Bring in a commit from upstream

- performance: use Linux extended syscalls and flags

from Brad (maintainer)

www/lighttpd/Makefile

@@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.137 2016/09/17 20:22:41 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.138 2016/10/12 08:09:26 ajacoutot Exp $
 
 COMMENT=	secure, fast, compliant, and very flexible web-server
 
 DISTNAME=	lighttpd-1.4.41
+REVISION=	0
 CATEGORIES=	www net
 MASTER_SITES=	http://download.lighttpd.net/lighttpd/releases-1.4.x/
 EXTRACT_SUFX=	.tar.xz

www/lighttpd/patches/patch-src_connections_c

@@ -1,10 +1,30 @@
-$OpenBSD: patch-src_connections_c,v 1.28 2016/09/17 20:22:41 ajacoutot Exp $
+$OpenBSD: patch-src_connections_c,v 1.29 2016/10/12 08:09:26 ajacoutot Exp $
 
-[core] check if client half-closed TCP if POLLHUP (#2743)
+- [core] check if client half-closed TCP if POLLHUP (#2743)
+- performance: use Linux extended syscalls and flags
 
---- src/connections.c.orig	Wed Sep 14 21:06:19 2016
-+++ src/connections.c	Wed Sep 14 20:59:39 2016
-@@ -943,43 +943,6 @@ static handler_t connection_handle_fdevent(server *srv
+--- src/connections.c.orig	Mon Oct 10 18:05:17 2016
++++ src/connections.c	Mon Oct 10 18:04:38 2016
+@@ -140,14 +140,11 @@ static int connection_close(server *srv, connection *c
+ 				"(warning) close:", con->fd, strerror(errno));
+ 	}
+ #endif
+-	con->fd = -1;
++	else {
++		srv->cur_fds--;
++	}
+ 
+-	srv->cur_fds--;
+-#if 0
+-	log_error_write(srv, __FILE__, __LINE__, "sd",
+-			"closed()", con->fd);
+-#endif
+-
++	con->fd = -1;
+ 	connection_del(srv, con);
+ 	connection_set_state(srv, con, CON_STATE_CONNECT);
+ 
+@@ -943,43 +940,6 @@ static handler_t connection_handle_fdevent(server *srv
  	}
  
  
@@ -48,13 +68,10 @@ $OpenBSD: patch-src_connections_c,v 1.28 2016/09/17 20:22:41 ajacoutot Exp $
  	if (con->state == CON_STATE_READ) {
  		connection_handle_read_state(srv, con);
  	}
-@@ -1005,6 +968,27 @@ static handler_t connection_handle_fdevent(server *srv
- 		len = read(con->fd, buf, sizeof(buf));
- 		if (len == 0 || (len < 0 && errno != EAGAIN && errno != EINTR) ) {
- 			con->close_timeout_ts = srv->cur_ts - (HTTP_LINGER_TIMEOUT+1);
-+		}
-+	}
-+
+@@ -1008,6 +968,27 @@ static handler_t connection_handle_fdevent(server *srv
+ 		}
+ 	}
+ 
 +
 +	/* attempt (above) to read data in kernel socket buffers
 +	 * prior to handling FDEVENT_HUP and FDEVENT_ERR */
@@ -73,6 +90,50 @@ $OpenBSD: patch-src_connections_c,v 1.28 2016/09/17 20:22:41 ajacoutot Exp $
 +		} else {
 +			log_error_write(srv, __FILE__, __LINE__, "sd",
 +					"connection closed: poll() -> ???", revents);
- 		}
- 	}
++		}
++	}
++
+ 	return HANDLER_FINISHED;
+ }
  
+@@ -1033,7 +1014,12 @@ connection *connection_accept(server *srv, server_sock
+ 
+ 	cnt_len = sizeof(cnt_addr);
+ 
+-	if (-1 == (cnt = accept(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len))) {
++#if defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
++	cnt = accept4(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len, SOCK_CLOEXEC | SOCK_NONBLOCK);
++#else
++	cnt = accept(srv_socket->fd, (struct sockaddr *) &cnt_addr, &cnt_len);
++#endif
++	if (-1 == cnt) {
+ 		switch (errno) {
+ 		case EAGAIN:
+ #if EWOULDBLOCK != EAGAIN
+@@ -1084,8 +1070,9 @@ connection *connection_accepted(server *srv, server_so
+ 		buffer_copy_string(con->dst_addr_buf, inet_ntop_cache_get_ip(srv, &(con->dst_addr)));
+ 		con->srv_socket = srv_socket;
+ 
+-		if (-1 == (fdevent_fcntl_set(srv->ev, con->fd))) {
++		if (-1 == fdevent_fcntl_set_nb_cloexec_sock(srv->ev, con->fd)) {
+ 			log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
++			connection_close(srv, con);
+ 			return NULL;
+ 		}
+ #ifdef USE_OPENSSL
+@@ -1095,6 +1082,7 @@ connection *connection_accepted(server *srv, server_so
+ 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ 						ERR_error_string(ERR_get_error(), NULL));
+ 
++				connection_close(srv, con);
+ 				return NULL;
+ 			}
+ 
+@@ -1105,6 +1093,7 @@ connection *connection_accepted(server *srv, server_so
+ 			if (1 != (SSL_set_fd(con->ssl, cnt))) {
+ 				log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
+ 						ERR_error_string(ERR_get_error(), NULL));
++				connection_close(srv, con);
+ 				return NULL;
+ 			}
+ 		}

www/lighttpd/patches/patch-src_fdevent_c

@@ -1,10 +1,11 @@
-$OpenBSD: patch-src_fdevent_c,v 1.1 2016/09/17 20:22:41 ajacoutot Exp $
+$OpenBSD: patch-src_fdevent_c,v 1.2 2016/10/12 08:09:26 ajacoutot Exp $
 
