From nobody Fri Feb 24 11:43:13 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PNSh16yCKz3t8Sm; Fri, 24 Feb 2023 11:43:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PNSh16fkgz3tW6; Fri, 24 Feb 2023 11:43:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677238993; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/27JVwPQnCXQs1tCRBA7i6f2GDO3+hOAmoNAYkliVSg=; b=P/sx+d00CVErv4CqEjdRdnlDB6HpoOL9cteluiamVxqlRaS4gF5wrpLJHSRDYcq7GTKko6 RbZkhQudSmmNeZxExeSAQN7C0NurK08tciWHoy+d8KXunOvoQVgzk/IbOa6FonoWia/joF FRhmEASRfkHtFtS7z11ArxbxXZwYwHhv6Ku7zbylfjOMsHMuIEVNWyqx68k6GvNA1lqS8v yLJ7pZthRoc4LAf/h9tQsQh84UTib2FTukaB8yhTW23LJPhQ4qpJ6exoXAyjB0xxHaUv/N ezTIcewS4wvZeKHqvCP+2LeNTG2UFdBlUjUFBp//yPWR0ZCrotSlwz+65Xt1JQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1677238993; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=/27JVwPQnCXQs1tCRBA7i6f2GDO3+hOAmoNAYkliVSg=; b=QXM0hfsJxBZkh+XkZozG3QqCLcbCUEo1gSwYbfPibytjv7f2snGhuS6gzOb1VKONop5Uz8 2+/q2W3OlDekIkmi5Ph1rpA01QLt4VLL7S3fcd0QqKBz1EUro562E7i4pECUTAx6zEypye rf9alBVcUqS9HOy7Q0BVsy9M4AoV7nvNd3cdLoeFq0rzkNKNKoqoOP676eByWPyYsSURp+ R7rhR84lh6tol+BmDhu8xDjVyqRbnoDG/Tl8ra0c8LnXTwc/UexcKEAKlU97jRzu66G9Vh HvrAgZsMnFvRKbGwStcldxe/PwLiwX55FfSMhVvFnDa/53NdFbauZ976+s0RWg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1677238993; a=rsa-sha256; cv=none; b=A7On71MGbbx/R9rm7WH+VqsIvRuHFE1KFFV0qdRQl45guU9ofx+qKBLyOkvmeXGTKHA1qW hsXr20yvgXt0JkISeay3fW9vTU+KuisjTLg5CN4NQwefO0kpS9kZyXTyB57EzZgO6VfVyt JPrEKVnMGS1NycyNysIatZX2hbMJHBZqfZk+lRWREfdrTxoExszBlDxTcXu9fGqJSPDlJT IpvkJQOxr+gj8RHaSmV8qYg5p7xWlkreWCfBzZtuM9RIIP6kMmlyctYkv/FpBSXW+RfotR XHG/HSkF4tXKIvceUqzmH7fEo4sMGmXX6Dya7Swf3unp9+Xur8e89RHTIgC15w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PNSh15h6TzMbH; Fri, 24 Feb 2023 11:43:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 31OBhDOs005573; Fri, 24 Feb 2023 11:43:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 31OBhD8P005572; Fri, 24 Feb 2023 11:43:13 GMT (envelope-from git) Date: Fri, 24 Feb 2023 11:43:13 GMT Message-Id: <202302241143.31OBhD8P005572@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Alexey Dokuchaev Subject: git: 8b4e85ebc559 - main - www/pound: the port had been updated to version 4.5 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: danfe X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 8b4e85ebc5594d6bf004481d10b4aefc315891bb Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by danfe: URL: https://cgit.FreeBSD.org/ports/commit/?id=8b4e85ebc5594d6bf004481d10b4aefc315891bb commit 8b4e85ebc5594d6bf004481d10b4aefc315891bb Author: Alexey Dokuchaev AuthorDate: 2023-02-24 11:41:42 +0000 Commit: Alexey Dokuchaev CommitDate: 2023-02-24 11:41:42 +0000 www/pound: the port had been updated to version 4.5 Apsis GmbH, original upstream, had stopped the development and welcomed Sergey Poznyakoff to pick up and further maintain the project, which is now hosted on GitHub. Drop no longer useful patches, adjust LICENSE, convert package list to static pkg-plist, and hook the tests to our framework. Requested by: maintainer --- www/pound/Makefile | 33 +-- www/pound/distinfo | 6 +- .../0001-Add-MKCALENDAR-to-xHTTP-2-and-above.patch | 39 --- .../0002-add-support-openssl1.1-dhparam.patch | 54 ---- .../a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch | 323 -------------------- .../c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c.patch | 41 --- www/pound/files/patch-Makefile.in | 18 -- www/pound/files/patch-svc.c | 29 -- www/pound/files/pound-2.8-fallback_scsv.diff | 12 - www/pound/files/pound-2.8-websocket.diff | 328 --------------------- www/pound/pkg-plist | 7 + 11 files changed, 20 insertions(+), 870 deletions(-) diff --git a/www/pound/Makefile b/www/pound/Makefile index 253ef4fb58c6..711267f99066 100644 --- a/www/pound/Makefile +++ b/www/pound/Makefile @@ -1,40 +1,27 @@ PORTNAME= pound -PORTVERSION= 2.8 +PORTVERSION= 4.5 +DISTVERSIONPREFIX= v CATEGORIES= www net -MASTER_SITES= http://www.apsis.ch/pound/ \ - ftp://ftp.nuug.no/pub/anders/distfiles/ -DISTNAME= Pound-${PORTVERSION} - -EXTRA_PATCHES= \ - ${FILESDIR}/0001-Add-MKCALENDAR-to-xHTTP-2-and-above.patch:-p1 \ - ${FILESDIR}/0002-add-support-openssl1.1-dhparam.patch:-p1 \ - ${FILESDIR}/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c.patch:-p1 \ - ${FILESDIR}/pound-2.8-websocket.diff:-p1 \ - ${FILESDIR}/pound-2.8-fallback_scsv.diff:-p0 \ - ${FILESDIR}/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch:-p1 