mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-10-18 19:49:40 +00:00
Code Issues Releases Activity

www/pound: the port had been updated to version 4.5

Browse Source 
Apsis GmbH, original upstream, had stopped the development and
welcomed Sergey Poznyakoff to pick up and further maintain the
project, which is now hosted on GitHub.

Drop no longer useful patches, adjust LICENSE, convert package
list to static pkg-plist, and hook the tests to our framework.

Requested by:	maintainer
This commit is contained in:
Alexey Dokuchaev 2023-02-24 11:41:42 +00:00
parent 2b7b7592b0
commit 8b4e85ebc5
11 changed files with 20 additions and 870 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
www/pound/Makefile
View File

@ -1,40 +1,27 @@
PORTNAME= pound
PORTVERSION= 2.8
PORTVERSION= 4.5
DISTVERSIONPREFIX= v
CATEGORIES= www net
MASTER_SITES= http://www.apsis.ch/pound/ \
ftp://ftp.nuug.no/pub/anders/distfiles/
DISTNAME= Pound-${PORTVERSION}
EXTRA_PATCHES= \
${FILESDIR}/0001-Add-MKCALENDAR-to-xHTTP-2-and-above.patch:-p1 \
${FILESDIR}/0002-add-support-openssl1.1-dhparam.patch:-p1 \
${FILESDIR}/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c.patch:-p1 \
${FILESDIR}/pound-2.8-websocket.diff:-p1 \
${FILESDIR}/pound-2.8-fallback_scsv.diff:-p0 \
${FILESDIR}/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch:-p1
MAINTAINER= zeus@gnu.org.ua
COMMENT= HTTP/HTTPS reverse-proxy and load-balancer
WWW= https://www.apsis.ch/pound.html
WWW= https://github.com/graygnuorg/pound
LICENSE= GPLv3
LICENSE_FILE= ${WRKSRC}/GPL.txt
LICENSE= GPLv3+
USES= cpe tar:tgz ssl
USES= autoreconf cpe gmake ssl
CPE_VENDOR= apsis
GNU_CONFIGURE= yes
CONFIGURE_ARGS= --disable-tcmalloc --disable-hoard
USE_GITHUB= yes
GH_ACCOUNT= graygnuorg
USE_RC_SUBR= ${PORTNAME}
TEST_TARGET= check
SUB_FILES= ${PORTNAME}.cfg
SUB_LIST= NAME=${PORTNAME}
PLIST_FILES= @sample\ etc/pound.cfg.sample \
sbin/pound \
sbin/poundctl \
man/man8/pound.8.gz \
man/man8/poundctl.8.gz
PORTDOCS= README FAQ CHANGELOG
PORTDOCS= AUTHORS ChangeLog.apsis NEWS README.md THANKS
OPTIONS_DEFINE= DOCS DSAPARAM PCRE
OPTIONS_DEFAULT=PCRE
@ -46,7 +33,7 @@ PCRE_CONFIGURE_ENABLE= pcreposix
post-patch-DSAPARAM-on:
@${REINPLACE_CMD} -e '/openssl dhparam/s,-5,-dsaparam,' \
${WRKSRC}/Makefile.in
${WRKSRC}/src/Makefile.am
post-install:
${INSTALL_DATA} ${WRKDIR}/${PORTNAME}.cfg \

6
www/pound/distinfo
View File

@ -1,3 +1,3 @@
TIMESTAMP = 1526033851
SHA256 (Pound-2.8.tgz) = a7fd8690de0fd390615e79fd0f4bfd56a544b8ef97dd6659c07ecd3207480c25
SIZE (Pound-2.8.tgz) = 186124
TIMESTAMP = 1676192195
SHA256 (graygnuorg-pound-v4.5_GH0.tar.gz) = 22933ce99d36eb7020700aecc397d9ceaee184c4d438939509fa2ca88adf7f07
SIZE (graygnuorg-pound-v4.5_GH0.tar.gz) = 186846