 - [core] check if client half-closed TCP if POLLHUP (#2743)
 - [core] fix crash if ready events on abandoned fd (fixes #2748)
+- performance: use Linux extended syscalls and flags
 
---- src/fdevent.c.orig	Sun Jul 31 08:42:39 2016
-+++ src/fdevent.c	Thu Sep 15 19:49:08 2016
+--- src/fdevent.c.orig	Mon Oct 10 18:05:27 2016
++++ src/fdevent.c	Mon Oct 10 18:04:38 2016
 @@ -23,6 +23,7 @@ fdevents *fdevent_init(server *srv, size_t maxfds, fde
  	ev->fdarray = calloc(maxfds, sizeof(*ev->fdarray));
  	force_assert(NULL != ev->fdarray);
@@ -82,7 +83,87 @@ $OpenBSD: patch-src_fdevent_c,v 1.1 2016/09/17 20:22:41 ajacoutot Exp $
  	if (ev->fdarray[fd]->fd != fd) SEGFAULT();
  
  	return ev->fdarray[fd]->ctx;
-@@ -250,3 +286,37 @@ int fdevent_event_next_fdndx(fdevents *ev, int ndx) {
+@@ -234,7 +270,10 @@ void fd_close_on_exec(int fd) {
+ }
+ 
+ int fdevent_fcntl_set(fdevents *ev, int fd) {
+-	fd_close_on_exec(fd);
++	return ((ev) && (ev->fcntl_set)) ? ev->fcntl_set(ev, fd) : 0;
++}
++
++int fdevent_fcntl_set_nb(fdevents *ev, int fd) {
+ 	if ((ev) && (ev->fcntl_set)) return ev->fcntl_set(ev, fd);
+ #ifdef O_NONBLOCK
+ 	return fcntl(fd, F_SETFL, O_NONBLOCK | O_RDWR);
+@@ -243,10 +282,105 @@ int fdevent_fcntl_set(fdevents *ev, int fd) {
+ #endif
+ }
+ 
++int fdevent_fcntl_set_nb_cloexec(fdevents *ev, int fd) {
++	fd_close_on_exec(fd);
++	return fdevent_fcntl_set_nb(ev, fd);
++}
+ 
++int fdevent_fcntl_set_nb_cloexec_sock(fdevents *ev, int fd) {
++#if defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK)
++	return ((ev) && (ev->fcntl_set)) ? ev->fcntl_set(ev, fd) : 0;
++#else
++	return fdevent_fcntl_set_nb_cloexec(ev, fd);
++#endif
++}
++
++int fdevent_socket_cloexec(int domain, int type, int protocol) {
++#ifdef SOCK_CLOEXEC
++	return socket(domain, type | SOCK_CLOEXEC, protocol);
++#else
++	int fd;
++	if (-1 != (fd = socket(domain, type, protocol))) {
++#ifdef FD_CLOEXEC
++		fcntl(fd, F_SETFD, FD_CLOEXEC);
++#endif
++	}
++	return fd;
++#endif
++}
++
++int fdevent_socket_nb_cloexec(int domain, int type, int protocol) {
++#ifdef SOCK_CLOEXEC
++	return socket(domain, type | SOCK_CLOEXEC | SOCK_NONBLOCK, protocol);
++#else
++	int fd;
++	if (-1 != (fd = socket(domain, type, protocol))) {
++#ifdef FD_CLOEXEC
++		fcntl(fd, F_SETFD, FD_CLOEXEC);
++#endif
++#ifdef O_NONBLOCK
++		fcntl(fd, F_SETFL, O_NONBLOCK | O_RDWR);
++#endif
++	}
++	return fd;
++#endif
++}
++
++#ifndef O_NOCTTY
++#define O_NOCTTY 0
++#endif
++
++int fdevent_open_cloexec(const char *pathname, int flags, mode_t mode) {
++#ifdef O_CLOEXEC
++	return open(pathname, flags | O_CLOEXEC | O_NOCTTY, mode);
++#else
++	int fd = open(pathname, flags | O_NOCTTY, mode);
++#ifdef FD_CLOEXEC
++	if (fd != -1)
++		fcntl(fd, F_SETFD, FD_CLOEXEC);
++#endif
++	return fd;
++#endif
++}
++
++
+ int fdevent_event_next_fdndx(fdevents *ev, int ndx) {
+ 	if (ev->event_next_fdndx) return ev->event_next_fdndx(ev, ndx);
+ 
  	return -1;
  }
  

www/lighttpd/patches/patch-src_fdevent_h

@@ -1,10 +1,11 @@
-$OpenBSD: patch-src_fdevent_h,v 1.1 2016/09/17 20:22:41 ajacoutot Exp $
+$OpenBSD: patch-src_fdevent_h,v 1.2 2016/10/12 08:09:26 ajacoutot Exp $
 
