From nobody Mon Sep 23 20:28:52 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XCF2F1dZJz5WSsw;
	Mon, 23 Sep 2024 20:28:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4XCF2F0jrXz4gDZ;
	Mon, 23 Sep 2024 20:28:53 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1727123333;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=YsusiAgUpaNg9TbfTP7bjTKe8ndTcwW8q0aqzpBw+mc=;
	b=iEq1JHuMSJLPMQz0hj9sLKvmTN0EXKLe2ZoJWmGz9aNtChY81vQu4D67b5rJWpUq6rtLxp
	GWTXlAgJcMcIbsqSuosLVLv3P/V/SgWJS2aBzzx8I+GxyBl3iA7TPUNbGA7Kb7rkomceZx
	PishvKJLHt/lIURREMdTlzyuL/DtZ3l/d1w4ov/dYYmMQFTKWzoSl5c59Kf6uuDEnDpt95
	bMq8YmZJvXarmpLa7QIoW1YFe2OPCxhudE8EW3ORZft6OllJ+9Bf+Ex/rxYem2jC3uPjX0
	YTqeOPI1CLQBEpYwQfJjE8us+SR1Uuh1jcp7S+AnWQHk8NngWbE3bRMQpzJY5w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1727123333; a=rsa-sha256; cv=none;
	b=W1tuPzKU6ewaOvDc/XfVU3R3Lb+ICr1mX5B9lP+wjqHAEne+5QPx00vyiX+IpUYM5hNrBD
	M5H2Op0VpHzExtsfWoFhGwC5oJs6qEl2vZUYjylYsXwPRhfVE1AWoQ5BHV5xjAdrYaPjv6
	T3v6CfGhyU3WwPASFdWbw3t4zCeBduBsPO3p1WwF18c3ylr7HKW3oE4Egctp2VY+tVYnrH
	DM9Vtv/R4md6dV5E1MJB5zMkwmlE/A0c8DHLl/ZEqL4ElNvLeRjzPt4AM7k61weOH8WYj7
	+tYnkUSDyVKQBBT+X5W4jaSn691Yz2UIeMMl45o4z8Aus/ftpwKwnfMLUCapoA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1727123333;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=YsusiAgUpaNg9TbfTP7bjTKe8ndTcwW8q0aqzpBw+mc=;
	b=BIKRI+SWAdb7TZb3Z/i0KmbSsxEkgVBU22+dhVgp8IHA/U2orI6HvxLlJEQ2bGP+a2ORpn
	4JlbN2u2Cq/eOSxou6sRQSdAaMryL/jZ6i1d4yCp1lloHG7cT9+MPmWS10oQN5/IZISL2W
	bM8KyazTKA9ATCLO9xPsF9MgB9UgV453MgDVyvrbU931YSg+Bjj2gtpTF1jJ2mPtDSwYsL
	lbZLYoWOXS/ZGtkwt+h26h9jHHlYOU0iYOwWKwAh0CWLvEmkv9MBMDj7zj2Gi28kdNrzKZ
	DG0kO5Ru5VkW7Y7dBIXuV9tIzjyyZzwUHRo459hlYZuQfs7+GS1hCQtxP5fPXA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4XCF2D6yg9z10PX;
	Mon, 23 Sep 2024 20:28:52 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48NKSqVh057534;
	Mon, 23 Sep 2024 20:28:52 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48NKSqXb057531;
	Mon, 23 Sep 2024 20:28:52 GMT
	(envelope-from git)
Date: Mon, 23 Sep 2024 20:28:52 GMT
Message-Id: <202409232028.48NKSqXb057531@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Craig Leres <leres@FreeBSD.org>
Subject: git: c390a5e48511 - main - www/pound: fix "out of memory"
  error
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: leres
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: c390a5e4851180c4a146d3db5ccf5203fd0e3c9d
Auto-Submitted: auto-generated

