diff --git a/srcpkgs/haproxy/patches/libressl-2.7.patch b/srcpkgs/haproxy/patches/libressl-2.7.patch deleted file mode 100644 index b8e5de8e8c..0000000000 --- a/srcpkgs/haproxy/patches/libressl-2.7.patch +++ /dev/null @@ -1,129 +0,0 @@ -diff -ru a/include/proto/openssl-compat.h include/proto/openssl-compat.h ---- a/include/proto/openssl-compat.h 2019-02-11 08:16:19.000000000 -0500 -+++ include/proto/openssl-compat.h 2019-04-14 11:41:09.820848231 -0400 -@@ -89,7 +89,7 @@ - } - #endif - --#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_BORINGSSL) -+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L)) || defined(OPENSSL_IS_BORINGSSL) - /* - * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL / BoringSSL - */ -@@ -121,7 +121,7 @@ - - #endif - --#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) -+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || (defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER < 0x20700000L)) - /* - * Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL - */ -diff -ru a/src/ssl_sock.c src/ssl_sock.c ---- a/src/ssl_sock.c 2019-02-11 08:16:19.000000000 -0500 -+++ src/ssl_sock.c 2019-04-14 11:58:25.820742830 -0400 -@@ -56,6 +56,14 @@ - #include - #endif - -+#if defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_NO_ASYNC) -+#define OPENSSL_NO_ASYNC -+#endif -+ -+#if defined(SSL_READ_EARLY_DATA_ERROR) && defined(SSL_READ_EARLY_DATA_SUCCESS) -+#define HAVE_SSL_READ_EARLY -+#endif -+ - #if (OPENSSL_VERSION_NUMBER >= 0x1010000fL) && !defined(OPENSSL_NO_ASYNC) - #include - #endif -@@ -2093,7 +2101,7 @@ - SSL_set_SSL_CTX(ssl, ctx); - } - --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL) -+#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)) && !defined(LIBRESSL_VERSION_NUMBER) - - static int ssl_sock_switchctx_err_cbk(SSL *ssl, int *al, void *priv) - { -@@ -3830,7 +3838,7 @@ - #ifdef OPENSSL_IS_BORINGSSL - SSL_CTX_set_select_certificate_cb(ctx, ssl_sock_switchctx_cbk); - SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_err_cbk); --#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER) - if (bind_conf->ssl_conf.early_data) { - SSL_CTX_set_options(ctx, SSL_OP_NO_ANTI_REPLAY); - SSL_CTX_set_max_early_data(ctx, global.tune.bufsize - global.tune.maxrewrite); -@@ -5081,7 +5089,7 @@ - - /* leave init state and start handshake */ - conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN; --#if OPENSSL_VERSION_NUMBER >= 0x10101000L || defined(OPENSSL_IS_BORINGSSL) -+#if ((OPENSSL_VERSION_NUMBER >= 0x10101000L) || defined(OPENSSL_IS_BORINGSSL)) && !defined(LIBRESSL_VERSION_NUMBER) - conn->flags |= CO_FL_EARLY_SSL_HS; - #endif - -@@ -5111,7 +5119,7 @@ - if (!conn->xprt_ctx) - goto out_error; - --#if OPENSSL_VERSION_NUMBER >= 0x10101000L -+#if HAVE_SSL_READ_EARLY - /* - * Check if we have early data. If we do, we have to read them - * before SSL_do_handshake() is called, And there's no way to -@@ -5187,7 +5195,7 @@ - OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); - empty_handshake = state == TLS_ST_BEFORE; - #else -- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; -+ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; - #endif - if (empty_handshake) { - if (!errno) { -@@ -5271,7 +5279,7 @@ - OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); - empty_handshake = state == TLS_ST_BEFORE; - #else -- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; -+ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; - #endif - if (empty_handshake) { - if (!errno) { -@@ -5311,7 +5319,7 @@ - goto out_error; - } - } --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if HAVE_SSL_READ_EARLY - else { - /* - * If the server refused the early data, we have to send a -@@ -5434,7 +5442,7 @@ - continue; - } - --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if HAVE_SSL_READ_EARLY - if (conn->flags & CO_FL_EARLY_SSL_HS) { - size_t read_length; - -@@ -5571,7 +5579,7 @@ - * in which case we accept to do it once again. - */ - while (buf->o) { --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if HAVE_SSL_EARLY_DATA - size_t written_data; - #endif - -@@ -5590,7 +5598,7 @@ - conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED; - } - --#if (OPENSSL_VERSION_NUMBER >= 0x10101000L) -+#if HAVE_SSL_EARLY_DATA - if (!SSL_is_init_finished(conn->xprt_ctx)) { - unsigned int max_early; - diff --git a/srcpkgs/haproxy/template b/srcpkgs/haproxy/template index a395ab33b5..7d3b7b13ca 100644 --- a/srcpkgs/haproxy/template +++ b/srcpkgs/haproxy/template @@ -1,9 +1,9 @@ # Template file for 'haproxy' pkgname=haproxy -version=1.8.20 +version=2.1.3 revision=1 build_style=gnu-makefile -make_build_args="TARGET=linux2628 USE_PCRE=1 USE_PCRE_JIT=1 USE_ZLIB=1 +make_build_args="TARGET=linux-glibc USE_PCRE=1 USE_PCRE_JIT=1 USE_ZLIB=1 USE_OPENSSL=1 USE_LIBCRYPT=1 USE_GETADDRINFO=1 USE_LUA=1" make_install_args="SBINDIR=${DESTDIR}/usr/bin DOCDIR=${DESTDIR}/usr/share/doc/${pkgname}" makedepends="libressl-devel lua-devel pcre-devel" @@ -12,12 +12,12 @@ maintainer="Eivind Uggedal " license="GPL-2.0-or-later, LGPL-2.1-or-later" homepage="https://www.haproxy.org" distfiles="${homepage}/download/${version%.*}/src/${pkgname}-${version}.tar.gz" -checksum=3228f78d5fe1dfbaccf41bf387e36b08eeef6e16330053cafde5fa303e262b16 +checksum=bb678e550374d0d9d9312885fb9d270b501dae9e3b336f0a4379c667dae00b59 +haproxy_homedir="/var/lib/${pkgname}" make_dirs="$haproxy_homedir 0750 ${pkgname} ${pkgname}" conf_files="/etc/${pkgname}/${pkgname}.cfg" system_accounts="$pkgname" -haproxy_homedir="/var/lib/${pkgname}" case "$XBPS_TARGET_MACHINE" in *-musl) CFLAGS="-D__LINUX_NETFILTER_H";;