MAINTAINER= zeus@gnu.org.ua COMMENT= HTTP/HTTPS reverse-proxy and load-balancer -WWW= https://www.apsis.ch/pound.html +WWW= https://github.com/graygnuorg/pound -LICENSE= GPLv3 -LICENSE_FILE= ${WRKSRC}/GPL.txt +LICENSE= GPLv3+ -USES= cpe tar:tgz ssl +USES= autoreconf cpe gmake ssl CPE_VENDOR= apsis GNU_CONFIGURE= yes CONFIGURE_ARGS= --disable-tcmalloc --disable-hoard +USE_GITHUB= yes +GH_ACCOUNT= graygnuorg USE_RC_SUBR= ${PORTNAME} +TEST_TARGET= check SUB_FILES= ${PORTNAME}.cfg SUB_LIST= NAME=${PORTNAME} -PLIST_FILES= @sample\ etc/pound.cfg.sample \ - sbin/pound \ - sbin/poundctl \ - man/man8/pound.8.gz \ - man/man8/poundctl.8.gz -PORTDOCS= README FAQ CHANGELOG +PORTDOCS= AUTHORS ChangeLog.apsis NEWS README.md THANKS OPTIONS_DEFINE= DOCS DSAPARAM PCRE OPTIONS_DEFAULT=PCRE @@ -46,7 +33,7 @@ PCRE_CONFIGURE_ENABLE= pcreposix post-patch-DSAPARAM-on: @${REINPLACE_CMD} -e '/openssl dhparam/s,-5,-dsaparam,' \ - ${WRKSRC}/Makefile.in + ${WRKSRC}/src/Makefile.am post-install: ${INSTALL_DATA} ${WRKDIR}/${PORTNAME}.cfg \ diff --git a/www/pound/distinfo b/www/pound/distinfo index e7daeb0f36e7..541bc03d864e 100644 --- a/www/pound/distinfo +++ b/www/pound/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1526033851 -SHA256 (Pound-2.8.tgz) = a7fd8690de0fd390615e79fd0f4bfd56a544b8ef97dd6659c07ecd3207480c25 -SIZE (Pound-2.8.tgz) = 186124 +TIMESTAMP = 1676192195 +SHA256 (graygnuorg-pound-v4.5_GH0.tar.gz) = 22933ce99d36eb7020700aecc397d9ceaee184c4d438939509fa2ca88adf7f07 +SIZE (graygnuorg-pound-v4.5_GH0.tar.gz) = 186846 diff --git a/www/pound/files/0001-Add-MKCALENDAR-to-xHTTP-2-and-above.patch b/www/pound/files/0001-Add-MKCALENDAR-to-xHTTP-2-and-above.patch deleted file mode 100644 index cb2b880c2cf5..000000000000 --- a/www/pound/files/0001-Add-MKCALENDAR-to-xHTTP-2-and-above.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Brett Parker -Date: Sat, 30 Jul 2016 21:47:14 +0100 -Subject: Add MKCALENDAR to xHTTP 2 and above - ---- - config.c | 6 +++--- - pound.8 | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/config.c b/config.c -index de1e163..68e2d2f 100644 ---- a/config.c -+++ b/config.c -@@ -87,9 +87,9 @@ static regmatch_t matches[5]; - static char *xhttp[] = { - "^(GET|POST|HEAD) ([^ ]+) HTTP/1.[01]$", - "^(GET|POST|HEAD|PUT|PATCH|DELETE) ([^ ]+) HTTP/1.[01]$", -- "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT) ([^ ]+) HTTP/1.[01]$", -- "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT) ([^ ]+) HTTP/1.[01]$", -- "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", -+ "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|MKCALENDAR) ([^ ]+) HTTP/1.[01]$", -+ "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|MKCALENDAR|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT) ([^ ]+) HTTP/1.[01]$", -+ "^(GET|POST|HEAD|PUT|PATCH|DELETE|LOCK|UNLOCK|PROPFIND|PROPPATCH|SEARCH|MKCOL|MOVE|COPY|OPTIONS|TRACE|MKACTIVITY|CHECKOUT|MERGE|REPORT|MKCALENDAR|SUBSCRIBE|UNSUBSCRIBE|BPROPPATCH|POLL|BMOVE|BCOPY|BDELETE|BPROPFIND|NOTIFY|CONNECT|RPC_IN_DATA|RPC_OUT_DATA) ([^ ]+) HTTP/1.[01]$", - }; - - static int log_level = 1; -diff --git a/pound.8 b/pound.8 -index ceddf48..235d829 100644 ---- a/pound.8 -+++ b/pound.8 -@@ -368,7 +368,7 @@ additionally allow extended HTTP requests (PUT, PATCH, DELETE). - .I 2 - additionally allow standard WebDAV verbs (LOCK, UNLOCK, PROPFIND, - PROPPATCH, SEARCH, MKCOL, MOVE, COPY, OPTIONS, TRACE, MKACTIVITY, --CHECKOUT, MERGE, REPORT). -+CHECKOUT, MERGE, REPORT, MKCALENDAR). - .IP - .I 3 - additionally allow MS extensions WebDAV verbs (SUBSCRIBE, UNSUBSCRIBE, diff --git a/www/pound/files/0002-add-support-openssl1.1-dhparam.patch b/www/pound/files/0002-add-support-openssl1.1-dhparam.patch deleted file mode 100644 index 8edd3436dc34..000000000000 --- a/www/pound/files/0002-add-support-openssl1.1-dhparam.