Some upcoming changes by jsing in libcrypto will require patching pound.
This was addressed by changes by the new upstream, which is quite active.
Unfortunately, it requires a lot of patching because libressl never
adopted the new stack/lhash api (since basically nothing uses it and
nothing should be using it, really).
I have only checked that pound doesn't explode when I start it using
rcctl. I have removed the patches to pound.8 since some of it is
incorporated and the other bits are just suggestions.
If anyone uses this, please test.
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/pound/Makefile,v
diff -u -p -r1.21 Makefile
--- Makefile 2 Nov 2023 16:48:23 -0000 1.21
+++ Makefile 19 Jan 2024 11:24:56 -0000
@@ -1,35 +1,31 @@
COMMENT = HTTP reverse proxy/load balancer/SSL offload
-DISTNAME = Pound-2.8a
-REVISION = 1
+V = 4.11
+DISTNAME = pound-$V
PKGNAME = ${DISTNAME:L}
-PORTROACH = site:https://github.com/graygnuorg/pound/archive/
+PORTROACH = site:https://github.com/graygnuorg/pound/releases/
CATEGORIES = www
-HOMEPAGE = https://www.apsis.ch/pound.html
+HOMEPAGE = https://maucher-online.com/pound/
# GPLv3+
PERMIT_PACKAGE = Yes
WANTLIB = c crypto m pcreposix pthread ssl
-SITES = https://www.apsis.ch/pound/
-EXTRACT_SUFX = .tgz
+SITES =
https://github.com/graygnuorg/pound/releases/download/v$V/
LIB_DEPENDS = devel/pcre
CONFIGURE_STYLE = gnu
-CONFIGURE_ARGS += CPPFLAGS="-I${LOCALBASE}/include" \
- LDFLAGS="-L${LOCALBASE}/lib" \
+CONFIGURE_ARGS += CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \
+ LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib" \
--with-owner=root \
--with-group=bin
NO_TEST = Yes
-
-pre-configure:
- ${SUBST_CMD} ${WRKSRC}/pound.8
post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/pound
Index: distinfo
===================================================================
RCS file: /cvs/ports/www/pound/distinfo,v
diff -u -p -r1.6 distinfo
--- distinfo 25 Apr 2018 18:08:57 -0000 1.6
+++ distinfo 19 Jan 2024 08:43:09 -0000
@@ -1,2 +1,2 @@
-SHA256 (Pound-2.8a.tgz) = unLgK1aIdGA0f81Uw4A2+KG3T9zspxsMlQSgUoWlqSI=
-SIZE (Pound-2.8a.tgz) = 186285
+SHA256 (pound-4.11.tar.gz) = U2tZSPehfRegoe4DOBhDrTygIKqx6bJPXFzIPP0gF+M=
+SIZE (pound-4.11.tar.gz) = 565278
Index: patches/patch-pound_8
===================================================================
RCS file: patches/patch-pound_8
diff -N patches/patch-pound_8
--- patches/patch-pound_8 11 Mar 2022 20:10:43 -0000 1.6
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,26 +0,0 @@
-Index: pound.8
---- pound.8.orig
-+++ pound.8
-@@ -155,7 +155,7 @@ running a quick syntax check before actually activatin
- \fB\-f\fR config_file
- Location of the configuration file (see below for a full description of the
format).
- Default:
--.I /usr/local/etc/pound.cfg
-+.I ${SYSCONFDIR}/pound.cfg
- .TP
- \fB\-p\fR pid_file
- Location of the pid file.
-@@ -1236,11 +1236,11 @@ this is where
- .B Pound
- will attempt to record its process id.
- .TP
--\fI/usr/local/etc/pound.cfg\fR
-+\fI${SYSCONFDIR}/pound.cfg\fR
- the default configuration file (the location may be changed when compiling -
see the
- F_CONF flag in the Makefile).