The branch main has been updated by leres:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c390a5e4851180c4a146d3db5ccf5203fd0e3c9d

commit c390a5e4851180c4a146d3db5ccf5203fd0e3c9d
Author:     Craig Leres <leres@FreeBSD.org>
AuthorDate: 2024-09-23 20:28:33 +0000
Commit:     Craig Leres <leres@FreeBSD.org>
CommitDate: 2024-09-23 20:28:33 +0000

    www/pound: fix "out of memory" error
    
    Apply upstream commits to fix a regression in 4.13:
    
        https://github.com/graygnuorg/pound/commit/0208af3
        Fix generation of X-SSL- headers describing client certificate
    
        https://github.com/graygnuorg/pound/commit/e900114
        Add missing \r when breaking up a long header in add_ssl_headers()
    
    PR:             281255
    Approved by:    zeus@gnu.org.ua (maintainer timeout, 20 days)
---
 www/pound/Makefile               |   1 +
 www/pound/files/patch-src_http.c | 189 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 190 insertions(+)

diff --git a/www/pound/Makefile b/www/pound/Makefile
index 9b0b5d2d690e..5ab59487d599 100644
--- a/www/pound/Makefile
+++ b/www/pound/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	pound
 PORTVERSION=	4.13
+PORTREVISION=	1
 CATEGORIES=	www net
 MASTER_SITES=	https://github.com/graygnuorg/pound/releases/download/v${PORTVERSION}/
 
