/tls_bridge.so ++usr/lib/trafficserver/modules/traffic_dump.so ++usr/lib/trafficserver/modules/uri_signing.so ++usr/lib/trafficserver/modules/url_sig.so diff --cc debian/trafficserver.default index 00000000,00000000..ca86af35 new file mode 100644 --- /dev/null +++ b/debian/trafficserver.default @@@ -1,0 -1,0 +1,41 @@@ ++## Defaults for trafficserver initscript ++## sourced by /etc/init.d/trafficserver ++## installed at /etc/default/trafficserver by the maintainer scripts ++ ++## ++## This is a POSIX shell fragment ++## ++ ++## Variable: RUNDIR ++## Default: /var/run/trafficserver ++## Description: Set this to the directory where runtime data is stored. The ++## default value should work fine for almost all users. ++# RUNDIR=/var/run/trafficserver ++ ++ ++## Configuration for `traffic_manager'. ++## Meaning of variables is analogous to traffic_cop above, but for the ++## `traffic_manager' binary. ++ ++TM_START=yes ++# TM_DAEMON_ARGS="" ++# TM_PIDFILE=$RUNDIR/manager.lock ++ ++## ++## NOTICE: ++## Typically you do not want to configure anything below. Note, generally Traffic ++## Server is started through `traffic_cop' which is a watchdog to control any local ++## Traffic Server instances. It starts both, traffic_manager and traffic_server, as ++## does it monitor these processes. While it is generally not advised, you can ++## choose to manage both processes yourself. In such cases do not set TC_START to ++## "yes" and enable any service you want below. ++## ++## Choose either alternative, but do not mix up both. ++ ++## Configuration for `traffic_server'. ++## Meaning of variables is analogous to traffic_cop above, but for the ++## `traffic_server' binary. ++ ++# TS_START=no ++# TS_DAEMON_ARGS="" ++# TS_PIDFILE=$RUNDIR/server.lock diff --cc debian/trafficserver.dirs index 00000000,00000000..91e6eaf4 new file mode 100644 --- /dev/null +++ b/debian/trafficserver.dirs @@@ -1,0 -1,0 +1,2 @@@ ++/var/cache/trafficserver ++/var/log/trafficserver diff --cc debian/trafficserver.example index 00000000,00000000..b9d32e1e new file mode 100644 --- /dev/null +++ b/debian/trafficserver.example @@@ -1,0 -1,0 +1,2 @@@ ++plugins/experimental/cacheurl/*.example ++plugins/experimental/mysql_remap/sample.ini diff --cc debian/trafficserver.init index 00000000,00000000..cc1179b0 new file mode 100644 --- /dev/null +++ b/debian/trafficserver.init @@@ -1,0 -1,0 +1,257 @@@ ++#! /bin/sh ++ ++### BEGIN INIT INFO ++# Provides: trafficserver ++# Required-Start: $remote_fs $syslog ++# Required-Stop: $remote_fs $syslog ++# Default-Start: 2 3 4 5 ++# Default-Stop: 0 1 6 ++# Short-Description: init script for the Apache Traffic Server ++# Description: Apache Traffic Server is fast, scalable and extensible ++# HTTP/1.1 compliant caching proxy server. ++### END INIT INFO ++ ++# Author: Arno Töll ++# ++# This init script is derived from the source package's version shipped ++# along the source tarball as rc/trafficserver. Therefore it is a derivative ++# work and licensed as follows: ++# ++# ++# Licensed to the Apache Software Foundation (ASF) under one or more ++# contributor license agreements. See the NOTICE file distributed with ++# this work for additional information regarding