You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by bc...@apache.org on 2022/06/13 18:12:57 UTC
[trafficserver] branch 9.1.x updated (307fcdc9e -> 4f68da2b3)
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a change to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
from 307fcdc9e Fix leaks in ConfigManager::configName (#8269) (#8843)
new 0d6f48d2f include <cstring> for access to C-string operations (#8786)
new 18437672b Reuse TSMutex for ts_lua_http_intercept_handler (#8687)
new 6f2ce3e35 Pin Jinja2 for doc builds (#8773)
new 966106576 Address issues with python 3.10 (#8729)
new 85e848496 Fixing the httpbin AuTests by pinning Werkzeug (#8765)
new d5806bd71 [ink_base64] Fix buffer size computation (#8736)
new 4f68da2b3 Update to proxy-verifier-v2.3.1 (#8753)
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
doc/Pipfile | 4 ++++
include/tscore/ink_base64.h | 15 +++++++++++++--
.../access_control/unit_tests/test_utils.cc | 18 +++++++++---------
plugins/experimental/access_control/utils.cc | 4 ++--
plugins/experimental/icap/icap_plugin.cc | 1 +
plugins/experimental/metalink/metalink.cc | 2 +-
.../redo_cache_lookup/redo_cache_lookup.cc | 1 +
plugins/lua/ts_lua_http_intercept.c | 13 +++++--------
src/tscore/ink_base64.cc | 6 ++----
tests/Pipfile | 8 +++++++-
tests/gold_tests/autest-site/ordered_set_queue.py | 7 ++++++-
tests/prepare_proxy_verifier.sh | 2 +-
tests/proxy-verifier-version.txt | 2 +-
13 files changed, 53 insertions(+), 30 deletions(-)
[trafficserver] 03/07: Pin Jinja2 for doc builds (#8773)
Posted by bc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 6f2ce3e355b27d97775923cb00ff7930ab14d003
Author: Brian Neradt <br...@gmail.com>
AuthorDate: Tue Mar 29 13:33:50 2022 -0500
Pin Jinja2 for doc builds (#8773)
The latest jinja2 breaks Sphinx 3.x builds. For now, pinning jinja2 to
an earlier release for doc builds.
(cherry picked from commit d9eeca39b7910e0b35d213a3c9be58e1edf01a53)
---
doc/Pipfile | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/doc/Pipfile b/doc/Pipfile
index 42a9f5ad5..5828b4c99 100644
--- a/doc/Pipfile
+++ b/doc/Pipfile
@@ -32,6 +32,10 @@ verify_ssl = true
# unpin sphinx by setting the following to "*".
sphinx = "==3.*"
+# Sphinx 3.x builds break with the latest jinja2. This jinja2 pin can be
+# removed when we move to Sphinx 4.x.
+jinja2 = "<3.1"
+
sphinx-rtd-theme = "*"
sphinxcontrib-plantuml = "*"
# i18n
[trafficserver] 06/07: [ink_base64] Fix buffer size computation (#8736)
Posted by bc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit d5806bd715b83cb31477493dc5b1997437a95b54
Author: Mo Chen <un...@gmail.com>
AuthorDate: Mon Mar 28 17:22:23 2022 -0500
[ink_base64] Fix buffer size computation (#8736)
These buffer size computation macros are meant to be used for callers of
ats_base64_encode/decode. They were not taking into account a null
terminator, which is always written by those functions. This causes a
buffer overflow when encode or decode are called on buffers of certain
sizes, e.g. decode on an input buffer of size 4.
This change makes these buffer size calculations match the functions.
It also updates unit tests for the access_control plugin, which uses
these functions.
Since this is a macro change, plugins which use encode/decode will need to
be recompiled.
