Fixes (#7971)

Origin: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-27577
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32565
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32566
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32567
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-35474
Bug-Debian: https://bugs.debian.org/990303

* String the url fragment for outgoing requests (#7966)

Co-authored-by: Susan Hinrichs <shinrich@verizonmedia.com>
(cherry picked from commit 2b13eb33794574e62249997b4ba654d943a10f2d)

* Ensure that the content-length value is only digits (#7964)

Co-authored-by: Susan Hinrichs <shinrich@verizonmedia.com>
(cherry picked from commit 668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca)

* Schedule H2 reenable event only if it's necessary

Co-authored-by: Katsutoshi Ikenoya <kikenoya@yahoo-corp.jp>
* Fix dynamic-stack-buffer-overflow of cachekey plugin (#7945)

* Fix dynamic-stack-buffer-overflow of cachekey plugin

* Check dst_size include null termination

(cherry picked from commit 5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b)

Co-authored-by: Bryan Call <bcall@apache.org>
Co-authored-by: Masakazu Kitajo <maskit@apache.org>
Co-authored-by: Katsutoshi Ikenoya <kikenoya@yahoo-corp.jp>
Co-authored-by: Masaori Koshiba <masaori@apache.org>
Gbp-Pq: Name 0018-Fixes-7971.patch

Remove python2 vestiges from conf.py, traffic-server.py.

Origin: upstream
Applied-Upstream: https://github.com/apache/trafficserver/commit/096b2590b6111dd16ec19ca24f88ff41d069f2d0
Reviewed-by: Jean Baptiste Favre <jbfavre@debian.org>
Last-Update: 2020-07-29

Last-Update: 2020-07-29
Gbp-Pq: Name 0017-fix_sphinx_3.0.patch

Fix test for python 3.8

Reviewed-by: Jean Baptiste Favre <jbfavre@debian.org>
Last-Update: 2020-02-03

Last-Update: 2020-02-03
Gbp-Pq: Name 0016-fix_python_3.8.patch

Fix LDFLAGS usage,

Forwarded: https://github.com/apache/trafficserver/pull/4793
Last-Update: 2019-01-12

Gbp-Pq: Name 0015-as-needed-fix.patch

Update compilation chain after embedded libyamlcpp removal

Origin: other
Reviewed-by: Jean Baptiste Favre <debian@jbfavre.org>
Last-Update: 2019-01-30

Last-Update: 2019-01-30
Gbp-Pq: Name 0014-use_system_yaml-cpp.patch

Fix Perl interpreter path

Reviewed-by: Jean Baptiste Favre <debian@jbfavre.org>
Last-Update: 2019-01-03

Last-Update: 2019-01-03
Gbp-Pq: Name 0013-fix-perl-interpreter-path.patch

Fix various speeling issues

Forwarded: https://github.com/apache/trafficserver/pull/4750
Applied-Upstream: https://github.com/apache/trafficserver/commit/af0ad4a1880a21743e98331855bb78e15d5406ef
Last-Update: 2019-01-03

Last-Update: 2019-01-03
Gbp-Pq: Name 0012-fix-spelling-checks.patch

Fix Segmentation fault in ShowCache::handleCacheEvent

Origin: upstream
Bug: https://github.com/apache/trafficserver/issues/4328
Applied-Upstream: https://github.com/apache/trafficserver/commit/616eb10bfc35599a2c93ff30879d584a05ddf83e
Reviewed-by: Jean Baptiste Favre <debian@jbfavre.org>
Last-Update: 2018-10-17

Last-Update: 2018-10-17
Gbp-Pq: Name 0011-fix-segfault.patch

Fix build issue with MySQL 8

Origin: other, https://bugs.launchpad.net/ubuntu/+source/trafficserver/+bug/1795362
Forwarded: https://github.com/apache/trafficserver/pull/4360
Applied-Upstream: https://github.com/apache/trafficserver/commit/05b30527974416768515506f69da338652c23260
Reviewed-by: Jean Baptiste Favre <debian@jbfavre.org>
Last-Update: 2018-10-06

The my_bool type is no longer used in MySQL source code.
Any third-party code that used this type to represent C
boolean variables should use the bool or int C type instead.
Last-Update: 2018-10-06
Gbp-Pq: Name 0009-fix-mysql-8-build.patch

Force python3 usage, add libfakeroot-sysv to blacklist

Origin: other
Last-Update: 2018-09-24

Last-Update: 2018-09-24
Gbp-Pq: Name 0008-fix-python-check-unused-dependencies.patch

Make documentation build works outside of git repository

Origin: other
Last-Update: 2019-01-03

Current documentation build requires git and curl to get some stuff from the internet
This patch aims to delete those dependencies, forcing git branch to master,
and using Debian provided plantuml instead of downloading it from apache mirror
Last-Update: 2019-01-03
Gbp-Pq: Name 0006-fix-doc-build.patch

make the build reproducible

Origin: other, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833176
Reviewed-by: Jean Baptiste Favre <debian@jbfavre.org>
Last-Update: 2016-11-18

Last-Update: 2016-11-18
Gbp-Pq: Name 0003-reproductible-build.patch

Use -mcx16 on x86 platforms only

Gbp-Pq: Name 0001-Use-mcx16-on-x86-platforms-only.patch

trafficserver (8.1.1+ds-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Address CVE-2021-27577, CVE-2021-32565, CVE-2021-32566, CVE-2021-32567 and
    CVE-2021-35474.
    - CVE-2021-27577: Incorrect handling of url fragment leads to cache
      poisoning
    - CVE-2021-32565: HTTP Request Smuggling, content length with invalid
      charters
    - CVE-2021-32566: Specific sequence of HTTP/2 frames can cause ATS to
      crash
    - CVE-2021-32567: Reading HTTP/2 frames too many times
    - CVE-2021-35474: Dynamic stack buffer overflow in cachekey plugin
    (Closes: #990303)

[dgit import unpatched trafficserver 8.1.1+ds-1.1]

Import trafficserver_8.1.1+ds-1.1.debian.tar.xz

[dgit import tarball trafficserver 8.1.1+ds-1.1 trafficserver_8.1.1+ds-1.1.debian.tar.xz]

Import trafficserver_8.1.1+ds.orig.tar.xz

[dgit import orig trafficserver_8.1.1+ds.orig.tar.xz]