39
www/pound/files/0001-Add-MKCALENDAR-to-xHTTP-2-and-above.patch
View File

@ -1,39 +0,0 @@
From: Brett Parker <iDunno@sommitrealweird.co.uk>
Date: Sat, 30 Jul 2016 21:47:14 +0100
Subject: Add MKCALENDAR to xHTTP 2 and above
---
config.c | 6 +++---
pound.8 | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/config.c b/config.c
index de1e163..68e2d2f 100644
--- a/config.c
+++ b/config.c
@@ -87,9 +87,9 @@ static regmatch_t matches[5];
static char *xhttp[] = {
"^(GET|POST|HEAD) ([^ ]+) HTTP/1.[01]$",
"^(GET|POST|HEAD|PUT|PATCH|DELETE) ([^ ]+) HTTP/1.[01]$",
- "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT) ([^ ]+) HTTP/1.[01]$",
- "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT) ([^ ]+) HTTP/1.[01]$",
- "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$",
+ "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|MKCALENDAR) ([^ ]+) HTTP/1.[01]$",
+ "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|MKCALENDAR|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT) ([^ ]+) HTTP/1.[01]$",
+ "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|MKCALENDAR|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$",
};
static int log_level = 1;
diff --git a/pound.8 b/pound.8
index ceddf48..235d829 100644
--- a/pound.8
+++ b/pound.8
@@ -368,7 +368,7 @@ additionally allow extended HTTP requests (PUT, PATCH, DELETE).
.I 2
additionally allow standard WebDAV verbs (LOCK, UNLOCK, PROPFIND,
PROPPATCH, SEARCH, MKCOL, MOVE, COPY, OPTIONS, TRACE, MKACTIVITY,
-CHECKOUT, MERGE, REPORT).
+CHECKOUT, MERGE, REPORT, MKCALENDAR).
.IP
.I 3
additionally allow MS extensions WebDAV verbs (SUBSCRIBE, UNSUBSCRIBE,

54
www/pound/files/0002-add-support-openssl1.1-dhparam.patch
View File

@ -1,54 +0,0 @@
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Sun, 19 Feb 2017 14:34:38 +0100
Subject: [PATCH] pound: Add support for openssl 1.1
This patch adds support for "openssl dhparam -C" created header files where
openssl binary itself is 1.1 but the code using the file is linked against
1.0.2.
This will not let the pound as compile against openssl 1.1.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
svc.c | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
--- a/svc.c
+++ b/svc.c
@@ -1448,6 +1448,37 @@ do_RSAgen(void)
return;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ /* If the fields p and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL. q may remain NULL.
+ */
+ if ((dh->p == NULL && p == NULL)
+ || (dh->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(dh->p);
+ dh->p = p;
+ }
+ if (q != NULL) {
+ BN_free(dh->q);
+ dh->q = q;
+ }
+ if (g != NULL) {
+ BN_free(dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL) {
+ dh->length = BN_num_bits(q);
+ }
+
+ return 1;
+}
+#endif
+
#include "dh512.h"
#if DH_LEN == 1024

323
www/pound/files/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch
View File

