* [gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
@ 2017-07-05 19:51 Michał Górny
0 siblings, 0 replies; 6+ messages in thread
From: Michał Górny @ 2017-07-05 19:51 UTC (permalink / raw
To: gentoo-commits
commit: 7de7699a136a5f2092f9050ba3f53ff2965e7cfb
Author: csmk <csmk <AT> chaoslab <DOT> org>
AuthorDate: Fri Jun 30 12:45:51 2017 +0000
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org>
CommitDate: Wed Jul 5 19:49:53 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7de7699a
www-servers/h2o: New package
H2O is a new generation HTTP server that provides quicker
response to users with less CPU utilization when compared to
older generation of web servers. Designed from ground-up,
the server takes full advantage of HTTP/2 features including
prioritized content serving and server push, promising
outstanding experience to the visitors of your web site.
Base for ebuild from https://github.com/csmk/frabjous.
Bug: https://bugs.gentoo.org/623160
Closes: https://github.com/gentoo/gentoo/pull/5015
www-servers/h2o/Manifest | 1 +
www-servers/h2o/files/h2o.conf | 30 ++++++++++++++++
www-servers/h2o/files/h2o.initd | 51 +++++++++++++++++++++++++++
www-servers/h2o/files/h2o.logrotate | 8 +++++
www-servers/h2o/files/h2o.service | 13 +++++++
www-servers/h2o/h2o-2.2.2.ebuild | 69 +++++++++++++++++++++++++++++++++++++
www-servers/h2o/h2o-9999.ebuild | 69 +++++++++++++++++++++++++++++++++++++
www-servers/h2o/metadata.xml | 23 +++++++++++++
8 files changed, 264 insertions(+)
diff --git a/www-servers/h2o/Manifest b/www-servers/h2o/Manifest
new file mode 100644
index 00000000000..21a5c58c1c4
--- /dev/null
+++ b/www-servers/h2o/Manifest
@@ -0,0 +1 @@
+DIST h2o-2.2.2.tar.gz 16192602 SHA256 cf45780058566bd63d90ad0b52b1d15f8515519090753398b9bcf770162a0433 SHA512 b5cc08f2be7056bbac4370f9b6ccb1ba0ad4ea61ce67e946a4f26b8f9c0a575f603c899b1a88f17d1065e0e72e1d1094199200ed24b4f3644a3c7df34aa04b51 WHIRLPOOL d9aff2d3e7caa0334efbac86a807fe8ecd5f146ae56315a5194b8de653ae4f91d33cad754714cd38fadd1c59d87cafe30c1f5f6cb2102362a7647ebd3f18dc84
diff --git a/www-servers/h2o/files/h2o.conf b/www-servers/h2o/files/h2o.conf
new file mode 100644
index 00000000000..ccca5dd2de5
--- /dev/null
+++ b/www-servers/h2o/files/h2o.conf
@@ -0,0 +1,30 @@
+# see /usr/share/doc/h2o/index.html for detailed documentation
+# see h2o --help for command-line options and settings
+
+user: h2o
+pid-file: /run/h2o.pid
+access-log: /var/log/h2o/access.log
+error-log: /var/log/h2o/error.log
+
+# httpoxy mitigation (https://httpoxy.org)
+# see https://github.com/h2o/h2o/pull/996
+setenv:
+ HTTP_PROXY: ""
+
+listen: 80
+
+#listen:
+# port: 443
+# ssl:
+# minimum-version: TLSv1.2
+# certificate-file: /etc/h2o/server.crt
+# key-file: /etc/h2o/server.key
+
+hosts:
+ "localhost:80":
+ paths:
+ "/":
+ file.dir: /var/www/localhost/htdocs
+ "/doc":
+ file.dir: /usr/share/doc/h2o/
+ file.index: [ 'index.html' ]
diff --git a/www-servers/h2o/files/h2o.initd b/www-servers/h2o/files/h2o.initd
new file mode 100644
index 00000000000..ad598a5f619
--- /dev/null
+++ b/www-servers/h2o/files/h2o.initd
@@ -0,0 +1,51 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="configtest"
+extra_started_commands="reload"
+description="An optimized HTTP/1.x, HTTP/2 server"
+description_configtest="Run H2O' internal config check"
+description_reload="Reload the H2O configuration or upgrade the binary without losing connections"
+
+: ${config:="/etc/h2o/h2o.conf"}
+pidfile=$(grep pid-file "${config}" | cut -d' ' -f2)
+
+name="H2O"
+command="/usr/bin/h2o"
+command_args="-m daemon -c ${config}"
+required_files="$config"
+
+depend() {
+ use net
+ after logger
+}
+
+start_pre() {
+ if [ "${RC_CMD}" != "restart" ]; then
+ configtest || return 1
+ fi
+}
+
+stop_pre() {
+ if [ "${RC_CMD}" = "restart" ]; then
+ configtest || return 1
+ fi
+}
+
+reload() {
+ configtest || return 1
+ ebegin "Refreshing ${name} configuration"
+ kill -HUP $(cat ${pidfile}) &>/dev/null
+ eend $? "Failed to reload ${name}"
+}
+
+configtest() {
+ ebegin "Checking ${name} configuration"
+
+ if ! ${command} -c ${config} -t &>/dev/null; then
+ ${command} -c ${config} -t
+ fi
+
+ eend $? "Failed, please correct the errors above"
+}
diff --git a/www-servers/h2o/files/h2o.logrotate b/www-servers/h2o/files/h2o.logrotate
new file mode 100644
index 00000000000..b901bcfacb1
--- /dev/null
+++ b/www-servers/h2o/files/h2o.logrotate
@@ -0,0 +1,8 @@
+/var/log/h2o/*.log {
+ missingok
+ delaycompress
+ sharedscripts
+ postrotate
+ test -r $(grep pid-file "/etc/h2o/h2o.conf" | cut -d' ' -f2) && kill -HUP $(pidof h2o)
+ endscript
+}
diff --git a/www-servers/h2o/files/h2o.service b/www-servers/h2o/files/h2o.service
new file mode 100644
index 00000000000..fe32c45cd90
--- /dev/null
+++ b/www-servers/h2o/files/h2o.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=An optimized HTTP/1.x, HTTP/2 server
+After=network-online.target nss-lookup.target remote-fs.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/h2o -c /etc/h2o/h2o.conf -m master
+SyslogLevel=notice
+PrivateTmp=true
+LimitNOFILE=infinity
+
+[Install]
+WantedBy=multi-user.target
diff --git a/www-servers/h2o/h2o-2.2.2.ebuild b/www-servers/h2o/h2o-2.2.2.ebuild
new file mode 100644
index 00000000000..d0735cc9677
--- /dev/null
+++ b/www-servers/h2o/h2o-2.2.2.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit cmake-utils systemd user
+
+DESCRIPTION="An optimized HTTP server with support for HTTP/1.x and HTTP/2"
+HOMEPAGE="https://h2o.examp1e.net"
+SRC_URI="https://github.com/h2o/h2o/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="libressl +mruby"
+
+RDEPEND="
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )"
+DEPEND="${RDEPEND}
+ mruby? (
+ sys-devel/bison
+ || (
+ dev-lang/ruby:2.4
+ dev-lang/ruby:2.3
+ dev-lang/ruby:2.2
+ dev-lang/ruby:2.1
+ )
+ )"
+
+pkg_setup() {
+ enewgroup h2o
+ enewuser h2o -1 -1 -1 h2o
+}
+
+src_prepare() {
+ # Leave optimization level to user CFLAGS
+ sed -i 's/-O2 -g ${CC_WARNING_FLAGS} //g' ./CMakeLists.txt \
+ || die "sed fix failed!"
+
+ default
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/h2o
+ -DWITH_MRUBY="$(usex mruby)"
+ -DWITHOUT_LIBS=ON
+ )
+ cmake-utils_src_configure
+}
+
+src_install() {
+ cmake-utils_src_install
+
+ newinitd "${FILESDIR}"/h2o.initd h2o
+ systemd_dounit "${FILESDIR}"/h2o.service
+
+ insinto /etc/h2o
+ doins "${FILESDIR}"/h2o.conf
+
+ keepdir /var/log/h2o
+ fperms 0700 /var/log/h2o
+
+ keepdir /var/www/localhost/htdocs
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/h2o.logrotate h2o
+}
diff --git a/www-servers/h2o/h2o-9999.ebuild b/www-servers/h2o/h2o-9999.ebuild
new file mode 100644
index 00000000000..6171018d54c
--- /dev/null
+++ b/www-servers/h2o/h2o-9999.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit cmake-utils git-r3 systemd user
+
+DESCRIPTION="An optimized HTTP server with support for HTTP/1.x and HTTP/2"
+HOMEPAGE="https://h2o.examp1e.net"
+EGIT_REPO_URI=( {https,git}://github.com/h2o/h2o.git )
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS=""
+IUSE="libressl +mruby"
+
+RDEPEND="
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )"
+DEPEND="${RDEPEND}
+ mruby? (
+ sys-devel/bison
+ || (
+ dev-lang/ruby:2.4
+ dev-lang/ruby:2.3
+ dev-lang/ruby:2.2
+ dev-lang/ruby:2.1
+ )
+ )"
+
+pkg_setup() {
+ enewgroup h2o
+ enewuser h2o -1 -1 -1 h2o
+}
+
+src_prepare() {
+ # Leave optimization level to user CFLAGS
+ sed -i 's/-O2 -g ${CC_WARNING_FLAGS} //g' ./CMakeLists.txt \
+ || die "sed fix failed!"
+
+ default
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/h2o
+ -DWITH_MRUBY="$(usex mruby)"
+ -DWITHOUT_LIBS=ON
+ )
+ cmake-utils_src_configure
+}
+
+src_install() {
+ cmake-utils_src_install
+
+ newinitd "${FILESDIR}"/h2o.initd h2o
+ systemd_dounit "${FILESDIR}"/h2o.service
+
+ insinto /etc/h2o
+ doins "${FILESDIR}"/h2o.conf
+
+ keepdir /var/log/h2o
+ fperms 0700 /var/log/h2o
+
+ keepdir /var/www/localhost/htdocs
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/h2o.logrotate h2o
+}
diff --git a/www-servers/h2o/metadata.xml b/www-servers/h2o/metadata.xml
new file mode 100644
index 00000000000..a6705b14e84
--- /dev/null
+++ b/www-servers/h2o/metadata.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>csmk@chaoslab.org</email>
+ <name>Ian Moone</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <longdescription lang="en">
+ H2O is a new generation HTTP server. Not only is it very fast,
+ it also provides much quicker response to end-users
+ when compared to older generations of HTTP servers.
