[trafficserver] branch master updated: Fixes coverity issues 1390794 and 1390798.

[jrushford]

This is an automated email from the ASF dual-hosted git repository.

jrushford pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new 22193e7  Fixes coverity issues 1390794 and 1390798.
22193e7 is described below

commit 22193e7d14a64b9a621697496862eec883d27906
Author: John Rushford 
AuthorDate: Wed May 9 13:59:13 2018 +

Fixes coverity issues 1390794 and 1390798.
---
 proxy/HostStatus.cc | 11 +++
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/proxy/HostStatus.cc b/proxy/HostStatus.cc
index 0366feb..3413f82 100644
--- a/proxy/HostStatus.cc
+++ b/proxy/HostStatus.cc
@@ -94,14 +94,15 @@ HostStatus_t
 HostStatus::getHostStatus(const char *name)
 {
   intptr_t _status = HostStatus_t::HOST_STATUS_INIT;
+  int lookup   = 0;
 
   // the hash table value pointer has the HostStatus_t value.
   ink_rwlock_rdlock(_status_rwlock);
-  ink_hash_table_lookup(hosts_statuses, name, reinterpret_cast(&_status));
+  lookup = ink_hash_table_lookup(hosts_statuses, name, reinterpret_cast(&_status));
   ink_rwlock_unlock(_status_rwlock);
   Debug("host_statuses", "name: %s, status: %d", name, 
static_cast(_status));
 
-  return static_cast(_status);
+  return lookup == 0 ? HostStatus_t::HOST_STATUS_INIT : 
static_cast(_status);
 }
 
 void
@@ -124,11 +125,13 @@ HostStatus::createHostStat(const char *name)
 int
 HostStatus::getHostStatId(const char *name)
 {
+  int lookup   = 0;
   intptr_t _id = -1;
+
   ink_rwlock_rdlock(_statids_rwlock);
-  ink_hash_table_lookup(hosts_stats_ids, name, reinterpret_cast(&_id));
+  lookup = ink_hash_table_lookup(hosts_stats_ids, name, reinterpret_cast(&_id));
   ink_rwlock_unlock(_statids_rwlock);
   Debug("host_statuses", "name: %s, id: %d", name, static_cast(_id));
 
-  return static_cast(_id);
+  return lookup == 0 ? -1 : static_cast(_id);
 }

-- 
To stop receiving notification emails like this one, please contact
jrushf...@apache.org.

[trafficserver] branch master updated: Fix Coverity ID 1022023

[shinrich]

This is an automated email from the ASF dual-hosted git repository.

shinrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new 319dd3c  Fix Coverity ID 1022023
319dd3c is described below

commit 319dd3cbfd02631ba627c4deceaf284317d2856f
Author: Susan Hinrichs 
AuthorDate: Wed May 9 13:07:23 2018 +

Fix Coverity ID 1022023
---
 proxy/http/HttpTransact.cc | 5 -
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 4f23bbc..12ddf0b 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -5390,7 +5390,10 @@ HttpTransact::handle_trace_and_options_requests(State 
*s, HTTPHdr *incoming_hdr)
 return true;
   } else { /* max-forwards != 0 */
 
-if ((max_forwards <= 0) || (max_forwards > INT_MAX)) {
+// Logically want to make sure max_forwards is a legitimate non-zero 
non-negative integer
+// Since max_fowards is a signed integer, no sense making sure it is less 
than INT_MAX.
+// Would be negative in that case. Noted by coverity
+if (max_forwards <= 0) {
   Log::error("HTTP: snapping invalid max-forwards value %d to %d", 
max_forwards, INT_MAX);
   max_forwards = INT_MAX;
 }

-- 
To stop receiving notification emails like this one, please contact
shinr...@apache.org.