 - [core] check if client half-closed TCP if POLLHUP (#2743)
 - [core] fix crash if ready events on abandoned fd (fixes #2748)
+- performance: use Linux extended syscalls and flags
 
---- src/fdevent.h.orig	Wed Sep 14 21:06:36 2016
-+++ src/fdevent.h	Wed Sep 14 21:04:56 2016
+--- src/fdevent.h.orig	Mon Oct 10 18:05:33 2016
++++ src/fdevent.h	Mon Oct 10 18:04:38 2016
 @@ -125,6 +125,7 @@ typedef struct fdevents {
  
  	fdnode **fdarray;
@@ -13,7 +14,7 @@ $OpenBSD: patch-src_fdevent_h,v 1.1 2016/09/17 20:22:41 ajacoutot Exp $
  
  #ifdef USE_LINUX_EPOLL
  	int epoll_fd;
-@@ -202,6 +203,8 @@ int fdevent_poll(fdevents *ev, int timeout_ms);
+@@ -202,9 +203,17 @@ int fdevent_poll(fdevents *ev, int timeout_ms);
  
  int fdevent_register(fdevents *ev, int fd, fdevent_handler handler, void *ctx);
  int fdevent_unregister(fdevents *ev, int fd);
@@ -22,7 +23,16 @@ $OpenBSD: patch-src_fdevent_h,v 1.1 2016/09/17 20:22:41 ajacoutot Exp $
  
  void fd_close_on_exec(int fd);
  int fdevent_fcntl_set(fdevents *ev, int fd);
-@@ -213,5 +216,8 @@ int fdevent_solaris_devpoll_init(fdevents *ev);
++int fdevent_fcntl_set_nb(fdevents *ev, int fd);
++int fdevent_fcntl_set_nb_cloexec(fdevents *ev, int fd);
++int fdevent_fcntl_set_nb_cloexec_sock(fdevents *ev, int fd);
++int fdevent_socket_cloexec(int domain, int type, int protocol);
++int fdevent_socket_nb_cloexec(int domain, int type, int protocol);
++int fdevent_open_cloexec(const char *pathname, int flags, mode_t mode);
+ 
+ int fdevent_select_init(fdevents *ev);
+ int fdevent_poll_init(fdevents *ev);
+@@ -213,5 +222,8 @@ int fdevent_solaris_devpoll_init(fdevents *ev);
  int fdevent_solaris_port_init(fdevents *ev);
  int fdevent_freebsd_kqueue_init(fdevents *ev);
  int fdevent_libev_init(fdevents *ev);

www/lighttpd/patches/patch-src_mod_accesslog_c

@@ -0,0 +1,21 @@
+$OpenBSD: patch-src_mod_accesslog_c,v 1.5 2016/10/12 08:09:26 ajacoutot Exp $
+
+performance: use Linux extended syscalls and flags
+
+--- src/mod_accesslog.c.orig	Sun Jul 31 08:42:39 2016
++++ src/mod_accesslog.c	Mon Oct 10 18:04:38 2016
+@@ -663,13 +663,12 @@ SIGHUP_FUNC(log_access_cycle) {
+ 			if (-1 != s->log_access_fd) close(s->log_access_fd);
+ 
+ 			if (-1 == (s->log_access_fd =
+-				   open(s->access_logfile->ptr, O_APPEND | O_WRONLY | O_CREAT | O_LARGEFILE, 0644))) {
++				   fdevent_open_cloexec(s->access_logfile->ptr, O_APPEND | O_WRONLY | O_CREAT | O_LARGEFILE, 0644))) {
+ 
+ 				log_error_write(srv, __FILE__, __LINE__, "ss", "cycling access-log failed:", strerror(errno));
+ 
+ 				return HANDLER_ERROR;
+ 			}
+-			fd_close_on_exec(s->log_access_fd);
+ 		}
+ 	}
+ 

www/lighttpd/patches/patch-src_mod_cgi_c

@@ -1,10 +1,26 @@
-$OpenBSD: patch-src_mod_cgi_c,v 1.7 2016/09/17 20:22:41 ajacoutot Exp $
+$OpenBSD: patch-src_mod_cgi_c,v 1.8 2016/10/12 08:09:26 ajacoutot Exp $
 
-[core] fix crash if ready events on abandoned fd (fixes #2748)
+- [core] fix crash if ready events on abandoned fd (fixes #2748)
+- performance: use Linux extended syscalls and flags
 