+ </longdescription>
+ <use>
+ <flag name="mruby">Enable support for mruby</flag>
+ </use>
+ <upstream>
+ <remote-id type="github">h2o/h2o</remote-id>
+ </upstream>
+</pkgmetadata>
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
@ 2018-07-04 13:24 Akinori Hattori
0 siblings, 0 replies; 6+ messages in thread
From: Akinori Hattori @ 2018-07-04 13:24 UTC (permalink / raw
To: gentoo-commits
commit: c68e501b8b299cdd5dbd42f6f26dcd32fbb911a3
Author: Akinori Hattori <hattya <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 4 12:59:44 2018 +0000
Commit: Akinori Hattori <hattya <AT> gentoo <DOT> org>
CommitDate: Wed Jul 4 13:23:46 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c68e501b
www-servers/h2o: tidy
Package-Manager: Portage-2.3.40, Repoman-2.3.9
www-servers/h2o/files/h2o.logrotate | 7 ++++--
www-servers/h2o/h2o-2.2.4.ebuild | 44 ++++++++++++++++---------------------
www-servers/h2o/h2o-9999.ebuild | 36 ++++++++++++++++--------------
www-servers/h2o/metadata.xml | 1 +
4 files changed, 44 insertions(+), 44 deletions(-)
diff --git a/www-servers/h2o/files/h2o.logrotate b/www-servers/h2o/files/h2o.logrotate
index b901bcfacb1..166b6e7f17b 100644
--- a/www-servers/h2o/files/h2o.logrotate
+++ b/www-servers/h2o/files/h2o.logrotate
@@ -1,8 +1,11 @@
+# h2o logrotate script for Gentoo
+
/var/log/h2o/*.log {
missingok
- delaycompress
+ notifempty
sharedscripts
+ delaycompress
postrotate
- test -r $(grep pid-file "/etc/h2o/h2o.conf" | cut -d' ' -f2) && kill -HUP $(pidof h2o)
+ /bin/kill -HUP $(grep pid-file "/etc/h2o/h2o.conf" | cut -d' ' -f2 | cat) 2>/dev/null || true
endscript
}
diff --git a/www-servers/h2o/h2o-2.2.4.ebuild b/www-servers/h2o/h2o-2.2.4.ebuild
index 10c508037d7..579c8e92940 100644
--- a/www-servers/h2o/h2o-2.2.4.ebuild
+++ b/www-servers/h2o/h2o-2.2.4.ebuild
@@ -1,14 +1,14 @@
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-EAPI=6
+EAPI="6"
CMAKE_MAKEFILE_GENERATOR="emake"
USE_RUBY="ruby23 ruby24"
inherit cmake-utils ruby-single systemd user
-DESCRIPTION="An optimized HTTP server with support for HTTP/1.x and HTTP/2"
-HOMEPAGE="https://h2o.examp1e.net"
+DESCRIPTION="H2O - the optimized HTTP/1, HTTP/2 server"
+HOMEPAGE="https://h2o.examp1e.net/"
SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="MIT"
@@ -16,7 +16,8 @@ SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="libressl +mruby"
-RDEPEND="
+RDEPEND="dev-lang/perl
+ sys-libs/zlib
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:0= )"
DEPEND="${RDEPEND}
@@ -28,22 +29,14 @@ DEPEND="${RDEPEND}
PATCHES=( "${FILESDIR}"/${P}-libressl.patch )
pkg_setup() {
- enewgroup h2o
- enewuser h2o -1 -1 -1 h2o
-}
-
-src_prepare() {
- # Leave optimization level to user CFLAGS
- sed -i 's/-O2 -g ${CC_WARNING_FLAGS} //g' ./CMakeLists.txt \
- || die "sed fix failed!"
-
- cmake-utils_src_prepare
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 -1 ${PN}
}
src_configure() {
local mycmakeargs=(
- -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/h2o
- -DWITH_MRUBY="$(usex mruby)"
+ -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/${PN}
+ -DWITH_MRUBY=$(usex mruby)
-DWITHOUT_LIBS=ON
)
cmake-utils_src_configure
@@ -52,17 +45,18 @@ src_configure() {
src_install() {
cmake-utils_src_install
- newinitd "${FILESDIR}"/h2o.initd h2o
- systemd_dounit "${FILESDIR}"/h2o.service
-
- insinto /etc/h2o
- doins "${FILESDIR}"/h2o.conf
+ keepdir /var/www/localhost/htdocs
- keepdir /var/log/h2o
- fperms 0700 /var/log/h2o
+ insinto /etc/${PN}
+ doins "${FILESDIR}"/${PN}.conf
- keepdir /var/www/localhost/htdocs
+ newinitd "${FILESDIR}"/${PN}.initd ${PN}
+ systemd_dounit "${FILESDIR}"/${PN}.service
insinto /etc/logrotate.d
- newins "${FILESDIR}"/h2o.logrotate h2o
+ newins "${FILESDIR}"/${PN}.logrotate ${PN}
+
+ keepdir /var/log/${PN}
+ fowners ${PN}:${PN} /var/log/${PN}
+ fperms 0750 /var/log/${PN}
}
diff --git a/www-servers/h2o/h2o-9999.ebuild b/www-servers/h2o/h2o-9999.ebuild
index b0583fd8855..d6c5d65d823 100644
--- a/www-servers/h2o/h2o-9999.ebuild
+++ b/www-servers/h2o/h2o-9999.ebuild
@@ -1,14 +1,14 @@
# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-EAPI=6
+EAPI="6"
CMAKE_MAKEFILE_GENERATOR="emake"
USE_RUBY="ruby23 ruby24"
inherit cmake-utils git-r3 ruby-single systemd user
-DESCRIPTION="An optimized HTTP server with support for HTTP/1.x and HTTP/2"
-HOMEPAGE="https://h2o.examp1e.net"
+DESCRIPTION="H2O - the optimized HTTP/1, HTTP/2 server"
+HOMEPAGE="https://h2o.examp1e.net/"
EGIT_REPO_URI="https://github.com/${PN}/${PN}.git"
LICENSE="MIT"
@@ -16,7 +16,8 @@ SLOT="0"
KEYWORDS=""
IUSE="libressl +mruby"
-RDEPEND="
+RDEPEND="dev-lang/perl
+ sys-libs/zlib
!libressl? ( dev-libs/openssl:0= )
libressl? ( dev-libs/libressl:0= )"
DEPEND="${RDEPEND}
@@ -26,14 +27,14 @@ DEPEND="${RDEPEND}
)"
pkg_setup() {
- enewgroup h2o
- enewuser h2o -1 -1 -1 h2o
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 -1 ${PN}
}
src_configure() {
local mycmakeargs=(
- -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/h2o
- -DWITH_MRUBY="$(usex mruby)"
+ -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/${PN}
+ -DWITH_MRUBY=$(usex mruby)
-DWITHOUT_LIBS=ON
)
cmake-utils_src_configure
@@ -42,17 +43,18 @@ src_configure() {
src_install() {
cmake-utils_src_install
- newinitd "${FILESDIR}"/h2o.initd h2o
- systemd_dounit "${FILESDIR}"/h2o.service
-
- insinto /etc/h2o
- doins "${FILESDIR}"/h2o.conf
+ keepdir /var/www/localhost/htdocs
- keepdir /var/log/h2o
- fperms 0700 /var/log/h2o
+ insinto /etc/${PN}
+ doins "${FILESDIR}"/${PN}.conf
- keepdir /var/www/localhost/htdocs
+ newinitd "${FILESDIR}"/${PN}.initd ${PN}
+ systemd_dounit "${FILESDIR}"/${PN}.service
insinto /etc/logrotate.d
- newins "${FILESDIR}"/h2o.logrotate h2o
+ newins "${FILESDIR}"/${PN}.logrotate ${PN}
+
+ keepdir /var/log/${PN}
+ fowners ${PN}:${PN} /var/log/${PN}
+ fperms 0750 /var/log/${PN}
}
diff --git a/www-servers/h2o/metadata.xml b/www-servers/h2o/metadata.xml
index af6fee5b3de..6a34529b48f 100644
--- a/www-servers/h2o/metadata.xml
+++ b/www-servers/h2o/metadata.xml
@@ -3,6 +3,7 @@
<pkgmetadata>
<maintainer type="person">
<email>hattya@gentoo.org</email>
+ <name>Akinori Hattori</name>
</maintainer>
<longdescription lang="en">
H2O is a new generation HTTP server. Not only is it very fast,
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
@ 2018-07-04 13:57 Akinori Hattori
0 siblings, 0 replies; 6+ messages in thread
From: Akinori Hattori @ 2018-07-04 13:57 UTC (permalink / raw
To: gentoo-commits
commit: 56d9c51fe6a474950f04fe2597fc7d768c4c9d04
Author: Akinori Hattori <hattya <AT> gentoo <DOT> org>
AuthorDate: Wed Jul 4 13:56:33 2018 +0000
Commit: Akinori Hattori <hattya <AT> gentoo <DOT> org>
CommitDate: Wed Jul 4 13:56:33 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56d9c51f
www-servers/h2o: use system oniguruma
Closes: https://bugs.gentoo.org/655462
Package-Manager: Portage-2.3.40, Repoman-2.3.9
www-servers/h2o/files/h2o-2.2-mruby.patch | 67 ++++++++++++++++++++++++++++
www-servers/h2o/files/h2o-2.3-mruby.patch | 73 +++++++++++++++++++++++++++++++
www-servers/h2o/h2o-2.2.4.ebuild | 15 +++++--
www-servers/h2o/h2o-9999.ebuild | 12 ++++-
4 files changed, 162 insertions(+), 5 deletions(-)
diff --git a/www-servers/h2o/files/h2o-2.2-mruby.patch b/www-servers/h2o/files/h2o-2.2-mruby.patch
new file mode 100644
index 00000000000..e542ba8b64d
--- /dev/null
+++ b/www-servers/h2o/files/h2o-2.2-mruby.patch
@@ -0,0 +1,67 @@
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -157,6 +157,16 @@
+ SET(WSLAY_LIBRARIES -lwslay)
+ ENDIF (NOT WSLAY_FOUND)
+
++IF (PKG_CONFIG_FOUND)
++ PKG_CHECK_MODULES(ONIG oniguruma)
++ IF (ONIG_FOUND)
++ LINK_DIRECTORIES(${ONIG_LIBRARY_DIRS})
++ ENDIF (ONIG_FOUND)
++ENDIF (PKG_CONFIG_FOUND)
++IF (NOT ONIG_FOUND AND WITH_RUBY)
++ MESSAGE(FATAL_ERROR "Oniguruma not found")
++ENDIF (NOT ONIG_FOUND AND WITH_RUBY)
++
+ IF (ZLIB_FOUND)
+ INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIRS})
+ LINK_DIRECTORIES(${ZLIB_LIBRARY_DIRS})
+@@ -460,7 +470,7 @@
+ ELSE ()
+ SET(MRUBY_TOOLCHAIN "gcc")
+ ENDIF ()
+- ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby ruby minirake
++ ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby ruby minirake -v
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby)
+ LIST(APPEND STANDALONE_SOURCE_FILES
+ lib/handler/mruby.c
+@@ -491,7 +501,7 @@
+ # note: the paths need to be determined before libmruby.flags.mak is generated
+ TARGET_LINK_LIBRARIES(h2o
+ "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a"
+- "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.1.1/.libs/libonigmo.a"
++ ${ONIG_LIBRARIES}
+ "m")
+ ADD_DEPENDENCIES(h2o mruby)
+ ENDIF (WITH_MRUBY)
+--- a/deps/mruby-onig-regexp/mrbgem.rake
++++ b/deps/mruby-onig-regexp/mrbgem.rake
+@@ -101,9 +101,7 @@
+ cc.defines += ['HAVE_ONIGMO_H']
+ end
+
+- if spec.respond_to? :search_package and spec.search_package 'onigmo'
+- spec.cc.defines += ['HAVE_ONIGMO_H']
+- elsif spec.respond_to? :search_package and spec.search_package 'oniguruma'
++ if spec.respond_to? :search_package and spec.search_package 'oniguruma'
+ spec.cc.defines += ['HAVE_ONIGURUMA_H']
+ elsif build.cc.respond_to? :search_header_path and build.cc.search_header_path 'oniguruma.h'
+ spec.linker.libraries << 'onig'
+--- a/misc/mruby_config.rb
++++ b/misc/mruby_config.rb
+@@ -15,13 +15,7 @@
+ # use mrbgems
+ Dir.glob("../mruby-*/mrbgem.rake") do |x|
+ g = File.basename File.dirname x
+- if g == 'mruby-onig-regexp'
+- conf.gem "../deps/#{g}" do |c|
+- c.bundle_onigmo
+- end
+- else
+- conf.gem "../deps/#{g}"
+- end
++ conf.gem "../deps/#{g}"
+ end
+
+ # include all the core GEMs
diff --git a/www-servers/h2o/files/h2o-2.3-mruby.patch b/www-servers/h2o/files/h2o-2.3-mruby.patch
new file mode 100644
index 00000000000..a0ad25eba27
--- /dev/null
+++ b/www-servers/h2o/files/h2o-2.3-mruby.patch
@@ -0,0 +1,73 @@
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -174,6 +174,16 @@
+ SET(WSLAY_LIBRARIES -lwslay)
+ ENDIF (NOT WSLAY_FOUND)
+
++IF (PKG_CONFIG_FOUND)
++ PKG_CHECK_MODULES(ONIG oniguruma)
++ IF (ONIG_FOUND)
++ LINK_DIRECTORIES(${ONIG_LIBRARY_DIRS})
++ ENDIF (ONIG_FOUND)
++ENDIF (PKG_CONFIG_FOUND)
++IF (NOT ONIG_FOUND AND WITH_RUBY)
++ MESSAGE(FATAL_ERROR "Oniguruma not found")
++ENDIF (NOT ONIG_FOUND AND WITH_RUBY)
++
+ IF (ZLIB_FOUND)
+ INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIRS})
+ LINK_DIRECTORIES(${ZLIB_LIBRARY_DIRS})
+@@ -533,7 +543,7 @@
+ ELSE ()
+ SET(MRUBY_TOOLCHAIN "gcc")
+ ENDIF ()
+- ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake
++ ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake -v
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby)
+ LIST(APPEND STANDALONE_SOURCE_FILES
+ lib/handler/mruby.c
+@@ -560,7 +570,7 @@
+ # note: the paths need to be determined before libmruby.flags.mak is generated
+ TARGET_LINK_LIBRARIES(h2o
+ "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a"
+- "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.1.2/.libs/libonigmo.a"
++ ${ONIG_LIBRARIES}
+ "m")
+ ADD_DEPENDENCIES(h2o mruby)
+ ENDIF (WITH_MRUBY)
+--- a/deps/mruby-onig-regexp/mrbgem.rake
++++ b/deps/mruby-onig-regexp/mrbgem.rake
+@@ -101,15 +101,9 @@
+ file "#{dir}/src/mruby_onig_regexp.c" => [:mruby_onig_regexp_with_compile_option, oniguruma_lib]
+ end
+
+- if spec.respond_to? :search_package and spec.search_package 'onigmo'
+- spec.cc.defines += ['HAVE_ONIGMO_H']
+- spec.linker.libraries << 'onig'
+- elsif spec.respond_to? :search_package and spec.search_package 'oniguruma'
++ if spec.respond_to? :search_package and spec.search_package 'oniguruma'
+ spec.cc.defines += ['HAVE_ONIGURUMA_H']
+ spec.linker.libraries << 'onig'
+- elsif build.cc.respond_to? :search_header_path and build.cc.search_header_path 'onigmo.h'
+- spec.cc.defines += ['HAVE_ONIGMO_H']
+- spec.linker.libraries << 'onigmo'
+ elsif build.cc.respond_to? :search_header_path and build.cc.search_header_path 'oniguruma.h'
+ spec.cc.defines += ['HAVE_ONIGURUMA_H']
+ spec.linker.libraries << 'onig'
+--- a/misc/mruby_config.rb
++++ b/misc/mruby_config.rb
+@@ -15,13 +15,7 @@
+ # use mrbgems
+ Dir.glob("../mruby-*/mrbgem.rake") do |x|
+ g = File.basename File.dirname x
+- if g == 'mruby-onig-regexp'
+- conf.gem "../deps/#{g}" do |c|
+- c.bundle_onigmo
+- end
+- else
+- conf.gem "../deps/#{g}"
+- end
++ conf.gem "../deps/#{g}"
+ end
+
+ # include all the core GEMs
diff --git a/www-servers/h2o/h2o-2.2.4.ebuild b/www-servers/h2o/h2o-2.2.4.ebuild
index 449ca5e6711..25c1690eeeb 100644
--- a/www-servers/h2o/h2o-2.2.4.ebuild
+++ b/www-servers/h2o/h2o-2.2.4.ebuild
@@ -5,7 +5,7 @@ EAPI="6"
CMAKE_MAKEFILE_GENERATOR="emake"
USE_RUBY="ruby23 ruby24"
-inherit cmake-utils ruby-single systemd user
+inherit cmake-utils ruby-single systemd toolchain-funcs user
DESCRIPTION="H2O - the optimized HTTP/1, HTTP/2 server"
HOMEPAGE="https://h2o.examp1e.net/"
@@ -22,11 +22,16 @@ RDEPEND="dev-lang/perl
libressl? ( dev-libs/libressl:0= )"
DEPEND="${RDEPEND}
mruby? (
- sys-devel/bison
${RUBY_DEPS}
+ dev-libs/oniguruma
+ sys-devel/bison
+ virtual/pkgconfig
)"
-PATCHES=( "${FILESDIR}"/${P}-libressl.patch )
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.2-mruby.patch
+ "${FILESDIR}"/${P}-libressl.patch
+)
pkg_setup() {
enewgroup ${PN}
@@ -50,6 +55,10 @@ src_prepare() {
sed -i \
-e "s: ruby: ${ruby}:" \
CMakeLists.txt
+
+ sed -i "s:pkg-config:$(tc-getPKG_CONFIG):g" deps/mruby/lib/mruby/gem.rb
+ tc-export CC
+ export LD="$(tc-getCC)"
}
src_configure() {
diff --git a/www-servers/h2o/h2o-9999.ebuild b/www-servers/h2o/h2o-9999.ebuild
index 0d21e4e8bee..89f63062ca9 100644
--- a/www-servers/h2o/h2o-9999.ebuild
+++ b/www-servers/h2o/h2o-9999.ebuild
@@ -5,7 +5,7 @@ EAPI="6"
CMAKE_MAKEFILE_GENERATOR="emake"
USE_RUBY="ruby23 ruby24"
-inherit cmake-utils git-r3 ruby-single systemd user
+inherit cmake-utils git-r3 ruby-single systemd toolchain-funcs user
DESCRIPTION="H2O - the optimized HTTP/1, HTTP/2 server"
HOMEPAGE="https://h2o.examp1e.net/"
@@ -22,10 +22,14 @@ RDEPEND="dev-lang/perl
libressl? ( dev-libs/libressl:0= )"
DEPEND="${RDEPEND}
mruby? (
- sys-devel/bison
${RUBY_DEPS}
+ dev-libs/oniguruma
+ sys-devel/bison
+ virtual/pkgconfig
)"
+PATCHES=( "${FILESDIR}"/${PN}-2.3-mruby.patch )
+
pkg_setup() {
enewgroup ${PN}
enewuser ${PN} -1 -1 -1 ${PN}
@@ -48,6 +52,10 @@ src_prepare() {
sed -i \
-e "s: ruby: ${ruby}:" \
CMakeLists.txt
+
+ sed -i "s:pkg-config:$(tc-getPKG_CONFIG):g" deps/mruby/lib/mruby/gem.rb
+ tc-export CC
+ export LD="$(tc-getCC)"
}
src_configure() {
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
@ 2022-08-06 0:45 Akinori Hattori
0 siblings, 0 replies; 6+ messages in thread
From: Akinori Hattori @ 2022-08-06 0:45 UTC (permalink / raw
To: gentoo-commits
commit: cb0e78c9a028d19e02eb696e3a85090a73887f83
Author: Akinori Hattori <hattya <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 6 00:43:01 2022 +0000
Commit: Akinori Hattori <hattya <AT> gentoo <DOT> org>
CommitDate: Sat Aug 6 00:43:01 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb0e78c9
www-servers/h2o: update
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Akinori Hattori <hattya <AT> gentoo.org>
www-servers/h2o/files/h2o-2.3-mruby.patch | 28 ++++++++++++++--------------
www-servers/h2o/h2o-9999.ebuild | 12 ++++++++----
2 files changed, 22 insertions(+), 18 deletions(-)
diff --git a/www-servers/h2o/files/h2o-2.3-mruby.patch b/www-servers/h2o/files/h2o-2.3-mruby.patch
index 3db3ebae8806..4f64565a675a 100644
--- a/www-servers/h2o/files/h2o-2.3-mruby.patch
+++ b/www-servers/h2o/files/h2o-2.3-mruby.patch
@@ -1,6 +1,6 @@
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -174,6 +174,19 @@
+@@ -237,6 +237,19 @@
SET(WSLAY_LIBRARIES -lwslay)
ENDIF (NOT WSLAY_FOUND)
@@ -20,31 +20,31 @@
IF (ZLIB_FOUND)
INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIRS})
LINK_DIRECTORIES(${ZLIB_LIBRARY_DIRS})
-@@ -533,7 +546,7 @@
- ELSE ()
- SET(MRUBY_TOOLCHAIN "gcc")
- ENDIF ()
-- ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake
-+ ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake -v
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby)
- LIST(APPEND STANDALONE_SOURCE_FILES
- lib/handler/mruby.c
-@@ -560,7 +573,7 @@
+@@ -743,7 +756,7 @@
+ ADD_CUSTOM_TARGET(mruby
+ # deps/mruby/tasks/toolchains/clang.rake looks for CC, CXX and LD.