copyright ownership. ++# The ASF licenses this file to You under the Apache License, Version 2.0 ++# (the "License"); you may not use this file except in compliance with ++# the License. You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, software ++# distributed under the License is distributed on an "AS IS" BASIS, ++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++# See the License for the specific language governing permissions and ++# limitations under the License. ++ ++PATH=/sbin:/usr/sbin:/bin:/usr/bin ++DESC="Apache Traffic Server" ++NAME=trafficserver ++SCRIPTNAME=/etc/init.d/$NAME ++ ++ ++# Please do not touch TS_ROOT and TS_BASE. Traffic Server uses them ++# They are used to determine location of ATS components on the file ++# system. ++# According to DPM § 9.9 a program must not depend on the existance of ++# environment variables to work properly. Please report any errors if ++# you experience such a problem, for me it seems to work just fine with- ++# out ++ESED=/usr/bin/sed ++test -x $ESED || ESED=sed ++TS_PREFIX="/usr" ++TS_ROOT=${TS_ROOT:-$TS_PREFIX} ++ ++# TS_BASE is offset inside the file system from where the layout starts ++# For standard installations TS_BASE will be empty ++eval TS_BASE="`echo $TS_ROOT | ${ESED} -e 's;/usr$;;'`" ++ ++# Set some safe defaults. So not change values here, override them in ++# in /etc/default/trafficserver instead. ++# See there for a documentation as well ++ ++RUNDIR=${RUNDIR:-$TS_BASE/var/run/trafficserver} ++ ++TM_START=${TM_START:-no} ++TM_NAME=${TM_NAME:-traffic_manager} ++TM_DAEMON=${TM_DAEMON:-$TS_BASE/usr/bin/traffic_manager} ++TM_DAEMON_ARGS="" ++TM_PIDFILE=${TM_PIDFILE:-$RUNDIR/manager.lock} ++ ++TS_START=${TS_START:-no} ++TS_NAME=${TS_NAME:-traffic_server} ++TS_DAEMON=${TS_DAEMON:-$TS_BASE/usr/bin/traffic_server} ++TS_DAEMON_ARGS="" ++TS_PIDFILE=${TS_PIDFILE:-$RUNDIR/server.lock} ++ ++# Exit if the package is not installed ++[ -x "$TM_DAEMON" ] || exit 0 ++ ++ ++# Read configuration variable file if it is present ++[ -r /etc/default/$NAME ] && . /etc/default/$NAME ++ ++# Load the VERBOSE setting and other rcS variables ++. /lib/init/vars.sh ++ ++# Define LSB log_* functions. ++. /lib/lsb/init-functions ++ ++# Check permissions of /etc/trafficserver. ++# Traffic Server needs write permissions, so warn the user if we suppose it ++# wouldn't. ++# The sysadmin is welcome to change the user ID that ATS uses. However to do that ++# in a clean and supported way, the administrator should overwrite the `stat override' ++# Debian installs by default in Trafficserver's postinst maintainer script. ++# Print a warning only. ++# Since this can't be safely determined by this script print a warning only, but ++# don't fail. ++CONF_DIR='/etc/trafficserver' ++USER=$(dpkg-statoverride --list "$CONF_DIR" | awk '{print $1}') ++OWNER=$(env stat -c '%U' "$CONF_DIR") ++if [ -d "$CONF_DIR" ] && [ ! "x$OWNER" = "x$USER" ] ; then ++ log_warning_msg "Configuration directory '$CONF_DIR' is not owned by user '$USER'. " \ ++ "However Traffic Server needs write permissions to it." ++fi ++ ++ ++# Make sure $RUNDIR exists as the underlying file system ++# may be volatile (see § 9.3.2 from