diff options
| author | nia <nia@pkgsrc.org> | 2019-09-09 09:08:07 +0000 |
|---|---|---|
| committer | nia <nia@pkgsrc.org> | 2019-09-09 09:08:07 +0000 |
| commit | 19c792e551e5e2e994d1358fda58132f21b911d8 (patch) | |
| tree | 02604e89e268f98b5778f3152c5cf868586ab86d /www/pound | |
| parent | a8498c75fd8116ebcbbb3904a7e0811d5c23784f (diff) | |
| download | pkgsrc-19c792e551e5e2e994d1358fda58132f21b911d8.tar.gz | |
pound: Fix build with OpenSSL 1.1.
While here, silence some pkglint warnings and convert a patch into
a do-install target.
Bump PKGREVISION.
Diffstat (limited to 'www/pound')
| -rw-r--r-- | www/pound/Makefile | 19 | ||||
| -rw-r--r-- | www/pound/distinfo | 7 | ||||
| -rw-r--r-- | www/pound/patches/patch-aa | 22 | ||||
| -rw-r--r-- | www/pound/patches/patch-config.c | 45 | ||||
| -rw-r--r-- | www/pound/patches/patch-http.c | 31 | ||||
| -rw-r--r-- | www/pound/patches/patch-pound.h | 18 | ||||
| -rw-r--r-- | www/pound/patches/patch-svc.c | 228 |
7 files changed, 343 insertions, 27 deletions
diff --git a/www/pound/Makefile b/www/pound/Makefile index 38325dada21..c3c0a0ce105 100644 --- a/www/pound/Makefile +++ b/www/pound/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.13 2018/08/26 22:35:45 schmonz Exp $ +# $NetBSD: Makefile,v 1.14 2019/09/09 09:08:07 nia Exp $ DISTNAME= Pound-2.8 PKGNAME= ${DISTNAME:S/Pound/pound/} +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= http://www.apsis.ch/pound/ EXTRACT_SUFX= .tgz @@ -12,7 +13,7 @@ COMMENT= Reverse proxy, load balancer and HTTPS front-end LICENSE= gnu-gpl-v3 GNU_CONFIGURE= yes -CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} +CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} USE_FEATURES.openssl= threads RCD_SCRIPTS= pound @@ -21,7 +22,19 @@ SUBST_CLASSES= config SUBST_MESSAGE.config= Fixing path to default config file. SUBST_STAGE.config= post-build SUBST_FILES.config= pound.8 -SUBST_SED.config= -e "s,/usr/local/etc/,"${PKG_SYSCONFDIR:Q}"/,g" +SUBST_SED.config= -e "s,/usr/local/etc/,"${PKG_SYSCONFDIR}"/,g" + +INSTALLATION_DIRS+= sbin ${PKGMANDIR}/man8 + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/pound \ + ${DESTDIR}${PREFIX}/sbin/pound + ${INSTALL_PROGRAM} ${WRKSRC}/poundctl \ + ${DESTDIR}${PREFIX}/sbin/poundctl + ${INSTALL_MAN} ${WRKSRC}/pound.8 \ + ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/pound.8 + ${INSTALL_MAN} ${WRKSRC}/poundctl.8 \ + ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8/poundctl.8 .include "../../devel/pcre/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" diff --git a/www/pound/distinfo b/www/pound/distinfo index 88a6a6fd800..75b1b0ad12f 100644 --- a/www/pound/distinfo +++ b/www/pound/distinfo @@ -1,7 +1,10 @@ -$NetBSD: distinfo,v 1.7 2018/08/26 22:35:45 schmonz Exp $ +$NetBSD: distinfo,v 1.8 2019/09/09 09:08:07 nia Exp $ SHA1 (Pound-2.8.tgz) = a3371b596d86cedea1678fd329ee6dc8a307c907 RMD160 (Pound-2.8.tgz) = 71b2c4c633ef5dd0b566e30b2f511d618483b74f SHA512 (Pound-2.8.tgz) = cf0b865b17d3628e273626e07733f1320e4768702c0f64c8ef0f78d46667f770b223bdc7dca88016a95e5ebd23ae646f95a9b2f4a54a5a80001a10047f07eacc Size (Pound-2.8.tgz) = 186124 bytes -SHA1 (patch-aa) = 613b1a9dd8666b393d6cb78f99bfbdf9f16acf32 +SHA1 (patch-config.c) = 68a617a0e2cc940055763cb710e89e390ebd3953 +SHA1 (patch-http.c) = 95143b688d0320306638b0770c4667ea21bac478 +SHA1 (patch-pound.h) = 6a47d93321016ebc3609eb2b561b3d4ba16b71df +SHA1 (patch-svc.c) = 52532b316ab96b9b93f5b2c02367e2355675eb86 diff --git a/www/pound/patches/patch-aa b/www/pound/patches/patch-aa deleted file mode 100644 index 52031dda7ec..00000000000 --- a/www/pound/patches/patch-aa +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-aa,v 1.3 2016/02/02 13:33:13 mef Exp $ - -user-destdir support - ---- Makefile.in.orig 2009-06-29 15:53:58.000000000 +0000 -+++ Makefile.in -@@ -59,11 +59,11 @@ $(OBJS): pound.h - - install: all - @INSTALL@ -d ${DESTDIR}@sbindir@ -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 