---- src/mod_cgi.c.orig	Wed Sep 14 21:06:50 2016
-+++ src/mod_cgi.c	Wed Sep 14 21:04:56 2016
-@@ -606,10 +606,7 @@ static void cgi_connection_close_fdtocgi(server *srv, 
+--- src/mod_cgi.c.orig	Mon Oct 10 18:05:40 2016
++++ src/mod_cgi.c	Mon Oct 10 18:04:38 2016
+@@ -36,6 +36,14 @@
+ #include <stdio.h>
+ #include <fcntl.h>
+ 
++#ifdef O_CLOEXEC
++#define pipe_cloexec(pipefd) pipe2((pipefd), O_CLOEXEC)
++#elif defined FD_CLOEXEC
++#define pipe_cloexec(pipefd) (0 == pipe(pipefd) ? fcntl(fd, F_SETFD, FD_CLOEXEC) : -1)
++#else
++#define pipe_cloexec(pipefd) pipe(pipefd)
++#endif
++
+ enum {EOL_UNSET, EOL_N, EOL_RN};
+ 
+ typedef struct {
+@@ -606,10 +614,7 @@ static void cgi_connection_close_fdtocgi(server *srv, 
  	/*(closes only hctx->fdtocgi)*/
  	fdevent_event_del(srv->ev, &(hctx->fde_ndx_tocgi), hctx->fdtocgi);
  	fdevent_unregister(srv->ev, hctx->fdtocgi);
@@ -16,7 +32,7 @@ $OpenBSD: patch-src_mod_cgi_c,v 1.7 2016/09/17 20:22:41 ajacoutot Exp $
  	hctx->fdtocgi = -1;
  }
  
-@@ -631,10 +628,7 @@ static void cgi_connection_close(server *srv, handler_
+@@ -631,10 +636,7 @@ static void cgi_connection_close(server *srv, handler_
  		/* close connection to the cgi-script */
  		fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
  		fdevent_unregister(srv->ev, hctx->fd);
@@ -28,7 +44,45 @@ $OpenBSD: patch-src_mod_cgi_c,v 1.7 2016/09/17 20:22:41 ajacoutot Exp $
  	}
  
  	if (hctx->fdtocgi != -1) {
-@@ -1372,6 +1366,8 @@ static int cgi_create_env(server *srv, connection *con
+@@ -1078,12 +1080,12 @@ static int cgi_create_env(server *srv, connection *con
+ 		}
+ 	}
+ 
+-	if (pipe(to_cgi_fds)) {
++	if (pipe_cloexec(to_cgi_fds)) {
+ 		log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
+ 		return -1;
+ 	}
+ 
+-	if (pipe(from_cgi_fds)) {
++	if (pipe_cloexec(from_cgi_fds)) {
+ 		close(to_cgi_fds[0]);
+ 		close(to_cgi_fds[1]);
+ 		log_error_write(srv, __FILE__, __LINE__, "ss", "pipe failed:", strerror(errno));
+@@ -1105,18 +1107,20 @@ static int cgi_create_env(server *srv, connection *con
+ 		server_socket *srv_sock = con->srv_socket;
+ 
+ 		/* move stdout to from_cgi_fd[1] */
+-		close(STDOUT_FILENO);
+ 		dup2(from_cgi_fds[1], STDOUT_FILENO);
++	      #ifndef FD_CLOEXEC
+ 		close(from_cgi_fds[1]);
+ 		/* not needed */
+ 		close(from_cgi_fds[0]);
++	      #endif
+ 
+ 		/* move the stdin to to_cgi_fd[0] */
+-		close(STDIN_FILENO);
+ 		dup2(to_cgi_fds[0], STDIN_FILENO);
++	      #ifndef FD_CLOEXEC
+ 		close(to_cgi_fds[0]);
+ 		/* not needed */
+ 		close(to_cgi_fds[1]);
++	      #endif
+ 
+ 		/* create environment */
+ 		env.ptr = NULL;
+@@ -1372,11 +1376,13 @@ static int cgi_create_env(server *srv, connection *con
  		hctx->fd = from_cgi_fds[0];
  		hctx->fde_ndx = -1;
  
@@ -37,7 +91,13 @@ $OpenBSD: patch-src_mod_cgi_c,v 1.7 2016/09/17 20:22:41 ajacoutot Exp $
  		if (0 == con->request.content_length) {
  			close(to_cgi_fds[1]);
  		} else {
-@@ -1388,6 +1384,8 @@ static int cgi_create_env(server *srv, connection *con
+ 			/* there is content to send */
+-			if (-1 == fdevent_fcntl_set(srv->ev, to_cgi_fds[1])) {
++			if (-1 == fdevent_fcntl_set_nb(srv->ev, to_cgi_fds[1])) {
+ 				log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
+ 				close(to_cgi_fds[1]);
+ 				cgi_connection_close(srv, hctx);
+@@ -1388,16 +1394,17 @@ static int cgi_create_env(server *srv, connection *con
  				cgi_connection_close(srv, hctx);
  				return -1;
  			}
@@ -46,3 +106,15 @@ $OpenBSD: patch-src_mod_cgi_c,v 1.7 2016/09/17 20:22:41 ajacoutot Exp $
  		}
  