(cherry picked from commit 3c1006eb1984304a78cea140889290720584e9a0)
---
include/tscore/ink_base64.h | 15 +++++++++++++--
.../access_control/unit_tests/test_utils.cc | 18 +++++++++---------
plugins/experimental/access_control/utils.cc | 4 ++--
plugins/experimental/metalink/metalink.cc | 2 +-
src/tscore/ink_base64.cc | 6 ++----
5 files changed, 27 insertions(+), 18 deletions(-)
diff --git a/include/tscore/ink_base64.h b/include/tscore/ink_base64.h
index a3c4d510a..1473a312a 100644
--- a/include/tscore/ink_base64.h
+++ b/include/tscore/ink_base64.h
@@ -42,5 +42,16 @@ bool ats_base64_encode(const unsigned char *inBuffer, size_t inBufferSize, char
bool ats_base64_decode(const char *inBuffer, size_t inBufferSize, unsigned char *outBuffer, size_t outBufSize, size_t *length);
// Little helper functions to calculate minimum required output buffer for encoding/decoding.
-#define ATS_BASE64_ENCODE_DSTLEN(_length) ((_length * 8) / 6 + 4)
-#define ATS_BASE64_DECODE_DSTLEN(_length) (((_length + 3) / 4) * 3)
+// These sizes include one byte for null termination, because ats_base64_encode and ats_base64_decode will always write a null
+// terminator.
+inline constexpr size_t
+ats_base64_encode_dstlen(size_t length)
+{
+ return ((length + 2) / 3) * 4 + 1;
+}
+
+inline constexpr size_t
+ats_base64_decode_dstlen(size_t length)
+{
+ return ((length + 3) / 4) * 3 + 1;
+}
diff --git a/plugins/experimental/access_control/unit_tests/test_utils.cc b/plugins/experimental/access_control/unit_tests/test_utils.cc
index 43b1f5c49..5040964aa 100644
--- a/plugins/experimental/access_control/unit_tests/test_utils.cc
+++ b/plugins/experimental/access_control/unit_tests/test_utils.cc
@@ -36,7 +36,7 @@ TEST_CASE("Base64: estimate buffer size needed to encode a message", "[Base64][a
/* Test with a zero decoded message length */
encodedLen = cryptoBase64EncodedSize(0);
- CHECK(4 == encodedLen);
+ CHECK(1 == encodedLen);
/* Test with a random non-zero decoded message length */
encodedLen = cryptoBase64EncodedSize(64);
@@ -44,11 +44,11 @@ TEST_CASE("Base64: estimate buffer size needed to encode a message", "[Base64][a
/* Test the space for padding. Size of encoding that would result in 2 x "=" padding */
encodedLen = cryptoBase64EncodedSize(strlen("176a1620e31b14782ba2b66de3edc5b3cb19630475b2ce2ee292d5fd0fe41c3abc"));
- CHECK(92 == encodedLen);
+ CHECK(89 == encodedLen);
/* Test the space for padding. Size of encoding that would result in 1 x "=" padding */
encodedLen = cryptoBase64EncodedSize(strlen("176a1620e31b14782ba2b66de3edc5b3cb19630475b2ce2ee292d5fd0fe41c3ab"));
- CHECK(90 == encodedLen);
+ CHECK(89 == encodedLen);
/* Test the space for padding. Size of encoding that would result in no padding */
encodedLen = cryptoBase64EncodedSize(strlen("176a1620e31b14782ba2b66de3edc5b3cb19630475b2ce2ee292d5fd0fe41c3a"));
@@ -63,27 +63,27 @@ TEST_CASE("Base64: estimate buffer size needed to decode a message", "[Base64][a
/* Padding with 2 x '=' */
encoded = "MTc2YTE2MjBlMzFiMTQ3ODJiYTJiNjZkZTNlZGM1YjNjYjE5NjMwNDc1YjJjZTJlZTI5MmQ1ZmQwZmU0MWMzYQ==";