+ # There are no C++ files in deps/mruby, use the C compiler for linking.
+- MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake
++ MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} CC=${CMAKE_C_COMPILER} CXX=${CMAKE_CXX_COMPILER} LD=${CMAKE_C_COMPILER} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby MRUBY_ADDITIONAL_CONFIG=${MRUBY_ADDITIONAL_CONFIG} ruby minirake -v
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby
+ BYPRODUCTS "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a"
+ "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.2.0/.libs/libonigmo.a"
+@@ -777,7 +790,7 @@
# note: the paths need to be determined before libmruby.flags.mak is generated
TARGET_LINK_LIBRARIES(h2o
"${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a"
-- "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.1.2/.libs/libonigmo.a"
+- "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.2.0/.libs/libonigmo.a"
+ ${ONIG_LIBRARIES}
"m")
ADD_DEPENDENCIES(h2o mruby)
ENDIF (WITH_MRUBY)
--- a/deps/mruby-onig-regexp/mrbgem.rake
+++ b/deps/mruby-onig-regexp/mrbgem.rake
-@@ -103,10 +103,8 @@
+@@ -108,10 +108,8 @@
if spec.respond_to? :search_package and spec.search_package 'onigmo'
spec.cc.defines += ['HAVE_ONIGMO_H']
-- spec.linker.libraries << 'onig'
+- spec.linker.libraries << 'onigmo'
elsif spec.respond_to? :search_package and spec.search_package 'oniguruma'
spec.cc.defines += ['HAVE_ONIGURUMA_H']
- spec.linker.libraries << 'onig'
diff --git a/www-servers/h2o/h2o-9999.ebuild b/www-servers/h2o/h2o-9999.ebuild
index cd6fd817fc38..fc47d03e7abb 100644
--- a/www-servers/h2o/h2o-9999.ebuild
+++ b/www-servers/h2o/h2o-9999.ebuild
@@ -1,8 +1,7 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI="8"
-CMAKE_MAKEFILE_GENERATOR="emake"
SSL_DEPS_SKIP=1
USE_RUBY="ruby26 ruby27"
@@ -20,10 +19,14 @@ IUSE="libh2o +mruby"
RDEPEND="acct-group/h2o
acct-user/h2o
dev-lang/perl
+ dev-libs/openssl:0=
!sci-libs/libh2o
+ sys-libs/libcap
sys-libs/zlib
- libh2o? ( dev-libs/libuv )
- dev-libs/openssl:0="
+ libh2o? (
+ app-arch/brotli
+ dev-libs/libuv
+ )"
DEPEND="${RDEPEND}
mruby? (
${RUBY_DEPS}
@@ -66,6 +69,7 @@ src_prepare() {
src_configure() {
local mycmakeargs=(
-DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/${PN}
+ -DWITH_CCACHE=OFF
-DWITH_MRUBY=$(usex mruby)
-DWITHOUT_LIBS=$(usex !libh2o)
-DBUILD_SHARED_LIBS=$(usex libh2o)
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
@ 2023-10-22 13:44 Akinori Hattori
0 siblings, 0 replies; 6+ messages in thread
From: Akinori Hattori @ 2023-10-22 13:44 UTC (permalink / raw
To: gentoo-commits
commit: 24f20ce718815bfd0a2db32f9fb116ec81a9e58c
Author: Akinori Hattori <hattya <AT> gentoo <DOT> org>
AuthorDate: Sun Oct 22 13:38:38 2023 +0000
Commit: Akinori Hattori <hattya <AT> gentoo <DOT> org>
CommitDate: Sun Oct 22 13:38:38 2023 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24f20ce7
www-servers/h2o: fix CVE-2023-44487
Bug: https://bugs.gentoo.org/915567
Signed-off-by: Akinori Hattori <hattya <AT> gentoo.org>
www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch | 225 +++++++++++++++++++++
www-servers/h2o/h2o-2.2.6-r2.ebuild | 107 ++++++++++
2 files changed, 332 insertions(+)
diff --git a/www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch b/www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch
new file mode 100644
index 000000000000..71a511ac9ed2
--- /dev/null
+++ b/www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch
@@ -0,0 +1,225 @@
+https://github.com/h2o/h2o/pull/3293
+
+From 770208bbe3955c47e005a1e8cb08266e4a8dfc9a Mon Sep 17 00:00:00 2001
+From: Remi Gacogne <remi.gacogne@powerdns.com>
+Date: Tue, 10 Oct 2023 15:47:57 +0200
+Subject: [PATCH] [http2] delay processing requests upon observing suspicious
+ behavior
+
+Backport of 94fbc54b6c9309912fe3d53e7b63408bbe9a1b0d to v2.2.x
+---
+ include/h2o.h | 8 +++++++
+ include/h2o/http2_internal.h | 8 +++++++
+ lib/core/config.c | 1 +
+ lib/core/configurator.c | 9 ++++++++
+ lib/core/context.c | 2 ++
+ lib/http2/connection.c | 41 ++++++++++++++++++++++++++++++++----
+ 6 files changed, 65 insertions(+), 4 deletions(-)
+
+diff --git a/include/h2o.h b/include/h2o.h
+index 57877bd12c..409cd5c21c 100644
+--- a/include/h2o.h
++++ b/include/h2o.h
+@@ -378,6 +378,10 @@ struct st_h2o_globalconf_t {
+ * list of callbacks
+ */
+ h2o_protocol_callbacks_t callbacks;
++ /**
++ * milliseconds to delay processing requests when suspicious behavior is detected
++ */
++ uint64_t dos_delay;
+ } http2;
+
+ struct {
+@@ -590,6 +594,10 @@ struct st_h2o_context_t {
+ * timeout entry used for graceful shutdown
+ */
+ h2o_timeout_entry_t _graceful_shutdown_timeout;
++ /*
++ * dos timeout
++ */
++ h2o_timeout_t dos_delay_timeout;
+ struct {
+ /**
+ * counter for http2 errors internally emitted by h2o
+diff --git a/include/h2o/http2_internal.h b/include/h2o/http2_internal.h
+index 5cfc4d8204..b9cf400929 100644
+--- a/include/h2o/http2_internal.h
++++ b/include/h2o/http2_internal.h
+@@ -179,6 +179,7 @@ struct st_h2o_http2_stream_t {
+ h2o_linklist_t link;
+ h2o_http2_scheduler_openref_t scheduler;
+ } _refs;
++ unsigned reset_by_peer : 1;
+ h2o_send_state_t send_state; /* state of the ostream, only used in push mode */
+ /* placed at last since it is large and has it's own ctor */
+ h2o_req_t req;
+@@ -232,6 +233,13 @@ struct st_h2o_http2_conn_t {
+ } _write;
+ h2o_cache_t *push_memo;
+ h2o_http2_casper_t *casper;
++ /**
++ * DoS mitigation; the idea here is to delay processing requests when observing suspicious behavior
++ */
++ struct {
++ h2o_timeout_entry_t process_delay;
++ size_t reset_budget; /* RST_STREAM frames are considered suspicious when this value goes down to zero */
++ } dos_mitigation;
+ };
+
+ int h2o_http2_update_peer_settings(h2o_http2_settings_t *settings, const uint8_t *src, size_t len, const char **err_desc);
+diff --git a/lib/core/config.c b/lib/core/config.c
+index ce1d320183..08e43a6d30 100644
+--- a/lib/core/config.c
++++ b/lib/core/config.c
+@@ -189,6 +189,7 @@ void h2o_config_init(h2o_globalconf_t *config)
+ config->http2.latency_optimization.min_rtt = 50; // milliseconds
+ config->http2.latency_optimization.max_additional_delay = 10;
+ config->http2.latency_optimization.max_cwnd = 65535;
++ config->http2.dos_delay = 100; /* 100ms processing delay when observing suspicious behavior */
+ config->http2.callbacks = H2O_HTTP2_CALLBACKS;
+ config->mimemap = h2o_mimemap_create();
+
+diff --git a/lib/core/configurator.c b/lib/core/configurator.c
+index 891770cc2d..4731ba2707 100644
+--- a/lib/core/configurator.c
++++ b/lib/core/configurator.c
+@@ -531,6 +531,12 @@ static int on_config_http2_casper(h2o_configurator_command_t *cmd, h2o_configura
+ return 0;
+ }
+
++
++static int on_config_http2_dos_delay(h2o_configurator_command_t *cmd, h2o_configurator_context_t *ctx, yoml_t *node)
++{
++ return config_timeout(cmd, node, &ctx->globalconf->http2.dos_delay);
++}
++
+ static int assert_is_mimetype(h2o_configurator_command_t *cmd, yoml_t *node)
+ {
+ if (node->type != YOML_TYPE_SCALAR) {
+@@ -910,6 +916,9 @@ void h2o_configurator__init_core(h2o_globalconf_t *conf)
+ on_config_http2_push_preload);
+ h2o_configurator_define_command(&c->super, "http2-casper", H2O_CONFIGURATOR_FLAG_GLOBAL | H2O_CONFIGURATOR_FLAG_HOST,