DPM) ++install -d -o trafficserver -g trafficserver -m 0755 "$RUNDIR" ++ ++ ++# A helper function, its purpose is to start a daemon. ++# Arguments are interpreted in order as follows: ++# 1) The executable path ++# 2) A string containing optional daemon arguments ++# 3) A (valid) path containing the PID file for the daemon ++# Returns: ++# 0 if daemon has been started ++# 1 if daemon was already running ++# 2 if daemon could not be started ++start_cmd() ++{ ++ # Args ++ DAEMON=$1 ++ DAEMON_ARGS=$2 ++ PID=$3 ++ ++ #echo "\n\n" ++ #echo "d:" $DAEMON ++ #echo "da:" $DAEMON_ARGS ++ #echo "pid:" $PID ++ ++ start-stop-daemon --start --quiet --pidfile $PID --exec $DAEMON --test > /dev/null \ ++ || return 1 ++ start-stop-daemon --start --quiet --background --pidfile $PID --exec $DAEMON -- \ ++ $DAEMON_ARGS \ ++ || return 2 ++ ++ return 0 ++} ++ ++ ++# A helper function, its purpose is to stop a daemon. ++# Arguments are interpreted in order as follows: ++# 1) The daemon name (i.e. the binary name) ++# 2) The executable path ++# 3) A (valid) path containing the PID file for the daemon ++# Returns: ++# 0 if daemon has been stopped ++# 1 if daemon was already stopped ++# 2 if daemon could not be stopped ++# Another value if a failure occurred ++stop_cmd() ++{ ++ NAME=$1 ++ DAEMON=$2 ++ PID=$3 ++ ++ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PID --name $NAME ++ RETVAL="$?" ++ [ "$RETVAL" = 2 ] && return 2 ++ ++ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON ++ [ "$?" = 2 ] && return 2 ++ ++ # Many daemons don't delete their pidfiles when they exit. ++ rm -f $PID ++ return "$RETVAL" ++} ++ ++# The start function ++# This function does everything required to bring up the service ++# at boot time. ++# It does not accept any arguments ++do_start() { ++ if [ "x$TM_START" != "xno" ]; then ++ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $TM_NAME" ++ start_cmd "$TM_DAEMON" "$TM_DAEMON_ARGS" "$TM_PIDFILE" ++ case "$?" in ++ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; ++ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; ++ esac ++ fi ++ ++ if [ "x$TS_START" != "xno" ]; then ++ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $TS_NAME" ++ start_cmd "$TS_DAEMON" "$TS_DAEMON_ARGS" "$TS_PIDFILE" ++ case "$?" in ++ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; ++ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; ++ esac ++ fi ++} ++ ++ ++# The stop function ++# This function does everything required to stop the service. ++# It does not accept any arguments ++do_stop() { ++ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $TM_NAME" ++ stop_cmd "$TM_NAME" "$TM_DAEMON" "$TM_PIDFILE" ++ case "$?" in ++ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; ++ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; ++ esac ++ ++ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $TS_NAME" ++ stop_cmd "$TS_NAME" "$TS_DAEMON" "$TS_PIDFILE" ++ case "$?" in ++ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; ++ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; ++ esac ++} ++ ++case "$1" in ++ start) ++ if [ "x$TM_START" = "xno" ] && [ "x$TS_START" = "xno" ]; then ++ [ "$VERBOSE" != no ] && log_warning_msg "Not starting $DESC" ++ else ++ do_start ++ fi ++ ;; ++ stop) ++ do_stop ++ ;; ++ status) ++ if [ "x$TM_START" != "xno" ] ; then ++ status_of_proc "$TM_DAEMON" "$TM_NAME" -p "$TM_PIDFILE" && exit 0 || exit $? ++ else ++ status_of_proc "$TS_DAEMON" "$TS_NAME" -p "$TS_PIDFILE" || exit $? ++ fi ++ ;; ++ restart|force-reload) ++ log_daemon_msg "Restarting $DESC" "$NAME\n" ++ do_stop ++ case "$?" in ++ 0|1) ++ do_start ++ case "$?" in ++ 0) log_end_msg 0 ;; ++ 1) log_end_msg 1 ;; # Old process is still running ++ *) log_end_msg 1 ;; # Failed to start ++ esac ++ ;; ++ *) ++ # Failed to stop ++ log_end_msg 1 ++ ;; ++ esac ++ ;; ++ *) ++ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 ++ exit 3 ++ ;; ++esac ++ ++: diff --cc debian/trafficserver.install index 00000000,00000000..aa971f52 new file mode 100644 --- /dev/null +++ b/debian/trafficserver.install @@@ -1,0 -1,0 +1,26 @@@ ++usr/bin/traffic_* ++usr/bin/tspush ++etc/trafficserver/* ++usr/lib/trafficserver/lib*.so.* ++usr/lib/trafficserver/modules/authproxy.so ++usr/lib/trafficserver/modules/background_fetch.so ++usr/lib/trafficserver/modules/cachekey.so ++usr/lib/trafficserver/modules/cache_promote.so ++usr/lib/trafficserver/modules/combo_handler.so ++usr/lib/trafficserver/modules/compress.so ++usr/lib/trafficserver/modules/conf_remap.so ++usr/lib/trafficserver/modules/escalate.so ++usr/lib/trafficserver/modules/esi.so ++usr/lib/trafficserver/modules/generator.so ++usr/lib/trafficserver/modules/header_rewrite.so ++usr/lib/trafficserver/modules/healthchecks.so ++usr/lib/trafficserver/modules/libloader.so ++usr/lib/trafficserver/modules/regex_remap.so ++usr/lib/trafficserver/modules/regex_revalidate.so ++usr/lib/trafficserver/modules/s3_auth.so ++usr/lib/trafficserver/modules/stats_over_http.so ++usr/lib/trafficserver/modules/tcpinfo.so ++usr/lib/trafficserver/modules/test_cppapi.so ++usr/lib/trafficserver/modules/tslua.so ++usr/lib/trafficserver/modules/xdebug.so ++usr/lib/perl5/* usr/share/perl5/ diff --cc debian/trafficserver.maintscript index 00000000,00000000..51810a2e new file mode 100644 --- /dev/null +++ b/debian/trafficserver.maintscript @@@ -1,0 -1,0 +1,9 @@@ ++rm_conffile /etc/trafficserver/vaddrs.config 8.0.0~ trafficserver ++rm_conffile /etc/trafficserver/metrics.config 8.0.0~ trafficserver ++rm_conffile /etc/trafficserver/logging.config 8.0.0~ trafficserver ++rm_conffile /etc/trafficserver/log_hosts.config 8.0.0~ trafficserver ++rm_conffile /etc/trafficserver/congestion.config 8.0.0~ trafficserver ++rm_conffile /etc/trafficserver/cluster.config 8.0.0~ trafficserver ++rm_conffile /etc/trafficserver/body_factory/default/congestion#retryAfter 8.0.0~ trafficserver ++rm_conffile /etc/trafficserver/icp.config 8.0.0~ trafficserver ++rm_conffile /etc/trafficserver/snapshosts 8.0.0~ trafficserver diff --cc debian/trafficserver.manpages index 00000000,00000000..b2bfc3aa new file mode 100644 --- /dev/null +++ b/debian/trafficserver.manpages @@@ -1,0 -1,0 +1,4 @@@ ++debian/tmp/usr/share/man/man1/traffic_* ++debian/tmp/usr/share/man/man1/tspush.1 ++debian/tmp/usr/share/man/man8/traffic_* ++debian/tmp/usr/share/man/man5/* diff --cc debian/trafficserver.postinst index 00000000,00000000..23764905 new file mode 