diff --git a/CVE-2022-47184.patch b/CVE-2022-47184.patch deleted file mode 100644 index 2594e2c40f7d85c274d25f676968505c434cc27c..0000000000000000000000000000000000000000 --- a/CVE-2022-47184.patch +++ /dev/null @@ -1,105 +0,0 @@ -From c371b7b21a7e774f852af86b85c87d5d877a14bd Mon Sep 17 00:00:00 2001 -From: Bryan Call -Date: Tue, 6 Jun 2023 15:23:04 -0700 -Subject: [PATCH] Deny the TRACE method by default (#9788) - -(cherry picked from commit 105af3ca30e59fbb89013e83a484a04559b4cf25) ---- - configs/ip_allow.yaml.default | 4 +++- - doc/admin-guide/files/ip_allow.yaml.en.rst | 9 ++++++--- - tests/gold_tests/autest-site/min_cfg/ip_allow.yaml | 4 +++- - 3 files changed, 12 insertions(+), 5 deletions(-) - -diff --git a/configs/ip_allow.yaml.default b/configs/ip_allow.yaml.default -index ff3627d23e8..16db1d2845a 100644 ---- a/configs/ip_allow.yaml.default -+++ b/configs/ip_allow.yaml.default -@@ -24,7 +24,7 @@ - # Rules are applied in the order listed starting from the top. - # That means you generally want to append your rules after the ones listed here. - # --# Allow anything on localhost, limit destructive methods elsewhere. -+# Allow anything on localhost, limit destructive and debug methods elsewhere. - ip_allow: - - apply: in - ip_addrs: 127.0.0.1 -@@ -41,6 +41,7 @@ ip_allow: - - PURGE - - PUSH - - DELETE -+ - TRACE - - apply: in - ip_addrs: ::/0 - action: deny -@@ -48,3 +49,4 @@ ip_allow: - - PURGE - - PUSH - - DELETE -+ - TRACE -diff --git a/doc/admin-guide/files/ip_allow.yaml.en.rst b/doc/admin-guide/files/ip_allow.yaml.en.rst -index 1f1843e21ac..db2e58dfa46 100644 ---- a/doc/admin-guide/files/ip_allow.yaml.en.rst -+++ b/doc/admin-guide/files/ip_allow.yaml.en.rst -@@ -60,6 +60,7 @@ Format - - PURGE - - PUSH - - DELETE -+ - TRACE - - apply: in - ip_addrs: ::/0 - action: deny -@@ -67,6 +68,7 @@ Format - - PURGE - - PUSH - - DELETE -+ - TRACE - - Each rule is a mapping. The YAML data must have a top level key of "ip_allow" and its value must - be a mapping or a sequence of mappings, each of those being one rule. -@@ -106,7 +108,8 @@ the specified methods are denied and all other methods are allowed. - For example, from the default configuration, the rule for ``127.0.0.1`` is ``allow`` with all - methods. Therefore an inbound connection from the loopback address (127.0.0.1) is allowed to use any - method. The general IPv4 rule, covering all IPv4 address, is a ``deny`` rule and therefore when it --matches the methods "PURGE", "PUSH", and "DELETE", these methods are denied and any other method is allowed. -+matches the methods "PURGE", "PUSH", "DELETE", and "TRACE", these methods are denied and any other method -+is allowed. - - The rules are matched in order, by IP address, therefore the general IPv4 rule does not apply to the - loopback address because the latter is matched first. -@@ -224,8 +227,8 @@ As a final example, here is the default configuration in compact form:: - ip_allow: [ - { apply: in, ip_addrs: 127.0.0.1, action: allow }, - { apply: in, ip_addrs: "::1", action: allow }, -- { apply: in, ip_addrs: 0/0, action: deny, methods: [ PURGE, PUSH, DELETE ] }, -- { apply: in, ip_addrs: "::/0", action: deny, methods: [ PURGE, PUSH, DELETE ] } -+ { apply: in, ip_addrs: 0/0, action: deny, methods: [ PURGE, PUSH, DELETE, TRACE ] }, -+ { apply: in, ip_addrs: "::/0", action: deny, methods: [ PURGE, PUSH, DELETE, TRACE ] } - ] - - .. note:: -diff --git a/tests/gold_tests/autest-site/min_cfg/ip_allow.yaml b/tests/gold_tests/autest-site/min_cfg/ip_allow.yaml -index d13c27516ac..841286477cb 100644 ---- a/tests/gold_tests/autest-site/min_cfg/ip_allow.yaml -+++ b/tests/gold_tests/autest-site/min_cfg/ip_allow.yaml -@@ -13,7 +13,7 @@ - # or implied. See the License for the specific language governing permissions and limitations under - # the License. - --# Allow anything on localhost, limit destructive methods elsewhere. -+# Allow anything on localhost, limit destructive and debug methods elsewhere. - ip_allow: - - apply: in - ip_addrs: 127.0.0.1 -@@ -34,6 +34,7 @@ ip_allow: - - PURGE - - PUSH - - DELETE -+ - TRACE - - apply: in - ip_addrs: ::/0 - action: deny -@@ -41,3 +42,4 @@ ip_allow: - - PURGE - - PUSH - - DELETE -+ - TRACE diff --git a/CVE-2023-33933.patch b/CVE-2023-33933.patch deleted file mode 100644 index 98654530a1736d3e385b067e6dbfa722eeef89e0..0000000000000000000000000000000000000000 --- a/CVE-2023-33933.patch +++ /dev/null @@ -1,202 +0,0 @@ -From 726a79cb2f70fcbe0e2139aab3fe56930d3d8c27 Mon Sep 17 00:00:00 2001 -From: Masakazu Kitajo -Date: Thu, 8 Jun 2023 02:27:52 +0900 -Subject: [PATCH] s3_auth: Fix hash calculation (#9779) - -(cherry picked from commit 867c48c1adf9e795c8d85c48d2d0f07f08aa87ec) ---- - plugins/s3_auth/aws_auth_v4.cc | 5 +++++ - plugins/s3_auth/aws_auth_v4.h | 1 + - plugins/s3_auth/aws_auth_v4_wrap.h | 5 +++++ - plugins/s3_auth/unit_tests/test_aws_auth_v4.cc | 14 ++++++++++++++ - plugins/s3_auth/unit_tests/test_aws_auth_v4.h | 7 +++++++ - 5 files changed, 32 insertions(+) - -diff --git a/plugins/s3_auth/aws_auth_v4.cc b/plugins/s3_auth/aws_auth_v4.cc -index 3f9aea0..6ba76d8 100644 ---- a/plugins/s3_auth/aws_auth_v4.cc -+++ b/plugins/s3_auth/aws_auth_v4.cc -@@ -303,6 +303,11 @@ getCanonicalRequestSha256Hash(TsInterface &api, bool signPayload, const StringSe - str = api.getPath(&length); - String path("/"); - path.append(str, length); -+ str = api.getParams(&length); -+ if (length > 0) { -+ path.append(";", 1); -+ path.append(str, length); -+ } - String canonicalUri = canonicalEncode(path, /* isObjectName */ true); - sha256Update(&canonicalRequestSha256Ctx, canonicalUri); - sha256Update(&canonicalRequestSha256Ctx, "\n"); -diff --git a/plugins/s3_auth/aws_auth_v4.h b/plugins/s3_auth/aws_auth_v4.h -index 865a199..984bc62 100644 ---- a/plugins/s3_auth/aws_auth_v4.h -+++ b/plugins/s3_auth/aws_auth_v4.h -@@ -47,6 +47,7 @@ public: - virtual const char *getMethod(int *length) = 0; - virtual const char *getHost(int *length) = 0; - virtual const char *getPath(int *length) = 0; -+ virtual const char *getParams(int *length) = 0; - virtual const char *getQuery(int *length) = 0; - virtual HeaderIterator headerBegin() = 0; - virtual HeaderIterator headerEnd() = 0; -diff --git a/plugins/s3_auth/aws_auth_v4_wrap.h b/plugins/s3_auth/aws_auth_v4_wrap.h -index 72221c3..3ed858a 100644 ---- a/plugins/s3_auth/aws_auth_v4_wrap.h -+++ b/plugins/s3_auth/aws_auth_v4_wrap.h -@@ -108,6 +108,11 @@ public: - return TSUrlPathGet(_bufp, _url, len); - } - const char * -+ getParams(int *len) override -+ { -+ return TSUrlHttpParamsGet(_bufp, _url, len); -+ } -+ const char * - getQuery(int *len) override - { - return TSUrlHttpQueryGet(_bufp, _url, len); -diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc -index 595fe00..a11213c 100644 ---- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc -+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.cc -@@ -404,6 +404,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Object", "[AWS][auth][SpecByExample]") - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign("test.txt"); -+ api._params.assign(""); - api._query.assign(""); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("Range", "bytes=0-9")); -@@ -449,6 +450,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket Lifecycle", "[AWS][auth][SpecByExamp - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("lifecycle"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); -@@ -493,6 +495,7 @@ TEST_CASE("AWSAuthSpecByExample: Get Bucket List Objects", "[AWS][auth][SpecByEx - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("x-amz-content-sha256", "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855")); -@@ -584,6 +587,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, unsigned pay-load, exc - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD")); -@@ -633,6 +637,7 @@ TEST_CASE("AWSAuthSpecByExample: GET Bucket List Objects, query param value alre - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign("PATH=="); -+ api._params.assign(""); - api._query.assign("key=TEST=="); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD")); -@@ -679,6 +684,7 @@ TEST_CASE("S3AuthV4UtilParams: signing multiple same name fields", "[AWS][auth][ - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("Content-Type", "gzip")); -@@ -777,6 +783,7 @@ TEST_CASE("S3AuthV4UtilParams: include all headers explicit", "[AWS][auth][SpecB - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("Content-Type", "gzip")); -@@ -812,6 +819,7 @@ TEST_CASE("S3AuthV4UtilParams: exclude all headers explicit", "[AWS][auth][utili - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("Content-Type", "gzip")); -@@ -847,6 +855,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude non overlapping headers", "[AWS][ - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("Content-Type", "gzip")); -@@ -881,6 +890,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers", "[AWS][auth - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("Content-Type", "gzip")); -@@ -916,6 +926,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing inclu - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("Content-Type", "gzip")); -@@ -951,6 +962,7 @@ TEST_CASE("S3AuthV4UtilParams: include/exclude overlapping headers missing exclu - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("Content-Type", "gzip")); -@@ -989,6 +1001,7 @@ TEST_CASE("S3AuthV4UtilParams: include content type", "[AWS][auth][utility]") - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("Content-Type", "gzip")); -@@ -1022,6 +1035,7 @@ TEST_CASE("S3AuthV4UtilParams: include missing content type", "[AWS][auth][utili - api._method.assign("GET"); - api._host.assign("examplebucket.s3.amazonaws.com"); - api._path.assign(""); -+ api._params.assign(""); - api._query.assign("max-keys=2&prefix=J"); - api._headers.insert(std::make_pair("Host", "examplebucket.s3.amazonaws.com")); - api._headers.insert(std::make_pair("x-amz-content-sha256", "UNSIGNED-PAYLOAD")); -diff --git a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h -index e295d75..e4eb454 100644 ---- a/plugins/s3_auth/unit_tests/test_aws_auth_v4.h -+++ b/plugins/s3_auth/unit_tests/test_aws_auth_v4.h -@@ -95,6 +95,12 @@ public: - return _path.c_str(); - } - const char * -+ getParams(int *length) -+ { -+ *length = _params.length(); -+ return _params.c_str(); -+ } -+ const char * - getQuery(int *length) - { - *length = _query.length(); -@@ -114,6 +120,7 @@ public: - String _method; - String _host; - String _path; -+ String _params; - String _query; - HeaderMultiMap _headers; - }; --- -2.30.0 - diff --git a/add-loong64-support.patch b/add-loong64-support.patch new file mode 100644 index 0000000000000000000000000000000000000000..06f1296fce8729144e3f6cb9b91d708873a954c2 --- /dev/null +++ b/add-loong64-support.patch @@ -0,0 +1,39 @@ +From d52504bbf8673d1f33f9926933eece1eaf0b31c5 Mon Sep 17 00:00:00 2001 +From: Wenlong Zhang +Date: Fri, 12 Jul 2024 07:23:25 +0000 +Subject: [PATCH] add loong64 support for trafficserver + +--- + include/tscore/ink_queue.h | 2 +- + iocore/eventsystem/UnixEventProcessor.cc | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/tscore/ink_queue.h b/include/tscore/ink_queue.h +index ef79752..a9fb1b5 100644 +--- a/include/tscore/ink_queue.h ++++ b/include/tscore/ink_queue.h +@@ -139,7 +139,7 @@ union head_p { + #define SET_FREELIST_POINTER_VERSION(_x, _p, _v) \ + (_x).s.pointer = _p; \ + (_x).s.version = _v +-#elif defined(__x86_64__) || defined(__ia64__) || defined(__powerpc64__) || defined(__mips64) || defined(__riscv) ++#elif defined(__x86_64__) || defined(__ia64__) || defined(__powerpc64__) || defined(__mips64) || defined(__riscv) || defined(__loongarch64) + /* Layout of FREELIST_POINTER + * + * 0 ~ 47 bits : 48 bits, Virtual Address +diff --git a/iocore/eventsystem/UnixEventProcessor.cc b/iocore/eventsystem/UnixEventProcessor.cc +index 0c123c1..3fb27cb 100644 +--- a/iocore/eventsystem/UnixEventProcessor.cc ++++ b/iocore/eventsystem/UnixEventProcessor.cc +@@ -141,7 +141,7 @@ void + ThreadAffinityInitializer::setup_stack_guard(void *stack, int stackguard_pages) + { + #if !(defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__arm64__) || defined(__aarch64__) || \ +- defined(__mips__) || defined(__powerpc64__) || defined(__riscv)) ++ defined(__mips__) || defined(__powerpc64__) || defined(__riscv) || defined(__loongarch64)) + #error Unknown stack growth direction. Determine the stack growth direction of your platform. + // If your stack grows upwards, you need to change this function and the calculation of stack_begin in do_alloc_stack. + #endif +-- +2.43.0 + diff --git a/add-riscv-support.patch b/add-riscv-support.patch new file mode 100644 index 0000000000000000000000000000000000000000..c77a40ab3160b84be4eb40ae37d7a6808bce6d52 --- /dev/null +++ b/add-riscv-support.patch @@ -0,0 +1,38 @@ +diff -Nur a/build/_aux/config.guess b/build/_aux/config.guess +--- a/build/_aux/config.guess 2023-10-10 04:36:24.000000000 +0800 ++++ b/build/_aux/config.guess 2023-10-26 15:56:04.249689094 +0800 +@@ -978,6 +978,9 @@ + aarch64:Linux:*:*) + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC + ;; ++ riscv64:Linux:*:*) ++ GUESS=$UNAME_MACHINE-unknown-linux-$LIBC ++ ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + GUESS=$UNAME_MACHINE-unknown-linux-$LIBC +diff -Nur a/include/tscore/ink_queue.h b/include/tscore/ink_queue.h +--- a/include/tscore/ink_queue.h 2023-10-10 