haproxy: update to 2.1.3

srcpkgs/haproxy/patches/libressl-2.7.patch

@@ -1,129 +0,0 @@
-diff -ru a/include/proto/openssl-compat.h include/proto/openssl-compat.h
---- a/include/proto/openssl-compat.h	2019-02-11 08:16:19.000000000 -0500
-+++ include/proto/openssl-compat.h	2019-04-14 11:41:09.820848231 -0400
-@@ -89,7 +89,7 @@
- }
- #endif
- 
--#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL)
-+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L)) || defined(OPENSSL_IS_BORINGSSL)
- /*
-  * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL / BoringSSL
-  */
-@@ -121,7 +121,7 @@
- 
- #endif
- 
--#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
-+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L))
- /*
-  * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
-  */
-diff -ru a/src/ssl_sock.c src/ssl_sock.c
---- a/src/ssl_sock.c	2019-02-11 08:16:19.000000000 -0500
-+++ src/ssl_sock.c	2019-04-14 11:58:25.820742830 -0400
-@@ -56,6 +56,14 @@
- #include <openssl/engine.h>
- #endif
- 
-+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_ASYNC)
-+#define OPENSSL_NO_ASYNC
-+#endif
-+
-+#if defined(SSL_READ_EARLY_DATA_ERROR) && defined(SSL_READ_EARLY_DATA_SUCCESS)
-+#define HAVE_SSL_READ_EARLY
-+#endif
-+
- #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC)
- #include <openssl/async.h>
- #endif
-@@ -2093,7 +2101,7 @@
- 	SSL_set_SSL_CTX(ssl, ctx);
- }
- 
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)
-+#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)) && !defined(LIBRESSL_VERSION_NUMBER)
- 
- static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv)
- {
-@@ -3830,7 +3838,7 @@
- #ifdef OPENSSL_IS_BORINGSSL
- 	SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk);
- 	SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk);
--#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
- 	if (bind_conf->ssl_conf.early_data) {
- 		SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY);
- 		SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite);
-@@ -5081,7 +5089,7 @@
- 
- 		/* leave init state and start handshake */
- 		conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
--#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL)
-+#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)) && !defined(LIBRESSL_VERSION_NUMBER)
- 		conn->flags |= CO_FL_EARLY_SSL_HS;
- #endif
- 
-@@ -5111,7 +5119,7 @@
- 	if (!conn->xprt_ctx)
- 		goto out_error;
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10101000L
-+#if HAVE_SSL_READ_EARLY
- 	/*
- 	 * Check if we have early data. If we do, we have to read them
- 	 * before SSL_do_handshake() is called, And there's no way to
-@@ -5187,7 +5195,7 @@
- 					OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
- 					empty_handshake = state == TLS_ST_BEFORE;
- #else
--					empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
-+					empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
- #endif
- 					if (empty_handshake) {
- 						if (!errno) {
-@@ -5271,7 +5279,7 @@
- 				OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
- 				empty_handshake = state == TLS_ST_BEFORE;
- #else
--				empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
-+				empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
- #endif
- 				if (empty_handshake) {
- 					if (!errno) {
-@@ -5311,7 +5319,7 @@
- 			goto out_error;
- 		}
- 	}
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#if HAVE_SSL_READ_EARLY
- 	else {
- 		/*
- 		 * If the server refused the early data, we have to send a
-@@ -5434,7 +5442,7 @@
- 			continue;
- 		}
- 
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#if HAVE_SSL_READ_EARLY
- 		if (conn->flags & CO_FL_EARLY_SSL_HS) {
- 			size_t read_length;
- 
-@@ -5571,7 +5579,7 @@
- 	 * in which case we accept to do it once again.
- 	 */
- 	while (buf->o) {
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#if HAVE_SSL_EARLY_DATA
- 		size_t written_data;
- #endif
- 
-@@ -5590,7 +5598,7 @@
- 			conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
- 		}
- 
--#if (OPENSSL_VERSION_NUMBER >= 0x10101000L)
-+#if HAVE_SSL_EARLY_DATA
- 		if (!SSL_is_init_finished(conn->xprt_ctx)) {
- 			unsigned int max_early;
- 

srcpkgs/haproxy/template

@@ -1,9 +1,9 @@
 # Template file for 'haproxy'
 pkgname=haproxy
-version=1.8.20
+version=2.1.3
 revision=1
 build_style=gnu-makefile
-make_build_args="TARGET=linux2628 USE_PCRE=1 USE_PCRE_JIT=1 USE_ZLIB=1
+make_build_args="TARGET=linux-glibc USE_PCRE=1 USE_PCRE_JIT=1 USE_ZLIB=1
  USE_OPENSSL=1 USE_LIBCRYPT=1 USE_GETADDRINFO=1 USE_LUA=1"
 make_install_args="SBINDIR=${DESTDIR}/usr/bin DOCDIR=${DESTDIR}/usr/share/doc/${pkgname}"
 makedepends="libressl-devel lua-devel pcre-devel"
@@ -12,12 +12,12 @@ maintainer="Eivind Uggedal <eivind@uggedal.com>"
 license="GPL-2.0-or-later, LGPL-2.1-or-later"
 homepage="https://www.haproxy.org"
 distfiles="${homepage}/download/${version%.*}/src/${pkgname}-${version}.tar.gz"
-checksum=3228f78d5fe1dfbaccf41bf387e36b08eeef6e16330053cafde5fa303e262b16
+checksum=bb678e550374d0d9d9312885fb9d270b501dae9e3b336f0a4379c667dae00b59
 
+haproxy_homedir="/var/lib/${pkgname}"
 make_dirs="$haproxy_homedir 0750 ${pkgname} ${pkgname}"
 conf_files="/etc/${pkgname}/${pkgname}.cfg"
 system_accounts="$pkgname"
-haproxy_homedir="/var/lib/${pkgname}"
 
 case "$XBPS_TARGET_MACHINE" in
 	*-musl) CFLAGS="-D__LINUX_NETFILTER_H";;