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Sun, 19 Feb 2017 14:34:38 +0100 -Subject: [PATCH] pound: Add support for openssl 1.1 - -This patch adds support for "openssl dhparam -C" created header files where -openssl binary itself is 1.1 but the code using the file is linked against -1.0.2. -This will not let the pound as compile against openssl 1.1. - -Signed-off-by: Sebastian Andrzej Siewior ---- - svc.c | 31 +++++++++++++++++++++++++++++++ - 1 file changed, 31 insertions(+) - ---- a/svc.c -+++ b/svc.c -@@ -1448,6 +1448,37 @@ do_RSAgen(void) - return; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000 -+static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. q may remain NULL. -+ */ -+ if ((dh->p == NULL && p == NULL) -+ || (dh->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(dh->p); -+ dh->p = p; -+ } -+ if (q != NULL) { -+ BN_free(dh->q); -+ dh->q = q; -+ } -+ if (g != NULL) { -+ BN_free(dh->g); -+ dh->g = g; -+ } -+ -+ if (q != NULL) { -+ dh->length = BN_num_bits(q); -+ } -+ -+ return 1; -+} -+#endif -+ - #include "dh512.h" - - #if DH_LEN == 1024 diff --git a/www/pound/files/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch b/www/pound/files/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch deleted file mode 100644 index ad85913e8ae4..000000000000 --- a/www/pound/files/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch +++ /dev/null @@ -1,323 +0,0 @@ -From a2c9dde4d055ea8942afb150b7fc3a807d4e5d60 Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Wed, 28 Feb 2018 13:44:01 +0000 -Subject: [PATCH] Support for Openssl 1.1 - ---- - config.c | 17 +++++++-- - http.c | 12 ++++++- - pound.h | 4 ++- - svc.c | 101 +++++++++++++++++++++++++++++++++++++++++++---------- - 5 files changed, 125 insertions(+), 24 deletions(-) - create mode 100644 .gitignore - -diff --git a/config.c b/config.c -index d41a3ee..e8fec0f 100644 ---- a/config.c -+++ b/config.c -@@ -174,6 +174,16 @@ conf_fgets(char *buf, const int max) - } - } - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+# define general_name_string(n) \ -+ strndup(ASN1_STRING_get0_data(n->d.dNSName), \ -+ ASN1_STRING_length(n->d.dNSName) + 1) -+#else -+# define general_name_string(n) \ -+ strndup(ASN1_STRING_data(n->d.dNSName), \ -+ ASN1_STRING_length(n->d.dNSName) + 1) -+#endif -+ - unsigned char ** - get_subjectaltnames(X509 *x509, unsigned int *count) - { -@@ -194,8 +204,7 @@ get_subjectaltnames(X509 *x509, unsigned int *count) - name = sk_GENERAL_NAME_pop(san_stack); - switch(name->type) { - case GEN_DNS: -- temp[local_count] = strndup(ASN1_STRING_data(name->d.dNSName), ASN1_STRING_length(name->d.dNSName) -- + 1); -+ temp[local_count] = general_name_string(name); - if(temp[local_count] == NULL) - conf_err("out of memory"); - local_count++; -@@ -565,7 +574,9 @@ parse_service(const char *svc_name) - pthread_mutex_init(&res->mut, NULL); - if(svc_name) - strncpy(res->name, svc_name, KEY_SIZE); --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ if((res->sessions = lh_TABNODE_new(t_hash, t_cmp)) == NULL) -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - if((res->sessions = LHM_lh_new(TABNODE, t)) == NULL) - #else - if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL) -diff --git a/http.c b/http.c -index dd211e4..c8e756a 100644 ---- a/http.c -+++ b/http.c -@@ -527,12 +527,22 @@ log_bytes(char *res, const LONG cnt) - - /* Cleanup code. This should really be in the pthread_cleanup_push, except for bugs in some implementations */ - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+# define clear_error() -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L -+# define clear_error() \ -+ if(ssl != NULL) { ERR_clear_error(); ERR_remove_thread_state(NULL); } -+#else -+# define clear_error() \ -+ if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); } -+#endif -+ - #define clean_all() { \ - if(ssl != NULL) { BIO_ssl_shutdown(cl); } \ - if(be != NULL) { BIO_flush(be); BIO_reset(be); BIO_free_all(be); be = NULL; } \ - if(cl != NULL) { BIO_flush(cl); BIO_reset(cl); BIO_free_all(cl); cl = NULL; } \ - if(x509 != NULL) { X509_free(x509); x509 = NULL; } \ -- if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); } \ -+ clear_error(); \ - } - - /* -diff --git a/pound.h b/pound.h -index fa22c36..9603b91 100644 ---- a/pound.h -+++ b/pound.h -@@ -344,7 +344,9 @@ typedef struct _tn { - /* maximal session key size */ - #define KEY_SIZE 127 - --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ DEFINE_LHASH_OF(TABNODE); -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - DECLARE_LHASH_OF(TABNODE); - #endif - -diff --git a/svc.c b/svc.c -index 60ba488..063b92c 100644 ---- a/svc.c -+++ b/svc.c -@@ -27,10 +27,17 @@ - - #include "pound.h" - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+# define TABNODE_GET_DOWN_LOAD(t) lh_TABNODE_get_down_load(t) -+# define TABNODE_SET_DOWN_LOAD(t,n) lh_TABNODE_set_down_load(t,n) -+#else - #ifndef LHASH_OF - #define LHASH_OF(x) LHASH - #define CHECKED_LHASH_OF(type, h) h - #endif -+# define