+ on_config_http2_casper);
++ h2o_configurator_define_command(&c->super, "http2-dos-delay",
++ H2O_CONFIGURATOR_FLAG_GLOBAL | H2O_CONFIGURATOR_FLAG_EXPECT_SCALAR,
++ on_config_http2_dos_delay);
+ h2o_configurator_define_command(&c->super, "file.mime.settypes",
+ (H2O_CONFIGURATOR_FLAG_ALL_LEVELS & ~H2O_CONFIGURATOR_FLAG_EXTENSION) |
+ H2O_CONFIGURATOR_FLAG_EXPECT_MAPPING,
+diff --git a/lib/core/context.c b/lib/core/context.c
+index 8d11013810..ac4b0aaf08 100644
+--- a/lib/core/context.c
++++ b/lib/core/context.c
+@@ -101,6 +101,7 @@ void h2o_context_init(h2o_context_t *ctx, h2o_loop_t *loop, h2o_globalconf_t *co
+ h2o_linklist_init_anchor(&ctx->http1._conns);
+ h2o_timeout_init(ctx->loop, &ctx->http2.idle_timeout, config->http2.idle_timeout);
+ h2o_timeout_init(ctx->loop, &ctx->http2.graceful_shutdown_timeout, config->http2.graceful_shutdown_timeout);
++ h2o_timeout_init(ctx->loop, &ctx->http2.dos_delay_timeout, config->http2.dos_delay);
+ h2o_linklist_init_anchor(&ctx->http2._conns);
+ ctx->proxy.client_ctx.loop = loop;
+ h2o_timeout_init(ctx->loop, &ctx->proxy.io_timeout, config->proxy.io_timeout);
+@@ -146,6 +147,7 @@ void h2o_context_dispose(h2o_context_t *ctx)
+ h2o_timeout_dispose(ctx->loop, &ctx->http1.req_timeout);
+ h2o_timeout_dispose(ctx->loop, &ctx->http2.idle_timeout);
+ h2o_timeout_dispose(ctx->loop, &ctx->http2.graceful_shutdown_timeout);
++ h2o_timeout_dispose(ctx->loop, &ctx->http2.dos_delay_timeout);
+ h2o_timeout_dispose(ctx->loop, &ctx->proxy.io_timeout);
+ /* what should we do here? assert(!h2o_linklist_is_empty(&ctx->http2._conns); */
+
+diff --git a/lib/http2/connection.c b/lib/http2/connection.c
+index e2da293043..4910e33098 100644
+--- a/lib/http2/connection.c
++++ b/lib/http2/connection.c
+@@ -161,7 +161,6 @@ static void update_idle_timeout(h2o_http2_conn_t *conn)
+ h2o_timeout_unlink(&conn->_timeout_entry);
+
+ if (conn->num_streams.pull.half_closed + conn->num_streams.push.half_closed == 0) {
+- assert(h2o_linklist_is_empty(&conn->_pending_reqs));
+ conn->_timeout_entry.cb = on_idle_timeout;
+ h2o_timeout_link(conn->super.ctx->loop, &conn->super.ctx->http2.idle_timeout, &conn->_timeout_entry);
+ }
+@@ -175,6 +174,9 @@ static int can_run_requests(h2o_http2_conn_t *conn)
+
+ static void run_pending_requests(h2o_http2_conn_t *conn)
+ {
++ if (h2o_timeout_is_linked(&conn->dos_mitigation.process_delay))
++ return;
++
+ while (!h2o_linklist_is_empty(&conn->_pending_reqs) && can_run_requests(conn)) {
+ /* fetch and detach a pending stream */
+ h2o_http2_stream_t *stream = H2O_STRUCT_FROM_MEMBER(h2o_http2_stream_t, _refs.link, conn->_pending_reqs.next);
+@@ -226,6 +228,16 @@ void h2o_http2_conn_unregister_stream(h2o_http2_conn_t *conn, h2o_http2_stream_t
+ assert(h2o_http2_scheduler_is_open(&stream->_refs.scheduler));
+ h2o_http2_scheduler_close(&stream->_refs.scheduler);
+
++ /* Decrement reset_budget if the stream was reset by peer, otherwise increment. By doing so, we penalize connections that
++ * generate resets for >50% of requests. */
++ if (stream->reset_by_peer) {
++ if (conn->dos_mitigation.reset_budget > 0)
++ --conn->dos_mitigation.reset_budget;
++ } else {
++ if (conn->dos_mitigation.reset_budget < conn->super.ctx->globalconf->http2.max_concurrent_requests_per_connection)
++ ++conn->dos_mitigation.reset_budget;
++ }
++
+ switch (stream->state) {
+ case H2O_HTTP2_STREAM_STATE_IDLE:
+ case H2O_HTTP2_STREAM_STATE_RECV_HEADERS:
+@@ -272,6 +284,8 @@ void close_connection_now(h2o_http2_conn_t *conn)
+ h2o_hpack_dispose_header_table(&conn->_output_header_table);
+ assert(h2o_linklist_is_empty(&conn->_pending_reqs));
+ h2o_timeout_unlink(&conn->_timeout_entry);
++ if (h2o_timeout_is_linked(&conn->dos_mitigation.process_delay))
++ h2o_timeout_unlink(&conn->dos_mitigation.process_delay);
+ h2o_buffer_dispose(&conn->_write.buf);
+ if (conn->_write.buf_in_flight != NULL)
+ h2o_buffer_dispose(&conn->_write.buf_in_flight);
+@@ -797,11 +811,19 @@ static int handle_rst_stream_frame(h2o_http2_conn_t *conn, h2o_http2_frame_t *fr
+ return H2O_HTTP2_ERROR_PROTOCOL;
+ }
+
+- stream = h2o_http2_conn_get_stream(conn, frame->stream_id);
+- if (stream != NULL) {
++ if ((stream = h2o_http2_conn_get_stream(conn, frame->stream_id)) == NULL)
++ return 0;
++
+ /* reset the stream */
++ stream->reset_by_peer = 1;
+ h2o_http2_stream_reset(conn, stream);
+- }
++
++ /* setup process delay if we've just ran out of reset budget */
++ if (conn->dos_mitigation.reset_budget == 0 && conn->super.ctx->globalconf->http2.dos_delay != 0 &&
++ !h2o_timeout_is_linked(&conn->dos_mitigation.process_delay))
++ h2o_timeout_link(conn->super.ctx->loop, &conn->super.ctx->http2.dos_delay_timeout,
++ &conn->dos_mitigation.process_delay);
++
+ /* TODO log */
+
+ return 0;
+@@ -1204,6 +1226,14 @@ static h2o_iovec_t log_priority_actual_weight(h2o_req_t *req)
+ return h2o_iovec_init(s, len);
+ }
+
++static void on_dos_process_delay(h2o_timeout_entry_t *timer)
++{
++ h2o_http2_conn_t *conn = H2O_STRUCT_FROM_MEMBER(h2o_http2_conn_t, dos_mitigation.process_delay, timer);
++
++ assert(!h2o_timeout_is_linked(&conn->dos_mitigation.process_delay));
++ run_pending_requests(conn);
++}
++
+ static h2o_http2_conn_t *create_conn(h2o_context_t *ctx, h2o_hostconf_t **hosts, h2o_socket_t *sock, struct timeval connected_at)
+ {
+ static const h2o_conn_callbacks_t callbacks = {
+@@ -1240,6 +1270,9 @@ static h2o_http2_conn_t *create_conn(h2o_context_t *ctx, h2o_hostconf_t **hosts,
+ conn->_write.timeout_entry.cb = emit_writereq;
+ h2o_http2_window_init(&conn->_write.window, &conn->peer_settings);
+
++ conn->dos_mitigation.process_delay.cb = on_dos_process_delay;
++ conn->dos_mitigation.reset_budget = conn->super.ctx->globalconf->http2.max_concurrent_requests_per_connection;
++
+ return conn;
+ }
+
diff --git a/www-servers/h2o/h2o-2.2.6-r2.ebuild b/www-servers/h2o/h2o-2.2.6-r2.ebuild
new file mode 100644
index 000000000000..36b649162128
--- /dev/null
+++ b/www-servers/h2o/h2o-2.2.6-r2.ebuild
@@ -0,0 +1,107 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="8"
+CMAKE_MAKEFILE_GENERATOR="emake"
+SSL_DEPS_SKIP=1
+USE_RUBY="ruby31 ruby32"
+
+inherit cmake ruby-single ssl-cert systemd toolchain-funcs
+
+DESCRIPTION="H2O - the optimized HTTP/1, HTTP/2 server"
+HOMEPAGE="https://h2o.examp1e.net/"
+SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="libh2o +mruby"
+
+RDEPEND="acct-group/h2o
+ acct-user/h2o
+ dev-lang/perl
+ dev-libs/openssl:0=
+ !sci-libs/libh2o
+ sys-libs/zlib
+ libh2o? ( dev-libs/libuv )"
+DEPEND="${RDEPEND}
+ mruby? (
+ ${RUBY_DEPS}
+ || (
+ dev-libs/onigmo
+ dev-libs/oniguruma
+ )
+ )"
+BDEPEND="libh2o? ( virtual/pkgconfig )
+ mruby? (
+ sys-devel/bison
+ virtual/pkgconfig
+ )"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.2-libressl.patch #903001
+ "${FILESDIR}"/${PN}-2.2-mruby.patch
+ "${FILESDIR}"/${PN}-2.2-ruby30.patch
+ "${FILESDIR}"/${PN}-2.2-CVE-2023-44487.patch
+)
+
+src_prepare() {
+ cmake_src_prepare
+
+ local ruby="ruby"
+ if use mruby; then
+ for ruby in ${RUBY_TARGETS_PREFERENCE}; do
+ if has_version dev-lang/ruby:${ruby:4:1}.${ruby:5}; then
+ break
+ fi
+ ruby=
+ done
+ [[ -z ${ruby} ]] && die "no suitable ruby version found"
+ fi
+
+ sed -i \
+ -e "/INSTALL/s:\(/doc/${PN}\) :\1/html :" \