diff --git a/www/pound/files/patch-src_http.c b/www/pound/files/patch-src_http.c
new file mode 100644
index 000000000000..0f80c3556466
--- /dev/null
+++ b/www/pound/files/patch-src_http.c
@@ -0,0 +1,189 @@
+--- src/http.c.orig	2024-08-20 06:46:04 UTC
++++ src/http.c
+@@ -241,6 +241,14 @@ isws (int c)
+ {
+   return c == ' ' || c == '\t';
+ }
++
++static char const *
++trimwsl (char const *s)
++{
++  while (*s && isws (*s))
++    s++;
++  return s;
++}
+ 
+ static int
+ submatch_realloc (struct submatch *sm, GENPAT re)
+@@ -1162,7 +1170,7 @@ get_line (BIO *in, char *const buf, int bufsize)
+       case 0:
+ 	if (BIO_should_retry (in))
+ 	  continue;
+-	return COPY_EOF;
++	return i == 0 ? COPY_EOF : COPY_OK;
+       case -1:
+ 	return COPY_READ_ERR;
+       default:
+@@ -1312,15 +1320,11 @@ get_content_length (char const *arg, int mode)
+   CONTENT_LENGTH n;
+ 
+   if (mode == CL_HEADER)
+-    {
+-      while (isws (*arg))
+-	arg++;
+-    }
++    arg = trimwsl (arg);
+ 
+   if (strtoclen (arg, mode == CL_HEADER ? 10 : 16, &n, &p))
+     return NO_CONTENT_LENGTH;
+-  while (isws (*p))
+-    p++;
++  p = (char*) trimwsl (p);
+   if (*p)
+     {
+       if (!(mode == CL_CHUNK && *p == ';'))
+@@ -3219,6 +3223,30 @@ static int
+ }
+ 
+ static int
++set_header_from_bio (BIO *bio, struct http_request *req,
++		     char const *hdr, struct stringbuf *sb)
++{
++  char buf[MAXBUF];
++  int rc;
++  char *str;
++
++  if ((rc = get_line (bio, buf, sizeof (buf))) == COPY_OK)
++    {
++      stringbuf_reset (sb);
++      stringbuf_printf (sb, "%s: %s", hdr, trimwsl (buf));
++      if ((str = stringbuf_finish (sb)) == NULL
++	  || http_header_list_append (&req->headers, str, H_REPLACE))
++	{
++	  return -1;
++	}
++    }
++  else if (rc != COPY_EOF)
++    logmsg (LOG_ERR, "(%"PRItid") error reading data: %s",
++	    POUND_TID (), copy_status_string (rc));
++  return 0;
++}
++
++static int
+ add_ssl_headers (POUND_HTTP *phttp)
+ {
+   int res = 0;
+@@ -3248,72 +3276,40 @@ add_ssl_headers (POUND_HTTP *phttp)
+   if (phttp->lstn->clnt_check > 0 && phttp->x509 != NULL
+       && (bio = BIO_new (BIO_s_mem ())) != NULL)
+     {
++      int i;
++
++      BIO_set_mem_eof_return (bio, 0);
+       X509_NAME_print_ex (bio, X509_get_subject_name (phttp->x509), 8,
+ 			  XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
+-      if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
++      if (set_header_from_bio (bio, &phttp->request, "X-SSL-Subject", &sb))
+ 	{
+ 	  res = -1;
+ 	  goto end;
+ 	}
+ 
+-      stringbuf_printf (&sb, "X-SSL-Subject: %s", buf);
+-      if ((str = stringbuf_finish (&sb)) == NULL
+-	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
+-	{
+-	  res = -1;
+-	  goto end;
+-	}
+-      stringbuf_reset (&sb);
+-
+       X509_NAME_print_ex (bio, X509_get_issuer_name (phttp->x509), 8,
+ 			  XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
+-      if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
++      if (set_header_from_bio (bio, &phttp->request, "X-SSL-Issuer", &sb))
+ 	{
+ 	  res = -1;
+ 	  goto end;
+ 	}
+ 
+-      stringbuf_printf (&sb, "X-SSL-Issuer: %s", buf);
+-      if ((str = stringbuf_finish (&sb)) == NULL
+-	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
+-	{
+-	  res = -1;
+-	  goto end;
+-	}
+-      stringbuf_reset (&sb);
+-
+       ASN1_TIME_print (bio, X509_get_notBefore (phttp->x509));
+-      if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
++      if (set_header_from_bio (bio, &phttp->request, "X-SSL-notBefore", &sb))
+ 	{
+ 	  res = -1;
+ 	  goto end;
+ 	}
+ 
+-      stringbuf_printf (&sb, "X-SSL-notBefore: %s", buf);
+-      if ((str = stringbuf_finish (&sb)) == NULL
+-	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
+-	{
+-	  res = -1;
+-	  goto end;
+-	}
+-      stringbuf_reset (&sb);
+-
+       ASN1_TIME_print (bio, X509_get_notAfter (phttp->x509));
+-      if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
++      if (set_header_from_bio (bio, &phttp->request, "X-SSL-notAfter", &sb))
+ 	{
+ 	  res = -1;
+ 	  goto end;
+ 	}
+ 
+-      stringbuf_printf (&sb, "X-SSL-notAfter: %s", buf);
+-      if ((str = stringbuf_finish (&sb)) == NULL
+-	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
+-	{
+-	  res = -1;
+-	  goto end;
+-	}
+       stringbuf_reset (&sb);
+-
+       stringbuf_printf (&sb, "X-SSL-serial: %ld",
+ 			ASN1_INTEGER_get (X509_get_serialNumber (phttp->x509)));
+       if ((str = stringbuf_finish (&sb)) == NULL
+@@ -3326,9 +3322,13 @@ add_ssl_headers (POUND_HTTP *phttp)
+ 
+       PEM_write_bio_X509 (bio, phttp->x509);
+       stringbuf_add_string (&sb, "X-SSL-certificate: ");
++      i = 0;
+       while (get_line (bio, buf, sizeof (buf)) == COPY_OK)
+ 	{
++	  if (i > 0)
++	    stringbuf_add_string (&sb, "\r\n\t");
+ 	  stringbuf_add_string (&sb, buf);
++	  i++;
+ 	}
+       if ((str = stringbuf_finish (&sb)) == NULL
+ 	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
+@@ -3580,7 +3580,7 @@ http_response_validate (struct http_request *req)
+ static int
+ http_response_validate (struct http_request *req)
+ {
+-  char *str = req->request;
++  char const *str = req->request;
+   int http_ver;
+ 
+   if (!(strncmp (str, "HTTP/1.", 7) == 0 &&
+@@ -3589,9 +3589,7 @@ http_response_validate (struct http_request *req)
+     return 0;
+   req->version = http_ver - '0';
+ 
+-  for (str += 8; isws (*str); str++)
+-    if (!*str)
+-      return 0;
++  str = trimwsl (str + 8);
+ 
+   switch (str[0])
+     {