encodedLen = cryptoBase64DecodeSize(encoded, strlen(encoded));
- CHECK(66 == encodedLen);
+ CHECK(67 == encodedLen);
/* Padding with 1 x '=' */
encoded = "MTc2YTE2MjBlMzFiMTQ3ODJiYTJiNjZkZTNlZGM1YjNjYjE5NjMwNDc1YjJjZTJlZTI5MmQ1ZmQwZmU0MWMzYWI=";
encodedLen = cryptoBase64DecodeSize(encoded, strlen(encoded));
- CHECK(66 == encodedLen);
+ CHECK(67 == encodedLen);
/* Padding with 0 x "=" */
encoded = "MTc2YTE2MjBlMzFiMTQ3ODJiYTJiNjZkZTNlZGM1YjNjYjE5NjMwNDc1YjJjZTJlZTI5MmQ1ZmQwZmU0MWMzYWJj";
encodedLen = cryptoBase64DecodeSize(encoded, strlen(encoded));
- CHECK(66 == encodedLen);
+ CHECK(67 == encodedLen);
/* Test empty encoded message calculation */
encoded = "";
encodedLen = cryptoBase64DecodeSize(encoded, strlen(encoded));
- CHECK(0 == encodedLen);
+ CHECK(1 == encodedLen);
/* Test empty encoded message calculation */
encoded = nullptr;
encodedLen = cryptoBase64DecodeSize(encoded, 0);
- CHECK(0 == encodedLen);
+ CHECK(1 == encodedLen);
}
TEST_CASE("Base64: quick encode / decode", "[Base64][access_control][utility]")
@@ -103,7 +103,7 @@ TEST_CASE("Base64: quick encode / decode", "[Base64][access_control][utility]")
encodedMessageLen));
size_t decodedMessageEstimatedLen = cryptoBase64DecodeSize(encodedMessage, encodedMessageLen);
- CHECK(66 == decodedMessageEstimatedLen);
+ CHECK(67 == decodedMessageEstimatedLen);
char decodedMessage[encodedMessageEstimatedLen];
size_t decodedMessageLen = cryptoBase64Decode(encodedMessage, encodedMessageLen, decodedMessage, encodedMessageLen);
diff --git a/plugins/experimental/access_control/utils.cc b/plugins/experimental/access_control/utils.cc
index 53911e463..211716da5 100644
--- a/plugins/experimental/access_control/utils.cc
+++ b/plugins/experimental/access_control/utils.cc
@@ -296,7 +296,7 @@ cryptoMessageDigestEqual(const char *md1, size_t md1Len, const char *md2, size_t
size_t
cryptoBase64EncodedSize(size_t decodedSize)
{
- return ATS_BASE64_ENCODE_DSTLEN(decodedSize);
+ return ats_base64_encode_dstlen(decodedSize);
}
/**
@@ -308,7 +308,7 @@ cryptoBase64EncodedSize(size_t decodedSize)
size_t
cryptoBase64DecodeSize(const char *encoded, size_t encodedLen)
{
- return ATS_BASE64_DECODE_DSTLEN(encodedLen);
+ return ats_base64_decode_dstlen(encodedLen);
}
/**
diff --git a/plugins/experimental/metalink/metalink.cc b/plugins/experimental/metalink/metalink.cc
index 9f7d201a4..b8eae9a8c 100644
--- a/plugins/experimental/metalink/metalink.cc
+++ b/plugins/experimental/metalink/metalink.cc
@@ -693,7 +693,7 @@ location_handler(TSCont contp, TSEvent event, void * /* edata ATS_UNUSED */)
const char *value;
int length;
- char digest[33]; /* ATS_BASE64_DECODE_DSTLEN() */
+ char digest[33]; /* ats_base64_decode_dstlen() */
SendData *data = static_cast<SendData *>(TSContDataGet(contp));
TSContDestroy(contp);
diff --git a/src/tscore/ink_base64.cc b/src/tscore/ink_base64.cc
index a1da352f3..bc68758bc 100644
--- a/src/tscore/ink_base64.cc
+++ b/src/tscore/ink_base64.cc
@@ -28,8 +28,6 @@
* authentication scheme does not require them. This implementation is
* intended for web-related use, and line breaks are not implemented.