[trafficserver] branch master updated: No need to walk the buckets for cache scan

[paziz]

This is an automated email from the ASF dual-hosted git repository.

paziz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new 9109ce9  No need to walk the buckets for cache scan
9109ce9 is described below

commit 9109ce99038dc7260539b41dd71fb31b3f494a85
Author: Persia Aziz 
AuthorDate: Tue May 8 17:12:43 2018 -0500

No need to walk the buckets for cache scan
---
 cmd/traffic_cache_tool/CacheTool.cc | 4 
 1 file changed, 4 deletions(-)

diff --git a/cmd/traffic_cache_tool/CacheTool.cc 
b/cmd/traffic_cache_tool/CacheTool.cc
index 6602f71..05c13dd 100644
--- a/cmd/traffic_cache_tool/CacheTool.cc
+++ b/cmd/traffic_cache_tool/CacheTool.cc
@@ -1356,11 +1356,8 @@ void static scan_span(Span *span)
   for (auto strp : span->_stripes) {
 strp->loadMeta();
 strp->loadDir();
-strp->walk_all_buckets();
 CacheScan cs(strp);
 cs.Scan();
-
-// break; // to be removed
   }
 }
 
@@ -1374,7 +1371,6 @@ Scan_Cache()
 cache.dumpSpans(Cache::SpanDumpDepth::SPAN);
 for (auto sp : cache._spans) {
   threadPool.emplace_back(scan_span, sp); // move constructor is necessary 
since std::thread is non copyable
-  // break; // to be removed
 }
 for (auto  : threadPool)
   th.join();

-- 
To stop receiving notification emails like this one, please contact
pa...@apache.org.

[trafficserver] branch 7.1.x updated: Expanding the cases where the server_entry gets cleared on error.

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/7.1.x by this push:
 new f1e3e4e  Expanding the cases where the server_entry gets cleared on 
error.
f1e3e4e is described below

commit f1e3e4e0afee68a33848864c4a54038efddfaab4
Author: Susan Hinrichs 
AuthorDate: Tue Jan 23 08:57:54 2018 -0600

Expanding the cases where the server_entry gets cleared on error.

(cherry picked from commit 784ba4383db72892ba794a7b83904af370b6f35a)

 Conflicts:
proxy/http/HttpTransact.cc
---
 proxy/http/HttpSM.cc   | 18 +++---
 proxy/http/HttpTransact.cc |  5 ++---
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc
index fb7cf87..f734ad9 100644
--- a/proxy/http/HttpSM.cc
+++ b/proxy/http/HttpSM.cc
@@ -5487,14 +5487,16 @@ HttpSM::handle_server_setup_error(int event, void *data)
 ua_producer->alive = false;
 ua_producer->handler_state = HTTP_SM_POST_SERVER_FAIL;
 tunnel.handleEvent(VC_EVENT_ERROR, c->write_vio);
+return;
   }
 } else {
   // c could be null here as well
   if (c != nullptr) {
 tunnel.handleEvent(event, c->write_vio);
+return;
   }
 }
-return;
+// If there is no consumer, let the event pass through to shutdown
   } else {
 if (post_transform_info.vc) {
   HttpTunnelConsumer *c = tunnel.get_consumer(post_transform_info.vc);
@@ -5531,15 +5533,17 @@ HttpSM::handle_server_setup_error(int event, void *data)
 // if (vio->op == VIO::WRITE && vio->ndone == 0) {
 if (server_entry->write_vio && server_entry->write_vio->nbytes > 0 && 
server_entry->write_vio->ndone == 0) {
   t_state.current.state = HttpTransact::CONNECTION_ERROR;
-  if (server_entry) {
-ink_assert(server_entry->vc_type == HTTP_SERVER_VC);
-vc_table.cleanup_entry(server_entry);
-server_entry   = nullptr;
-server_session = nullptr;
-  }
 } else {
   t_state.current.state = HttpTransact::INACTIVE_TIMEOUT;
 }
+// Clean up the vc_table entry so any events in play to the timed out 
server vio
+// don't get handled.  The connection isn't there.
+if (server_entry) {
+  ink_assert(server_entry->vc_type == HTTP_SERVER_VC);
+  vc_table.cleanup_entry(server_entry);
+  server_entry   = nullptr;
+  server_session = nullptr;
+}
 break;
   default:
 ink_release_assert(0);
diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index 2178b33..c4cd9bf 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -6587,10 +6587,9 @@ HttpTransact::is_request_retryable(State *s)
 {
   // If safe requests are  retryable, it should be safe to retry safe requests 
irrespective of bytes sent or connection state
   // according to RFC the following methods are safe 
(https://tools.ietf.org/html/rfc7231#section-4.2.1)
-  // If there was no error establishing the connection (and we sent bytes)-- 
we cannot retry
+  // Otherwise, if there was no error establishing the connection (and we sent 
bytes)-- we cannot retry
   if (!(s->txn_conf->safe_requests_retryable && 
HttpTransactHeaders::is_method_safe(s->method)) &&
-  (s->current.state != CONNECTION_ERROR && 
s->state_machine->server_request_hdr_bytes > 0 &&
-   s->state_machine->get_server_session()->get_netvc()->outstanding() != 
s->state_machine->server_request_hdr_bytes)) {
+  s->current.state != CONNECTION_ERROR && 
s->state_machine->server_request_hdr_bytes > 0) {
 return false;
   }
 