100755 --- /dev/null +++ b/debian/trafficserver.postinst @@@ -1,0 -1,0 +1,127 @@@ ++#! /bin/sh ++# postinst script for trafficserver ++# ++# see: dh_installdeb(1) ++# ++# Copyright 2011 Arno Toell ++# ++# Licensed under the Apache License, Version 2.0 (the "License"); ++# you may not use this file except in compliance with the License. ++# You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, software ++# distributed under the License is distributed on an "AS IS" BASIS, ++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++# See the License for the specific language governing permissions and ++# limitations under the License. ++ ++ ++set -e ++ ++USER='trafficserver' ++GROUP='trafficserver' ++USER_HOME='/var/run/trafficserver' ++OWNER=$(env stat -c '%U' /etc/trafficserver) ++OWNER_CACHE_DIR=$(env stat -c '%U' /var/cache/trafficserver) ++ ++# summary of how this script can be called: ++# * `configure' ++# * `abort-upgrade' ++# * `abort-remove' `in-favour' ++# ++# * `abort-deconfigure' `in-favour' ++# `removing' ++# ++# for details, see /usr/share/doc/packaging-manual/ ++# ++# quoting from the policy: ++# Any necessary prompting should almost always be confined to the ++# post-installation script, and should be protected with a conditional ++# so that unnecessary prompting doesn't happen if a package's ++# installation fails and the `postinst' is called with `abort-upgrade', ++# `abort-remove' or `abort-deconfigure'. ++ ++case "$1" in ++configure) ++ ++ if ! getent passwd -- "$USER" >/dev/null 2>&1 ; then ++ adduser --home "$USER_HOME" \ ++ --group \ ++ --system \ ++ --disabled-password \ ++ --no-create-home \ ++ --gecos "Debian Traffic Server user" \ ++ $USER ++ fi ++ ++ if [ -d /etc/trafficserver ] && [ "x$OWNER" = "xroot" ] ; then ++ # Ok, I admit I am lazy. I don't check every permission ++ # the user may have changed. If he didn't for /etc I can ++ # safely assume he neither has for other directories (I ++ # hope, since /etc requires write permissions by ATS). ++ echo 'Fixing permissions ...' ++ ++ if ! dpkg-statoverride --list /etc/trafficserver >/dev/null 2>&1; then ++ dpkg-statoverride --update --add "$USER" "$GROUP" 0755 /etc/trafficserver ++ fi ++ ++ if ! dpkg-statoverride --list /var/log/trafficserver >/dev/null 2>&1; then ++ dpkg-statoverride --update --add "$USER" adm 0750 /var/log/trafficserver ++ fi ++ ++ if [ -d /var/cache/trafficserver ] && [ "x$OWNER_CACHE_DIR" = "xroot" ] ; then ++ if ! dpkg-statoverride --list /var/cache/trafficserver >/dev/null 2>&1; then ++ dpkg-statoverride --update --add "$USER" adm 0750 /var/cache/trafficserver ++ fi ++ fi ++ fi ++ ++ if [ -n "$2" ] && dpkg --compare-versions "$2" 'le' '3.2~' ; then ++ RET=0 ++ invoke-rc.d trafficserver status > /dev/null 2>&1 || RET=$? ++ # 0 => ATS is running ++ # 4 => Status is unknown ++ # 1,2,3 => ATS is not running ++ ++ # using /bin/echo to make sure -e is supported ++ ECHO=`which echo` ++ if [ "$RET" -gt 0 ] && [ "$RET" -ne 4 ] && [ -f /var/cache/trafficserver/host.db ] ; then ++ echo "Purging TrafficServer cache upon upgrade." ++ RET=0 ++ traffic_server -Cclear > /dev/null 2>&1 || RET=$? ++ if [ "$RET" -ne 0 ] ; then ++ $ECHO "=======================================================================" ++ $ECHO -e "WARNING: Apache TrafficServer's cache couldn't be purged during the upgrade.