+ -e "/INSTALL/s:\(/doc\)/${PN}:\1/${PF}:" \
+ -e "s: ruby: ${ruby}:" \
+ CMakeLists.txt
+
+ sed -i "s:pkg-config:$(tc-getPKG_CONFIG):g" deps/mruby/lib/mruby/gem.rb
+ tc-export CC
+ export LD="$(tc-getCC)"
+}
+
+src_configure() {
+ local mycmakeargs=(
+ -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/${PN}
+ -DWITH_MRUBY=$(usex mruby)
+ -DWITHOUT_LIBS=$(usex !libh2o)
+ -DBUILD_SHARED_LIBS=$(usex libh2o)
+ )
+ cmake_src_configure
+}
+
+src_install() {
+ cmake_src_install
+
+ keepdir /var/www/localhost/htdocs
+
+ insinto /etc/${PN}
+ doins "${FILESDIR}"/${PN}.conf
+
+ newinitd "${FILESDIR}"/${PN}.initd ${PN}
+ systemd_dounit "${FILESDIR}"/${PN}.service
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/${PN}.logrotate ${PN}
+
+ keepdir /var/log/${PN}
+ fowners ${PN}:${PN} /var/log/${PN}
+ fperms 0750 /var/log/${PN}
+}
+
+pkg_postinst() {
+ if [[ ! -f "${EROOT}"/etc/ssl/${PN}/server.key ]]; then
+ install_cert /etc/ssl/${PN}/server
+ chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/server.*
+ fi
+}
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/
@ 2025-02-22 5:34 Akinori Hattori
0 siblings, 0 replies; 6+ messages in thread
From: Akinori Hattori @ 2025-02-22 5:34 UTC (permalink / raw
To: gentoo-commits
commit: 9c80329b5b4c18d11ed8e72dc5eff6acfed5b664
Author: Akinori Hattori <hattya <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 22 05:33:05 2025 +0000
Commit: Akinori Hattori <hattya <AT> gentoo <DOT> org>
CommitDate: Sat Feb 22 05:33:05 2025 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c80329b
www-servers/h2o: drop old
Bug: https://bugs.gentoo.org/919882
Signed-off-by: Akinori Hattori <hattya <AT> gentoo.org>
www-servers/h2o/Manifest | 1 -
www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch | 225 ---------------------
www-servers/h2o/files/h2o-2.2-libressl.patch | 54 -----
www-servers/h2o/files/h2o-2.2-mruby.patch | 57 ------
www-servers/h2o/files/h2o-2.2-ruby30.patch | 63 ------
www-servers/h2o/h2o-2.2.6-r2.ebuild | 107 ----------
6 files changed, 507 deletions(-)
diff --git a/www-servers/h2o/Manifest b/www-servers/h2o/Manifest
index 6355ee2a3d76..105f74f90e99 100644
--- a/www-servers/h2o/Manifest
+++ b/www-servers/h2o/Manifest
@@ -1,3 +1,2 @@
-DIST h2o-2.2.6.tar.gz 16257760 BLAKE2B 8474751ca9832ddae2022710654ca58a93ebf9ca01afe934950209b04357b7548b05c598c49fe92684b2910fd6309d6fc3923a0b01cdeeb4b0dc65b08842255f SHA512 f2f28905c01782a0432c9dfdb2f21054e0a4741ac4c5f26802d4b439d0172840aa215aba5dc7c9af62275dcc24de105674a3819384dc38246e43ce3e8263eb20
DIST h2o-2.3.0_pre20241014.tar.gz 30845679 BLAKE2B 9c0d21f31770dd0591690ab8b2fc5e08052cf0aa40046e9bb03158907c05cfd8121bdb140f175172da3a0c8653a09d2729581017f6cc20a53c0bbb534db6263b SHA512 d4d3cdf8553f8583fe3dd7fe9f34e055f0cef39a8c0fa370e837afbe11a7ff9fa0e907a2edf014ec494b663a6216f643daca19a1c23ff163a4c2514a45ccc706
DIST h2o-2.3.0_pre20250130.tar.gz 30811885 BLAKE2B e40c59c9fc010412e613bd8059108f88b554131afd64a832c6e2db3ee0a9aa01b14451abee680d91b430a47550f32897dde367b86ee48397029d4b7890258e0e SHA512 3d855ed1571e11fb6b0ed3b0f85cd26a015448347423eb0b994f8803b23c73bf7b773b0d84b6a2b70f08c314496488ad02f358a2269478e86da18fc983c26ae1
diff --git a/www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch b/www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch
deleted file mode 100644
index 71a511ac9ed2..000000000000
--- a/www-servers/h2o/files/h2o-2.2-CVE-2023-44487.patch
+++ /dev/null
@@ -1,225 +0,0 @@
-https://github.com/h2o/h2o/pull/3293
-
-From 770208bbe3955c47e005a1e8cb08266e4a8dfc9a Mon Sep 17 00:00:00 2001
-From: Remi Gacogne <remi.gacogne@powerdns.com>
-Date: Tue, 10 Oct 2023 15:47:57 +0200
-Subject: [PATCH] [http2] delay processing requests upon observing suspicious
- behavior
-
-Backport of 94fbc54b6c9309912fe3d53e7b63408bbe9a1b0d to v2.2.x
----
- include/h2o.h | 8 +++++++
- include/h2o/http2_internal.h | 8 +++++++
- lib/core/config.c | 1 +
- lib/core/configurator.c | 9 ++++++++
- lib/core/context.c | 2 ++
- lib/http2/connection.c | 41 ++++++++++++++++++++++++++++++++----
- 6 files changed, 65 insertions(+), 4 deletions(-)
-
-diff --git a/include/h2o.h b/include/h2o.h
-index 57877bd12c..409cd5c21c 100644
---- a/include/h2o.h
-+++ b/include/h2o.h
-@@ -378,6 +378,10 @@ struct st_h2o_globalconf_t {
- * list of callbacks
- */
- h2o_protocol_callbacks_t callbacks;
-+ /**
-+ * milliseconds to delay processing requests when suspicious behavior is detected
-+ */
-+ uint64_t dos_delay;
- } http2;
-
- struct {
-@@ -590,6 +594,10 @@ struct st_h2o_context_t {
- * timeout entry used for graceful shutdown
- */
- h2o_timeout_entry_t _graceful_shutdown_timeout;
-+ /*
-+ * dos timeout
-+ */
-+ h2o_timeout_t dos_delay_timeout;
- struct {
- /**
- * counter for http2 errors internally emitted by h2o
-diff --git a/include/h2o/http2_internal.h b/include/h2o/http2_internal.h
-index 5cfc4d8204..b9cf400929 100644
---- a/include/h2o/http2_internal.h
-+++ b/include/h2o/http2_internal.h
-@@ -179,6 +179,7 @@ struct st_h2o_http2_stream_t {
- h2o_linklist_t link;
- h2o_http2_scheduler_openref_t scheduler;
- } _refs;
-+ unsigned reset_by_peer : 1;
- h2o_send_state_t send_state; /* state of the ostream, only used in push mode */
- /* placed at last since it is large and has it's own ctor */
- h2o_req_t req;
-@@ -232,6 +233,13 @@ struct st_h2o_http2_conn_t {
- } _write;
- h2o_cache_t *push_memo;
- h2o_http2_casper_t *casper;
-+ /**
-+ * DoS mitigation; the idea here is to delay processing requests when observing suspicious behavior
-+ */
-+ struct {
-+ h2o_timeout_entry_t process_delay;
-+ size_t reset_budget; /* RST_STREAM frames are considered suspicious when this value goes down to zero */
-+ } dos_mitigation;
- };
-
- int h2o_http2_update_peer_settings(h2o_http2_settings_t *settings, const uint8_t *src, size_t len, const char **err_desc);
-diff --git a/lib/core/config.c b/lib/core/config.c
-index ce1d320183..08e43a6d30 100644
---- a/lib/core/config.c
-+++ b/lib/core/config.c
-@@ -189,6 +189,7 @@ void h2o_config_init(h2o_globalconf_t *config)
- config->http2.latency_optimization.min_rtt = 50; // milliseconds
- config->http2.latency_optimization.max_additional_delay = 10;
- config->http2.latency_optimization.max_cwnd = 65535;
-+ config->http2.dos_delay = 100; /* 100ms processing delay when observing suspicious behavior */
- config->http2.callbacks = H2O_HTTP2_CALLBACKS;
- config->mimemap = h2o_mimemap_create();
-
-diff --git a/lib/core/configurator.c b/lib/core/configurator.c
-index 891770cc2d..4731ba2707 100644
---- a/lib/core/configurator.c
-+++ b/lib/core/configurator.c
-@@ -531,6 +531,12 @@ static int on_config_http2_casper(h2o_configurator_command_t *cmd, h2o_configura
- return 0;
- }
-
-+
-+static int on_config_http2_dos_delay(h2o_configurator_command_t *cmd, h2o_configurator_context_t *ctx, yoml_t *node)
-+{
-+ return config_timeout(cmd, node, &ctx->globalconf->http2.dos_delay);
-+}
-+
- static int assert_is_mimetype(h2o_configurator_command_t *cmd, yoml_t *node)
- {
- if (node->type != YOML_TYPE_SCALAR) {
-@@ -910,6 +916,9 @@ void h2o_configurator__init_core(h2o_globalconf_t *conf)
- on_config_http2_push_preload);
- h2o_configurator_define_command(&c->super, "http2-casper", H2O_CONFIGURATOR_FLAG_GLOBAL | H2O_CONFIGURATOR_FLAG_HOST,