-- 
To stop receiving notification emails like this one, please contact
zw...@apache.org.

[trafficserver] 03/06: Fixes uninitialized argument value use in HttpTransact::issue_revalidate

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 34199fb784856a42814c8d20e562ef8b026a21dd
Author: Randall Meyer 
AuthorDate: Mon May 7 14:48:33 2018 +0100

Fixes uninitialized argument value use in HttpTransact::issue_revalidate

issue found by clang-analyzer

(cherry picked from commit 7d5e0a1f03528d36b89f51387da18a652067004e)
---
 proxy/http/HttpTransact.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/proxy/http/HttpTransact.cc b/proxy/http/HttpTransact.cc
index bcd383b..2178b33 100644
--- a/proxy/http/HttpTransact.cc
+++ b/proxy/http/HttpTransact.cc
@@ -2360,8 +2360,9 @@ HttpTransact::issue_revalidate(State *s)
   // make this a conditional request
   int length;
   const char *str = c_resp->value_get(MIME_FIELD_LAST_MODIFIED, 
MIME_LEN_LAST_MODIFIED, );
-
-  s->hdr_info.server_request.value_set(MIME_FIELD_IF_MODIFIED_SINCE, 
MIME_LEN_IF_MODIFIED_SINCE, str, length);
+  if (str) {
+s->hdr_info.server_request.value_set(MIME_FIELD_IF_MODIFIED_SINCE, 
MIME_LEN_IF_MODIFIED_SINCE, str, length);
+  }
   if (!s->cop_test_page)
 DUMP_HEADER("http_hdrs", >hdr_info.server_request, 
s->state_machine_id, "Proxy's Request (Conditionalized)");
 }

-- 
To stop receiving notification emails like this one, please contact
zw...@apache.org.

[trafficserver] 04/06: Fixed off-by-one error in select_best_srv.

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 4f2aa690b313796f3069f78e56c6ec1392e79b28
Author: Chris Lemmons 
AuthorDate: Tue May 8 15:54:42 2018 +

Fixed off-by-one error in select_best_srv.

This error may never actually occur, it was reported by clang-analyzer. This
just ensures that in no case does the loop run one past the end of the 
array.

(cherry picked from commit aa97de6162ac53f733c1e7a97fcb2350779d6ed8)
---
 iocore/hostdb/P_HostDBProcessor.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iocore/hostdb/P_HostDBProcessor.h 
b/iocore/hostdb/P_HostDBProcessor.h
index a830b79..8e3bd77 100644
--- a/iocore/hostdb/P_HostDBProcessor.h
+++ b/iocore/hostdb/P_HostDBProcessor.h
@@ -373,7 +373,7 @@ HostDBRoundRobin::select_best_srv(char *target, InkRand 
*rand, ink_time_t now, i
 result = (current++ % len);
   } else {
 uint32_t xx = rand->random() % weight;
-for (i = 0; i < len && xx >= infos[i]->data.srv.srv_weight; ++i)
+for (i = 0; i < len - 1 && xx >= infos[i]->data.srv.srv_weight; ++i)
   xx -= infos[i]->data.srv.srv_weight;
 
 result = infos[i];

-- 
To stop receiving notification emails like this one, please contact
zw...@apache.org.