pound ${DESTDIR}@sbindir@/pound -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 555 poundctl ${DESTDIR}@sbindir@/poundctl -+ ${BSD_INSTALL_PROGRAM} pound ${DESTDIR}@sbindir@/pound -+ ${BSD_INSTALL_PROGRAM} poundctl ${DESTDIR}@sbindir@/poundctl - @INSTALL@ -d ${DESTDIR}@mandir@/man8 -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 pound.8 ${DESTDIR}@mandir@/man8/pound.8 -- @INSTALL@ -o @I_OWNER@ -g @I_GRP@ -m 644 poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 -+ ${BSD_INSTALL_DATA} pound.8 ${DESTDIR}@mandir@/man8/pound.8 -+ ${BSD_INSTALL_DATA} poundctl.8 ${DESTDIR}@mandir@/man8/poundctl.8 - - clean: - rm -f pound $(OBJS) poundctl poundctl.o diff --git a/www/pound/patches/patch-config.c b/www/pound/patches/patch-config.c new file mode 100644 index 00000000000..e9a47ee66ff --- /dev/null +++ b/www/pound/patches/patch-config.c @@ -0,0 +1,45 @@ +$NetBSD: patch-config.c,v 1.1 2019/09/09 09:08:08 nia Exp $ + +[PATCH] Support for Openssl 1.1 +https://github.com/graygnuorg/pound/commit/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch + +--- config.c.orig 2018-05-11 10:16:05.000000000 +0000 ++++ config.c +@@ -174,6 +174,16 @@ conf_fgets(char *buf, const int max) + } + } + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++# define general_name_string(n) \ ++ strndup(ASN1_STRING_get0_data(n->d.dNSName), \ ++ ASN1_STRING_length(n->d.dNSName) + 1) ++#else ++# define general_name_string(n) \ ++ strndup(ASN1_STRING_data(n->d.dNSName), \ ++ ASN1_STRING_length(n->d.dNSName) + 1) ++#endif ++ + unsigned char ** + get_subjectaltnames(X509 *x509, unsigned int *count) + { +@@ -194,8 +204,7 @@ get_subjectaltnames(X509 *x509, unsigned + name = sk_GENERAL_NAME_pop(san_stack); + switch(name->type) { + case GEN_DNS: +- temp[local_count] = strndup(ASN1_STRING_data(name->d.dNSName), ASN1_STRING_length(name->d.dNSName) +- + 1); ++ temp[local_count] = general_name_string(name); + if(temp[local_count] == NULL) + conf_err("out of memory"); + local_count++; +@@ -565,7 +574,9 @@ parse_service(const char *svc_name) + pthread_mutex_init(&res->mut, NULL); + if(svc_name) + strncpy(res->name, svc_name, KEY_SIZE); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res->sessions = lh_TABNODE_new(t_hash, t_cmp)) == NULL) ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res->sessions = LHM_lh_new(TABNODE, t)) == NULL) + #else + if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL) diff --git a/www/pound/patches/patch-http.c b/www/pound/patches/patch-http.c new file mode 100644 index 00000000000..cd8779c6cc9 --- /dev/null +++ b/www/pound/patches/patch-http.c @@ -0,0 +1,31 @@ +$NetBSD: patch-http.c,v 1.1 2019/09/09 09:08:08 nia Exp $ + +[PATCH] Support for Openssl 1.1 +https://github.com/graygnuorg/pound/commit/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch + +--- http.c.orig 2018-05-11 10:16:05.000000000 +0000 ++++ http.c +@@ -527,12 +527,22 @@ log_bytes(char *res, const LONG cnt) + + /* Cleanup code. This should really be in the pthread_cleanup_push, except for bugs in some implementations */ + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++# define clear_error() ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L ++# define clear_error() \ ++ if(ssl != NULL) { ERR_clear_error(); ERR_remove_thread_state(NULL); } ++#else ++# define clear_error() \ ++ if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); } ++#endif ++ + #define clean_all() { \ + if(ssl != NULL) { BIO_ssl_shutdown(cl); } \ + if(be != NULL) { BIO_flush(be); BIO_reset(be); BIO_free_all(be); be = NULL; } \ + if(cl != NULL) { BIO_flush(cl); BIO_reset(cl); BIO_free_all(cl); cl = NULL; } \ + if(x509 != NULL) { X509_free(x509); x509 = NULL; } \ +- if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); } \ ++ clear_error(); \ + } + + /* diff --git a/www/pound/patches/patch-pound.h b/www/pound/patches/patch-pound.h new file mode 100644 index 