diff options
-rw-r--r-- | main/haproxy/APKBUILD | 4 | ||||
-rw-r--r-- | main/haproxy/fix-libressl-2.5.patch | 46 |
2 files changed, 49 insertions, 1 deletions
diff --git a/main/haproxy/APKBUILD b/main/haproxy/APKBUILD index ccc64c1c02..3e22559ae3 100644 --- a/main/haproxy/APKBUILD +++ b/main/haproxy/APKBUILD @@ -3,7 +3,7 @@ pkgname=haproxy pkgver=1.7.5 _pkgmajorver=${pkgver%.*} -pkgrel=0 +pkgrel=1 pkgdesc="A TCP/HTTP reverse proxy for high availability environments" url="http://haproxy.1wt.eu" arch="all" @@ -14,6 +14,7 @@ makedepends="pcre-dev libressl-dev linux-headers lua${_luaver}-dev zlib-dev" install="haproxy.pre-install haproxy.pre-upgrade" subpackages="$pkgname-doc $pkgname-systemd-wrapper:wrapper" source="http://haproxy.1wt.eu/download/${_pkgmajorver}/src/$pkgname-$pkgver.tar.gz + fix-libressl-2.5.patch haproxy.initd haproxy.cfg" @@ -63,5 +64,6 @@ wrapper() { } sha512sums="9fc62b492b4eb80039511339d6e677107f4ba842f275d4be216a70a0d3d0463c819e10e365a7e9fe2e95e0b446b00350b4ee161e98bd724ca2e0e4e60bea5734 haproxy-1.7.5.tar.gz +a69734b0760dacf9a3e9b69202623eb55b8a8ae75dae7a9c7ee92240636b3dfd05f640ead2be604249c86280f85f149837aa9da284e7796ecd7f9f907c439121 fix-libressl-2.5.patch 3ab277bf77fe864ec6c927118dcd70bdec0eb3c54535812d1c3c0995fa66a3ea91a73c342edeb8944caeb097d2dd1a7761099182df44af5e3ef42de6e2176d26 haproxy.initd 26bc8f8ac504fcbaec113ecbb9bb59b9da47dc8834779ebbb2870a8cadf2ee7561b3a811f01e619358a98c6c7768e8fdd90ab447098c05b82e788c8212c4c41f haproxy.cfg" diff --git a/main/haproxy/fix-libressl-2.5.patch b/main/haproxy/fix-libressl-2.5.patch new file mode 100644 index 0000000000..fbf61507e2 --- /dev/null +++ b/main/haproxy/fix-libressl-2.5.patch @@ -0,0 +1,46 @@ +--- a/src/ssl_sock.c.orig 2017-01-13 09:03:00 UTC ++++ b/src/ssl_sock.c +@@ -792,8 +792,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *c + ocsp = NULL; + + #ifndef SSL_CTX_get_tlsext_status_cb +-# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ +- *cb = (void (*) (void))ctx->tlsext_status_cb; ++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB ++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 ++#endif ++#define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ ++ *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) + #endif + SSL_CTX_get_tlsext_status_cb(ctx, &callback); + +@@ -821,7 +824,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *c + int key_type; + EVP_PKEY *pkey; + +-#ifdef SSL_CTX_get_tlsext_status_arg ++#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER) ++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG ++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 ++#endif + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg); + #else + cb_arg = ctx->tlsext_status_arg; +@@ -3537,7 +3543,7 @@ int ssl_sock_handshake(struct connection + OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); + empty_handshake = state == TLS_ST_BEFORE; + #else +- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; + #endif + + if (empty_handshake) { +@@ -3615,7 +3621,7 @@ int ssl_sock_handshake(struct connection + state = SSL_get_state((SSL *)conn->xprt_ctx); + empty_handshake = state == TLS_ST_BEFORE; + #else +- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; + #endif + if (empty_handshake) { + if (!errno) { |