*
- * These routines return char*'s to malloc-ed strings. The caller is
- * responsible for freeing the strings.
*/
#include "tscore/ink_platform.h"
#include "tscore/ink_base64.h"
@@ -44,7 +42,7 @@ ats_base64_encode(const unsigned char *inBuffer, size_t inBufferSize, char *outB
char *obuf = outBuffer;
char in_tail[4];
- if (outBufSize < ATS_BASE64_ENCODE_DSTLEN(inBufferSize)) {
+ if (outBufSize < ats_base64_encode_dstlen(inBufferSize)) {
return false;
}
@@ -130,7 +128,7 @@ ats_base64_decode(const char *inBuffer, size_t inBufferSize, unsigned char *outB
int inputBytesDecoded = 0;
// Make sure there is sufficient space in the output buffer
- if (outBufSize < ATS_BASE64_DECODE_DSTLEN(inBufferSize)) {
+ if (outBufSize < ats_base64_decode_dstlen(inBufferSize)) {
return false;
}
[trafficserver] 02/07: Reuse TSMutex for ts_lua_http_intercept_handler (#8687)
Posted by bc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 18437672b2762ec9d694effffb5eee69986c7be0
Author: Oknet <xu...@skyguard.com.cn>
AuthorDate: Wed Apr 6 14:17:15 2022 +0800
Reuse TSMutex for ts_lua_http_intercept_handler (#8687)
(cherry picked from commit 1d850c16bca337e97540122d4211a6a1895ab115)
---
plugins/lua/ts_lua_http_intercept.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/plugins/lua/ts_lua_http_intercept.c b/plugins/lua/ts_lua_http_intercept.c
index d03bd0cbc..af8672299 100644
--- a/plugins/lua/ts_lua_http_intercept.c
+++ b/plugins/lua/ts_lua_http_intercept.c
@@ -22,7 +22,7 @@
static int ts_lua_http_intercept(lua_State *L);
static int ts_lua_http_server_intercept(lua_State *L);
static int ts_lua_http_intercept_entry(TSCont contp, TSEvent event, void *edata);
-static void ts_lua_http_intercept_process(ts_lua_http_intercept_ctx *ictx, TSVConn conn);
+static void ts_lua_http_intercept_process(ts_lua_http_intercept_ctx *ictx, TSCont contp, TSVConn conn);
static void ts_lua_http_intercept_setup_read(ts_lua_http_intercept_ctx *ictx);
static void ts_lua_http_intercept_setup_write(ts_lua_http_intercept_ctx *ictx);
static int ts_lua_http_intercept_handler(TSCont contp, TSEvent event, void *edata);
@@ -144,7 +144,7 @@ ts_lua_http_intercept_entry(TSCont contp, TSEvent event, void *edata)
break;
case TS_EVENT_NET_ACCEPT:
- ts_lua_http_intercept_process(ictx, (TSVConn)edata);
+ ts_lua_http_intercept_process(ictx, contp, (TSVConn)edata);
break;
default:
@@ -156,10 +156,9 @@ ts_lua_http_intercept_entry(TSCont contp, TSEvent event, void *edata)
}
static void
-ts_lua_http_intercept_process(ts_lua_http_intercept_ctx *ictx, TSVConn conn)
+ts_lua_http_intercept_process(ts_lua_http_intercept_ctx *ictx, TSCont contp, TSVConn conn)
{
int n;
- TSCont contp;
lua_State *L;
TSMutex mtxp;
ts_lua_cont_info *ci;
@@ -167,11 +166,9 @@ ts_lua_http_intercept_process(ts_lua_http_intercept_ctx *ictx, TSVConn conn)
ci = &ictx->cinfo;
mtxp = ictx->cinfo.routine.mctx->mutexp;
- contp = TSContCreate(ts_lua_http_intercept_handler, TSMutexCreate());
- TSContDataSet(contp, ictx);
-
- ci->contp = contp;
ci->mutex = TSContMutexGet(contp);
+ ci->contp = TSContCreate(ts_lua_http_intercept_handler, TSContMutexGet(contp));
+ TSContDataSet(ci->contp, ictx);
ictx->net_vc = conn;
[trafficserver] 05/07: Fixing the httpbin AuTests by pinning Werkzeug (#8765)
Posted by bc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 85e848496be4401a7fce8dcb6169d46d05e45772
Author: Brian Neradt <br...@gmail.com>
AuthorDate: Tue Mar 29 07:13:29 2022 -0500
Fixing the httpbin AuTests by pinning Werkzeug (#8765)
The AuTests using httpbin all started failing today when new AuTest
pipenv environments started using the 2.1.0 version of Werkzeug. This
new Werkzeug release removes its BaseResponse API because it has been
deprecated for a few releases. httpbin has a dependency upon
BaseResponse, however, and thus it currently fails with this latest
Werkzeug release. This patch temporarily pins Werkzeug until httpbin is
updated so that our httpbin AuTests can run.