  		fdevent_register(srv->ev, hctx->fd, cgi_handle_fdevent, hctx);
+-		fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
+-
+-		if (-1 == fdevent_fcntl_set(srv->ev, hctx->fd)) {
++		if (-1 == fdevent_fcntl_set_nb(srv->ev, hctx->fd)) {
+ 			log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed: ", strerror(errno));
+ 			cgi_connection_close(srv, hctx);
+ 			return -1;
+ 		}
++		fdevent_event_set(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_IN);
+ 
+ 		break;
+ 	}

www/lighttpd/patches/patch-src_mod_fastcgi_c

@@ -1,11 +1,45 @@
-$OpenBSD: patch-src_mod_fastcgi_c,v 1.14 2016/09/17 20:22:41 ajacoutot Exp $
+$OpenBSD: patch-src_mod_fastcgi_c,v 1.15 2016/10/12 08:09:26 ajacoutot Exp $
 
 - [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
 - [core] fix crash if ready events on abandoned fd (fixes #2748)
+- performance: use Linux extended syscalls and flags
 
---- src/mod_fastcgi.c.orig	Wed Sep 14 21:06:57 2016
-+++ src/mod_fastcgi.c	Wed Sep 14 21:04:56 2016
-@@ -1577,8 +1577,7 @@ static void fcgi_connection_close(server *srv, handler
+--- src/mod_fastcgi.c.orig	Mon Oct 10 18:05:45 2016
++++ src/mod_fastcgi.c	Mon Oct 10 18:04:38 2016
+@@ -965,7 +965,7 @@ static int fcgi_spawn_connection(server *srv,
+ 		buffer_append_int(proc->connection_name, proc->port);
+ 	}
+ 
+-	if (-1 == (fcgi_fd = socket(fcgi_addr->sa_family, SOCK_STREAM, 0))) {
++	if (-1 == (fcgi_fd = fdevent_socket_cloexec(fcgi_addr->sa_family, SOCK_STREAM, 0))) {
+ 		log_error_write(srv, __FILE__, __LINE__, "ss",
+ 				"failed:", strerror(errno));
+ 		return -1;
+@@ -984,7 +984,7 @@ static int fcgi_spawn_connection(server *srv,
+ 		close(fcgi_fd);
+ 
+ 		/* reopen socket */
+-		if (-1 == (fcgi_fd = socket(fcgi_addr->sa_family, SOCK_STREAM, 0))) {
++		if (-1 == (fcgi_fd = fdevent_socket_cloexec(fcgi_addr->sa_family, SOCK_STREAM, 0))) {
+ 			log_error_write(srv, __FILE__, __LINE__, "ss",
+ 				"socket failed:", strerror(errno));
+ 			return -1;
+@@ -1032,10 +1032,13 @@ static int fcgi_spawn_connection(server *srv,
+ 			arg.used = 0;
+ 
+ 			if(fcgi_fd != FCGI_LISTENSOCK_FILENO) {
+-				close(FCGI_LISTENSOCK_FILENO);
+ 				dup2(fcgi_fd, FCGI_LISTENSOCK_FILENO);
+ 				close(fcgi_fd);
+ 			}
++		      #ifdef SOCK_CLOEXEC
++			else
++				fcntl(fcgi_fd, F_SETFD, 0); /* clear cloexec */
++		      #endif
+ 
+ 			/* we don't need the client socket */
+ 			for (i = 3; i < 256; i++) {
+@@ -1577,8 +1580,7 @@ static void fcgi_connection_close(server *srv, handler
  	if (hctx->fd != -1) {
  		fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
  		fdevent_unregister(srv->ev, hctx->fd);
@@ -15,7 +49,7 @@ $OpenBSD: patch-src_mod_fastcgi_c,v 1.14 2016/09/17 20:22:41 ajacoutot Exp $
  	}
  
  	if (hctx->host && hctx->proc) {
-@@ -1631,8 +1630,7 @@ static int fcgi_reconnect(server *srv, handler_ctx *hc
+@@ -1631,8 +1633,7 @@ static int fcgi_reconnect(server *srv, handler_ctx *hc
  	if (hctx->fd != -1) {
  		fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
  		fdevent_unregister(srv->ev, hctx->fd);
@@ -25,7 +59,16 @@ $OpenBSD: patch-src_mod_fastcgi_c,v 1.14 2016/09/17 20:22:41 ajacoutot Exp $
  		hctx->fd = -1;
  	}
  
-@@ -3257,7 +3255,8 @@ SUBREQUEST_FUNC(mod_fastcgi_handle_subrequest) {
+@@ -2936,7 +2937,7 @@ static handler_t fcgi_write_request(server *srv, handl
+ 			if (proc->load < hctx->proc->load) hctx->proc = proc;
+ 		}
+ 
+-		if (-1 == (hctx->fd = socket(host->family, SOCK_STREAM, 0))) {
++		if (-1 == (hctx->fd = fdevent_socket_nb_cloexec(host->family, SOCK_STREAM, 0))) {
+ 			if (errno == EMFILE ||
+ 			    errno == EINTR) {
+ 				log_error_write(srv, __FILE__, __LINE__, "sd",
+@@ -3257,7 +3258,8 @@ SUBREQUEST_FUNC(mod_fastcgi_handle_subrequest) {
  		}
  	}
  

www/lighttpd/patches/patch-src_mod_proxy_c

@@ -1,11 +1,12 @@
-$OpenBSD: patch-src_mod_proxy_c,v 1.10 2016/09/17 20:22:41 ajacoutot Exp $
+$OpenBSD: patch-src_mod_proxy_c,v 1.11 2016/10/12 08:09:26 ajacoutot Exp $
 