[trafficserver] 06/06: Corrects marshaling of source ip and port

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit efc6e1d6bda6620e47456b14be263aeec95e553d
Author: Derek Dagit 
AuthorDate: Mon Apr 30 18:06:39 2018 -0500

Corrects marshaling of source ip and port

(cherry picked from commit 01201739e252f84e7c8a7c62c0ee31feb0def616)
---
 proxy/logging/LogAccessHttp.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/proxy/logging/LogAccessHttp.cc b/proxy/logging/LogAccessHttp.cc
index bb7381a..404f65b 100644
--- a/proxy/logging/LogAccessHttp.cc
+++ b/proxy/logging/LogAccessHttp.cc
@@ -1058,14 +1058,14 @@ LogAccessHttp::marshal_proxy_req_server_name(char *buf)
 int
 LogAccessHttp::marshal_proxy_req_server_ip(char *buf)
 {
-  return marshal_ip(buf, m_http_sm->t_state.current.server != nullptr ? 
_http_sm->t_state.current.server->dst_addr.sa : nullptr);
+  return marshal_ip(buf, m_http_sm->t_state.current.server != nullptr ? 
_http_sm->t_state.current.server->src_addr.sa : nullptr);
 }
 
 int
 LogAccessHttp::marshal_proxy_req_server_port(char *buf)
 {
   if (buf) {
-uint16_t port = ntohs(m_http_sm->t_state.current.server != nullptr ? 
m_http_sm->t_state.current.server->dst_addr.port() : 0);
+uint16_t port = ntohs(m_http_sm->t_state.current.server != nullptr ? 
m_http_sm->t_state.current.server->src_addr.port() : 0);
 marshal_int(buf, port);
   }
   return INK_MIN_ALIGN;

-- 
To stop receiving notification emails like this one, please contact
zw...@apache.org.

[trafficserver] 05/06: Option to enable stand-alone Leak Sanitizer

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 4a20742db975a72aebaeade7b369c1a567dfb716
Author: Gancho Tenev 
AuthorDate: Wed May 2 19:29:34 2018 -0700

Option to enable stand-alone Leak Sanitizer

If leak detection is needed without the Address Sanitizer slowdown.

(cherry picked from commit 09ea78fa6c55b793c46c616d1365ba68b0f18374)
---
 configure.ac | 18 ++
 1 file changed, 18 insertions(+)

diff --git a/configure.ac b/configure.ac
index 7dd6c56..bf44a2a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -205,6 +205,15 @@ AC_ARG_ENABLE([asan],
 )
 AC_MSG_RESULT([$enable_asan])
 
+# Enable LSAN in stand-alone mode for the builds
+AC_MSG_CHECKING([whether to enable lsan])
+AC_ARG_ENABLE([lsan],
+  [AS_HELP_STRING([--enable-lsan],[enable stand-alone Leak Sanitizer])],
+  [],
+  [enable_lsan=no]
+)
+AC_MSG_RESULT([$enable_lsan])
+
 # Enable TSAN for the builds
 AC_MSG_CHECKING([whether to enable tsan])
 AC_ARG_ENABLE([tsan],
@@ -945,6 +954,15 @@ if test "x${enable_asan}" = "xyes"; then
   TS_ADDTO(AM_CXXFLAGS, [-fno-omit-frame-pointer -fsanitize=address])
 fi
 
+# Flags for LSAN stand-alone mode
+if test "x${enable_lsan}" = "xyes"; then
+  if test "x${enable_asan}" = "xyes"; then
+AC_ERROR([ASAN already specified, --enable-lsan is meant only for lsan 
stand-alone mode])
+  fi
+  TS_ADDTO(AM_CFLAGS, [-fno-omit-frame-pointer -fsanitize=leak])
+  TS_ADDTO(AM_CXXFLAGS, [-fno-omit-frame-pointer -fsanitize=leak])
+fi
+
 # Flags for TSAN
 if test "x${enable_tsan}" = "xyes"; then
   TS_ADDTO(AM_CFLAGS, [-fsanitize=thread])

-- 
To stop receiving notification emails like this one, please contact
zw...@apache.org.

[trafficserver] 01/06: Parent Selection -- Balance treatment of primary and secondary parents in ProcessParents().

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 7cda414454f08103b6747ea29e1df9dfee3e64d8
Author: Peter Chou 
AuthorDate: Wed May 2 22:20:59 2018 -0700

Parent Selection -- Balance treatment of primary and secondary parents in 
ProcessParents().

If an error is detected in ParentRecord::ProcessParents(), then the interim 
parent
memory is freed. This was being done only for primary parents but not for 
secondary
parents.