(cherry picked from commit 57b10e2253f615c1ed0f7d84d2b5b60fb658cddd)
---
tests/Pipfile | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tests/Pipfile b/tests/Pipfile
index 40d8e4866..2739d8d0e 100644
--- a/tests/Pipfile
+++ b/tests/Pipfile
@@ -42,5 +42,11 @@ microserver = ">=1.0.6"
jsonschema = "*"
python-jose = "*"
+# The latest version of Werkzeug (2.1.0) breaks httpbin because it removes
+# deprecated function `BaseResponse` that httpbin directly or indirectly
+# depends upon. Pinning Wekrzeug for now until httpbin or its dependencies is
+# updated for the changed API.
+Werkzeug = "==2.0.3"
+
[requires]
python_version = "3"
[trafficserver] 01/07: include for access to C-string operations (#8786)
Posted by bc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 0d6f48d2fc88ae2802341fd3fc6cc79ac0a1dd4d
Author: Jered Floyd <je...@convivian.com>
AuthorDate: Mon Apr 11 12:46:26 2022 -0400
include <cstring> for access to C-string operations (#8786)
(cherry picked from commit 02e58e0da979f57c4a2763d31658225d7c460247)
---
plugins/experimental/icap/icap_plugin.cc | 1 +
plugins/experimental/redo_cache_lookup/redo_cache_lookup.cc | 1 +
2 files changed, 2 insertions(+)
diff --git a/plugins/experimental/icap/icap_plugin.cc b/plugins/experimental/icap/icap_plugin.cc
index 293bb8fb8..a44812509 100644
--- a/plugins/experimental/icap/icap_plugin.cc
+++ b/plugins/experimental/icap/icap_plugin.cc
@@ -26,6 +26,7 @@
*/
#include <string>
+#include <cstring>
#include <regex>
#include <netinet/in.h>
diff --git a/plugins/experimental/redo_cache_lookup/redo_cache_lookup.cc b/plugins/experimental/redo_cache_lookup/redo_cache_lookup.cc
index b2943091a..6b6c496c7 100644
--- a/plugins/experimental/redo_cache_lookup/redo_cache_lookup.cc
+++ b/plugins/experimental/redo_cache_lookup/redo_cache_lookup.cc
@@ -23,6 +23,7 @@
#include <iostream>
#include <regex>
+#include <cstring>
#include <set>
#include <sstream>
#include <getopt.h>
[trafficserver] 07/07: Update to proxy-verifier-v2.3.1 (#8753)
Posted by bc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 4f68da2b36ca2874c9ea682d6a68cd7a90e7ebfa
Author: Brian Neradt <br...@verizonmedia.com>
AuthorDate: Wed Mar 23 12:24:05 2022 -0500
Update to proxy-verifier-v2.3.1 (#8753)
Proxy Verifier version 2.3.1 actively closes the connection when the
proxy (ATS) returns a response with a "Connection: close" header. This
improves the stability of the cache-request-method AuTest, wherein ATS,
dependent upon packet timing, would sometimes return a "Connection:
close" and follow it with a TCP FIN. The FIN would then be processed by
the Verifier client after request headers were sent, which would
interrupt the traffic flow and cause the test to fail. With Verifier
version 2.3.1, this is avoided by the client actively closing the
connection when ATS returns the intermittent "Connection: close".