\n" \ ++ "Please inspect the situation manually and call 'traffic_server -Cclear'\n" \ ++ "afterwards to purge the caches." ++ $ECHO "=======================================================================" ++ fi ++ else ++ $ECHO "=======================================================================" ++ $ECHO -e "WARNING: Apache TrafficServer is not running or its state couldn't be\n" \ ++ "determined. Please inspect the situation manually and call\n" \ ++ "'traffic_server -Cclear' afterwards to purge the caches.\n" ++ $ECHO "=======================================================================" ++ ++ fi ++ fi ++;; ++ ++abort-upgrade|abort-remove|abort-deconfigure) ++ ++;; ++ ++*) ++echo "postinst called with unknown argument \`$1'" >&2 ++exit 0 ++;; ++esac ++ ++# dh_installdeb will replace this with shell code automatically ++# generated by other debhelper scripts. ++ ++#DEBHELPER# ++ ++exit 0 diff --cc debian/trafficserver.service index 00000000,00000000..3fb0f534 new file mode 100644 --- /dev/null +++ b/debian/trafficserver.service @@@ -1,0 -1,0 +1,31 @@@ ++# ++# Licensed to the Apache Software Foundation (ASF) under one ++# or more contributor license agreements. See the NOTICE file ++# distributed with this work for additional information ++# regarding copyright ownership. The ASF licenses this file ++# to you under the Apache License, Version 2.0 (the ++# "License"); you may not use this file except in compliance ++# with the License. You may obtain a copy of the License at ++# ++# http://www.apache.org/licenses/LICENSE-2.0 ++# ++# Unless required by applicable law or agreed to in writing, software ++# distributed under the License is distributed on an "AS IS" BASIS, ++# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++# See the License for the specific language governing permissions and ++# limitations under the License. ++# ++[Unit] ++Description=Apache Traffic Server is a fast, scalable and extensible caching proxy server. ++Documentation=man:traffic_server(8) ++After=network-online.target ++ ++[Service] ++Type=simple ++EnvironmentFile=-/etc/default/trafficserver ++PIDFile=/run/trafficserver/manager.lock ++ExecStart=/usr/bin/traffic_manager $TM_DAEMON_ARGS ++ExecReload=/usr/bin/traffic_ctl config reload ++ ++[Install] ++WantedBy=multi-user.target diff --cc debian/trafficserver.tmpfile index 00000000,00000000..231e3171 new file mode 100644 --- /dev/null +++ b/debian/trafficserver.tmpfile @@@ -1,0 -1,0 +1,1 @@@ ++d /run/trafficserver 0755 trafficserver trafficserver diff --cc debian/upstream/signing-key.asc index 00000000,00000000..b5b19452 new file mode 100644 --- /dev/null +++ b/debian/upstream/signing-key.asc @@@ -1,0 -1,0 +1,101 @@@ ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++ ++mQINBErZOgoBEADImA8eQf03cOXh1UCuzNAg6paeNRBHJgSq2ly1lF47WgI1S0Kf ++7dHdr3HH3xpkM7d0m2Nm2tPsZzemYFAW1sixzXj5bnCCuCaeOHzI+4mM9Tu9AUQp ++ZqTiaW++tSenl+CzRWwDYFUG2s+r4/Fp0VNp/vHo1EqoO1cyauG/Jvo3VpbsKl2g ++XuNZfRRoDOscGU7kcSKj7wnxRCXm8IHMGsuobtOC5UsuQCggoxFfD0mc1ZKZT9dv ++WwcYG7sGHUUuEVkwHQr3ikjvItzZFgDU5Do5kv7q4OZ/N6wQhwT3lqXmpFX5fMK/ ++1zMlrFjepl7OePgPf2qrYUGu9DVOcdT1ElMlY6BOHV+zkA7i/SBZUOvN93CGP8I4 ++7Dp/DaQaCAs7mcGScu+07Nr14xKmfqo+oqL40UbaVNyEAqhqHlynKGKO6mYPkUOZ ++KST0R3AQCM6nTr8zsGqiJze2C+uEc4uBUXHsY4tgo9DO8ZcyaBj6G/TYuol4m2kF ++InxNHWFJ3tiO9dkM0O+YYae3UnH7mXBnKJNhTG/ek34LLLYCgXnOZ1cDKdtyd5Z8 ++p+Ve73EM4pxJuC0J3UkPGBRxYzqkqx0tXDCAf1zYpTH486HJapxYuYyv94LQKhzp ++hEyXfm6zFufHWdcwe0bjovcTKARE8Q81eBi+N/3cUzNMQN+5bjiy3nQOBQARAQAB ++tDNMZWlmIEhlZHN0cm9tIChDT0RFIFNJR05JTkcgS0VZKSA8endvb3BAYXBhY2hl ++Lm9yZz6JAjcEEwECACECGwMCHgECF4AFAkrZO1gFCwkIBwMFFQoJCAsFFgIDAQAA ++CgkQUz3vFV17vFp8Ng/+NkQz+V+cCAirJg08XrZ+G508I8RxNsHAtZ4krPK958EJ ++Fxs2SBCX5V+edP4ng4pRdEg6zA17up40zlnn14FVBpdZ+bU0yd/DTiKaX5MpfPVN ++Gzw/t4gDoTntguDyw2JCUKhOu7B9zMDBSUT4KFeG91nIAjygB55c/d9OMwRXmoel ++vUL1/JVqLBJuZgTJ70jn4dUHz5VSuUsylvl/kRwceY3QyZrA+3LXVW8V++s36WzT ++QIXSAgfFdsw8Ry0C4OWWX5And0quB/E9l3zKpDvwH3FGrifM28aNd9We5c8QgxVd ++gKbSHc595zquLebhIj0c3peXRY15qmqq0fYGcMkpr+capY0KEsusxDg/M06srymq ++Tr5/BFE8Lqv/Qy+OebLRw0+B7b+ZvR0tMyv2L+drYgWvXtpCFKMCfqp1KWJYtolu ++bUcIZrCMzUlsCNT5zCjf396jMThucfRQ5PrgLtF8Jc+NDnlKzz8acClhdNwa4F3s ++dmS2C3PqRs9JWEhdXCvnuurnMQMsbujVeam8kQRFUcvCdl33cHP8JUy3cQ4uA8M+ ++XanNDBHxDis5DDTgLLnDiWfGHL6FVSsH3OxsPCOA/go7uDw0ihiC7THJvh2L8051 ++NPlGVDnCqbnFbzIVLbbXFSTpJQ5vbzOPRaKZLOTXvKEG9MmbtrxhXfpQr5zapIO5 ++Ag0EStk6CgEQANMwI7QnPWQowMgfC365G1OlZeHWM1hwdPqpcJsI2KSIfCcCaKH8 ++16bdNr/3p60rp3UIFCHSrX4CAxvYneEOG3pKYvzGf6GYI7g4NbLGu13cFOsBfz32 ++1O5pmZPOH3FgDVvQBYCbC1cffWQiR2sp6U+O1rwAVk89+kxh6RfkPopPC4kkw18T ++UsiNLHPQsfQ/aNazLdg5vgGKoxHj0BIx7BSb6JgZu48czu3pm1hudWfyoDtZFVQm ++DWFFkzdhfvKO2pmMjG2IFrDdVLgxdKOO1WgsC+PSZesfkeOvN0qaFpFaHwIRVPYz ++l9gwo8z5LJQsCEKx3aMmbDfkDeL5nN8Khb2p7yyyxwdPVSxKpx7lGdmCscVWj874 ++7bGg+1D+vAIBKBYpQz2bWQrHcMra6rTra656KIWXwRelztUrgkfE5AxxtsyNflmV ++3b7JsE3yAsXntjmAEOnZUeyGguNJR31oVn4W+oei7vGmFhzQZklGaKe0lo1BsbmM ++0HPVu/n5stVRjiqMvLHvZdfx/EbELkE572/NcxKH4XM3wm19FODcEJy8AXg2YlDk ++s/BD7nLGGEuefqMgZjFfoMWTkeIEHibIkJdmOUxqTXvG8SQw2S7QiGETbTezsEyq ++ZV9NN3yN/Rro0BkgsYq2jX1fPSYR9CHVrhVT8BESnvt4FwSTExyuePUbABEBAAGJ ++Ah8EGAECAAkFAkrZOgoCGwwACgkQUz3vFV17vFrnTQ/8DRkm/eyD9RH0QVmeClQm ++2TXqxvD95nMbAycmKnoe1+KBT26oNs+7XwUF4tfnZ8TCM8NgQ03TdeS2lczXERnm ++LUJc1iM3XFTBEi6n7BrbUadD1PFDf4G2zXGV+t7Ho+ukg03pNe5Y+VQnaF6ht51G ++HM8k3AWxYSgOlA11T+E+YBCiZzLA5GanflGRV0Vj+lZbp6gsCN/3IUxO0mfV/Jtv ++MRKTGvFAssZpqFwJJVDRJZgr+GUKff+Vef8+7wB78WYE93P3y0YPDo5+HrgMBej+ ++izgVjMg0KToBzZoXKNWNywDvV3pZn0zL32wzKW10hgAesVyqNebznkBvHYk29BVU ++R4fTQ2DJ8PvXXnjWtfyOGc0lz6HpBlGXAgbOZZjRdJb9eBtjcALoUPAQyi4TyN7n ++dxzNtmssG3B+Xv08/VyGx00ClWLHTI+tFfwrfp4640uc3Yrg4CRZDhWLmxnDNc61 ++FudI/6PjPfIo4FNWLgLMR3YRuVOij1/Wxos/XHVhuG4kBhkGfYyBmERLWdo/FAFc ++X/Pa2B5Sbw9bp/h+Pro0KrQinJv2mygGG/045S6WKobyYZMNFTAquOtFBqzN+xbB ++L/EeLJ3Vlj11vw1qRd6jjTdpC6rKtYNTnmTuHSC6HCWNZ49dE2HCfI+QhXvLvqpz ++ItxbCP1bTdT/tJjiNyoT8xY= ++=099s ++-----END PGP PUBLIC KEY BLOCK----- ++-----BEGIN PGP PUBLIC KEY BLOCK----- ++ ++mQINBEtfajQBEADAmWqIJkt2MPjmZJ9RlymAAuOcvImB5E3cvpWFqVH8h5ycS3NA ++TTcvomSnILsiq+NM0h/J3Bd3cchCNA0uuXW1CIDY7mGrkPdXNxQVygYY2L/ubAE8 ++Ed1u1ghzPUaMYtFf7QAk4WCpglBaL2frJmfS93AIYOAIuV0zw8+ce8uvVYSt7aAk ++Ww8JKnpW91nMZr3GBTibhthCmLcDWIyntR2gYyPX9NdAAViSfkmW8ea4dtbXfu8j ++nkr7DnbsQu+vl29nwLmI3h2jcgV6QkHu40breY5NbFSTVmyyBgM5yH3cVk7xVIGv ++1rt0Q9DvoftaSiWn3TcXcrnHnWVPTo1VM+kYHT9J9p6JSxZdrcAySR48YZvgDXTI ++BC2sNCtW/gHC4iNdxWvOYKDO7xv9fLweqiUNXi/BxcwcCapYN5xZEONFKVVRvd5X ++pcr0hxviNjkD/GkWTYEt3EqhnAGDOwQc60DtyuY1w82bhtIhCmNcnLAUEXYlJMXN ++iPy1owKuY0EBt3VO3KsI5RqZTGgvYHtB2XpnyRLutnwAsMQceUl3r3CMRoNagTGw +++gfY18819b5dgMSYp1+Im0TtImMv/LOPjZY44Br24JisScaqQXc+DETEfafoIKsW ++BBj1gfz5GsuUxdlnZHwwIM4MwtWvoU8/OHp3zVlDJZFLNBReTimV1La0DQARAQAB ++tCBCcnlhbiBXLiBDYWxsIDxiY2FsbEBhcGFjaGUub3JnPokCOAQTAQIAIgUCS19q ++NAIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQTRVBELhFCOyuyxAArYgT ++qrMxveqgKEEUrdnYF+hw1weoA5I4vJPUoAdsUr52WUZ2P8AnKxsESdGefA0XwG2v ++t6qyo0fFce04YZ5gYjg5au0sYndN84vwysjuo5PKBR4mt3Ij097gMnotRzFDReJD ++TB5Yk4oj0/jHMUkkS2dw3gM2DFfI2ILAaCRNbFapejwk4jCxt5JAGVEr+z8BEyOg ++NcwL0X5G1qci+OR9cv0AzfChxaKNwW/oGpW/h5gM4jBQuElMmCxqDcyAlIHLaGoM ++H73iGnD9U4bI05kvpIdqABQrfDoN1QyQkiqG640LnP4WVHycNDIyOeeQcDVenK5a ++IOm/4gnErOyzQkPS0v5J4jD4df2lvxXnoSvjLySCeA1um/HV/gF02NufyoMHDJFD ++QeEIjQu6KLYPNOT3dMeuioqtIsncylmAXiSqnwrP7zfp2RWRaWzAgP1SSZMzF/80 ++a+6W5uQt8j2ok/z0NPCKQflS+oU4Gc5C+/KHUrdDCY5GcwwgFBv1i41jXdjh0nkz ++VzX/asUIO9ptW8TR7aIcS3lm847YV4isNvWlroeGhmVfIk8M8RqsDfq7HPLvqipI ++V2phFiUEiON8OgD0x8+2fTnveE/lY1jpjYUg73XOcHG6wna4D6ECTzlG3s4QtBrI ++gcUFY97nfHgt6sT/ix7jB746wVfKgRzRyCuCwxK5Ag0ES19qNAEQAL3rbob4n3jy ++cUhDIqg7bzReb4rfoS5JWKVCu169q8aGys2HJ4tCKtPE2ldwHKo55nTZsQQTbaLM ++WxznmGWxESV4OJKDDNXOhctISaiwOSNEj58QvDGmcmK38ZlrSsuoUNgpbnFfxlwx ++DBu0Nh5ocKiNJcBx5BwhrD9hzqaSW/HjQU52EUrLfT5gYnT25ZtmTIEzonbT1AGb ++vMWPQeNVHwUZmy7foFIp68Hw4Z54SWWB6wOs3sPg5PfptfrTe2TTCe1CfcUCCzAJ ++IEeNK8u2tYwK1u02pmYJ2nXxCo0op0bP4Bo40USbqI40qf37WAjGYIik31upNOU7 ++Ku6vYopQMV8kB7i5HBuYzTvxjCz+dC8P2TuALwmMCpOdBQ5c+lT4gRr5kt0OlD1k ++IpL/vrlTFsmhILe5KbawfM2ZwM6KbJyX0er38XNK4HPpHiyaNrLS2bQSDgBU8PC5 ++sOHKpOXq404owDybkOfiB0voCJm/e7RkOI6AyeokCobXzcO6ZrWmwiRwXz9K5EuK ++IfA8gWs5i3pK3X9cBMnjQ/uMSL0w7SY5khUAMFwECM73YW53E+hqaB7LG26ATjql ++esM3uhaVd3INNNp+haoHSsRUY7DZh2s/ghX5t/T/pkRzfNimVdejYOUxAHHX4x8S ++fcXsB1I9r81wolbUqaddHdZLYS4Z7ZBNABEBAAGJAh8EGAECAAkFAktfajQCGwwA ++CgkQTRVBELhFCOyNpw//fF6pKllSPv9yvNAMvt+Ly0hk6GwOCRYCMe9uQuk7EDTI ++idiG6DbzEKsqGIugvcyMrOGJxGDfSc+I8KgOhsuY31aWllSLyMo2fVFPECztPPFt ++7IovwXe1sSA5d278KG2Xi+2Z0W0XMnCqVLLoQoFqkVvbgaLKWrvgk93yozsYYcJd ++2iDIseyL3YzuqSNeLoXf0DWlMDX8oXtemlD87oWJWOnfHTVMLmGM45qAvmcDf96b ++ZiDjdo4Sn6LSu5Xn/fCNrZOtpTDXJPJ9fb9APz4n2tdTS4UrzCQdtYEaNxb5LeP7 ++MySMOITpZ2xrmC3SzL67STXn4POTxXa8lnY1DCpGUL8uxYej8cXkPDSC9sX836vJ ++DbalYPHlgb5Fyn9pb+LoZWhUKxtfp6dp8N2kVKJ1yLlTwVdRFEicF5hqiMa6Curk ++TVIVb9VQxEzw9bnBmoi9k4XLJAHz35cFvLNjJVSt0naNqjpy6fxHllJ6I1s6dJe9 ++jGfECEc1sw1vLjS4f+NIGTSjciuxWkOfZ3Ulw3RPuUbeMHMC6FEfv35M1dDRv3ec ++xIBKO0t7qvJ8Q6b/DzwW+IhqzLTK5bXEXVKS1zAJ3Iyd1QOmGOLdP/caoKV313J5 ++YVz+bqtclFVJQ20cqAPhWEf7UNZTFCwa1CAKbPIGKYoDSCId4sqsNyRCmbRqY8A= ++=Ycol ++-----END PGP PUBLIC KEY BLOCK----- diff --cc debian/watch index 00000000,00000000..20374fd5 new file mode 100644 --- /dev/null +++ b/debian/watch @@@ -1,0 -1,0 +1,5 @@@ ++version=4 ++opts="pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+ds\d*$//,repacksuffix=+ds,repack,compression=xz" \ ++ https://downloads.apache.org/trafficserver/ \ ++ trafficserver-(\d+\.\d+.\d+)\.tar\.bz2 \ ++ debian uupdate