04:36:24.000000000 +0800 ++++ b/include/tscore/ink_queue.h 2023-10-26 16:00:51.693855882 +0800 +@@ -139,7 +139,7 @@ + #define SET_FREELIST_POINTER_VERSION(_x, _p, _v) \ + (_x).s.pointer = _p; \ + (_x).s.version = _v +-#elif defined(__x86_64__) || defined(__ia64__) || defined(__powerpc64__) || defined(__mips64) ++#elif defined(__x86_64__) || defined(__ia64__) || defined(__powerpc64__) || defined(__mips64) || defined(__riscv) + /* Layout of FREELIST_POINTER + * + * 0 ~ 47 bits : 48 bits, Virtual Address +diff --git a/iocore/eventsystem/UnixEventProcessor.cc b/iocore/eventsystem/UnixEventProcessor.cc +index 7980f08..1f9f30d 100644 +--- a/iocore/eventsystem/UnixEventProcessor.cc ++++ b/iocore/eventsystem/UnixEventProcessor.cc +@@ -141,7 +141,7 @@ void + ThreadAffinityInitializer::setup_stack_guard(void *stack, int stackguard_pages) + { + #if !(defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__arm64__) || defined(__aarch64__) || \ +- defined(__mips__) || defined(__powerpc64__)) ++ defined(__mips__) || defined(__powerpc64__) || defined(__riscv)) + #error Unknown stack growth direction. Determine the stack growth direction of your platform. + // If your stack grows upwards, you need to change this function and the calculation of stack_begin in do_alloc_stack. + #endif diff --git a/trafficserver-9.1.4.tar.bz2 b/trafficserver-9.2.5.tar.bz2 similarity index 54% rename from trafficserver-9.1.4.tar.bz2 rename to trafficserver-9.2.5.tar.bz2 index dddff2a530a1fab5440676c801eb28cbd7bc9657..3a615d015e559cfcd866eb9f50fc9fc4502126b9 100644 Binary files a/trafficserver-9.1.4.tar.bz2 and b/trafficserver-9.2.5.tar.bz2 differ diff --git a/trafficserver.spec b/trafficserver.spec index 19d0d3efc24b70ced8772fd2a4a40b881773b24b..53d48adfaabcf6949e28f30dc94db9f5519c0832 100644 --- a/trafficserver.spec +++ b/trafficserver.spec @@ -1,6 +1,7 @@ %define _hardened_build 1 +%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler} Name: trafficserver -Version: 9.1.4 +Version: 9.2.5 Release: 2 Summary: Apache Traffic Server, a reverse, forward and transparent HTTP proxy cache License: Apache-2.0 @@ -11,13 +12,11 @@ Patch0001: Fix-status-failure-after-stopping-service.patch Patch0002: Fix-log-in-debug-mode.patch Patch0003: config-layout-openEuler.patch Patch0004: Modify-storage.config-for-traffic_cache_tool.patch -# https://github.com/apache/trafficserver/commit/c371b7b21a7e774f852af86b85c87d5d877a14bd -Patch0005: CVE-2022-47184.patch -# https://github.com/apache/trafficserver/commit/726a79cb2f70fcbe0e2139aab3fe56930d3d8c27 -Patch0006: CVE-2023-33933.patch +Patch0005: add-riscv-support.patch +Patch0006: add-loong64-support.patch BuildRequires: expat-devel hwloc-devel openssl-devel pcre-devel zlib-devel xz-devel -BuildRequires: libcurl-devel ncurses-devel gcc gcc-c++ perl-ExtUtils-MakeMaker -BuildRequires: libcap-devel cmake libunwind-devel automake +BuildRequires: libcurl-devel ncurses-devel gcc-toolset-10-gcc gcc-toolset-10-gcc-c++ perl-ExtUtils-MakeMaker +BuildRequires: libcap-devel cmake libunwind-devel automake chrpath Requires: expat hwloc openssl pcre zlib xz libcurl Requires: systemd ncurses pkgconfig libcap initscripts Requires(postun): systemd @@ -41,9 +40,11 @@ This package contains some Perl APIs for talking to the ATS management port. %autosetup -n %{name}-%{version} -p1 %build +export PATH=/opt/%{vendor}/gcc-toolset-10/root/usr/bin:$PATH + autoreconf ./configure \ - --enable-layout=openEuler \ + --enable-layout=%{vendor} \ --libdir=%{_libdir}/trafficserver \ --libexecdir=%{_libdir}/trafficserver/plugins \ --enable-experimental-plugins \ @@ -69,6 +70,23 @@ mkdir -p %{buildroot}%{_datadir}/pkgconfig mv %{buildroot}%{_libdir}/trafficserver/pkgconfig/trafficserver.pc %{buildroot}%{_datadir}/pkgconfig rm -f %{buildroot}%{_bindir}/trafficserver +chrpath -d %{buildroot}%{_bindir}/traffic_crashlog +chrpath -d %{buildroot}%{_bindir}/traffic_ctl +chrpath -d %{buildroot}%{_bindir}/traffic_layout +chrpath -d %{buildroot}%{_bindir}/traffic_logcat +chrpath -d %{buildroot}%{_bindir}/traffic_logstats +chrpath -d %{buildroot}%{_bindir}/traffic_manager +chrpath -d %{buildroot}%{_bindir}/traffic_server +chrpath -d %{buildroot}%{_bindir}/traffic_top +chrpath -d %{buildroot}%{_bindir}/traffic_via +chrpath -d %{buildroot}%{_libdir}/trafficserver/libtscore.so.%{version} +chrpath -d %{buildroot}%{_libdir}/trafficserver/libtsmgmt.so.%{version} +chrpath -d %{buildroot}%{_libdir}/trafficserver/plugins/server_push_preload.so +chrpath -d %{buildroot}%{_libdir}/trafficserver/plugins/redo_cache_lookup.so + +mkdir -p %{buildroot}/etc/ld.so.conf.d +echo "%{_libdir}/%{name}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf + %post /sbin/ldconfig %systemd_post trafficserver.service @@ -88,7 +106,7 @@ getent passwd ats >/dev/null || useradd -r -u 176 -g ats -d / -s /sbin/nologin - %defattr(-, root, root, -) %{!?_licensedir:%global license %%doc} %license LICENSE -%doc README CHANGELOG* NOTICE STATUS +%doc README.md CHANGELOG* NOTICE STATUS %config(noreplace) /usr/etc/trafficserver/* %{_bindir}/traffic_* %{_bindir}/tspush @@ -103,6 +121,7 @@ getent passwd ats >/dev/null || useradd -r -u 176 -g ats -d / -s /sbin/nologin - %attr(0755, ats, ats) %dir /usr/var/trafficserver/cache %attr(0644, ats, ats) /usr/etc/trafficserver/*.config %attr(0644, ats, ats) /usr/etc/trafficserver/*.yaml +/etc/ld.so.conf.d/%{name}-%{_arch}.conf %files perl %defattr(-,root,root,-) @@ -117,8 +136,29 @@ getent passwd ats >/dev/null || useradd -r -u 176 -g ats -d / -s /sbin/nologin - %{_datadir}/pkgconfig/trafficserver.pc %changelog -* Tue Dec 19 2023 yaoxin - 9.1.4-2 -- Fix CVE-2022-47184 and CVE-2023-33933 +* Thu Oct 17 2024 wangkai <13474090681@163.com> - 9.2.5-2 +- Replace openEuler with vendor + +* Mon Jul 29 2024 wangkai <13474090681@163.com> - 9.2.5-1 +- Update to 9.2.5 for fix CVE-2023-38522, CVE-2024-35161, CVE-2024-35296 + +* Fri Jul 12 2024 Wenlong Zhang - 9.2.3-4 +- add loong64 support for trafficserver + +* Thu May 30 2024 laokz - 9.2.3-3 +- Update riscv64 patch + +* Sun Apr 07 2024 wangkai <13474090681@163.com> - 9.2.3-2 +- Fix CVE-2024-31309 + +* Thu Oct 26 2023 wulei - 9.2.3-1 +- Update to 9.2.3 + +* Fri Jun 30 2023 zhangxiang - 9.1.4-3 +- add riscv support + +* Fri Mar 03 2023 Ge Wang - 9.1.4-2 +- Remove rpath * Tue Dec 27 2022 jiangpeng - 9.1.4-1 - Update to 9.1.4 to fix CVE-2022-37392 and CVE-2022-32749 and CVE-2022-40743 @@ -138,6 +178,9 @@ getent passwd ats >/dev/null || useradd -r -u 176 -g ats -d / -s /sbin/nologin - * Thu May 19 2022 wangkai - 9.1.2-1 - Update to 9.1.2 for fix CVE-2021-44040 +* Mon May 09 2022 wulei - 9.1.0-5 +- Fix traffic_top build when using -Werror=format-security + * Sat Nov 13 2021 caodongxia - 9.1.0-4 - fix log in debug mode