@ -1,323 +0,0 @@
From a2c9dde4d055ea8942afb150b7fc3a807d4e5d60 Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org>
Date: Wed, 28 Feb 2018 13:44:01 +0000
Subject: [PATCH] Support for Openssl 1.1
---
config.c | 17 +++++++--
http.c | 12 ++++++-
pound.h | 4 ++-
svc.c | 101 +++++++++++++++++++++++++++++++++++++++++++----------
5 files changed, 125 insertions(+), 24 deletions(-)
create mode 100644 .gitignore
diff --git a/config.c b/config.c
index d41a3ee..e8fec0f 100644
--- a/config.c
+++ b/config.c
@@ -174,6 +174,16 @@ conf_fgets(char *buf, const int max)
}
}
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+# define general_name_string(n) \
+ strndup(ASN1_STRING_get0_data(n->d.dNSName), \
+ ASN1_STRING_length(n->d.dNSName) + 1)
+#else
+# define general_name_string(n) \
+ strndup(ASN1_STRING_data(n->d.dNSName), \
+ ASN1_STRING_length(n->d.dNSName) + 1)
+#endif
+
unsigned char **
get_subjectaltnames(X509 *x509, unsigned int *count)
{
@@ -194,8 +204,7 @@ get_subjectaltnames(X509 *x509, unsigned int *count)
name = sk_GENERAL_NAME_pop(san_stack);
switch(name->type) {
case GEN_DNS:
- temp[local_count] = strndup(ASN1_STRING_data(name->d.dNSName), ASN1_STRING_length(name->d.dNSName)
- + 1);
+ temp[local_count] = general_name_string(name);
if(temp[local_count] == NULL)
conf_err("out of memory");
local_count++;
@@ -565,7 +574,9 @@ parse_service(const char *svc_name)
pthread_mutex_init(&res->mut, NULL);
if(svc_name)
strncpy(res->name, svc_name, KEY_SIZE);
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if((res->sessions = lh_TABNODE_new(t_hash, t_cmp)) == NULL)
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
if((res->sessions = LHM_lh_new(TABNODE, t)) == NULL)
#else
if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL)
diff --git a/http.c b/http.c
index dd211e4..c8e756a 100644
--- a/http.c
+++ b/http.c
@@ -527,12 +527,22 @@ log_bytes(char *res, const LONG cnt)
/* Cleanup code. This should really be in the pthread_cleanup_push, except for bugs in some implementations */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+# define clear_error()
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
+# define clear_error() \
+ if(ssl != NULL) { ERR_clear_error(); ERR_remove_thread_state(NULL); }
+#else
+# define clear_error() \
+ if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); }
+#endif
+
#define clean_all() { \
if(ssl != NULL) { BIO_ssl_shutdown(cl); } \
if(be != NULL) { BIO_flush(be); BIO_reset(be); BIO_free_all(be); be = NULL; } \
if(cl != NULL) { BIO_flush(cl); BIO_reset(cl); BIO_free_all(cl); cl = NULL; } \
if(x509 != NULL) { X509_free(x509); x509 = NULL; } \
- if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); } \
+ clear_error(); \
}
/*
diff --git a/pound.h b/pound.h
index fa22c36..9603b91 100644
--- a/pound.h
+++ b/pound.h
@@ -344,7 +344,9 @@ typedef struct _tn {
/* maximal session key size */
#define KEY_SIZE 127
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ DEFINE_LHASH_OF(TABNODE);
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
DECLARE_LHASH_OF(TABNODE);
#endif
diff --git a/svc.c b/svc.c
index 60ba488..063b92c 100644
--- a/svc.c
+++ b/svc.c
@@ -27,10 +27,17 @@
#include "pound.h"
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+# define TABNODE_GET_DOWN_LOAD(t) lh_TABNODE_get_down_load(t)
+# define TABNODE_SET_DOWN_LOAD(t,n) lh_TABNODE_set_down_load(t,n)
+#else
#ifndef LHASH_OF
#define LHASH_OF(x) LHASH
#define CHECKED_LHASH_OF(type, h) h
#endif
+# define TABNODE_GET_DOWN_LOAD(t) (CHECKED_LHASH_OF(TABNODE, t)->down_load)
+# define TABNODE_SET_DOWN_LOAD(t,n) (CHECKED_LHASH_OF(TABNODE, t)->down_load = n)
+#endif
/*
* Add a new key/content pair to a hash table
@@ -58,7 +65,9 @@ t_add(LHASH_OF(TABNODE) *const tab, const char *key, const void *content, const
}
memcpy(t->content, content, cont_len);
t->last_acc = time(NULL);
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if((old = lh_TABNODE_insert(tab, t)) != NULL) {
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
if((old = LHM_lh_insert(TABNODE, tab, t)) != NULL) {
#else
if((old = (TABNODE *)lh_insert(tab, t)) != NULL) {
@@ -82,7 +91,9 @@ t_find(LHASH_OF(TABNODE) *const tab, char *const key)
TABNODE t, *res;
t.key = key;
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if((res = lh_TABNODE_retrieve(tab, &t)) != NULL) {
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
if((res = (TABNODE *)LHM_lh_retrieve(TABNODE, tab, &t)) != NULL) {
#else
if((res = (TABNODE *)lh_retrieve(tab, &t)) != NULL) {
@@ -102,7 +113,9 @@ t_remove(LHASH_OF(TABNODE) *const tab, char *const key)
TABNODE t, *res;
t.key = key;
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if((res = lh_TABNODE_delete(tab, &t)) != NULL) {
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
if((res = LHM_lh_delete(TABNODE, tab, &t)) != NULL) {
#else
if((res = (TABNODE *)lh_delete(tab, &t)) != NULL) {
@@ -127,7 +140,9 @@ t_old_doall_arg(TABNODE *t, ALL_ARG *a)
TABNODE *res;
if(t->last_acc < a->lim)
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if((res = lh_TABNODE_delete(a->tab, t)) != NULL) {