- .TP
--\fI/usr/local/etc/pound/cert.pem\fR
-+\fI${SYSCONFDIR}/pound/cert.pem\fR
- the certificate file(s) for HTTPS. The location must be defined in the
configuration
- file - this is only a suggestion. The file must contain a PEM-encoded
certificate,
- optionally a certificate chain from a known Certificate Authority to your
server certificate
Index: patches/patch-src_ht_h
===================================================================
RCS file: patches/patch-src_ht_h
diff -N patches/patch-src_ht_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_ht_h 19 Jan 2024 08:44:18 -0000
@@ -0,0 +1,84 @@
+Index: src/ht.h
+--- src/ht.h.orig
++++ src/ht.h
+@@ -74,7 +74,7 @@
+ #define cat2(a,b) __cat2__(a,b)
+ #define cat3(a,b,c) cat2(a, cat2(b,c))
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ # define HT_DECLARE(type) DEFINE_LHASH_OF (type)
+ #else
+ # define HT_DECLARE(type) DECLARE_LHASH_OF (type)
+@@ -110,7 +110,7 @@ HT_TYPE_CMP_FN (const HT_TYPE *a, const HT_TYPE *b)
+ }
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define HT_IMPL_FN(type) \
+ static IMPLEMENT_LHASH_HASH_FN (type, type) \
+ static IMPLEMENT_LHASH_COMP_FN (type, type)
+@@ -121,7 +121,7 @@ HT_IMPL_FN(HT_TYPE)
+ static inline HT_TYPE_HASH_T *
+ cat2(HT_TYPE,_HASH_NEW) (void)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ return cat3(lh_, HT_TYPE, _new) (HT_TYPE_HASH_FN, HT_TYPE_CMP_FN);
+ #else
+ return LHM_lh_new (HT_TYPE, HT_TYPE);
+@@ -132,7 +132,7 @@ cat2(HT_TYPE,_HASH_NEW) (void)
+ static inline void
+ cat2(HT_TYPE,_HASH_FREE) (HT_TYPE_HASH_T *tab)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ return cat3(lh_, HT_TYPE, _free) (tab);
+ #else
+ return LHM_lh_free (HT_TYPE, tab);
+@@ -143,7 +143,7 @@ cat2(HT_TYPE,_HASH_FREE) (HT_TYPE_HASH_T *tab)
+ static inline HT_TYPE *
+ cat2(HT_TYPE, _INSERT) (HT_TYPE_HASH_T *tab, HT_TYPE *node)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ return cat3(lh_, HT_TYPE, _insert) (tab, node);
+ #else
+ return LHM_lh_insert (HT_TYPE, tab, node);
+@@ -154,7 +154,7 @@ cat2(HT_TYPE, _INSERT) (HT_TYPE_HASH_T *tab, HT_TYPE *
+ static inline HT_TYPE *
+ cat2(HT_TYPE, _RETRIEVE) (HT_TYPE_HASH_T *tab, HT_TYPE *node)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ return cat3(lh_, HT_TYPE, _retrieve) (tab, node);
+ #else
+ return LHM_lh_retrieve (HT_TYPE, tab, node);
+@@ -166,7 +166,7 @@ cat2(HT_TYPE, _RETRIEVE) (HT_TYPE_HASH_T *tab, HT_TYPE
+ static inline HT_TYPE *
+ cat2(HT_TYPE, _DELETE) (HT_TYPE_HASH_T *tab, HT_TYPE *node)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ return cat3(lh_, HT_TYPE, _delete) (tab, node);
+ #else
+ return LHM_lh_delete (HT_TYPE, tab, node);
+@@ -175,7 +175,7 @@ cat2(HT_TYPE, _DELETE) (HT_TYPE_HASH_T *tab, HT_TYPE *
+ #endif /* HT_NO_DELETE */
+
+ #ifndef HT_NO_FOREACH
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ IMPLEMENT_LHASH_DOALL_ARG (HT_TYPE, void);
+ #endif
+
+@@ -183,7 +183,7 @@ static inline void
+ cat2(HT_TYPE, _FOREACH) (HT_TYPE_HASH_T *tab, void (*fun) (HT_TYPE *, void *),
+ void *data)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ cat3 (lh_, HT_TYPE, _doall_void) (tab, fun, data);
+ #else
+ LHM_lh_doall_arg (HT_TYPE, tab, (void (*)(void *, void *)) fun, void *,
data);
Index: patches/patch-src_http_c
===================================================================
RCS file: patches/patch-src_http_c
diff -N patches/patch-src_http_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_http_c 19 Jan 2024 10:23:23 -0000
@@ -0,0 +1,12 @@
+Index: src/http.c
+--- src/http.c.orig
++++ src/http.c
+@@ -3013,7 +3013,7 @@ log_duration (char *buf, size_t size, struct timespec
+ struct timespec end, diff;
+ clock_gettime (CLOCK_REALTIME, &end);
+ diff = timespec_sub (&end, start);
+- snprintf (buf, size, "%ld.%03ld", diff.tv_sec, diff.tv_nsec / 1000000);
++ snprintf (buf, size, "%lld.%03ld", (long long)diff.tv_sec, diff.tv_nsec /
1000000);
+ return buf;
+ }
+ �
Index: patches/patch-src_log_c
===================================================================
RCS file: patches/patch-src_log_c
diff -N patches/patch-src_log_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_log_c 19 Jan 2024 10:20:15 -0000
@@ -0,0 +1,43 @@
+Index: src/log.c
+--- src/log.c.orig
++++ src/log.c
+@@ -543,8 +543,8 @@ i_process_time_ms (struct stringbuf *sb, struct http_l
+ POUND_HTTP *phttp)
+ {
+ struct timespec diff = timespec_sub (&phttp->end_req, &phttp->start_req);
+- stringbuf_printf (sb, "%ld",
+- (unsigned long) diff.tv_sec * MILLI + diff.tv_nsec / MICRO);
++ stringbuf_printf (sb, "%lld",
++ (long long) diff.tv_sec * MILLI + diff.tv_nsec / MICRO);
+ }
+
+ static void
+@@ -552,8 +552,8 @@ i_process_time_us (struct stringbuf *sb, struct http_l
+ POUND_HTTP *phttp)
+ {
+ struct timespec diff = timespec_sub (&phttp->end_req, &phttp->start_req);
+- stringbuf_printf (sb, "%ld",
+- (unsigned long) diff.tv_sec * MICRO + diff.tv_nsec / MILLI);
++ stringbuf_printf (sb, "%lld",
++ (long long) diff.tv_sec * MICRO + diff.tv_nsec / MILLI);
+ }
+
+ static void
+@@ -561,7 +561,7 @@ i_process_time_s (struct stringbuf *sb, struct http_lo
+ POUND_HTTP *phttp)
+ {
+ struct timespec diff = timespec_sub (&phttp->end_req, &phttp->start_req);
+- stringbuf_printf (sb, "%ld", diff.tv_sec);
++ stringbuf_printf (sb, "%lld", (long long)diff.tv_sec);
+ }
+
+ static void
+@@ -569,7 +569,7 @@ i_process_time_f (struct stringbuf *sb, struct http_lo
+ POUND_HTTP *phttp)
+ {
+ struct timespec diff = timespec_sub (&phttp->end_req, &phttp->start_req);
+- stringbuf_printf (sb, "%ld.%03ld", diff.tv_sec, diff.tv_nsec / MICRO);
++ stringbuf_printf (sb, "%lld.%03ld", (long long)diff.tv_sec, diff.tv_nsec /
MICRO);
+ }
+
+ static struct argprt proctimeprt[] = {
Index: patches/patch-src_pound_c
===================================================================
RCS file: patches/patch-src_pound_c
diff -N patches/patch-src_pound_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_pound_c 19 Jan 2024 10:22:08 -0000
@@ -0,0 +1,21 @@
+Index: src/pound.c
+--- src/pound.c.orig
++++ src/pound.c
+@@ -21,6 +21,8 @@
+ #include "json.h"
+ #include "extern.h"
+
++#include <openssl/rand.h>
++
+ /* common variables */
+ char *user; /* user to run as */
+ char *group; /* group to run as */
+@@ -141,7 +143,7 @@ abend (char const *fmt, ...)
+ /*
+ * OpenSSL thread support stuff
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #define l_init()
+ #else
+ static pthread_mutex_t *l_array;
Index: patches/patch-src_pound_c.orig
===================================================================
RCS file: patches/patch-src_pound_c.orig
diff -N patches/patch-src_pound_c.orig
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_pound_c.orig 19 Jan 2024 08:44:12 -0000
@@ -0,0 +1,12 @@
+Index: src/pound.c
+--- src/pound.c.orig
++++ src/pound.c
+@@ -141,7 +141,7 @@ abend (char const *fmt, ...)
+ /*
+ * OpenSSL thread support stuff
+ */
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ #define l_init()
+ #else
+ static pthread_mutex_t *l_array;
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/www/pound/pkg/PLIST,v
diff -u -p -r1.7 PLIST
--- pkg/PLIST 8 Nov 2022 11:17:19 -0000 1.7
+++ pkg/PLIST 19 Jan 2024 10:27:54 -0000
@@ -1,10 +1,14 @@
@newgroup _pound:626
@newuser _pound:626:_pound::pound user:/nonexistent:/sbin/nologin
+@rcscript ${RCDIR}/pound
+@bin bin/poundctl
+@man man/man5/poundctl.tmpl.5
@man man/man8/pound.8
@man man/man8/poundctl.8
@bin sbin/pound
-@bin sbin/poundctl
share/examples/pound/
share/examples/pound/pound.cfg
@sample ${SYSCONFDIR}/pound.cfg
-@rcscript ${RCDIR}/pound
+share/pound/
+share/pound/mvh.inc
+share/pound/poundctl.tmpl
