Some upcoming changes by jsing in libcrypto will require patching pound. This was addressed by changes by the new upstream, which is quite active.
Unfortunately, it requires a lot of patching because libressl never adopted the new stack/lhash api (since basically nothing uses it and nothing should be using it, really). I have only checked that pound doesn't explode when I start it using rcctl. I have removed the patches to pound.8 since some of it is incorporated and the other bits are just suggestions. If anyone uses this, please test. Index: Makefile =================================================================== RCS file: /cvs/ports/www/pound/Makefile,v diff -u -p -r1.21 Makefile --- Makefile 2 Nov 2023 16:48:23 -0000 1.21 +++ Makefile 19 Jan 2024 11:24:56 -0000 @@ -1,35 +1,31 @@ COMMENT = HTTP reverse proxy/load balancer/SSL offload -DISTNAME = Pound-2.8a -REVISION = 1 +V = 4.11 +DISTNAME = pound-$V PKGNAME = ${DISTNAME:L} -PORTROACH = site:https://github.com/graygnuorg/pound/archive/ +PORTROACH = site:https://github.com/graygnuorg/pound/releases/ CATEGORIES = www -HOMEPAGE = https://www.apsis.ch/pound.html +HOMEPAGE = https://maucher-online.com/pound/ # GPLv3+ PERMIT_PACKAGE = Yes WANTLIB = c crypto m pcreposix pthread ssl -SITES = https://www.apsis.ch/pound/ -EXTRACT_SUFX = .tgz +SITES = https://github.com/graygnuorg/pound/releases/download/v$V/ LIB_DEPENDS = devel/pcre CONFIGURE_STYLE = gnu -CONFIGURE_ARGS += CPPFLAGS="-I${LOCALBASE}/include" \ - LDFLAGS="-L${LOCALBASE}/lib" \ +CONFIGURE_ARGS += CFLAGS="${CFLAGS} -I${LOCALBASE}/include" \ + LDFLAGS="${LDFLAGS} -L${LOCALBASE}/lib" \ --with-owner=root \ --with-group=bin NO_TEST = Yes - -pre-configure: - ${SUBST_CMD} ${WRKSRC}/pound.8 post-install: ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/pound Index: distinfo =================================================================== RCS file: /cvs/ports/www/pound/distinfo,v diff -u -p -r1.6 distinfo --- distinfo 25 Apr 2018 18:08:57 -0000 1.6 +++ distinfo 19 Jan 2024 08:43:09 -0000 @@ -1,2 +1,2 @@ -SHA256 (Pound-2.8a.tgz) = unLgK1aIdGA0f81Uw4A2+KG3T9zspxsMlQSgUoWlqSI= -SIZE (Pound-2.8a.tgz) = 186285 +SHA256 (pound-4.11.tar.gz) = U2tZSPehfRegoe4DOBhDrTygIKqx6bJPXFzIPP0gF+M= +SIZE (pound-4.11.tar.gz) = 565278 Index: patches/patch-pound_8 =================================================================== RCS file: patches/patch-pound_8 diff -N patches/patch-pound_8 --- patches/patch-pound_8 11 Mar 2022 20:10:43 -0000 1.6 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,26 +0,0 @@ -Index: pound.8 ---- pound.8.orig -+++ pound.8 -@@ -155,7 +155,7 @@ running a quick syntax check before actually activatin - \fB\-f\fR config_file - Location of the configuration file (see below for a full description of the format). - Default: --.I /usr/local/etc/pound.cfg -+.I ${SYSCONFDIR}/pound.cfg - .TP - \fB\-p\fR pid_file - Location of the pid file. -@@ -1236,11 +1236,11 @@ this is where - .B Pound - will attempt to record its process id. - .TP --\fI/usr/local/etc/pound.cfg\fR -+\fI${SYSCONFDIR}/pound.cfg\fR - the default configuration file (the location may be changed when compiling - see the - F_CONF flag in the Makefile). - .TP --\fI/usr/local/etc/pound/cert.pem\fR -+\fI${SYSCONFDIR}/pound/cert.pem\fR - the certificate file(s) for HTTPS. The location must be defined in the configuration - file - this is only a suggestion. The file must contain a PEM-encoded certificate, - optionally a certificate chain from a known Certificate Authority to your server certificate Index: patches/patch-src_ht_h =================================================================== RCS file: patches/patch-src_ht_h diff -N patches/patch-src_ht_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_ht_h 19 Jan 2024 08:44:18 -0000 @@ -0,0 +1,84 @@ +Index: src/ht.h +--- src/ht.h.orig ++++ src/ht.h +@@ -74,7 +74,7 @@ + #define cat2(a,b) __cat2__(a,b) + #define cat3(a,b,c) cat2(a, cat2(b,c)) + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + # define HT_DECLARE(type) DEFINE_LHASH_OF (type) + #else + # define HT_DECLARE(type) DECLARE_LHASH_OF (type) +@@ -110,7 +110,7 @@ HT_TYPE_CMP_FN (const HT_TYPE *a, const HT_TYPE *b) + } + #endif + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #define HT_IMPL_FN(type) \ + static IMPLEMENT_LHASH_HASH_FN (type, type) \ + static IMPLEMENT_LHASH_COMP_FN (type, type) +@@ -121,7 +121,7 @@ HT_IMPL_FN(HT_TYPE) + static inline HT_TYPE_HASH_T * + cat2(HT_TYPE,_HASH_NEW) (void) + { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + return cat3(lh_, HT_TYPE, _new) (HT_TYPE_HASH_FN, HT_TYPE_CMP_FN); + #else + return LHM_lh_new (HT_TYPE, HT_TYPE); +@@ -132,7 +132,7 @@ cat2(HT_TYPE,_HASH_NEW) (void) + static inline void + cat2(HT_TYPE,_HASH_FREE) (HT_TYPE_HASH_T *tab) + { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + return cat3(lh_, HT_TYPE, _free) (tab); + #else + return LHM_lh_free (HT_TYPE, tab); +@@ -143,7 +143,7 @@ cat2(HT_TYPE,_HASH_FREE) (HT_TYPE_HASH_T *tab) + static inline HT_TYPE * + cat2(HT_TYPE, _INSERT) (HT_TYPE_HASH_T *tab, HT_TYPE *node) + { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + return cat3(lh_, HT_TYPE, _insert) (tab, node); + #else + return LHM_lh_insert (HT_TYPE, tab, node); +@@ -154,7 +154,7 @@ cat2(HT_TYPE, _INSERT) (HT_TYPE_HASH_T *tab, HT_TYPE * + static inline HT_TYPE * + cat2(HT_TYPE, _RETRIEVE) (HT_TYPE_HASH_T *tab, HT_TYPE *node) + { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + return cat3(lh_, HT_TYPE, _retrieve) (tab, node); + #else + return LHM_lh_retrieve (HT_TYPE, tab, node); +@@ -166,7 +166,7 @@ cat2(HT_TYPE, _RETRIEVE) (HT_TYPE_HASH_T *tab, HT_TYPE + static inline HT_TYPE * + cat2(HT_TYPE, _DELETE) (HT_TYPE_HASH_T *tab, HT_TYPE *node) + { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + return cat3(lh_, HT_TYPE, _delete) (tab, node); + #else + return LHM_lh_delete (HT_TYPE, tab, node); +@@ -175,7 +175,7 @@ cat2(HT_TYPE, _DELETE) (HT_TYPE_HASH_T *tab, HT_TYPE * + #endif /* HT_NO_DELETE */ + + #ifndef HT_NO_FOREACH +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + IMPLEMENT_LHASH_DOALL_ARG (HT_TYPE, void); + #endif + +@@ -183,7 +183,7 @@ static inline void + cat2(HT_TYPE, _FOREACH) (HT_TYPE_HASH_T *tab, void (*fun) (HT_TYPE *, void *), + void *data) + { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + cat3 (lh_, HT_TYPE, _doall_void) (tab, fun, data); + #else + LHM_lh_doall_arg (HT_TYPE, tab, (void (*)(void *, void *)) fun, void *, data); Index: patches/patch-src_http_c =================================================================== RCS file: patches/patch-src_http_c diff -N patches/patch-src_http_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_http_c 19 Jan 2024 10:23:23 -0000 @@ -0,0 +1,12 @@ +Index: src/http.c +--- src/http.c.orig ++++ src/http.c +@@ -3013,7 +3013,7 @@ log_duration (char *buf, size_t size, struct timespec + struct timespec end, diff; + clock_gettime (CLOCK_REALTIME, &end); + diff = timespec_sub (&end, start); +- snprintf (buf, size, "%ld.%03ld", diff.tv_sec, diff.tv_nsec / 1000000); ++ snprintf (buf, size, "%lld.%03ld", (long long)diff.tv_sec, diff.tv_nsec / 1000000); + return buf; + } + Index: patches/patch-src_log_c =================================================================== RCS file: patches/patch-src_log_c diff -N patches/patch-src_log_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_log_c 19 Jan 2024 10:20:15 -0000 @@ -0,0 +1,43 @@ +Index: src/log.c +--- src/log.c.orig ++++ src/log.c +@@ -543,8 +543,8 @@ i_process_time_ms (struct stringbuf *sb, struct http_l + POUND_HTTP *phttp) + { + struct timespec diff = timespec_sub (&phttp->end_req, &phttp->start_req); +- stringbuf_printf (sb, "%ld", +- (unsigned long) diff.tv_sec * MILLI + diff.tv_nsec / MICRO); ++ stringbuf_printf (sb, "%lld", ++ (long long) diff.tv_sec * MILLI + diff.tv_nsec / MICRO); + } + + static void +@@ -552,8 +552,8 @@ i_process_time_us (struct stringbuf *sb, struct http_l + POUND_HTTP *phttp) + { + struct timespec diff = timespec_sub (&phttp->end_req, &phttp->start_req); +- stringbuf_printf (sb, "%ld", +- (unsigned long) diff.tv_sec * MICRO + diff.tv_nsec / MILLI); ++ stringbuf_printf (sb, "%lld", ++ (long long) diff.tv_sec * MICRO + diff.tv_nsec / MILLI); + } + + static void +@@ -561,7 +561,7 @@ i_process_time_s (struct stringbuf *sb, struct http_lo + POUND_HTTP *phttp) + { + struct timespec diff = timespec_sub (&phttp->end_req, &phttp->start_req); +- stringbuf_printf (sb, "%ld", diff.tv_sec); ++ stringbuf_printf (sb, "%lld", (long long)diff.tv_sec); + } + + static void +@@ -569,7 +569,7 @@ i_process_time_f (struct stringbuf *sb, struct http_lo + POUND_HTTP *phttp) + { + struct timespec diff = timespec_sub (&phttp->end_req, &phttp->start_req); +- stringbuf_printf (sb, "%ld.%03ld", diff.tv_sec, diff.tv_nsec / MICRO); ++ stringbuf_printf (sb, "%lld.%03ld", (long long)diff.tv_sec, diff.tv_nsec / MICRO); + } + + static struct argprt proctimeprt[] = { Index: patches/patch-src_pound_c =================================================================== RCS file: patches/patch-src_pound_c diff -N patches/patch-src_pound_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_pound_c 19 Jan 2024 10:22:08 -0000 @@ -0,0 +1,21 @@ +Index: src/pound.c +--- src/pound.c.orig ++++ src/pound.c +@@ -21,6 +21,8 @@ + #include "json.h" + #include "extern.h" + ++#include <openssl/rand.h> ++ + /* common variables */ + char *user; /* user to run as */ + char *group; /* group to run as */ +@@ -141,7 +143,7 @@ abend (char const *fmt, ...) + /* + * OpenSSL thread support stuff + */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + #define l_init() + #else + static pthread_mutex_t *l_array; Index: patches/patch-src_pound_c.orig =================================================================== RCS file: patches/patch-src_pound_c.orig diff -N patches/patch-src_pound_c.orig --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_pound_c.orig 19 Jan 2024 08:44:12 -0000 @@ -0,0 +1,12 @@ +Index: src/pound.c +--- src/pound.c.orig ++++ src/pound.c +@@ -141,7 +141,7 @@ abend (char const *fmt, ...) + /* + * OpenSSL thread support stuff + */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + #define l_init() + #else + static pthread_mutex_t *l_array; Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/www/pound/pkg/PLIST,v diff -u -p -r1.7 PLIST --- pkg/PLIST 8 Nov 2022 11:17:19 -0000 1.7 +++ pkg/PLIST 19 Jan 2024 10:27:54 -0000 @@ -1,10 +1,14 @@ @newgroup _pound:626 @newuser _pound:626:_pound::pound user:/nonexistent:/sbin/nologin +@rcscript ${RCDIR}/pound +@bin bin/poundctl +@man man/man5/poundctl.tmpl.5 @man man/man8/pound.8 @man man/man8/poundctl.8 @bin sbin/pound -@bin sbin/poundctl share/examples/pound/ share/examples/pound/pound.cfg @sample ${SYSCONFDIR}/pound.cfg -@rcscript ${RCDIR}/pound +share/pound/ +share/pound/mvh.inc +share/pound/poundctl.tmpl