aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/haproxy/APKBUILD4
-rw-r--r--main/haproxy/fix-libressl-2.5.patch46
2 files changed, 49 insertions, 1 deletions
diff --git a/main/haproxy/APKBUILD b/main/haproxy/APKBUILD
index ccc64c1c02..3e22559ae3 100644
--- a/main/haproxy/APKBUILD
+++ b/main/haproxy/APKBUILD
@@ -3,7 +3,7 @@
pkgname=haproxy
pkgver=1.7.5
_pkgmajorver=${pkgver%.*}
-pkgrel=0
+pkgrel=1
pkgdesc="A TCP/HTTP reverse proxy for high availability environments"
url="http://haproxy.1wt.eu"
arch="all"
@@ -14,6 +14,7 @@ makedepends="pcre-dev libressl-dev linux-headers lua${_luaver}-dev zlib-dev"
install="haproxy.pre-install haproxy.pre-upgrade"
subpackages="$pkgname-doc $pkgname-systemd-wrapper:wrapper"
source="http://haproxy.1wt.eu/download/${_pkgmajorver}/src/$pkgname-$pkgver.tar.gz
+ fix-libressl-2.5.patch
haproxy.initd
haproxy.cfg"
@@ -63,5 +64,6 @@ wrapper() {
}
sha512sums="9fc62b492b4eb80039511339d6e677107f4ba842f275d4be216a70a0d3d0463c819e10e365a7e9fe2e95e0b446b00350b4ee161e98bd724ca2e0e4e60bea5734 haproxy-1.7.5.tar.gz
+a69734b0760dacf9a3e9b69202623eb55b8a8ae75dae7a9c7ee92240636b3dfd05f640ead2be604249c86280f85f149837aa9da284e7796ecd7f9f907c439121 fix-libressl-2.5.patch
3ab277bf77fe864ec6c927118dcd70bdec0eb3c54535812d1c3c0995fa66a3ea91a73c342edeb8944caeb097d2dd1a7761099182df44af5e3ef42de6e2176d26 haproxy.initd
26bc8f8ac504fcbaec113ecbb9bb59b9da47dc8834779ebbb2870a8cadf2ee7561b3a811f01e619358a98c6c7768e8fdd90ab447098c05b82e788c8212c4c41f haproxy.cfg"
diff --git a/main/haproxy/fix-libressl-2.5.patch b/main/haproxy/fix-libressl-2.5.patch
new file mode 100644
index 0000000000..fbf61507e2
--- /dev/null
+++ b/main/haproxy/fix-libressl-2.5.patch
@@ -0,0 +1,46 @@
+--- a/src/ssl_sock.c.orig 2017-01-13 09:03:00 UTC
++++ b/src/ssl_sock.c
+@@ -792,8 +792,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
+ ocsp = NULL;
+
+ #ifndef SSL_CTX_get_tlsext_status_cb
+-# define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
+- *cb = (void (*) (void))ctx->tlsext_status_cb;
++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
++#endif
++#define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
++ *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
+ #endif
+ SSL_CTX_get_tlsext_status_cb(ctx, &callback);
+
+@@ -821,7 +824,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
+ int key_type;
+ EVP_PKEY *pkey;
+
+-#ifdef SSL_CTX_get_tlsext_status_arg
++#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER)
++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
++#endif
+ SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
+ #else
+ cb_arg = ctx->tlsext_status_arg;
+@@ -3537,7 +3543,7 @@ int ssl_sock_handshake(struct connection
+ OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
+ empty_handshake = state == TLS_ST_BEFORE;
+ #else
+- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
+ #endif
+
+ if (empty_handshake) {
+@@ -3615,7 +3621,7 @@ int ssl_sock_handshake(struct connection
+ state = SSL_get_state((SSL *)conn->xprt_ctx);
+ empty_handshake = state == TLS_ST_BEFORE;
+ #else
+- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
+ #endif
+ if (empty_handshake) {
+ if (!errno) {