00000000000..f5e62bbe57a --- /dev/null +++ b/www/pound/patches/patch-pound.h @@ -0,0 +1,18 @@ +$NetBSD: patch-pound.h,v 1.1 2019/09/09 09:08:08 nia Exp $ + +[PATCH] Support for Openssl 1.1 +https://github.com/graygnuorg/pound/commit/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch + +--- pound.h.orig 2018-05-11 10:16:05.000000000 +0000 ++++ pound.h +@@ -344,7 +344,9 @@ typedef struct _tn { + /* maximal session key size */ + #define KEY_SIZE 127 + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ DEFINE_LHASH_OF(TABNODE); ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + DECLARE_LHASH_OF(TABNODE); + #endif + diff --git a/www/pound/patches/patch-svc.c b/www/pound/patches/patch-svc.c new file mode 100644 index 00000000000..4d213bb69c2 --- /dev/null +++ b/www/pound/patches/patch-svc.c @@ -0,0 +1,228 @@ +$NetBSD: patch-svc.c,v 1.1 2019/09/09 09:08:08 nia Exp $ + +[PATCH] Support for Openssl 1.1 +https://github.com/graygnuorg/pound/commit/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60.patch + +--- svc.c.orig 2018-05-11 10:16:05.000000000 +0000 ++++ svc.c +@@ -27,10 +27,17 @@ + + #include "pound.h" + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++# define TABNODE_GET_DOWN_LOAD(t) lh_TABNODE_get_down_load(t) ++# define TABNODE_SET_DOWN_LOAD(t,n) lh_TABNODE_set_down_load(t,n) ++#else + #ifndef LHASH_OF + #define LHASH_OF(x) LHASH + #define CHECKED_LHASH_OF(type, h) h + #endif ++# define TABNODE_GET_DOWN_LOAD(t) (CHECKED_LHASH_OF(TABNODE, t)->down_load) ++# define TABNODE_SET_DOWN_LOAD(t,n) (CHECKED_LHASH_OF(TABNODE, t)->down_load = n) ++#endif + + /* + * Add a new key/content pair to a hash table +@@ -58,7 +65,9 @@ t_add(LHASH_OF(TABNODE) *const tab, cons + } + memcpy(t->content, content, cont_len); + t->last_acc = time(NULL); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((old = lh_TABNODE_insert(tab, t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((old = LHM_lh_insert(TABNODE, tab, t)) != NULL) { + #else + if((old = (TABNODE *)lh_insert(tab, t)) != NULL) { +@@ -82,7 +91,9 @@ t_find(LHASH_OF(TABNODE) *const tab, cha + TABNODE t, *res; + + t.key = key; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res = lh_TABNODE_retrieve(tab, &t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res = (TABNODE *)LHM_lh_retrieve(TABNODE, tab, &t)) != NULL) { + #else + if((res = (TABNODE *)lh_retrieve(tab, &t)) != NULL) { +@@ -102,7 +113,9 @@ t_remove(LHASH_OF(TABNODE) *const tab, c + TABNODE t, *res; + + t.key = key; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res = lh_TABNODE_delete(tab, &t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res = LHM_lh_delete(TABNODE, tab, &t)) != NULL) { + #else + if((res = (TABNODE *)lh_delete(tab, &t)) != NULL) { +@@ -127,7 +140,9 @@ t_old_doall_arg(TABNODE *t, ALL_ARG *a) + TABNODE *res; + + if(t->last_acc < a->lim) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res = lh_TABNODE_delete(a->tab, t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res = LHM_lh_delete(TABNODE, a->tab, t)) != NULL) { + #else + if((res = lh_delete(a->tab, t)) != NULL) { +@@ -145,6 +160,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABN + IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABNODE *, ALL_ARG *) + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++IMPLEMENT_LHASH_DOALL_ARG(TABNODE,ALL_ARG); ++#endif ++ + /* + * Expire all old nodes + */ +@@ -156,14 +175,16 @@ t_expire(LHASH_OF(TABNODE) *const tab, c + + a.tab = tab; + a.lim = lim; +- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load; +- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++ down_load = TABNODE_GET_DOWN_LOAD(tab); ++ TABNODE_SET_DOWN_LOAD(tab, 0); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ lh_TABNODE_doall_ALL_ARG(tab, t_old_doall_arg, &a); ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_old), ALL_ARG, &a); + #else + lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_old), &a); + #endif +- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load; ++ TABNODE_SET_DOWN_LOAD(tab, down_load); + return; + } + +@@ -173,7 +194,9 @@ t_cont_doall_arg(TABNODE *t, ALL_ARG *ar + TABNODE *res; + + if(memcmp(t->content, arg->content, arg->cont_len) == 0) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res = lh_TABNODE_delete(arg->tab, t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res = LHM_lh_delete(TABNODE, arg->tab, t)) != NULL) { + #else + if((res = lh_delete(arg->tab, t)) != NULL) { +@@ -203,15 +226,16 @@ t_clean(LHASH_OF(TABNODE) *const tab, vo + a.tab = tab; + a.content = content; + a.cont_len = cont_len; +- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load; +- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++ down_load = TABNODE_GET_DOWN_LOAD(tab); ++ TABNODE_SET_DOWN_LOAD(tab, 0); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ lh_TABNODE_doall_ALL_ARG(tab, t_cont_doall_arg, &a); ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_cont), ALL_ARG, &a); + #else + lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_cont), &a); + #endif +- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load; +- return; ++ TABNODE_SET_DOWN_LOAD(tab, down_load); + } + + /* +@@ -1259,6 +1283,31 @@ RSA_tmp_callback(/* not used */SSL *ssl, + return res; + } + ++static int ++generate_key(RSA **ret_rsa, unsigned long bits) ++{ ++#if OPENSSL_VERSION_NUMBER > 0x00908000L ++ int rc = 0; ++ RSA *rsa; ++ ++ rsa = RSA_new(); ++ if (rsa) { ++ BIGNUM *bne = BN_new(); ++ if (BN_set_word(bne, RSA_F4)) ++ rc = RSA_generate_key_ex(rsa, bits, bne, NULL); ++ BN_free(bne); ++ if (rc) ++ *ret_rsa = rsa; ++ else ++ RSA_free(rsa); ++ } ++ return rc; ++#else ++ *ret_rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL); ++ return *ret_rsa != NULL; ++#endif ++} ++ + /* + * Periodically regenerate ephemeral RSA keys + * runs every T_RSA_KEYS seconds +@@ -1271,8 +1320,9 @@ do_RSAgen(void) + RSA *t_RSA1024_keys[N_RSA_KEYS]; + + for(n = 0; n < N_RSA_KEYS; n++) { +- t_RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL); +- t_RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL); ++ /* FIXME: Error handling */ ++ generate_key(&t_RSA512_keys[n], 512); ++ generate_key(&t_RSA1024_keys[n], 1024); + } + if(ret_val = pthread_mutex_lock(&RSA_mut)) + logmsg(LOG_WARNING, "thr_RSAgen() lock: %s", strerror(ret_val)); +@@ -1326,11 +1376,11 @@ init_timer(void) + * Pre-generate ephemeral RSA keys + */ + for(n = 0; n < N_RSA_KEYS; n++) { +- if((RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) { ++ if(!generate_key(&RSA512_keys[n], 512)) { + logmsg(LOG_WARNING,"RSA_generate(%d, 512) failed", n); + return; + } +- if((RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL)) == NULL) { ++ if(!generate_key(&RSA1024_keys[n], 1024)) { + logmsg(LOG_WARNING,"RSA_generate(%d, 1024) failed", n); + return; + } +@@ -1417,6 +1467,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TAB + IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE *, DUMP_ARG *) + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++IMPLEMENT_LHASH_DOALL_ARG(TABNODE,DUMP_ARG); ++#endif ++ + /* + * write sessions to the control socket + */ +@@ -1427,7 +1481,9 @@ dump_sess(const int control_sock, LHASH_ + + a.control_sock = control_sock; + a.backends = backends; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ lh_TABNODE_doall_DUMP_ARG(sess, t_dump_doall_arg, &a); ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + LHM_lh_doall_arg(TABNODE, sess, LHASH_DOALL_ARG_FN(t_dump), DUMP_ARG, &a); + #else + lh_doall_arg(sess, LHASH_DOALL_ARG_FN(t_dump), &a); +@@ -1661,6 +1717,13 @@ thr_control(void *arg) + } + } + ++#ifndef SSL3_ST_SR_CLNT_HELLO_A ++# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) ++#endif ++#ifndef SSL23_ST_SR_CLNT_HELLO_A ++# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) ++#endif ++ + void + SSLINFO_callback(const SSL *ssl, int where, int rc) + { |