TABNODE_GET_DOWN_LOAD(t) (CHECKED_LHASH_OF(TABNODE, t)->down_load) -+# define TABNODE_SET_DOWN_LOAD(t,n) (CHECKED_LHASH_OF(TABNODE, t)->down_load = n) -+#endif - - /* - * Add a new key/content pair to a hash table -@@ -58,7 +65,9 @@ t_add(LHASH_OF(TABNODE) *const tab, const char *key, const void *content, const - } - memcpy(t->content, content, cont_len); - t->last_acc = time(NULL); --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ if((old = lh_TABNODE_insert(tab, t)) != NULL) { -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - if((old = LHM_lh_insert(TABNODE, tab, t)) != NULL) { - #else - if((old = (TABNODE *)lh_insert(tab, t)) != NULL) { -@@ -82,7 +91,9 @@ t_find(LHASH_OF(TABNODE) *const tab, char *const key) - TABNODE t, *res; - - t.key = key; --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ if((res = lh_TABNODE_retrieve(tab, &t)) != NULL) { -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - if((res = (TABNODE *)LHM_lh_retrieve(TABNODE, tab, &t)) != NULL) { - #else - if((res = (TABNODE *)lh_retrieve(tab, &t)) != NULL) { -@@ -102,7 +113,9 @@ t_remove(LHASH_OF(TABNODE) *const tab, char *const key) - TABNODE t, *res; - - t.key = key; --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ if((res = lh_TABNODE_delete(tab, &t)) != NULL) { -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - if((res = LHM_lh_delete(TABNODE, tab, &t)) != NULL) { - #else - if((res = (TABNODE *)lh_delete(tab, &t)) != NULL) { -@@ -127,7 +140,9 @@ t_old_doall_arg(TABNODE *t, ALL_ARG *a) - TABNODE *res; - - if(t->last_acc < a->lim) --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ if((res = lh_TABNODE_delete(a->tab, t)) != NULL) { -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - if((res = LHM_lh_delete(TABNODE, a->tab, t)) != NULL) { - #else - if((res = lh_delete(a->tab, t)) != NULL) { -@@ -145,6 +160,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABNODE, ALL_ARG) - IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABNODE *, ALL_ARG *) - #endif - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+IMPLEMENT_LHASH_DOALL_ARG(TABNODE,ALL_ARG); -+#endif -+ - /* - * Expire all old nodes - */ -@@ -156,14 +175,16 @@ t_expire(LHASH_OF(TABNODE) *const tab, const time_t lim) - - a.tab = tab; - a.lim = lim; -- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load; -- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0; --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+ down_load = TABNODE_GET_DOWN_LOAD(tab); -+ TABNODE_SET_DOWN_LOAD(tab, 0); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ lh_TABNODE_doall_ALL_ARG(tab, t_old_doall_arg, &a); -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_old), ALL_ARG, &a); - #else - lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_old), &a); - #endif -- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load; -+ TABNODE_SET_DOWN_LOAD(tab, down_load); - return; - } - -@@ -173,7 +194,9 @@ t_cont_doall_arg(TABNODE *t, ALL_ARG *arg) - TABNODE *res; - - if(memcmp(t->content, arg->content, arg->cont_len) == 0) --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ if((res = lh_TABNODE_delete(arg->tab, t)) != NULL) { -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - if((res = LHM_lh_delete(TABNODE, arg->tab, t)) != NULL) { - #else - if((res = lh_delete(arg->tab, t)) != NULL) { -@@ -203,15 +226,16 @@ t_clean(LHASH_OF(TABNODE) *const tab, void *const content, const size_t cont_len - a.tab = tab; - a.content = content; - a.cont_len = cont_len; -- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load; -- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0; --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+ down_load = TABNODE_GET_DOWN_LOAD(tab); -+ TABNODE_SET_DOWN_LOAD(tab, 0); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ lh_TABNODE_doall_ALL_ARG(tab, t_cont_doall_arg, &a); -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_cont), ALL_ARG, &a); - #else - lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_cont), &a); - #endif -- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load; -- return; -+ TABNODE_SET_DOWN_LOAD(tab, down_load); - } - - /* -@@ -1262,6 +1286,31 @@ RSA_tmp_callback(/* not used */SSL *ssl, /* not used */int is_export, int keylen - return res; - } - -+static int -+generate_key(RSA **ret_rsa, unsigned long bits) -+{ -+#if OPENSSL_VERSION_NUMBER > 0x00908000L -+ int rc = 0; -+ RSA *rsa; -+ -+ rsa = RSA_new(); -+ if (rsa) { -+ BIGNUM *bne = BN_new(); -+ if (BN_set_word(bne, RSA_F4)) -+ rc = RSA_generate_key_ex(rsa, bits, bne, NULL); -+ BN_free(bne); -+ if (rc) -+ *ret_rsa = rsa; -+ else -+ RSA_free(rsa); -+ } -+ return rc; -+#else -+ *ret_rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL); -+ return *ret_rsa != NULL; -+#endif -+} -+ - /* - * Periodically regenerate ephemeral RSA keys - * runs every T_RSA_KEYS seconds -@@ -1274,8 +1323,9 @@ do_RSAgen(void) - RSA *t_RSA1024_keys[N_RSA_KEYS]; - - for(n = 0; n < N_RSA_KEYS; n++) { -- t_RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL); -- t_RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL); -+ /* FIXME: Error handling */ -+ generate_key(&t_RSA512_keys[n], 512); -+ generate_key(&t_RSA1024_keys[n], 1024); - } - if(ret_val = pthread_mutex_lock(&RSA_mut)) - logmsg(LOG_WARNING, "thr_RSAgen() lock: %s", strerror(ret_val)); -@@ -1329,11 +1379,11 @@ init_timer(void) - * Pre-generate ephemeral RSA keys - */ - for(n = 0; n < N_RSA_KEYS; n++) { -- if((RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) { -+ if(!generate_key(&RSA512_keys[n], 512)) { - logmsg(LOG_WARNING,"RSA_generate(%d, 512) failed", n); - return; - } -- if((RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL)) == NULL) { -+ if(!generate_key(&RSA1024_keys[n], 1024)) { - logmsg(LOG_WARNING,"RSA_generate(%d, 1024) failed", n); - return; - } -@@ -1420,6 +1470,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE, DUMP_ARG) - IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE *, DUMP_ARG *) - #endif - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+IMPLEMENT_LHASH_DOALL_ARG(TABNODE,DUMP_ARG); -+#endif -+ - /* - * write sessions to the control socket - */ -@@ -1430,7 +1484,9 @@ dump_sess(const int control_sock, LHASH_OF(TABNODE) *const sess, BACKEND *const - - a.control_sock = control_sock; - a.backends = backends; --#if OPENSSL_VERSION_NUMBER >= 0x10000000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ lh_TABNODE_doall_DUMP_ARG(sess, t_dump_doall_arg, &a); -+#elif OPENSSL_VERSION_NUMBER >= 0x10000000L - LHM_lh_doall_arg(TABNODE, sess, LHASH_DOALL_ARG_FN(t_dump), DUMP_ARG, &a); - #else - lh_doall_arg(sess, LHASH_DOALL_ARG_FN(t_dump), &a); -@@ -1664,6 +1720,13 @@ thr_control(void *arg) - } - } - -+#ifndef SSL3_ST_SR_CLNT_HELLO_A -+# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) -+#endif -+#ifndef SSL23_ST_SR_CLNT_HELLO_A -+# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) -+#endif -+ - void - SSLINFO_callback(const SSL *ssl, int where, int rc) - { diff --git a/www/pound/files/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c.patch b/www/pound/files/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c.patch deleted file mode 100644 index 366c82e0270d..000000000000 --- a/www/pound/files/c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c.patch +++ /dev/null @@ -1,41 +0,0 @@ -From c5a95780e2233a05ab3fb8b4eb8a9550f0c3b53c Mon Sep 17 00:00:00 2001 -From: Sergey Poznyakoff -Date: Mon, 19 Mar 2018 18:11:59 +0200 -Subject: [PATCH] Bugfix - -* http.c: Stop if BIO_read returns <= 0 ---- - http.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/http.c b/http.c -index 496a84e..c461489 100644 ---- a/http.c -+++ b/http.c -@@ -142,7 +142,7 @@ get_line(BIO *const in, char *const buf, const int bufsize) - if(tmp != '\n') { - /* we have CR not followed by NL */ - do { -- if(BIO_read(in, &tmp, 1) < 0) -+ if(BIO_read(in, &tmp, 1) <= 0) - return 1; - } while(tmp != '\n'); - return 1; -@@ -169,7 +169,7 @@ get_line(BIO *const in, char *const buf, const int bufsize) - - /* all other control characters cause an error */ - do { -- if(BIO_read(in, &tmp, 1) < 0) -+ if(BIO_read(in, &tmp, 1) <= 0) - return 1; - } while(tmp != '\n'); - return 1; -@@ -177,7 +177,7 @@ get_line(BIO *const in, char *const buf, const int bufsize) - - /* line too long */ - do { -- if(BIO_read(in, &tmp, 1) < 0) -+ if(BIO_read(in, &tmp, 1) <= 0) - return 1; - } while(tmp != '\n'); - return 1; diff --git a/www/pound/files/patch-Makefile.in b/www/pound/files/patch-Makefile.in deleted file mode 100644 index 4a0fc420b138..000000000000 --- a/www/pound/files/patch-Makefile.in +++ /dev/null @@ -1,18 +0,0 @@ ---- Makefile.in.orig 2018-05-11 10:16:05 UTC -+++ Makefile.in -@@ -58,11 +58,11 @@ $(OBJS) poundctl.o: pound.h config.h - - install: all - @INSTALL@ -d ${DESTDIR}@sbindir@ -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 pound ${DESTDIR}@sbindir@/pound -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 poundctl ${DESTDIR}@sbindir@/poundctl -+ @INSTALL@ -p -m 755 pound ${DESTDIR}@sbindir@/pound -+ @INSTALL@ -p -m 755 poundctl ${DESTDIR}@sbindir@/poundctl - @INSTALL@ -d ${DESTDIR}@mandir@/man8 -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 -+ @INSTALL@ -p -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 -+ @INSTALL@ -p -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 - - clean: - rm -f pound $(OBJS) poundctl poundctl.o diff --git a/www/pound/files/patch-svc.c b/www/pound/files/patch-svc.c deleted file mode 100644 index 876e5fd9e640..000000000000 --- a/www/pound/files/patch-svc.c +++ /dev/null @@ -1,29 +0,0 @@ ---- svc.c.orig 2018-05-11 10:16:05 UTC -+++ svc.c -@@ -273,6 +273,7 @@ addr2str(char *const res, const int res_len, const str - char buf[MAXBUF]; - int port; - void *src; -+ char *p = buf; - - memset(res, 0, res_len); - #ifdef HAVE_INET_NTOP -@@ -298,10 +299,15 @@ addr2str(char *const res, const int res_len, const str - port = 0; - break; - } -- if(no_port) -- snprintf(res, res_len, "%s", buf); -+ // Strip off the IPv6 prefix -+ if (strncmp(buf, "::ffff:", 7) == 0) -+ { -+ p = buf + 7; -+ } -+ if (no_port) -+ snprintf(res, res_len, "%s", p); - else -- snprintf(res, res_len, "%s:%d", buf, port); -+ snprintf(res, res_len, "%s:%d", p, port); - #else - #error "Pound needs inet_ntop()" - #endif diff --git a/www/pound/files/pound-2.8-fallback_scsv.diff b/www/pound/files/pound-2.8-fallback_scsv.diff deleted file mode 100644 index b3e27f66d0b9..000000000000 --- a/www/pound/files/pound-2.8-fallback_scsv.diff +++ /dev/null @@ -1,12 +0,0 @@ ---- config.c.orig 2018-05-11 12:16:05.000000000 +0200 -+++ config.c 2018-12-22 23:19:53.912203188 +0100 -@@ -347,9 +347,6 @@ - SSL_CTX_set_app_data(res->ctx, res); - SSL_CTX_set_verify(res->ctx, SSL_VERIFY_NONE, NULL); - SSL_CTX_set_mode(res->ctx, SSL_MODE_AUTO_RETRY); --#ifdef SSL_MODE_SEND_FALLBACK_SCSV -- SSL_CTX_set_mode(res->ctx, SSL_MODE_SEND_FALLBACK_SCSV); --#endif - SSL_CTX_set_options(res->ctx, SSL_OP_ALL); - #ifdef SSL_OP_NO_COMPRESSION - SSL_CTX_set_options(res->ctx, SSL_OP_NO_COMPRESSION); diff --git a/www/pound/files/pound-2.8-websocket.diff b/www/pound/files/pound-2.8-websocket.diff deleted file mode 100644 index 5d5ddfd537b1..000000000000 --- a/www/pound/files/pound-2.8-websocket.diff +++ /dev/null @@ -1,328 +0,0 @@ -diff -Nur Pound-2.8.orig/config.c Pound-2.8/config.c ---- Pound-2.8.orig/config.c 2018-05-11 12:16:05.000000000 +0200 -+++ Pound-2.8/config.c 2018-07-30 14:10:01.693667854 +0200 -@@ -77,7 +77,7 @@ - static regex_t ListenHTTP, ListenHTTPS, End, Address, Port, Cert, xHTTP, Client, CheckURL; - static regex_t Err414, Err500, Err501, Err503, MaxRequest, HeadRemove, RewriteLocation, RewriteDestination; - static regex_t Service, ServiceName, URL, HeadRequire, HeadDeny, BackEnd, Emergency, Priority, HAport, HAportAddr; --static regex_t Redirect, RedirectN, TimeOut, Session, Type, TTL, ID; -+static regex_t Redirect, RedirectN, TimeOut, WSTimeOut, Session, Type, TTL, ID; - static regex_t ClientCert, AddHeader, DisableProto, SSLAllowClientRenegotiation, SSLHonorCipherOrder, Ciphers; - static regex_t CAlist, VerifyList, CRLlist, NoHTTPS11, Grace, Include, ConnTO, IgnoreCase, HTTPS; - static regex_t Disabled, Threads, CNName, Anonymise, ECDHCurve; -@@ -96,6 +96,7 @@ - static int def_facility = LOG_DAEMON; - static int clnt_to = 10; - static int be_to = 15; -+static int ws_to = 600; - static int be_connto = 15; - static int ignore_case = 0; - #if OPENSSL_VERSION_NUMBER >= 0x0090800fL -@@ -242,6 +243,7 @@ - res->addr.ai_socktype = SOCK_STREAM; - res->to = is_emergency? 120: be_to; - res->conn_to = is_emergency? 120: be_connto; -+ res->ws_to = is_emergency? 