- on_config_http2_casper);
-+ h2o_configurator_define_command(&c->super, "http2-dos-delay",
-+ H2O_CONFIGURATOR_FLAG_GLOBAL | H2O_CONFIGURATOR_FLAG_EXPECT_SCALAR,
-+ on_config_http2_dos_delay);
- h2o_configurator_define_command(&c->super, "file.mime.settypes",
- (H2O_CONFIGURATOR_FLAG_ALL_LEVELS & ~H2O_CONFIGURATOR_FLAG_EXTENSION) |
- H2O_CONFIGURATOR_FLAG_EXPECT_MAPPING,
-diff --git a/lib/core/context.c b/lib/core/context.c
-index 8d11013810..ac4b0aaf08 100644
---- a/lib/core/context.c
-+++ b/lib/core/context.c
-@@ -101,6 +101,7 @@ void h2o_context_init(h2o_context_t *ctx, h2o_loop_t *loop, h2o_globalconf_t *co
- h2o_linklist_init_anchor(&ctx->http1._conns);
- h2o_timeout_init(ctx->loop, &ctx->http2.idle_timeout, config->http2.idle_timeout);
- h2o_timeout_init(ctx->loop, &ctx->http2.graceful_shutdown_timeout, config->http2.graceful_shutdown_timeout);
-+ h2o_timeout_init(ctx->loop, &ctx->http2.dos_delay_timeout, config->http2.dos_delay);
- h2o_linklist_init_anchor(&ctx->http2._conns);
- ctx->proxy.client_ctx.loop = loop;
- h2o_timeout_init(ctx->loop, &ctx->proxy.io_timeout, config->proxy.io_timeout);
-@@ -146,6 +147,7 @@ void h2o_context_dispose(h2o_context_t *ctx)
- h2o_timeout_dispose(ctx->loop, &ctx->http1.req_timeout);
- h2o_timeout_dispose(ctx->loop, &ctx->http2.idle_timeout);
- h2o_timeout_dispose(ctx->loop, &ctx->http2.graceful_shutdown_timeout);
-+ h2o_timeout_dispose(ctx->loop, &ctx->http2.dos_delay_timeout);
- h2o_timeout_dispose(ctx->loop, &ctx->proxy.io_timeout);
- /* what should we do here? assert(!h2o_linklist_is_empty(&ctx->http2._conns); */
-
-diff --git a/lib/http2/connection.c b/lib/http2/connection.c
-index e2da293043..4910e33098 100644
---- a/lib/http2/connection.c
-+++ b/lib/http2/connection.c
-@@ -161,7 +161,6 @@ static void update_idle_timeout(h2o_http2_conn_t *conn)
- h2o_timeout_unlink(&conn->_timeout_entry);
-
- if (conn->num_streams.pull.half_closed + conn->num_streams.push.half_closed == 0) {
-- assert(h2o_linklist_is_empty(&conn->_pending_reqs));
- conn->_timeout_entry.cb = on_idle_timeout;
- h2o_timeout_link(conn->super.ctx->loop, &conn->super.ctx->http2.idle_timeout, &conn->_timeout_entry);
- }
-@@ -175,6 +174,9 @@ static int can_run_requests(h2o_http2_conn_t *conn)
-
- static void run_pending_requests(h2o_http2_conn_t *conn)
- {
-+ if (h2o_timeout_is_linked(&conn->dos_mitigation.process_delay))
-+ return;
-+
- while (!h2o_linklist_is_empty(&conn->_pending_reqs) && can_run_requests(conn)) {
- /* fetch and detach a pending stream */
- h2o_http2_stream_t *stream = H2O_STRUCT_FROM_MEMBER(h2o_http2_stream_t, _refs.link, conn->_pending_reqs.next);
-@@ -226,6 +228,16 @@ void h2o_http2_conn_unregister_stream(h2o_http2_conn_t *conn, h2o_http2_stream_t
- assert(h2o_http2_scheduler_is_open(&stream->_refs.scheduler));
- h2o_http2_scheduler_close(&stream->_refs.scheduler);
-
-+ /* Decrement reset_budget if the stream was reset by peer, otherwise increment. By doing so, we penalize connections that
-+ * generate resets for >50% of requests. */
-+ if (stream->reset_by_peer) {
-+ if (conn->dos_mitigation.reset_budget > 0)
-+ --conn->dos_mitigation.reset_budget;
-+ } else {
-+ if (conn->dos_mitigation.reset_budget < conn->super.ctx->globalconf->http2.max_concurrent_requests_per_connection)
-+ ++conn->dos_mitigation.reset_budget;
-+ }
-+
- switch (stream->state) {
- case H2O_HTTP2_STREAM_STATE_IDLE:
- case H2O_HTTP2_STREAM_STATE_RECV_HEADERS:
-@@ -272,6 +284,8 @@ void close_connection_now(h2o_http2_conn_t *conn)
- h2o_hpack_dispose_header_table(&conn->_output_header_table);
- assert(h2o_linklist_is_empty(&conn->_pending_reqs));
- h2o_timeout_unlink(&conn->_timeout_entry);
-+ if (h2o_timeout_is_linked(&conn->dos_mitigation.process_delay))
-+ h2o_timeout_unlink(&conn->dos_mitigation.process_delay);
- h2o_buffer_dispose(&conn->_write.buf);
- if (conn->_write.buf_in_flight != NULL)
- h2o_buffer_dispose(&conn->_write.buf_in_flight);
-@@ -797,11 +811,19 @@ static int handle_rst_stream_frame(h2o_http2_conn_t *conn, h2o_http2_frame_t *fr
- return H2O_HTTP2_ERROR_PROTOCOL;
- }
-
-- stream = h2o_http2_conn_get_stream(conn, frame->stream_id);
-- if (stream != NULL) {
-+ if ((stream = h2o_http2_conn_get_stream(conn, frame->stream_id)) == NULL)
-+ return 0;
-+
- /* reset the stream */
-+ stream->reset_by_peer = 1;
- h2o_http2_stream_reset(conn, stream);
-- }
-+
-+ /* setup process delay if we've just ran out of reset budget */
-+ if (conn->dos_mitigation.reset_budget == 0 && conn->super.ctx->globalconf->http2.dos_delay != 0 &&
-+ !h2o_timeout_is_linked(&conn->dos_mitigation.process_delay))
-+ h2o_timeout_link(conn->super.ctx->loop, &conn->super.ctx->http2.dos_delay_timeout,
-+ &conn->dos_mitigation.process_delay);
-+
- /* TODO log */
-
- return 0;
-@@ -1204,6 +1226,14 @@ static h2o_iovec_t log_priority_actual_weight(h2o_req_t *req)
- return h2o_iovec_init(s, len);
- }
-
-+static void on_dos_process_delay(h2o_timeout_entry_t *timer)
-+{
-+ h2o_http2_conn_t *conn = H2O_STRUCT_FROM_MEMBER(h2o_http2_conn_t, dos_mitigation.process_delay, timer);
-+
-+ assert(!h2o_timeout_is_linked(&conn->dos_mitigation.process_delay));
-+ run_pending_requests(conn);
-+}
-+
- static h2o_http2_conn_t *create_conn(h2o_context_t *ctx, h2o_hostconf_t **hosts, h2o_socket_t *sock, struct timeval connected_at)
- {
- static const h2o_conn_callbacks_t callbacks = {
-@@ -1240,6 +1270,9 @@ static h2o_http2_conn_t *create_conn(h2o_context_t *ctx, h2o_hostconf_t **hosts,
- conn->_write.timeout_entry.cb = emit_writereq;
- h2o_http2_window_init(&conn->_write.window, &conn->peer_settings);
-
-+ conn->dos_mitigation.process_delay.cb = on_dos_process_delay;
-+ conn->dos_mitigation.reset_budget = conn->super.ctx->globalconf->http2.max_concurrent_requests_per_connection;
-+
- return conn;
- }
-
diff --git a/www-servers/h2o/files/h2o-2.2-libressl.patch b/www-servers/h2o/files/h2o-2.2-libressl.patch
deleted file mode 100644
index 59aca8df8550..000000000000
--- a/www-servers/h2o/files/h2o-2.2-libressl.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-https://bugs.gentoo.org/903001
-https://github.com/h2o/neverbleed/pull/51
-https://github.com/h2o/neverbleed/commit/e1005c16e11b2ca358c86df2a4226632a2992d55
-https://github.com/h2o/h2o/pull/3214
-https://github.com/h2o/h2o/commit/83f89f2fe7c5399b88386a940b2a675742478aca
-https://github.com/h2o/h2o/pull/2062
-https://github.com/h2o/h2o/commit/e61e9c8296e894a479268d041985e65433c17e67
-
-From 81494ee75e8f533c9fbf841d0dfe83f8eeba7bbd Mon Sep 17 00:00:00 2001
-From: Kazuho Oku <kazuhooku@gmail.com>
-Date: Mon, 13 Mar 2023 18:56:12 +0900
-Subject: [PATCH] libressl 3.5 and above have opaque RSA struct
-
----
- deps/neverbleed/neverbleed.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/neverbleed.c b/neverbleed.c
-index d7cd979..74d7aa3 100644
---- a/deps/neverbleed/neverbleed.c
-+++ b/deps/neverbleed/neverbleed.c
-@@ -45,7 +45,7 @@
- #endif
- #include "neverbleed.h"
-
--#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
-+#if defined(LIBRESSL_VERSION_NUMBER) ? LIBRESSL_VERSION_NUMBER >= 0x3050000fL : OPENSSL_VERSION_NUMBER >= 0x1010000fL
- #define OPENSSL_1_1_API 1
- #else
- #define OPENSSL_1_1_API 0
-Silence compiler warning. The get_session_cb has had const since LibreSSL 2.8.