(cherry picked from commit d013fc94530458027f78c3d4fea12c4a470ee06c)
---
 proxy/ParentSelection.cc | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/proxy/ParentSelection.cc b/proxy/ParentSelection.cc
index 749bc40..27be401 100644
--- a/proxy/ParentSelection.cc
+++ b/proxy/ParentSelection.cc
@@ -474,8 +474,13 @@ ParentRecord::ProcessParents(char *val, bool isPrimary)
   return nullptr;
 
 MERROR:
-  ats_free(parents);
-  parents = nullptr;
+  if (isPrimary) {
+ats_free(parents);
+parents = nullptr;
+  } else {
+ats_free(secondary_parents);
+secondary_parents = nullptr;
+  }
 
   return errPtr;
 }

-- 
To stop receiving notification emails like this one, please contact
zw...@apache.org.

[trafficserver] branch 7.1.x updated (3001e31 -> efc6e1d)

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a change to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.


from 3001e31  7.1.x runroot parsing fix
 new 7cda414  Parent Selection -- Balance treatment of primary and 
secondary parents in ProcessParents().
 new 48e2fdd  Coverity ID 1390803: Fixes unreachable code in OCSP
 new 34199fb  Fixes uninitialized argument value use in 
HttpTransact::issue_revalidate
 new 4f2aa69  Fixed off-by-one error in select_best_srv.
 new 4a20742  Option to enable stand-alone Leak Sanitizer
 new efc6e1d  Corrects marshaling of source ip and port

The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 configure.ac  | 18 ++
 iocore/hostdb/P_HostDBProcessor.h |  2 +-
 iocore/net/OCSPStapling.cc|  2 +-
 proxy/ParentSelection.cc  |  9 +++--
 proxy/http/HttpTransact.cc|  5 +++--
 proxy/logging/LogAccessHttp.cc|  4 ++--
 6 files changed, 32 insertions(+), 8 deletions(-)

-- 
To stop receiving notification emails like this one, please contact
zw...@apache.org.

[trafficserver] branch master updated: Move Cachekey plugin to stable plugins.

[gancho]

This is an automated email from the ASF dual-hosted git repository.

gancho pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new f4bf7e5  Move Cachekey plugin to stable plugins.
f4bf7e5 is described below

commit f4bf7e56117a0994dfee40f93c4910f72fab139f
Author: Gancho Tenev 
AuthorDate: Mon May 7 14:11:43 2018 +0100

Move Cachekey plugin to stable plugins.
---
 doc/admin-guide/plugins/index.en.rst  |  8 
 plugins/Makefile.am   |  2 +-
 plugins/{experimental => }/cachekey/Makefile.inc  | 14 +++---
 plugins/{experimental => }/cachekey/README.md |  2 +-
 plugins/{experimental => }/cachekey/cachekey.cc   |  0
 plugins/{experimental => }/cachekey/cachekey.h|  0
 plugins/{experimental => }/cachekey/common.cc |  0
 plugins/{experimental => }/cachekey/common.h  |  0
 plugins/{experimental => }/cachekey/configs.cc|  0
 plugins/{experimental => }/cachekey/configs.h |  0
 plugins/{experimental => }/cachekey/pattern.cc|  0
 plugins/{experimental => }/cachekey/pattern.h |  0
 plugins/{experimental => }/cachekey/plugin.cc |  0
 plugins/{experimental => }/cachekey/tests/pattern_test.cc |  0
 14 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/doc/admin-guide/plugins/index.en.rst 
b/doc/admin-guide/plugins/index.en.rst
index bc1c4ec..6891d4e 100644
--- a/doc/admin-guide/plugins/index.en.rst
+++ b/doc/admin-guide/plugins/index.en.rst
@@ -48,6 +48,7 @@ Plugins that are considered stable are installed by default 
in |TS| releases.
AWS S3 Authentication 
AuthProxy 
Background Fetch 
+   Cache Key Manipulation 
Combo Handler 
Configuration Remap 
ESI 
@@ -71,6 +72,9 @@ Plugins that are considered stable are installed by default 
in |TS| releases.
 :doc:`Background Fetch `
Proactively fetch content from Origin in a way that it will fill the object 
into cache.
 
+:doc:`Cache Key Manipulation `
+   Allows some common cache key manipulations based on various HTTP request 
elements.
+
 :doc:`Combo Handler `
Provides an intelligent way to combine multiple URLs into a single URL, and 
have Apache Traffic Server combine the components into one response.
 