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
if((res = LHM_lh_delete(TABNODE, a->tab, t)) != NULL) {
#else
if((res = lh_delete(a->tab, t)) != NULL) {
@@ -145,6 +160,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABNODE, ALL_ARG)
IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABNODE *, ALL_ARG *)
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+IMPLEMENT_LHASH_DOALL_ARG(TABNODE,ALL_ARG);
+#endif
+
/*
* Expire all old nodes
*/
@@ -156,14 +175,16 @@ t_expire(LHASH_OF(TABNODE) *const tab, const time_t lim)
a.tab = tab;
a.lim = lim;
- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load;
- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0;
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ down_load = TABNODE_GET_DOWN_LOAD(tab);
+ TABNODE_SET_DOWN_LOAD(tab, 0);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ lh_TABNODE_doall_ALL_ARG(tab, t_old_doall_arg, &a);
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_old), ALL_ARG, &a);
#else
lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_old), &a);
#endif
- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load;
+ TABNODE_SET_DOWN_LOAD(tab, down_load);
return;
}
@@ -173,7 +194,9 @@ t_cont_doall_arg(TABNODE *t, ALL_ARG *arg)
TABNODE *res;
if(memcmp(t->content, arg->content, arg->cont_len) == 0)
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if((res = lh_TABNODE_delete(arg->tab, t)) != NULL) {
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
if((res = LHM_lh_delete(TABNODE, arg->tab, t)) != NULL) {
#else
if((res = lh_delete(arg->tab, t)) != NULL) {
@@ -203,15 +226,16 @@ t_clean(LHASH_OF(TABNODE) *const tab, void *const content, const size_t cont_len
a.tab = tab;
a.content = content;
a.cont_len = cont_len;
- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load;
- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0;
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ down_load = TABNODE_GET_DOWN_LOAD(tab);
+ TABNODE_SET_DOWN_LOAD(tab, 0);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ lh_TABNODE_doall_ALL_ARG(tab, t_cont_doall_arg, &a);
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_cont), ALL_ARG, &a);
#else
lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_cont), &a);
#endif
- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load;
- return;
+ TABNODE_SET_DOWN_LOAD(tab, down_load);
}
/*
@@ -1262,6 +1286,31 @@ RSA_tmp_callback(/* not used */SSL *ssl, /* not used */int is_export, int keylen
return res;
}
+static int
+generate_key(RSA **ret_rsa, unsigned long bits)
+{
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
+ int rc = 0;
+ RSA *rsa;
+
+ rsa = RSA_new();
+ if (rsa) {
+ BIGNUM *bne = BN_new();
+ if (BN_set_word(bne, RSA_F4))
+ rc = RSA_generate_key_ex(rsa, bits, bne, NULL);
+ BN_free(bne);
+ if (rc)
+ *ret_rsa = rsa;
+ else
+ RSA_free(rsa);
+ }
+ return rc;
+#else
+ *ret_rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL);
+ return *ret_rsa != NULL;
+#endif
+}
+
/*
* Periodically regenerate ephemeral RSA keys
* runs every T_RSA_KEYS seconds
@@ -1274,8 +1323,9 @@ do_RSAgen(void)
RSA *t_RSA1024_keys[N_RSA_KEYS];
for(n = 0; n < N_RSA_KEYS; n++) {
- t_RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL);
- t_RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL);
+ /* FIXME: Error handling */
+ generate_key(&t_RSA512_keys[n], 512);
+ generate_key(&t_RSA1024_keys[n], 1024);
}
if(ret_val = pthread_mutex_lock(&RSA_mut))
logmsg(LOG_WARNING, "thr_RSAgen() lock: %s", strerror(ret_val));
@@ -1329,11 +1379,11 @@ init_timer(void)
* Pre-generate ephemeral RSA keys
*/
for(n = 0; n < N_RSA_KEYS; n++) {
- if((RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) {
+ if(!generate_key(&RSA512_keys[n], 512)) {
logmsg(LOG_WARNING,"RSA_generate(%d, 512) failed", n);
return;
}
- if((RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL)) == NULL) {
+ if(!generate_key(&RSA1024_keys[n], 1024)) {
logmsg(LOG_WARNING,"RSA_generate(%d, 1024) failed", n);
return;
}
@@ -1420,6 +1470,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE, DUMP_ARG)
IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE *, DUMP_ARG *)
#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+IMPLEMENT_LHASH_DOALL_ARG(TABNODE,DUMP_ARG);
+#endif
+
/*
* write sessions to the control socket
*/
@@ -1430,7 +1484,9 @@ dump_sess(const int control_sock, LHASH_OF(TABNODE) *const sess, BACKEND *const
a.control_sock = control_sock;
a.backends = backends;
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ lh_TABNODE_doall_DUMP_ARG(sess, t_dump_doall_arg, &a);
+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L
LHM_lh_doall_arg(TABNODE, sess, LHASH_DOALL_ARG_FN(t_dump), DUMP_ARG, &a);
#else
lh_doall_arg(sess, LHASH_DOALL_ARG_FN(t_dump), &a);
@@ -1664,6 +1720,13 @@ thr_control(void *arg)
}
}
+#ifndef SSL3_ST_SR_CLNT_HELLO_A
+# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT)
+#endif
+#ifndef SSL23_ST_SR_CLNT_HELLO_A
+# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT)
+#endif
+
void
SSLINFO_callback(const SSL *ssl, int where, int rc)
{