120: ws_to; - res->alive = 1; - memset(&res->addr, 0, sizeof(res->addr)); - res->priority = 5; -@@ -292,6 +294,8 @@ - res->priority = atoi(lin + matches[1].rm_so); - } else if(!regexec(&TimeOut, lin, 4, matches, 0)) { - res->to = atoi(lin + matches[1].rm_so); -+ } else if(!regexec(&WSTimeOut, lin, 4, matches, 0)) { -+ res->ws_to = atoi(lin + matches[1].rm_so); - } else if(!regexec(&ConnTO, lin, 4, matches, 0)) { - res->conn_to = atoi(lin + matches[1].rm_so); - } else if(!regexec(&HAport, lin, 4, matches, 0)) { -@@ -1340,6 +1344,8 @@ - alive_to = atoi(lin + matches[1].rm_so); - } else if(!regexec(&TimeOut, lin, 4, matches, 0)) { - be_to = atoi(lin + matches[1].rm_so); -+ } else if(!regexec(&WSTimeOut, lin, 4, matches, 0)) { -+ ws_to = atoi(lin + matches[1].rm_so); - } else if(!regexec(&ConnTO, lin, 4, matches, 0)) { - be_connto = atoi(lin + matches[1].rm_so); - } else if(!regexec(&IgnoreCase, lin, 4, matches, 0)) { -@@ -1467,6 +1473,7 @@ - || regcomp(&Emergency, "^[ \t]*Emergency[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&Priority, "^[ \t]*Priority[ \t]+([1-9])[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&TimeOut, "^[ \t]*TimeOut[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) -+ || regcomp(&WSTimeOut, "^[ \t]*WSTimeOut[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&HAport, "^[ \t]*HAport[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&HAportAddr, "^[ \t]*HAport[ \t]+([^ \t]+)[ \t]+([1-9][0-9]*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&Redirect, "^[ \t]*Redirect[ \t]+\"(.+)\"[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) -@@ -1632,6 +1639,7 @@ - regfree(&Emergency); - regfree(&Priority); - regfree(&TimeOut); -+ regfree(&WSTimeOut); - regfree(&HAport); - regfree(&HAportAddr); - regfree(&Redirect); -diff -Nur Pound-2.8.orig/http.c Pound-2.8/http.c ---- Pound-2.8.orig/http.c 2018-05-11 12:16:05.000000000 +0200 -+++ Pound-2.8/http.c 2018-07-30 14:10:01.693667854 +0200 -@@ -541,7 +541,7 @@ - void - do_http(thr_arg *arg) - { -- int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto, is_rpc; -+ int cl_11, be_11, res, chunked, n, sock, no_cont, skip, conn_closed, force_10, sock_proto, is_rpc, is_ws; - LISTENER *lstn; - SERVICE *svc; - BACKEND *backend, *cur_backend, *old_backend; -@@ -662,6 +662,7 @@ - for(cl_11 = be_11 = 0;;) { - res_bytes = L0; - is_rpc = -1; -+ is_ws = 0; - v_host[0] = referer[0] = u_agent[0] = u_name[0] = '\0'; - conn_closed = 0; - for(n = 0; n < MAXHEADERS; n++) -@@ -689,6 +690,8 @@ - is_rpc = 1; - else if(!strncasecmp(request + matches[1].rm_so, "RPC_OUT_DATA", matches[1].rm_eo - matches[1].rm_so)) - is_rpc = 0; -+ else if(!strncasecmp(request + matches[1].rm_so, "GET", matches[1].rm_eo - matches[1].rm_so)) -+ is_ws |= 0x1; - } else { - addr2str(caddr, MAXBUF - 1, &from_host, 1); - logmsg(LOG_WARNING, "(%lx) e501 bad request \"%s\" from %s", pthread_self(), request, caddr); -@@ -733,6 +736,13 @@ - case HEADER_CONNECTION: - if(!strcasecmp("close", buf)) - conn_closed = 1; -+ /* Connection: upgrade */ -+ else if(!regexec(&CONN_UPGRD, buf, 0, NULL, 0)) -+ is_ws |= 0x2; -+ break; -+ case HEADER_UPGRADE: -+ if(!strcasecmp("websocket", buf)) -+ is_ws |= 0x4; - break; - case HEADER_TRANSFER_ENCODING: - if(!strcasecmp("chunked", buf)) -@@ -1402,12 +1412,21 @@ - /* some response codes (1xx, 204, 304) have no content */ - if(!no_cont && !regexec(&RESP_IGN, response, 0, NULL, 0)) - no_cont = 1; -+ if(!strncasecmp("101", response + 9, 3)) -+ is_ws |= 0x10; - - for(chunked = 0, cont = -1L, n = 1; n < MAXHEADERS && headers[n]; n++) { - switch(check_header(headers[n], buf)) { - case HEADER_CONNECTION: - if(!strcasecmp("close", buf)) - conn_closed = 1; -+ /* Connection: upgrade */ -+ else if(!regexec(&CONN_UPGRD, buf, 0, NULL, 0)) -+ is_ws |= 0x20; -+ break; -+ case HEADER_UPGRADE: -+ if(!strcasecmp("websocket", buf)) -+ is_ws |= 0x40; - break; - case HEADER_TRANSFER_ENCODING: - if(!strcasecmp("chunked", buf)) { -@@ -1571,6 +1590,114 @@ - clean_all(); - return; - } -+ } else if(is_ws == 0x77) { -+ /* -+ * special mode for Websockets - content until EOF -+ */ -+ char one; -+ BIO *cl_unbuf; -+ BIO *be_unbuf; -+ struct pollfd p[2]; -+ -+ cl_11 = be_11 = 0; -+ -+ memset(p, 0, sizeof(p)); -+ BIO_get_fd(cl, &p[0].fd); -+ p[0].events = POLLIN | POLLPRI; -+ BIO_get_fd(be, &p[1].fd); -+ p[1].events = POLLIN | POLLPRI; -+ -+ while (BIO_pending(cl) || BIO_pending(be) || poll(p, 2, cur_backend->ws_to * 1000) > 0) { -+ -+ /* -+ * first read whatever is already in the input buffer -+ */ -+ while(BIO_pending(cl)) { -+ if(BIO_read(cl, &one, 1) != 1) { -+ logmsg(LOG_NOTICE, "(%lx) error read ws request pending: %s", -+ pthread_self(), strerror(errno)); -+ clean_all(); -+ return; -+ } -+ if(BIO_write(be, &one, 1) != 1) { -+ if(errno) -+ logmsg(LOG_NOTICE, "(%lx) error write ws request pending: %s", -+ pthread_self(), strerror(errno)); -+ clean_all(); -+ return; -+ } -+ } -+ BIO_flush(be); -+ -+ while(BIO_pending(be)) { -+ if(BIO_read(be, &one, 1) != 1) { -+ logmsg(LOG_NOTICE, "(%lx) error read ws response pending: %s", -+ pthread_self(), strerror(errno)); -+ clean_all(); -+ return; -+ } -+ if(BIO_write(cl, &one, 1) != 1) { -+ if(errno) -+ logmsg(LOG_NOTICE, "(%lx) error write ws response pending: %s", -+ pthread_self(), strerror(errno)); -+ clean_all(); -+ return; -+ } -+ res_bytes++; -+ } -+ BIO_flush(cl); -+ -+ /* -+ * find the socket BIO in the chain -+ */ -+ if ((cl_unbuf = BIO_find_type(cl, lstn->ctx? BIO_TYPE_SSL : BIO_TYPE_SOCKET)) == NULL) { -+ logmsg(LOG_WARNING, "(%lx) error get unbuffered: %s", pthread_self(), strerror(errno)); -+ clean_all(); -+ return; -+ } -+ if((be_unbuf = BIO_find_type(be, cur_backend->ctx? BIO_TYPE_SSL : BIO_TYPE_SOCKET)) == NULL) { -+ logmsg(LOG_WARNING, "(%lx) error get unbuffered: %s", pthread_self(), strerror(errno)); -+ clean_all(); -+ return; -+ } -+ -+ /* -+ * copy till EOF -+ */ -+ if(p[0].revents) { -+ res = BIO_read(cl_unbuf, buf, MAXBUF); -+ if(res <= 0) { -+ break; -+ } -+ if(BIO_write(be, buf, res) != res) { -+ if(errno) -+ logmsg(LOG_NOTICE, "(%lx) error copy ws request body: %s", -+ pthread_self(), strerror(errno)); -+ clean_all(); -+ return; -+ } else { -+ BIO_flush(be); -+ } -+ p[0].revents = 0; -+ } -+ if(p[1].revents) { -+ res = BIO_read(be_unbuf, buf, MAXBUF); -+ if(res <= 0) { -+ break; -+ } -+ if(BIO_write(cl, buf, res) != res) { -+ if(errno) -+ logmsg(LOG_NOTICE, "(%lx) error copy ws response body: %s", -+ pthread_self(), strerror(errno)); -+ clean_all(); -+ return; -+ } else { -+ res_bytes += res; -+ BIO_flush(cl); -+ } -+ p[1].revents = 0; -+ } -+ } - } - } - end_req = cur_time(); -diff -Nur Pound-2.8.orig/pound.8 Pound-2.8/pound.8 ---- Pound-2.8.orig/pound.8 2018-05-11 12:16:05.000000000 +0200 -+++ Pound-2.8/pound.8 2018-07-30 14:10:01.693667854 +0200 -@@ -289,6 +289,13 @@ - .B TimeOut - value. This value can be overridden for specific back-ends. - .TP -+\fBWSTimeOut\fR value -+How long should -+.B Pound -+wait for data from either back-end or client in a connection upgraded to -+a WebSocket (in seconds). Default: 600 seconds. -+This value can be overridden for specific back-ends. -+.TP - \fBGrace\fR value - How long should - .B Pound -@@ -762,6 +769,11 @@ - .I ConnTO - value. - .TP -+\fBWSTimeOut\fR val -+Override the global -+.I WSTimeOut -+value. -+.TP - \fBHAport\fR [ address ] port - A port (and optional address) to be used for server function checks. See below - the "High Availability" section for a more detailed discussion. By default -diff -Nur Pound-2.8.orig/pound.c Pound-2.8/pound.c ---- Pound-2.8.orig/pound.c 2018-05-11 12:16:05.000000000 +0200 -+++ Pound-2.8/pound.c 2018-07-30 14:10:01.693667854 +0200 -@@ -47,6 +47,7 @@ - LISTENER *listeners; /* all available listeners */ - - regex_t HEADER, /* Allowed header */ -+ CONN_UPGRD, /* upgrade in connection header */ - CHUNK_HEAD, /* chunk header line */ - RESP_SKIP, /* responses for which we skip response */ - RESP_IGN, /* responses for which we ignore content */ -@@ -287,6 +288,7 @@ - - /* prepare regular expressions */ - if(regcomp(&HEADER, "^([a-z0-9!#$%&'*+.^_`|~-]+):[ \t]*(.*)[ \t]*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) -+ || regcomp(&CONN_UPGRD, "(^|[ \t,])upgrade([ \t,]|$)", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&CHUNK_HEAD, "^([0-9a-f]+).*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&RESP_SKIP, "^HTTP/1.1 100.*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) - || regcomp(&RESP_IGN, "^HTTP/1.[01] (10[1-9]|1[1-9][0-9]|204|30[456]).*$", REG_ICASE | REG_NEWLINE | REG_EXTENDED) -diff -Nur Pound-2.8.orig/pound.h Pound-2.8/pound.h ---- Pound-2.8.orig/pound.h 2018-05-11 12:16:05.000000000 +0200 -+++ Pound-2.8/pound.h 2018-07-30 14:10:01.697667855 +0200 -@@ -276,6 +276,7 @@ - control_sock; /* control socket */ - - extern regex_t HEADER, /* Allowed header */ -+ CONN_UPGRD, /* upgrade in connection header */ - CHUNK_HEAD, /* chunk header line */ - RESP_SKIP, /* responses for which we skip response */ - RESP_IGN, /* responses for which we ignore content */ -@@ -319,6 +320,7 @@ - int priority; /* priority */ - int to; /* read/write time-out */ - int conn_to; /* connection time-out */ -+ int ws_to; /* websocket time-out */ - struct addrinfo ha_addr; /* HA address/port */ - char *url; /* for redirectors */ - int redir_req; /* the redirect should include the request path */ -@@ -440,6 +442,7 @@ - #define HEADER_URI 9 - #define HEADER_DESTINATION 10 - #define HEADER_EXPECT 11 -+#define HEADER_UPGRADE 13 - *** 26 LINES SKIPPED ***