@@ -125,7 +129,6 @@ directory of the |TS| source tree. Experimental plugins can 
be compiled by passi
 
Balancer 
Buffer Upload 
-   Cache Key Manipulation 
Cache Promote 
Collapsed-Forwarding 
Epic 
@@ -153,9 +156,6 @@ directory of the |TS| source tree. Experimental plugins can 
be compiled by passi
 :doc:`Buffer Upload `
Buffers POST data before connecting to the Origin server.
 
-:doc:`Cache Key Manipulation `
-   Allows some common cache key manipulations based on various HTTP request 
elements.
-
 :doc:`Cache Promote `
Provides additional control over when an object should be allowed into the 
cache.
 
diff --git a/plugins/Makefile.am b/plugins/Makefile.am
index 5c08e8e..d634754 100644
--- a/plugins/Makefile.am
+++ b/plugins/Makefile.am
@@ -29,6 +29,7 @@ AM_LDFLAGS = $(TS_PLUGIN_LD_FLAGS)
 
 include authproxy/Makefile.inc
 include background_fetch/Makefile.inc
+include cachekey/Makefile.inc
 include conf_remap/Makefile.inc
 include esi/Makefile.inc
 include generator/Makefile.inc
@@ -51,7 +52,6 @@ include experimental/balancer/Makefile.inc
 include experimental/buffer_upload/Makefile.inc
 include experimental/cache_promote/Makefile.inc
 include experimental/cache_range_requests/Makefile.inc
-include experimental/cachekey/Makefile.inc
 include experimental/collapsed_connection/Makefile.inc
 include experimental/collapsed_forwarding/Makefile.inc
 include experimental/custom_redirect/Makefile.inc
diff --git a/plugins/experimental/cachekey/Makefile.inc 
b/plugins/cachekey/Makefile.inc
similarity index 73%
rename from plugins/experimental/cachekey/Makefile.inc
rename to plugins/cachekey/Makefile.inc
index 6bc2e33..e0da967 100644
--- a/plugins/experimental/cachekey/Makefile.inc
+++ b/plugins/cachekey/Makefile.inc
@@ -14,10 +14,10 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-pkglib_LTLIBRARIES += experimental/cachekey/cachekey.la
-experimental_cachekey_cachekey_la_SOURCES = \
-  experimental/cachekey/cachekey.cc \
-  experimental/cachekey/common.cc \
-  experimental/cachekey/configs.cc \
-  experimental/cachekey/pattern.cc \
-  experimental/cachekey/plugin.cc
+pkglib_LTLIBRARIES += cachekey/cachekey.la
+cachekey_cachekey_la_SOURCES = \
+  cachekey/cachekey.cc \
+  cachekey/common.cc \
+  cachekey/configs.cc \
+  cachekey/pattern.cc \
+  cachekey/plugin.cc
diff --git a/plugins/experimental/cachekey/README.md 
b/plugins/cachekey/README.md
similarity index 92%
rename from 

[trafficserver] branch master updated: Add TLSv1.3 cipher suites for OpenSSL-1.1.1

[masaori]

This is an automated email from the ASF dual-hosted git repository.

masaori pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new 9d0317b  Add TLSv1.3 cipher suites for OpenSSL-1.1.1
9d0317b is described below

commit 9d0317b881d53af89e6ab14f86b4f786f733a0d6
Author: Masaori Koshiba 
AuthorDate: Tue May 8 13:51:19 2018 +0100

Add TLSv1.3 cipher suites for OpenSSL-1.1.1
---
 doc/admin-guide/files/records.config.en.rst | 2 +-
 mgmt/RecordsConfig.cc   | 2 +-
 proxy/config/records.config.default.in  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/admin-guide/files/records.config.en.rst 
b/doc/admin-guide/files/records.config.en.rst
index 20acad9..81746f6 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -3146,7 +3146,7 @@ SSL Termination
The current default, included in the ``records.config.default`` example
configuration is:
 
-   
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-
 [...]
+   
TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RS
 [...]
 
 .. ts:cv:: CONFIG proxy.config.ssl.client.cipher_suite STRING 
 
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index ce159ce..d156f68 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1107,7 +1107,7 @@ static const RecordElement RecordsConfig[] =
   ,
   {RECT_CONFIG, "proxy.config.ssl.client.TLSv1_2", RECD_INT, "1", 
RECU_RESTART_TS, RR_NULL, RECC_INT, "[0-1]", RECA_NULL}
   ,
-  {RECT_CONFIG, "proxy.config.ssl.server.cipher_suite", RECD_STRING, 
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256
 [...]
+  {RECT_CONFIG, "proxy.config.ssl.server.cipher_suite", RECD_STRING, 
"TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-R
 [...]
   ,
   {RECT_CONFIG, "proxy.config.ssl.client.cipher_suite", RECD_STRING, nullptr, 
RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
   ,
diff --git a/proxy/config/records.config.default.in 
b/proxy/config/records.config.default.in
index 209ff2b..e0f8d7b 100644
--- a/proxy/config/records.config.default.in
+++ b/proxy/config/records.config.default.in
@@ -166,7 +166,7 @@ CONFIG proxy.config.reverse_proxy.enabled INT 1
 ##
 CONFIG proxy.config.ssl.client.verify.server INT 0
 CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL
-CONFIG proxy.config.ssl.server.cipher_suite STRING 
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES
 [...]
+CONFIG proxy.config.ssl.server.cipher_suite STRING 

[trafficserver] branch master updated: Fixed off-by-one error in select_best_srv.

[zwoop]

This is an automated email from the ASF dual-hosted git repository.

zwoop pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new aa97de6  Fixed off-by-one error in select_best_srv.
aa97de6 is described below

commit aa97de6162ac53f733c1e7a97fcb2350779d6ed8
Author: Chris Lemmons 
AuthorDate: Tue May 8 15:54:42 2018 +

Fixed off-by-one error in select_best_srv.

This error may never actually occur, it was reported by clang-analyzer. This
just ensures that in no case does the loop run one past the end of the 
array.
---
 iocore/hostdb/P_HostDBProcessor.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iocore/hostdb/P_HostDBProcessor.h 
b/iocore/hostdb/P_HostDBProcessor.h
index 40bcdeb..ab84309 100644
--- a/iocore/hostdb/P_HostDBProcessor.h
+++ b/iocore/hostdb/P_HostDBProcessor.h
@@ -374,7 +374,7 @@ HostDBRoundRobin::select_best_srv(char *target, InkRand 
*rand, ink_time_t now, i
 result = (current++ % len);
   } else {
 uint32_t xx = rand->random() % weight;
-for (i = 0; i < len && xx >= infos[i]->data.srv.srv_weight; ++i)
+for (i = 0; i < len - 1 && xx >= infos[i]->data.srv.srv_weight; ++i)
   xx -= infos[i]->data.srv.srv_weight;
 
 result = infos[i];

-- 
To stop receiving notification emails like this one, please contact
zw...@apache.org.

[trafficserver] branch master updated: Clang6: Fix nullptr use in AtomicList. This shoud cover 3 different issues.

[amc]

This is an automated email from the ASF dual-hosted git repository.

amc pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/master by this push:
 new cfd2f6a  Clang6: Fix nullptr use in AtomicList. This shoud cover 3 
different issues.
cfd2f6a is described below

commit cfd2f6a5745a2199159ca3dabbfda812aae88df9
Author: Alan M. Carroll 
AuthorDate: Tue May 8 08:14:00 2018 -0500

Clang6: Fix nullptr use in AtomicList.
This shoud cover 3 different issues.
---
 lib/ts/List.h | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/ts/List.h b/lib/ts/List.h
index d3ae4db..f58b5a3 100644
--- a/lib/ts/List.h
+++ b/lib/ts/List.h
@@ -739,5 +739,7 @@ template  struct 
AtomicSLL {
 
 template  inline AtomicSLL::AtomicSLL()
 {
-  ink_atomiclist_init(, "AtomicSLL", (uint32_t)(uintptr_t)::next_link((C 
*)nullptr));
+  // need @c offsetof but that's not reliable until C++17, and we can't use 
the nullptr trick directly because
+  // clang-analyzer gets upset, so we use 0x10 as the base and subtract it 
back afterwards.
+  ink_atomiclist_init(, "AtomicSLL", 
reinterpret_cast(::next_link(reinterpret_cast(0x10))) - 0x10);
 }

-- 
To stop receiving notification emails like this one, please contact
a...@apache.org.