 - [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
 - [core] proxy,scgi omit shutdown() to backend (fixes #2743)
 - [core] fix crash if ready events on abandoned fd (fixes #2748)
+- performance: use Linux extended syscalls and flags
 
---- src/mod_proxy.c.orig	Wed Sep 14 21:07:08 2016
-+++ src/mod_proxy.c	Wed Sep 14 21:04:56 2016
+--- src/mod_proxy.c.orig	Mon Oct 10 18:05:54 2016
++++ src/mod_proxy.c	Mon Oct 10 18:04:38 2016
 @@ -341,9 +341,7 @@ static void proxy_connection_close(server *srv, handle
  	if (hctx->fd != -1) {
  		fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
@@ -17,6 +18,32 @@ $OpenBSD: patch-src_mod_proxy_c,v 1.10 2016/09/17 20:22:41 ajacoutot Exp $
  	}
  
  	if (hctx->host) {
+@@ -784,14 +782,14 @@ static handler_t proxy_write_request(server *srv, hand
+ #endif
+ #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON)
+ 		if (strstr(host->host->ptr,":")) {
+-			if (-1 == (hctx->fd = socket(AF_INET6, SOCK_STREAM, 0))) {
++			if (-1 == (hctx->fd = fdevent_socket_nb_cloexec(AF_INET6, SOCK_STREAM, 0))) {
+ 				log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno));
+ 				return HANDLER_ERROR;
+ 			}
+ 		} else
+ #endif
+ 		{
+-			if (-1 == (hctx->fd = socket(AF_INET, SOCK_STREAM, 0))) {
++			if (-1 == (hctx->fd = fdevent_socket_nb_cloexec(AF_INET, SOCK_STREAM, 0))) {
+ 				log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed: ", strerror(errno));
+ 				return HANDLER_ERROR;
+ 			}
+@@ -818,7 +816,7 @@ static handler_t proxy_write_request(server *srv, hand
+ 
+ 			return HANDLER_WAIT_FOR_EVENT;
+ 		case -1:
+-			/* if ECONNREFUSED choose another connection -> FIXME */
++			/* if ECONNREFUSED choose another connection */
+ 			hctx->fde_ndx = -1;
+ 
+ 			return HANDLER_ERROR;
 @@ -854,7 +852,6 @@ static handler_t proxy_write_request(server *srv, hand
  
  		if (hctx->wb->bytes_out == hctx->wb_reqlen) {

www/lighttpd/patches/patch-src_mod_scgi_c

@@ -1,12 +1,42 @@
-$OpenBSD: patch-src_mod_scgi_c,v 1.7 2016/09/17 20:22:41 ajacoutot Exp $
+$OpenBSD: patch-src_mod_scgi_c,v 1.8 2016/10/12 08:09:26 ajacoutot Exp $
 
 - [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
 - [core] proxy,scgi omit shutdown() to backend (fixes #2743)
 - [core] fix crash if ready events on abandoned fd (fixes #2748)
+- performance: use Linux extended syscalls and flags
 
---- src/mod_scgi.c.orig	Wed Sep 14 21:07:14 2016
-+++ src/mod_scgi.c	Wed Sep 14 21:04:56 2016
-@@ -1315,8 +1315,7 @@ static void scgi_connection_close(server *srv, handler
+--- src/mod_scgi.c.orig	Mon Oct 10 18:06:01 2016
++++ src/mod_scgi.c	Mon Oct 10 18:04:38 2016
+@@ -757,7 +757,7 @@ static int scgi_spawn_connection(server *srv,
+ 		scgi_addr = (struct sockaddr *) &scgi_addr_in;
+ 	}
+ 
+-	if (-1 == (scgi_fd = socket(scgi_addr->sa_family, SOCK_STREAM, 0))) {
++	if (-1 == (scgi_fd = fdevent_socket_cloexec(scgi_addr->sa_family, SOCK_STREAM, 0))) {
+ 		log_error_write(srv, __FILE__, __LINE__, "ss",
+ 				"failed:", strerror(errno));
+ 		return -1;
+@@ -775,7 +775,7 @@ static int scgi_spawn_connection(server *srv,
+ 		close(scgi_fd);
+ 
+ 		/* reopen socket */
+-		if (-1 == (scgi_fd = socket(scgi_addr->sa_family, SOCK_STREAM, 0))) {
++		if (-1 == (scgi_fd = fdevent_socket_cloexec(scgi_addr->sa_family, SOCK_STREAM, 0))) {
+ 			log_error_write(srv, __FILE__, __LINE__, "ss",
+ 				"socket failed:", strerror(errno));
+ 			return -1;
+@@ -824,6 +824,10 @@ static int scgi_spawn_connection(server *srv,
+ 				dup2(scgi_fd, 0);
+ 				close(scgi_fd);
+ 			}
++		      #ifdef SOCK_CLOEXEC
++			else
++				fcntl(scgi_fd, F_SETFD, 0); /* clear cloexec */
++		      #endif
+ 
+ 			/* we don't need the client socket */
+ 			for (fd = 3; fd < 256; fd++) {
+@@ -1315,8 +1319,7 @@ static void scgi_connection_close(server *srv, handler
  	if (hctx->fd != -1) {
  		fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
  		fdevent_unregister(srv->ev, hctx->fd);
@@ -16,7 +46,7 @@ $OpenBSD: patch-src_mod_scgi_c,v 1.7 2016/09/17 20:22:41 ajacoutot Exp $
  	}
  
  	if (hctx->host && hctx->proc) {
-@@ -1371,8 +1370,7 @@ static int scgi_reconnect(server *srv, handler_ctx *hc
+@@ -1371,8 +1374,7 @@ static int scgi_reconnect(server *srv, handler_ctx *hc
  
  	fdevent_event_del(srv->ev, &(hctx->fde_ndx), hctx->fd);
  	fdevent_unregister(srv->ev, hctx->fd);
@@ -26,7 +56,24 @@ $OpenBSD: patch-src_mod_scgi_c,v 1.7 2016/09/17 20:22:41 ajacoutot Exp $
  
  	scgi_set_state(srv, hctx, FCGI_STATE_INIT);
  
-@@ -2438,7 +2436,6 @@ static handler_t scgi_write_request(server *srv, handl
+@@ -2275,7 +2277,7 @@ static handler_t scgi_write_request(server *srv, handl
+ 
+ 	switch(hctx->state) {
+ 	case FCGI_STATE_INIT:
+-		if (-1 == (hctx->fd = socket(host->family, SOCK_STREAM, 0))) {
++		if (-1 == (hctx->fd = fdevent_socket_nb_cloexec(host->family, SOCK_STREAM, 0))) {
+ 			if (errno == EMFILE ||
+ 			    errno == EINTR) {
+ 				log_error_write(srv, __FILE__, __LINE__, "sd",
+@@ -2297,7 +2299,6 @@ static handler_t scgi_write_request(server *srv, handl
+ 		if (-1 == fdevent_fcntl_set(srv->ev, hctx->fd)) {
+ 			log_error_write(srv, __FILE__, __LINE__, "ss",
+ 					"fcntl failed: ", strerror(errno));
+-
+ 			return HANDLER_ERROR;
+ 		}
+ 
+@@ -2438,7 +2439,6 @@ static handler_t scgi_write_request(server *srv, handl
  
  		if (hctx->wb->bytes_out == hctx->wb_reqlen) {
  			fdevent_event_clr(srv->ev, &(hctx->fde_ndx), hctx->fd, FDEVENT_OUT);
@@ -34,7 +81,7 @@ $OpenBSD: patch-src_mod_scgi_c,v 1.7 2016/09/17 20:22:41 ajacoutot Exp $
  			scgi_set_state(srv, hctx, FCGI_STATE_READ);
  		} else {
  			off_t wblen = hctx->wb->bytes_in - hctx->wb->bytes_out;
-@@ -2585,7 +2582,8 @@ SUBREQUEST_FUNC(mod_scgi_handle_subrequest) {
+@@ -2585,7 +2585,8 @@ SUBREQUEST_FUNC(mod_scgi_handle_subrequest) {
  		}
  	}
  

www/lighttpd/patches/patch-src_network_c

@@ -0,0 +1,39 @@
+$OpenBSD: patch-src_network_c,v 1.11 2016/10/12 08:09:26 ajacoutot Exp $
+
+performance: use Linux extended syscalls and flags
+
+--- src/network.c.orig	Sun Jul 31 08:42:39 2016
++++ src/network.c	Mon Oct 10 18:04:38 2016
+@@ -382,7 +382,7 @@ static int network_server_init(server *srv, buffer *ho
+ 	if (AF_UNIX == srv_socket->addr.plain.sa_family) {
+ 		/* check if the socket exists and try to connect to it. */
+ 		force_assert(host); /*(static analysis hint)*/
+-		if (-1 == (srv_socket->fd = socket(srv_socket->addr.plain.sa_family, SOCK_STREAM, 0))) {
++		if (-1 == (srv_socket->fd = fdevent_socket_cloexec(srv_socket->addr.plain.sa_family, SOCK_STREAM, 0))) {
+ 			log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed:", strerror(errno));
+ 			goto error_free_socket;
+ 		}
+@@ -409,10 +409,12 @@ static int network_server_init(server *srv, buffer *ho
+ 
+ 			goto error_free_socket;
+ 		}
++
++		fdevent_fcntl_set_nb(srv->ev, srv_socket->fd);
+ 	} else
+ #endif
+ 	{
+-		if (-1 == (srv_socket->fd = socket(srv_socket->addr.plain.sa_family, SOCK_STREAM, IPPROTO_TCP))) {
++		if (-1 == (srv_socket->fd = fdevent_socket_nb_cloexec(srv_socket->addr.plain.sa_family, SOCK_STREAM, IPPROTO_TCP))) {
+ 			log_error_write(srv, __FILE__, __LINE__, "ss", "socket failed:", strerror(errno));
+ 			goto error_free_socket;
+ 		}
+@@ -432,9 +434,6 @@ static int network_server_init(server *srv, buffer *ho
+ 		}
+ #endif
+ 	}
+-
+-	/* set FD_CLOEXEC now, fdevent_fcntl_set is called later; needed for pipe-logger forks */
+-	fd_close_on_exec(srv_socket->fd);
+ 
+ 	/* */
+ 	srv->cur_fds = srv_socket->fd;

www/lighttpd/patches/patch-src_network_write_no_mmap_c

@@ -0,0 +1,19 @@
+$OpenBSD: patch-src_network_write_no_mmap_c,v 1.1 2016/10/12 08:09:26 ajacoutot Exp $
+
+performance: use Linux extended syscalls and flags
+
+--- src/network_write_no_mmap.c.orig	Sun Jul 31 08:42:39 2016
++++ src/network_write_no_mmap.c	Mon Oct 10 18:04:38 2016
+@@ -38,11 +38,10 @@ int network_open_file_chunk(server *srv, connection *c
+ 			return -1;
+ 		}
+ 
+-		if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY|O_NOCTTY))) {
++		if (-1 == (c->file.fd = fdevent_open_cloexec(c->file.name->ptr, O_RDONLY, 0))) {
+ 			log_error_write(srv, __FILE__, __LINE__, "ssb", "open failed:", strerror(errno), c->file.name);
+ 			return -1;
+ 		}
+-		fd_close_on_exec(c->file.fd);
+ 
+ 		file_size = sce->st.st_size;
+ 	} else {

www/lighttpd/patches/patch-src_server_c

@@ -1,9 +1,44 @@
-$OpenBSD: patch-src_server_c,v 1.16 2016/09/17 20:22:41 ajacoutot Exp $
+$OpenBSD: patch-src_server_c,v 1.17 2016/10/12 08:09:26 ajacoutot Exp $
 
-[core] fix crash if ready events on abandoned fd (fixes #2748)
+- [core] fix crash if ready events on abandoned fd (fixes #2748)
+- performance: use Linux extended syscalls and flags
 
---- src/server.c.orig	Wed Sep 14 21:07:23 2016
-+++ src/server.c	Wed Sep 14 21:04:56 2016
+--- src/server.c.orig	Mon Oct 10 18:06:08 2016
++++ src/server.c	Mon Oct 10 18:04:38 2016
+@@ -926,7 +926,7 @@ int main (int argc, char **argv) {
+ 
+ 	/* open pid file BEFORE chroot */
+ 	if (!buffer_string_is_empty(srv->srvconf.pid_file)) {
+-		if (-1 == (pid_fd = open(srv->srvconf.pid_file->ptr, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) {
++		if (-1 == (pid_fd = fdevent_open_cloexec(srv->srvconf.pid_file->ptr, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH))) {
+ 			struct stat st;
+ 			if (errno != EEXIST) {
+ 				log_error_write(srv, __FILE__, __LINE__, "sbs",
+@@ -951,7 +951,6 @@ int main (int argc, char **argv) {
+ 				return -1;
+ 			}
+ 		}
+-		fd_close_on_exec(pid_fd);
+ 	}
+ 
+ 	if (srv->event_handler == FDEVENT_HANDLER_SELECT) {
+@@ -1484,6 +1483,7 @@ int main (int argc, char **argv) {
+ 		FAMNoExists(&srv->stat_cache->fam);
+ #endif
+ 
++		fd_close_on_exec(FAMCONNECTION_GETFD(&srv->stat_cache->fam));
+ 		fdevent_register(srv->ev, FAMCONNECTION_GETFD(&srv->stat_cache->fam), stat_cache_handle_fdevent, NULL);
+ 		fdevent_event_set(srv->ev, &(srv->stat_cache->fam_fcce_ndx), FAMCONNECTION_GETFD(&srv->stat_cache->fam), FDEVENT_IN);
+ 	}
+@@ -1497,7 +1497,7 @@ int main (int argc, char **argv) {
+ 	for (i = 0; i < srv->srv_sockets.used; i++) {
+ 		server_socket *srv_socket = srv->srv_sockets.ptr[i];
+ 		if (srv->sockets_disabled) continue; /* lighttpd -1 (one-shot mode) */
+-		if (-1 == fdevent_fcntl_set(srv->ev, srv_socket->fd)) {
++		if (-1 == fdevent_fcntl_set_nb_cloexec_sock(srv->ev, srv_socket->fd)) {
+ 			log_error_write(srv, __FILE__, __LINE__, "ss", "fcntl failed:", strerror(errno));
+ 			return -1;
+ 		}
 @@ -1792,8 +1792,11 @@ int main (int argc, char **argv) {
  				fd      = fdevent_event_get_fd     (srv->ev, fd_ndx);
  				handler = fdevent_get_handler(srv->ev, fd);