(cherry picked from commit b8b8154f44b595a5bd9e09ef0873cbac92949a79)
Conflicts:
tests/prepare_proxy_verifier.sh
tests/proxy-verifier-version.txt
---
tests/prepare_proxy_verifier.sh | 2 +-
tests/proxy-verifier-version.txt | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/prepare_proxy_verifier.sh b/tests/prepare_proxy_verifier.sh
index ff74c3860..3c75883ac 100755
--- a/tests/prepare_proxy_verifier.sh
+++ b/tests/prepare_proxy_verifier.sh
@@ -27,7 +27,7 @@ pv_dir="${pv_name}-${pv_version}"
pv_tar_filename="${pv_dir}.tar.gz"
pv_tar="${pv_top_dir}/${pv_tar_filename}"
pv_tar_url="https://ci.trafficserver.apache.org/bintray/${pv_tar_filename}"
-expected_sha1="d9a02aedae76d4952784c67716fddba0df274a28"
+expected_sha1="d602c299d1f1336c4970529ab7fef7afbbb8723b"
pv_client="${bin_dir}/verifier-client"
pv_server="${bin_dir}/verifier-server"
TAR=${TAR:-tar}
diff --git a/tests/proxy-verifier-version.txt b/tests/proxy-verifier-version.txt
index 6c8b2a3c3..aaf7425f4 100644
--- a/tests/proxy-verifier-version.txt
+++ b/tests/proxy-verifier-version.txt
@@ -1 +1 @@
-v2.2.2
+v2.3.1
[trafficserver] 04/07: Address issues with python 3.10 (#8729)
Posted by bc...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
bcall pushed a commit to branch 9.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 966106576674875e5a1fb77d476a8978e26d3bb5
Author: dragon512 <dr...@live.com>
AuthorDate: Thu Mar 17 16:38:28 2022 -0500
Address issues with python 3.10 (#8729)
(cherry picked from commit 9bed7f25ef93df0e2b0546f981a48b172e5b113d)
---
tests/Pipfile | 2 +-
tests/gold_tests/autest-site/ordered_set_queue.py | 7 ++++++-
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/tests/Pipfile b/tests/Pipfile
index 321872ecd..40d8e4866 100644
--- a/tests/Pipfile
+++ b/tests/Pipfile
@@ -26,7 +26,7 @@ pyflakes = "*"
[packages]
# Keep init.cli.ext updated with this required autest version.
-autest = "==1.10.0"
+autest = "==1.10.1"
traffic-replay = "*" # this should install TRLib, MicroServer, MicroDNS, Traffic-Replay
hyper = "*"
diff --git a/tests/gold_tests/autest-site/ordered_set_queue.py b/tests/gold_tests/autest-site/ordered_set_queue.py
index 5001cf7ad..789301da3 100644
--- a/tests/gold_tests/autest-site/ordered_set_queue.py
+++ b/tests/gold_tests/autest-site/ordered_set_queue.py
@@ -19,6 +19,11 @@ Implement an OrderedSetQueue
import collections
+try:
+ collectionsAbc = collections.abc
+except AttributeError:
+ collectionsAbc = collections
+
try:
import queue as Queue
except ImportError:
@@ -30,7 +35,7 @@ except ImportError:
# https://code.activestate.com/recipes/576694/
#
-class OrderedSet(collections.MutableSet):
+class OrderedSet(collectionsAbc.MutableSet):
def __init__(self, iterable=None):
self.end = end = []