41
www/pound/files/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c.patch
View File

@ -1,41 +0,0 @@
From c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org>
Date: Mon, 19 Mar 2018 18:11:59 +0200
Subject: [PATCH] Bugfix
* http.c: Stop if BIO_read returns <= 0
---
http.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/http.c b/http.c
index 496a84e..c461489 100644
--- a/http.c
+++ b/http.c
@@ -142,7 +142,7 @@ get_line(BIO *const in, char *const buf, const int bufsize)
if(tmp != '\n') {
/* we have CR not followed by NL */
do {
- if(BIO_read(in, &tmp, 1) < 0)
+ if(BIO_read(in, &tmp, 1) <= 0)
return 1;
} while(tmp != '\n');
return 1;
@@ -169,7 +169,7 @@ get_line(BIO *const in, char *const buf, const int bufsize)
/* all other control characters cause an error */
do {
- if(BIO_read(in, &tmp, 1) < 0)
+ if(BIO_read(in, &tmp, 1) <= 0)
return 1;
} while(tmp != '\n');
return 1;
@@ -177,7 +177,7 @@ get_line(BIO *const in, char *const buf, const int bufsize)
/* line too long */
do {
- if(BIO_read(in, &tmp, 1) < 0)
+ if(BIO_read(in, &tmp, 1) <= 0)
return 1;
} while(tmp != '\n');
return 1;

18
www/pound/files/patch-Makefile.in
View File

@ -1,18 +0,0 @@
--- Makefile.in.orig 2018-05-11 10:16:05 UTC
+++ Makefile.in
@@ -58,11 +58,11 @@ $(OBJS) poundctl.o: pound.h config.h
install: all
@INSTALL@ -d ${DESTDIR}@sbindir@
- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 pound ${DESTDIR}@sbindir@/pound
- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 poundctl ${DESTDIR}@sbindir@/poundctl
+ @INSTALL@ -p -m 755 pound ${DESTDIR}@sbindir@/pound
+ @INSTALL@ -p -m 755 poundctl ${DESTDIR}@sbindir@/poundctl
@INSTALL@ -d ${DESTDIR}@mandir@/man8
- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8
- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8
+ @INSTALL@ -p -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8
+ @INSTALL@ -p -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8
clean:
rm -f pound $(OBJS) poundctl poundctl.o

29
www/pound/files/patch-svc.c
View File

@ -1,29 +0,0 @@
--- svc.c.orig 2018-05-11 10:16:05 UTC
+++ svc.c
@@ -273,6 +273,7 @@ addr2str(char *const res, const int res_len, const str
char buf[MAXBUF];
int port;
void *src;
+ char *p = buf;
memset(res, 0, res_len);
#ifdef HAVE_INET_NTOP
@@ -298,10 +299,15 @@ addr2str(char *const res, const int res_len, const str
port = 0;
break;
}
- if(no_port)
- snprintf(res, res_len, "%s", buf);
+ // Strip off the IPv6 prefix
+ if (strncmp(buf, "::ffff:", 7) == 0)
+ {
+ p = buf + 7;
+ }
+ if (no_port)
+ snprintf(res, res_len, "%s", p);
else
- snprintf(res, res_len, "%s:%d", buf, port);
+ snprintf(res, res_len, "%s:%d", p, port);
#else
#error "Pound needs inet_ntop()"
#endif

12
www/pound/files/pound-2.8-fallback_scsv.diff
View File

@ -1,12 +0,0 @@
--- config.c.orig 2018-05-11 12:16:05.000000000 +0200
+++ config.c 2018-12-22 23:19:53.912203188 +0100
@@ -347,9 +347,6 @@
SSL_CTX_set_app_data(res->ctx, res);
SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL);
SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY);
-#ifdef SSL_MODE_SEND_FALLBACK_SCSV
- SSL_CTX_set_mode(res->ctx, SSL_MODE_SEND_FALLBACK_SCSV);
-#endif
SSL_CTX_set_options(res->ctx, SSL_OP_ALL);
#ifdef SSL_OP_NO_COMPRESSION
SSL_CTX_set_options(res->ctx, SSL_OP_NO_COMPRESSION);