-
-From b408b9e015627394003a04577dd7ee7e870d1797 Mon Sep 17 00:00:00 2001
-From: David Carlier <devnexen@gmail.com>
-Date: Thu, 30 May 2019 15:05:44 +0100
-Subject: [PATCH] LibreSSL little build warning fix proposal
-
----
- lib/common/socket.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/common/socket.c b/lib/common/socket.c
-index 172b75026f..45c18591b7 100644
---- a/lib/common/socket.c
-+++ b/lib/common/socket.c
-@@ -946,7 +946,7 @@ static void create_ossl(h2o_socket_t *sock)
- }
-
- static SSL_SESSION *on_async_resumption_get(SSL *ssl,
--#if OPENSSL_VERSION_NUMBER >= 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)
-+#if !defined(LIBRESSL_VERSION_NUMBER) ? OPENSSL_VERSION_NUMBER >= 0x1010000fL : LIBRESSL_VERSION_NUMBER > 0x2070000f
- const
- #endif
- unsigned char *data,
diff --git a/www-servers/h2o/files/h2o-2.2-mruby.patch b/www-servers/h2o/files/h2o-2.2-mruby.patch
deleted file mode 100644
index 92e7a8e7f1d7..000000000000
--- a/www-servers/h2o/files/h2o-2.2-mruby.patch
+++ /dev/null
@@ -1,57 +0,0 @@
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -157,6 +157,19 @@
- SET(WSLAY_LIBRARIES -lwslay)
- ENDIF (NOT WSLAY_FOUND)
-
-+IF (PKG_CONFIG_FOUND)
-+ PKG_CHECK_MODULES(ONIG onigmo)
-+ IF (NOT ONIG_FOUND)
-+ PKG_CHECK_MODULES(ONIG oniguruma)
-+ ENDIF (NOT ONIG_FOUND)
-+ IF (ONIG_FOUND)
-+ LINK_DIRECTORIES(${ONIG_LIBRARY_DIRS})
-+ ENDIF (ONIG_FOUND)
-+ENDIF (PKG_CONFIG_FOUND)
-+IF (NOT ONIG_FOUND AND WITH_MRUBY)
-+ MESSAGE(FATAL_ERROR "Onigmo/Oniguruma not found")
-+ENDIF (NOT ONIG_FOUND AND WITH_MRUBY)
-+
- IF (ZLIB_FOUND)
- INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIRS})
- LINK_DIRECTORIES(${ZLIB_LIBRARY_DIRS})
-@@ -460,7 +473,7 @@
- ELSE ()
- SET(MRUBY_TOOLCHAIN "gcc")
- ENDIF ()
-- ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby ruby minirake
-+ ADD_CUSTOM_TARGET(mruby MRUBY_TOOLCHAIN=${MRUBY_TOOLCHAIN} MRUBY_CONFIG=${CMAKE_CURRENT_SOURCE_DIR}/misc/mruby_config.rb MRUBY_BUILD_DIR=${CMAKE_CURRENT_BINARY_DIR}/mruby ruby minirake -v
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/deps/mruby)
- LIST(APPEND STANDALONE_SOURCE_FILES
- lib/handler/mruby.c
-@@ -491,7 +504,7 @@
- # note: the paths need to be determined before libmruby.flags.mak is generated
- TARGET_LINK_LIBRARIES(h2o
- "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/lib/libmruby.a"
-- "${CMAKE_CURRENT_BINARY_DIR}/mruby/host/mrbgems/mruby-onig-regexp/onigmo-6.1.1/.libs/libonigmo.a"
-+ ${ONIG_LIBRARIES}
- "m")
- ADD_DEPENDENCIES(h2o mruby)
- ENDIF (WITH_MRUBY)
---- a/misc/mruby_config.rb
-+++ b/misc/mruby_config.rb
-@@ -15,13 +15,7 @@
- # use mrbgems
- Dir.glob("../mruby-*/mrbgem.rake") do |x|
- g = File.basename File.dirname x
-- if g == 'mruby-onig-regexp'
-- conf.gem "../deps/#{g}" do |c|
-- c.bundle_onigmo
-- end
-- else
-- conf.gem "../deps/#{g}"
-- end
-+ conf.gem "../deps/#{g}"
- end
-
- # include all the core GEMs
diff --git a/www-servers/h2o/files/h2o-2.2-ruby30.patch b/www-servers/h2o/files/h2o-2.2-ruby30.patch
deleted file mode 100644
index 47692d68bba5..000000000000
--- a/www-servers/h2o/files/h2o-2.2-ruby30.patch
+++ /dev/null
@@ -1,63 +0,0 @@
---- a/deps/mruby/Rakefile
-+++ b/deps/mruby/Rakefile
-@@ -37,15 +37,15 @@
- task :default => :all
-
- bin_path = ENV['INSTALL_DIR'] || "#{MRUBY_ROOT}/bin"
--FileUtils.mkdir_p bin_path, { :verbose => $verbose }
-+FileUtils.mkdir_p bin_path, :verbose => $verbose
-
- depfiles = MRuby.targets['host'].bins.map do |bin|
- install_path = MRuby.targets['host'].exefile("#{bin_path}/#{bin}")
- source_path = MRuby.targets['host'].exefile("#{MRuby.targets['host'].build_dir}/bin/#{bin}")
-
- file install_path => source_path do |t|
-- FileUtils.rm_f t.name, { :verbose => $verbose }
-- FileUtils.cp t.prerequisites.first, t.name, { :verbose => $verbose }
-+ FileUtils.rm_f t.name, :verbose => $verbose
-+ FileUtils.cp t.prerequisites.first, t.name, :verbose => $verbose
- end
-
- install_path
-@@ -78,8 +78,8 @@
- install_path = MRuby.targets['host'].exefile("#{bin_path}/#{bin}")
-
- file install_path => exec do |t|
-- FileUtils.rm_f t.name, { :verbose => $verbose }
-- FileUtils.cp t.prerequisites.first, t.name, { :verbose => $verbose }
-+ FileUtils.rm_f t.name, :verbose => $verbose
-+ FileUtils.cp t.prerequisites.first, t.name, :verbose => $verbose
- end
- depfiles += [ install_path ]
- elsif target == MRuby.targets['host-debug']
-@@ -87,8 +87,8 @@
- install_path = MRuby.targets['host-debug'].exefile("#{bin_path}/#{bin}")
-
- file install_path => exec do |t|
-- FileUtils.rm_f t.name, { :verbose => $verbose }
-- FileUtils.cp t.prerequisites.first, t.name, { :verbose => $verbose }
-+ FileUtils.rm_f t.name, :verbose => $verbose
-+ FileUtils.cp t.prerequisites.first, t.name, :verbose => $verbose
- end
- depfiles += [ install_path ]
- end
-@@ -127,16 +127,16 @@
- desc "clean all built and in-repo installed artifacts"
- task :clean do
- MRuby.each_target do |t|
-- FileUtils.rm_rf t.build_dir, { :verbose => $verbose }
-+ FileUtils.rm_rf t.build_dir, :verbose => $verbose
- end
-- FileUtils.rm_f depfiles, { :verbose => $verbose }
-+ FileUtils.rm_f depfiles, :verbose => $verbose
- puts "Cleaned up target build folder"
- end
-
- desc "clean everything!"
- task :deep_clean => ["clean"] do
- MRuby.each_target do |t|
-- FileUtils.rm_rf t.gem_clone_dir, { :verbose => $verbose }
-+ FileUtils.rm_rf t.gem_clone_dir, :verbose => $verbose
- end
- puts "Cleaned up mrbgems build folder"
- end
diff --git a/www-servers/h2o/h2o-2.2.6-r2.ebuild b/www-servers/h2o/h2o-2.2.6-r2.ebuild
deleted file mode 100644
index 45ad42c87a40..000000000000
--- a/www-servers/h2o/h2o-2.2.6-r2.ebuild
+++ /dev/null
@@ -1,107 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="8"
-CMAKE_MAKEFILE_GENERATOR="emake"
-SSL_DEPS_SKIP=1
-USE_RUBY="ruby31 ruby32"
-
-inherit cmake ruby-single ssl-cert systemd toolchain-funcs
-
-DESCRIPTION="H2O - the optimized HTTP/1, HTTP/2 server"
-HOMEPAGE="https://h2o.examp1e.net/"
-SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="libh2o +mruby"
-
-RDEPEND="acct-group/h2o
- acct-user/h2o
- dev-lang/perl
- dev-libs/openssl:0=
- !sci-libs/libh2o
- sys-libs/zlib
- libh2o? ( dev-libs/libuv )"
-DEPEND="${RDEPEND}
- mruby? (
- ${RUBY_DEPS}
- || (
- dev-libs/onigmo
- dev-libs/oniguruma
- )
- )"
-BDEPEND="libh2o? ( virtual/pkgconfig )
- mruby? (
- app-alternatives/yacc
- virtual/pkgconfig
- )"
-
-PATCHES=(
- "${FILESDIR}"/${PN}-2.2-libressl.patch #903001
- "${FILESDIR}"/${PN}-2.2-mruby.patch
- "${FILESDIR}"/${PN}-2.2-ruby30.patch
- "${FILESDIR}"/${PN}-2.2-CVE-2023-44487.patch
-)
-
-src_prepare() {
- cmake_src_prepare
-
- local ruby="ruby"
- if use mruby; then
- for ruby in ${RUBY_TARGETS_PREFERENCE}; do
- if has_version dev-lang/ruby:${ruby:4:1}.${ruby:5}; then
- break
- fi
- ruby=
- done
- [[ -z ${ruby} ]] && die "no suitable ruby version found"
- fi
-
- sed -i \
- -e "/INSTALL/s:\(/doc/${PN}\) :\1/html :" \
- -e "/INSTALL/s:\(/doc\)/${PN}:\1/${PF}:" \
- -e "s: ruby: ${ruby}:" \
- CMakeLists.txt
-
- sed -i "s:pkg-config:$(tc-getPKG_CONFIG):g" deps/mruby/lib/mruby/gem.rb
- tc-export CC
- export LD="$(tc-getCC)"
-}
-
-src_configure() {
- local mycmakeargs=(
- -DCMAKE_INSTALL_SYSCONFDIR="${EPREFIX}"/etc/${PN}
- -DWITH_MRUBY=$(usex mruby)
- -DWITHOUT_LIBS=$(usex !libh2o)
- -DBUILD_SHARED_LIBS=$(usex libh2o)
- )
- cmake_src_configure
-}
-
-src_install() {
- cmake_src_install
-
- keepdir /var/www/localhost/htdocs
-
- insinto /etc/${PN}
- doins "${FILESDIR}"/${PN}.conf
-
- newinitd "${FILESDIR}"/${PN}.initd ${PN}
- systemd_dounit "${FILESDIR}"/${PN}.service
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/${PN}.logrotate ${PN}
-
- keepdir /var/log/${PN}
- fowners ${PN}:${PN} /var/log/${PN}
- fperms 0750 /var/log/${PN}
-}
-
-pkg_postinst() {
- if [[ ! -f "${EROOT}"/etc/ssl/${PN}/server.key ]]; then
- install_cert /etc/ssl/${PN}/server
- chown ${PN}:${PN} "${EROOT}"/etc/ssl/${PN}/server.*
- fi
-}
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-02-22 5:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-07-04 13:57 [gentoo-commits] repo/gentoo:master commit in: www-servers/h2o/files/, www-servers/h2o/ Akinori Hattori
-- strict thread matches above, loose matches on Subject: below --
2025-02-22 5:34 Akinori Hattori
2023-10-22 13:44 Akinori Hattori
2022-08-06 0:45 Akinori Hattori
2018-07-04 13:24 Akinori Hattori
2017-07-05 19:51 Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox