This patch contains the differences between the upstream tarball and
the sources actually used for building the package.

Option single-debian-patch is used as the changes are tracked in git.


--- pushpin-1.41.0.orig/Cargo.toml
+++ pushpin-1.41.0/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "pushpin"
-version = "1.41.0-dev"
+version = "1.41.0"
 authors = ["Justin Karneges <jkarneges@fastly.com>"]
 description = "Reverse proxy for realtime web services"
 repository = "https://github.com/fastly/pushpin"
@@ -21,40 +21,40 @@ crate-type = ["rlib", "staticlib"]
 
 [dependencies]
 arrayvec = "0.7"
-base64 = "0.13"
-clap = { version = "=4.3.24", features = ["cargo", "string", "wrap_help", "derive"] }
-config = "0.14"
+base64 = "0.22"
+clap = { version = "4", features = ["cargo", "string", "wrap_help", "derive"] }
+config = "0.15"
 httparse = "1.7"
 ipnet = "2"
 jsonwebtoken = "9"
 libc = "0.2"
 log = "0.4"
-miniz_oxide = "0.6"
+miniz_oxide = "0.7"
 mio = { version = "1", features = ["os-poll", "os-ext", "net"] }
-notify = "7"
-openssl = "=0.10.72"
+notify = "8"
+openssl = "0.10"
 paste = "1.0"
-rustls = "0.21"
-rustls-native-certs = "0.6"
+rustls = "0.23"
+rustls-native-certs = "0.8"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 sha1 = "0.10"
 signal-hook = "0.3"
 slab = "0.4"
-socket2 = "0.4"
+socket2 = "0.5"
 thiserror = "1.0"
-time = { version = "0.3.36", features = ["formatting", "local-offset", "macros"] }
-url = "2.3"
 zmq = "0.9"
+time = { version = "0.3", features = ["formatting", "local-offset", "macros"] }
+url = "2.3"
 
 [dev-dependencies]
 criterion = "0.5"
-env_logger = { version = "0.9", default-features = false }
+env_logger = { version = "0.11", default-features = false }
 test-log = "0.2"
 
 [build-dependencies]
 pkg-config = "0.3"
-time = { version = "0.3.36", features = ["formatting", "local-offset", "macros"] }
+time = { version = "0.3", features = ["formatting", "local-offset", "macros"] }
 cbindgen = "0.27"
 
 [[bench]]
--- pushpin-1.41.0.orig/Makefile
+++ pushpin-1.41.0/Makefile
@@ -31,7 +31,7 @@ postbuild-clean: FORCE
 	cd postbuild && $(MAKE) -f Makefile clean
 
 postbuild-distclean: FORCE
-	cd postbuild && $(MAKE) -f Makefile distclean
+	cd postbuild && [ ! -f Makefile ] || $(MAKE) -f Makefile distclean
 
 check: cargo-test
 
--- pushpin-1.41.0.orig/examples/config/pushpin.conf
+++ pushpin-1.41.0/examples/config/pushpin.conf
@@ -108,7 +108,11 @@ sockjs_url=http://cdn.jsdelivr.net/sockj
 # pushpin will output a log message when a new version is available. report
 # mode helps the pushpin project build credibility, so please enable it if you
 # enjoy this software :)
-updates_check=report
+#
+# NOTE: Upstream enables this feature by default. The debian package
+# disables it for privacy reasons. please consider to enable it by setting
+# updates_check to 'report'.
+updates_check=off
 
 # use this field to identify your organization in updates requests. if left
 # blank, updates requests will be anonymous
--- pushpin-1.41.0.orig/src/connmgr/client.rs
+++ pushpin-1.41.0/src/connmgr/client.rs
@@ -2500,7 +2500,6 @@ pub mod tests {
     use crate::connmgr::connection::calculate_ws_accept;
     use crate::connmgr::websocket;
     use std::io::Read;
-    use test_log::test;
 
     fn recv_frame<R: Read>(
         stream: &mut R,
--- pushpin-1.41.0.orig/src/connmgr/connection.rs
+++ pushpin-1.41.0/src/connmgr/connection.rs
@@ -64,6 +64,7 @@ use crate::core::time::Timeout;
 use crate::core::waker::RefWakerData;
 use crate::core::zmq::MultipartHeader;
 use arrayvec::{ArrayString, ArrayVec};
+use base64::prelude::{Engine as _, BASE64_STANDARD};
 use ipnet::IpNet;
 use log::{debug, log, warn, Level};
 use sha1::{Digest, Sha1};
@@ -131,7 +132,7 @@ fn gen_ws_key() -> ArrayString<WS_KEY_MA
 
     let mut output = [0; WS_KEY_MAX];
 
-    let size = base64::encode_config_slice(nonce, base64::STANDARD, &mut output);
+    let size = BASE64_STANDARD.encode_slice(nonce, &mut output).unwrap();
 
     let output = str::from_utf8(&output[..size]).unwrap();
 
@@ -159,7 +160,7 @@ pub fn calculate_ws_accept(key: &[u8]) -
 
     let mut output = [0; WS_ACCEPT_MAX];
 
-    let size = base64::encode_config_slice(digest, base64::STANDARD, &mut output);
+    let size = BASE64_STANDARD.encode_slice(digest, &mut output).unwrap();
 
     let output = match str::from_utf8(&output[..size]) {
         Ok(s) => s,
@@ -4073,7 +4074,7 @@ async fn server_stream_connection_inner<
                         let shared = shared.get();
 
                         let msg = if let Some(addr) = shared.to_addr().get() {
-                            let id = cid.as_ref();
+                            let id: &str = cid.as_ref();
 
                             let mut zreq = zhttppacket::Request::new_cancel(b"", &[]);
 
@@ -6907,7 +6908,6 @@ mod tests {
     use std::sync::Arc;
     use std::task::Poll;
     use std::time::Instant;
-    use test_log::test;
 
     #[test]
     fn ws_ext_header() {
--- pushpin-1.41.0.orig/src/connmgr/server.rs
+++ pushpin-1.41.0/src/connmgr/server.rs
@@ -2819,7 +2819,6 @@ pub mod tests {
     use super::*;
     use crate::connmgr::websocket;
     use std::io::Read;
-    use test_log::test;
 
     fn recv_frame<R: Read>(
         stream: &mut R,
--- pushpin-1.41.0.orig/src/internal.conf
+++ pushpin-1.41.0/src/internal.conf
@@ -27,13 +27,13 @@ connmgr_client_out_stream_specs=ipc://{r
 connmgr_client_in_specs=ipc://{rundir}/{ipc_prefix}connmgr-client-out
 
 # list of connect PUSH for sending zurl HTTP/WS requests
-zurl_out_specs=ipc://{rundir}/{ipc_prefix}zurl-in
+zurl_out_specs=ipc:///var/run/zurl/zurl-in
 
 # list of connect ROUTER for continuing zurl HTTP/WS requests
-zurl_out_stream_specs=ipc://{rundir}/{ipc_prefix}zurl-in-stream
+zurl_out_stream_specs=ipc:///var/run/zurl/zurl-in-stream
 
 # list of connect SUB for receiving zurl HTTP/WS responses
-zurl_in_specs=ipc://{rundir}/{ipc_prefix}zurl-out
+zurl_in_specs=ipc:///var/run/zurl/zurl-out
 
 # bind DEALER for requesting inspection info (internal, used with handler)
 handler_inspect_spec=ipc://{rundir}/{ipc_prefix}inspect
--- pushpin-1.41.0.orig/src/proxy/app.cpp
+++ pushpin-1.41.0/src/proxy/app.cpp
@@ -537,7 +537,7 @@ public:
 		Jwt::EncodingKey sigKey = Jwt::EncodingKey::fromConfigString(settings.value("proxy/sig_key").toString(), configDir);
 		Jwt::DecodingKey upstreamKey = Jwt::DecodingKey::fromConfigString(settings.value("proxy/upstream_key").toString(), configDir);
 		QString sockJsUrl = settings.value("proxy/sockjs_url").toString();
-		QString updatesCheck = settings.value("proxy/updates_check").toString();
+		QString updatesCheck = settings.value("proxy/updates_check","off").toString();
 		QString organizationName = settings.value("proxy/organization_name").toString();
 		int clientMaxconn = settings.value("runner/client_maxconn", 50000).toInt();
 		bool statsConnectionSend = settings.value("global/stats_connection_send", true).toBool();
--- pushpin-1.41.0.orig/src/publish/mod.rs
+++ pushpin-1.41.0/src/publish/mod.rs
@@ -238,16 +238,19 @@ impl TlsStream {
     fn new(stream: net::TcpStream, host: &str) -> Result<Self, Box<dyn Error>> {
         let mut root_store = rustls::RootCertStore::empty();
 
-        for cert in rustls_native_certs::load_native_certs()? {
-            root_store.add(&rustls::Certificate(cert.0)).unwrap();
+        let certs = rustls_native_certs::load_native_certs();
+        if certs.errors.len() > 0 { return Err(Box::new(certs.errors.into_iter().next().unwrap())) };
+        let certs = certs.certs;
+        for cert in certs {
+            root_store.add(cert).unwrap();
         }
 
         let config = rustls::ClientConfig::builder()
-            .with_safe_defaults()
             .with_root_certificates(root_store)
             .with_no_client_auth();
 
-        let server_name = host.try_into()?;
+        let server_name: rustls::pki_types::ServerName<'_> = host.try_into()?;
+        let server_name = server_name.to_owned();
 
         let client = rustls::ClientConnection::new(Arc::new(config), server_name)?;
 