328
www/pound/files/pound-2.8-websocket.diff
View File

@ -1,328 +0,0 @@
diff -Nur Pound-2.8.orig/config.c Pound-2.8/config.c
--- Pound-2.8.orig/config.c 2018-05-11 12:16:05.000000000 +0200
+++ Pound-2.8/config.c 2018-07-30 14:10:01.693667854 +0200
@@ -77,7 +77,7 @@
static regex_t ListenHTTP, ListenHTTPS, End, Address, Port, Cert, xHTTP, Client, CheckURL;
static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteLocation, RewriteDestination;
static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr;
-static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID;
+static regex_t Redirect, RedirectN, TimeOut, WSTimeOut, Session, Type, TTL, ID;
static regex_t ClientCert, AddHeader, DisableProto, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers;
static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, ConnTO, IgnoreCase, HTTPS;
static regex_t Disabled, Threads, CNName, Anonymise, ECDHCurve;
@@ -96,6 +96,7 @@
static int def_facility = LOG_DAEMON;
static int clnt_to = 10;
static int be_to = 15;
+static int ws_to = 600;
static int be_connto = 15;
static int ignore_case = 0;
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
@@ -242,6 +243,7 @@
res->addr.ai_socktype = SOCK_STREAM;
res->to = is_emergency? 120: be_to;
res->conn_to = is_emergency? 120: be_connto;
+ res->ws_to = is_emergency? 120: ws_to;
res->alive = 1;
memset(&res->addr, 0, sizeof(res->addr));
res->priority = 5;
@@ -292,6 +294,8 @@
res->priority = atoi(lin + matches[1].rm_so);
} else if(!regexec(&TimeOut, lin, 4, matches, 0)) {
res->to = atoi(lin + matches[1].rm_so);
+ } else if(!regexec(&WSTimeOut, lin, 4, matches, 0)) {
+ res->ws_to = atoi(lin + matches[1].rm_so);
} else if(!regexec(&ConnTO, lin, 4, matches, 0)) {
res->conn_to = atoi(lin + matches[1].rm_so);
} else if(!regexec(&HAport, lin, 4, matches, 0)) {
@@ -1340,6 +1344,8 @@
alive_to = atoi(lin + matches[1].rm_so);
} else if(!regexec(&TimeOut, lin, 4, matches, 0)) {
be_to = atoi(lin + matches[1].rm_so);
+ } else if(!regexec(&WSTimeOut, lin, 4, matches, 0)) {
+ ws_to = atoi(lin + matches[1].rm_so);
} else if(!regexec(&ConnTO, lin, 4, matches, 0)) {
be_connto = atoi(lin + matches[1].rm_so);
} else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) {
@@ -1467,6 +1473,7 @@
|| regcomp(&Emergency, "^[ \t]*Emergency[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&Priority, "^[ \t]*Priority[ \t]+([1-9])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&TimeOut, "^[ \t]*TimeOut[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
+ || regcomp(&WSTimeOut, "^[ \t]*WSTimeOut[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&HAport, "^[ \t]*HAport[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&HAportAddr, "^[ \t]*HAport[ \t]+([^ \t]+)[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&Redirect, "^[ \t]*Redirect[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
@@ -1632,6 +1639,7 @@
regfree(&Emergency);
regfree(&Priority);
regfree(&TimeOut);
+ regfree(&WSTimeOut);
regfree(&HAport);
regfree(&HAportAddr);
regfree(&Redirect);
diff -Nur Pound-2.8.orig/http.c Pound-2.8/http.c
--- Pound-2.8.orig/http.c 2018-05-11 12:16:05.000000000 +0200
+++ Pound-2.8/http.c 2018-07-30 14:10:01.693667854 +0200
@@ -541,7 +541,7 @@
void
do_http(thr_arg *arg)
{
- int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto, is_rpc;
+ int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto, is_rpc, is_ws;
LISTENER *lstn;
SERVICE *svc;
BACKEND *backend, *cur_backend, *old_backend;
@@ -662,6 +662,7 @@
for(cl_11 = be_11 = 0;;) {
res_bytes = L0;
is_rpc = -1;
+ is_ws = 0;
v_host[0] = referer[0] = u_agent[0] = u_name[0] = '\0';
conn_closed = 0;
for(n = 0; n < MAXHEADERS; n++)
@@ -689,6 +690,8 @@
is_rpc = 1;
else if(!strncasecmp(request + matches[1].rm_so, "RPC_OUT_DATA", matches[1].rm_eo - matches[1].rm_so))
is_rpc = 0;
+ else if(!strncasecmp(request + matches[1].rm_so, "GET", matches[1].rm_eo - matches[1].rm_so))
+ is_ws |= 0x1;
} else {
addr2str(caddr, MAXBUF - 1, &from_host, 1);
logmsg(LOG_WARNING, "(%lx) e501 bad request \"%s\" from %s", pthread_self(), request, caddr);
@@ -733,6 +736,13 @@
case HEADER_CONNECTION:
if(!strcasecmp("close", buf))
conn_closed = 1;
+ /* Connection: upgrade */
+ else if(!regexec(&CONN_UPGRD, buf, 0, NULL, 0))
+ is_ws |= 0x2;
+ break;
+ case HEADER_UPGRADE:
+ if(!strcasecmp("websocket", buf))
+ is_ws |= 0x4;
break;
case HEADER_TRANSFER_ENCODING:
if(!strcasecmp("chunked", buf))
@@ -1402,12 +1412,21 @@
/* some response codes (1xx, 204, 304) have no content */
if(!no_cont && !regexec(&RESP_IGN, response, 0, NULL, 0))
no_cont = 1;
+ if(!strncasecmp("101", response + 9, 3))
+ is_ws |= 0x10;
for(chunked = 0, cont = -1L, n = 1; n < MAXHEADERS && headers[n]; n++) {
switch(check_header(headers[n], buf)) {
case HEADER_CONNECTION:
if(!strcasecmp("close", buf))
conn_closed = 1;
+ /* Connection: upgrade */
+ else if(!regexec(&CONN_UPGRD, buf, 0, NULL, 0))
+ is_ws |= 0x20;
+ break;
+ case HEADER_UPGRADE:
+ if(!strcasecmp("websocket", buf))
+ is_ws |= 0x40;
break;
case HEADER_TRANSFER_ENCODING:
if(!strcasecmp("chunked", buf)) {
@@ -1571,6 +1590,114 @@
clean_all();
return;
}
+ } else if(is_ws == 0x77) {
+ /*
+ * special mode for Websockets - content until EOF
+ */
+ char one;
+ BIO *cl_unbuf;
+ BIO *be_unbuf;
+ struct pollfd p[2];
+
+ cl_11 = be_11 = 0;
+
+ memset(p, 0, sizeof(p));
+ BIO_get_fd(cl, &p[0].fd);
+ p[0].events = POLLIN | POLLPRI;
+ BIO_get_fd(be, &p[1].fd);
+ p[1].events = POLLIN | POLLPRI;
+
+ while (BIO_pending(cl) || BIO_pending(be) || poll(p, 2, cur_backend->ws_to * 1000) > 0) {
+
+ /*
+ * first read whatever is already in the input buffer
+ */
+ while(BIO_pending(cl)) {
+ if(BIO_read(cl, &one, 1) != 1) {
+ logmsg(LOG_NOTICE, "(%lx) error read ws request pending: %s",
+ pthread_self(), strerror(errno));
+ clean_all();
+ return;
+ }
+ if(BIO_write(be, &one, 1) != 1) {
+ if(errno)
+ logmsg(LOG_NOTICE, "(%lx) error write ws request pending: %s",
+ pthread_self(), strerror(errno));
+ clean_all();
+ return;
+ }
+ }
+ BIO_flush(be);
+
+ while(BIO_pending(be)) {
+ if(BIO_read(be, &one, 1) != 1) {
+ logmsg(LOG_NOTICE, "(%lx) error read ws response pending: %s",
+ pthread_self(), strerror(errno));
+ clean_all();
+ return;
+ }
+ if(BIO_write(cl, &one, 1) != 1) {
+ if(errno)
+ logmsg(LOG_NOTICE, "(%lx) error write ws response pending: %s",
+ pthread_self(), strerror(errno));
+ clean_all();
+ return;
+ }
+ res_bytes++;
+ }
+ BIO_flush(cl);
+
+ /*
+ * find the socket BIO in the chain
+ */
+ if ((cl_unbuf = BIO_find_type(cl, lstn->ctx? BIO_TYPE_SSL : BIO_TYPE_SOCKET)) == NULL) {
+ logmsg(LOG_WARNING, "(%lx) error get unbuffered: %s", pthread_self(), strerror(errno));
+ clean_all();
+ return;
+ }
+ if((be_unbuf = BIO_find_type(be, cur_backend->ctx? BIO_TYPE_SSL : BIO_TYPE_SOCKET)) == NULL) {
+ logmsg(LOG_WARNING, "(%lx) error get unbuffered: %s", pthread_self(), strerror(errno));
+ clean_all();
+ return;
+ }
+
+ /*
+ * copy till EOF
+ */
+ if(p[0].revents) {
+ res = BIO_read(cl_unbuf, buf, MAXBUF);
+ if(res <= 0) {
+ break;
+ }
+ if(BIO_write(be, buf, res) != res) {
+ if(errno)
+ logmsg(LOG_NOTICE, "(%lx) error copy ws request body: %s",
+ pthread_self(), strerror(errno));
+ clean_all();
+ return;
+ } else {
+ BIO_flush(be);
+ }
+ p[0].revents = 0;
+ }
+ if(p[1].revents) {
+ res = BIO_read(be_unbuf, buf, MAXBUF);
+ if(res <= 0) {
+ break;
+ }
+ if(BIO_write(cl, buf, res) != res) {
+ if(errno)
+ logmsg(LOG_NOTICE, "(%lx) error copy ws response body: %s",
+ pthread_self(), strerror(errno));
+ clean_all();
+ return;
+ } else {
+ res_bytes += res;
+ BIO_flush(cl);
+ }
+ p[1].revents = 0;
+ }
+ }
}
}
end_req = cur_time();
diff -Nur Pound-2.8.orig/pound.8 Pound-2.8/pound.8
--- Pound-2.8.orig/pound.8 2018-05-11 12:16:05.000000000 +0200
+++ Pound-2.8/pound.8 2018-07-30 14:10:01.693667854 +0200
@@ -289,6 +289,13 @@
.B TimeOut
value. This value can be overridden for specific back-ends.
.TP
+\fBWSTimeOut\fR value
+How long should
+.B Pound
+wait for data from either back-end or client in a connection upgraded to
+a WebSocket (in seconds). Default: 600 seconds.
+This value can be overridden for specific back-ends.
+.TP
\fBGrace\fR value
How long should
.B Pound
@@ -762,6 +769,11 @@
.I ConnTO
value.
.TP
+\fBWSTimeOut\fR val
+Override the global
+.I WSTimeOut
+value.
+.TP
\fBHAport\fR [ address ] port
A port (and optional address) to be used for server function checks. See below
the "High Availability" section for a more detailed discussion. By default
diff -Nur Pound-2.8.orig/pound.c Pound-2.8/pound.c
--- Pound-2.8.orig/pound.c 2018-05-11 12:16:05.000000000 +0200
+++ Pound-2.8/pound.c 2018-07-30 14:10:01.693667854 +0200
@@ -47,6 +47,7 @@
LISTENER *listeners; /* all available listeners */
regex_t HEADER, /* Allowed header */
+ CONN_UPGRD, /* upgrade in connection header */
CHUNK_HEAD, /* chunk header line */
RESP_SKIP, /* responses for which we skip response */
RESP_IGN, /* responses for which we ignore content */
@@ -287,6 +288,7 @@
/* prepare regular expressions */
if(regcomp(&HEADER, "^([a-z0-9!#$%&'*+.^_`|~-]+):[ \t]*(.*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
+ || regcomp(&CONN_UPGRD, "(^|[ \t,])upgrade([ \t,]|$)", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&CHUNK_HEAD, "^([0-9a-f]+).*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&RESP_SKIP, "^HTTP/1.1 100.*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
|| regcomp(&RESP_IGN, "^HTTP/1.[01] (10[1-9]|1[1-9][0-9]|204|30[456]).*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED)
diff -Nur Pound-2.8.orig/pound.h Pound-2.8/pound.h
--- Pound-2.8.orig/pound.h 2018-05-11 12:16:05.000000000 +0200
+++ Pound-2.8/pound.h 2018-07-30 14:10:01.697667855 +0200
@@ -276,6 +276,7 @@
control_sock; /* control socket */
extern regex_t HEADER, /* Allowed header */
+ CONN_UPGRD, /* upgrade in connection header */
CHUNK_HEAD, /* chunk header line */
RESP_SKIP, /* responses for which we skip response */
RESP_IGN, /* responses for which we ignore content */
@@ -319,6 +320,7 @@
int priority; /* priority */
int to; /* read/write time-out */
int conn_to; /* connection time-out */
+ int ws_to; /* websocket time-out */
struct addrinfo ha_addr; /* HA address/port */
char *url; /* for redirectors */
int redir_req; /* the redirect should include the request path */
@@ -440,6 +442,7 @@
#define HEADER_URI 9
#define HEADER_DESTINATION 10
#define HEADER_EXPECT 11
+#define HEADER_UPGRADE 13
/* control request stuff */
typedef enum {
diff -Nur Pound-2.8.orig/svc.c Pound-2.8/svc.c
--- Pound-2.8.orig/svc.c 2018-05-11 12:16:05.000000000 +0200
+++ Pound-2.8/svc.c 2018-07-30 14:10:01.697667855 +0200
@@ -395,6 +395,7 @@
{ "User-agent", 10, HEADER_USER_AGENT },
{ "Destination", 11, HEADER_DESTINATION },
{ "Expect", 6, HEADER_EXPECT },
+ { "Upgrade", 7, HEADER_UPGRADE },
{ "", 0, HEADER_OTHER },
};
int i;

7
www/pound/pkg-plist Normal file
View File

@ -0,0 +1,7 @@
bin/poundctl
@sample etc/pound.cfg.sample
man/man5/poundctl.tmpl.5.gz
man/man8/pound.8.gz
man/man8/poundctl.8.gz
sbin/pound
%%DATADIR%%/poundctl.tmpl