Hi, Here's a diff to move haproxy from the oldstable branch to stable branch. I didn't succeed before because the libressl stuff but trueos/hbsd did the job so I just stole their diff.
Comments? OK? Cheers, Daniel Index: Makefile =================================================================== RCS file: /cvs/ports/net/haproxy/Makefile,v retrieving revision 1.42 diff -u -p -r1.42 Makefile --- Makefile 20 Jun 2017 17:38:40 -0000 1.42 +++ Makefile 11 Aug 2017 16:09:12 -0000 @@ -2,7 +2,7 @@ COMMENT = reliable, high performance TCP/HTTP load balancer -DISTNAME = haproxy-1.6.13 +DISTNAME = haproxy-1.7.8 CATEGORIES = net www HOMEPAGE = http://www.haproxy.org/ MAINTAINER = Daniel Jakots <[email protected]> @@ -12,7 +12,7 @@ PERMIT_PACKAGE_CDROM = Yes WANTLIB = c crypto pcre pcreposix ssl -MASTER_SITES = ${HOMEPAGE}/download/1.6/src/ +MASTER_SITES = ${HOMEPAGE}/download/1.7/src/ HAPROXYCONF = ${SYSCONFDIR}/haproxy HAPROXYSTATE = /var/haproxy Index: distinfo =================================================================== RCS file: /cvs/ports/net/haproxy/distinfo,v retrieving revision 1.25 diff -u -p -r1.25 distinfo --- distinfo 20 Jun 2017 17:38:40 -0000 1.25 +++ distinfo 11 Aug 2017 16:09:12 -0000 @@ -1,2 +1,2 @@ -SHA256 (haproxy-1.6.13.tar.gz) = fTGFg/OhvxhehXvUBEkASynJVUfIm7s2cY8oTilQKhs= -SIZE (haproxy-1.6.13.tar.gz) = 1580214 +SHA256 (haproxy-1.7.8.tar.gz) = 7JAVPM7dIK1AFdPq92tQL/H2G0MdVMIrhFe1eEqa4UI= +SIZE (haproxy-1.7.8.tar.gz) = 1746321 Index: patches/patch-Makefile =================================================================== RCS file: patches/patch-Makefile diff -N patches/patch-Makefile --- patches/patch-Makefile 20 Jun 2017 17:38:40 -0000 1.6 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,23 +0,0 @@ -$OpenBSD: patch-Makefile,v 1.6 2017/06/20 17:38:40 danj Exp $ - -Make use of accept4() on OpenBSD. - -Committed upstream -http://git.haproxy.org/?p=haproxy.git;a=commit;h=9705ba2981016dd6b3b8d690bb8935a396cc0994 - -Index: Makefile ---- Makefile.orig -+++ Makefile -@@ -306,10 +306,11 @@ ifeq ($(TARGET),osx) - USE_TPROXY = implicit - else - ifeq ($(TARGET),openbsd) -- # This is for OpenBSD >= 3.0 -+ # This is for OpenBSD >= 5.7 - USE_POLL = implicit - USE_KQUEUE = implicit - USE_TPROXY = implicit -+ USE_ACCEPT4 = implicit - else - ifeq ($(TARGET),netbsd) - # This is for NetBSD Index: patches/patch-doc_haproxy_1 =================================================================== RCS file: /cvs/ports/net/haproxy/patches/patch-doc_haproxy_1,v retrieving revision 1.3 diff -u -p -r1.3 patch-doc_haproxy_1 --- patches/patch-doc_haproxy_1 11 Sep 2014 14:47:20 -0000 1.3 +++ patches/patch-doc_haproxy_1 11 Aug 2017 16:09:12 -0000 @@ -1,7 +1,8 @@ $OpenBSD: patch-doc_haproxy_1,v 1.3 2014/09/11 14:47:20 gonzalo Exp $ ---- doc/haproxy.1.orig Fri Jul 25 03:56:07 2014 -+++ doc/haproxy.1 Thu Sep 4 12:12:46 2014 -@@ -188,8 +188,7 @@ This signal is intercepted and ignored on systems with +Index: doc/haproxy.1 +--- doc/haproxy.1.orig ++++ doc/haproxy.1 +@@ -190,8 +190,7 @@ This signal is intercepted and ignored on systems with .SH SEE ALSO Index: patches/patch-src_ssl_sock_c =================================================================== RCS file: /cvs/ports/net/haproxy/patches/patch-src_ssl_sock_c,v retrieving revision 1.6 diff -u -p -r1.6 patch-src_ssl_sock_c --- patches/patch-src_ssl_sock_c 1 Feb 2017 15:49:34 -0000 1.6 +++ patches/patch-src_ssl_sock_c 11 Aug 2017 16:09:12 -0000 @@ -1,21 +1,51 @@ $OpenBSD: patch-src_ssl_sock_c,v 1.6 2017/02/01 15:49:34 naddy Exp $ ---- src/ssl_sock.c.orig Sun Dec 25 09:26:16 2016 -+++ src/ssl_sock.c Thu Jan 26 21:09:45 2017 -@@ -2810,7 +2810,7 @@ int ssl_sock_handshake(struct connection *conn, unsign - if (!errno && conn->flags & CO_FL_WAIT_L4_CONN) - conn->flags &= ~CO_FL_WAIT_L4_CONN; - if (!conn->err_code) { -- if (!((SSL *)conn->xprt_ctx)->packet_length) { -+ if (SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE) { - if (!errno) { - if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) - conn->err_code = CO_ER_SSL_HANDSHAKE_HB; -@@ -2877,7 +2877,7 @@ int ssl_sock_handshake(struct connection *conn, unsign - if (!errno && conn->flags & CO_FL_WAIT_L4_CONN) - conn->flags &= ~CO_FL_WAIT_L4_CONN; + +From +https://github.com/trueos/freebsd-ports/blob/3745ead2e0f43985c3647e1e3aecae2751decfda/net/haproxy/files/patch-src_ssl__sock.c + +Index: src/ssl_sock.c +--- src/ssl_sock.c.orig ++++ src/ssl_sock.c +@@ -794,8 +794,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char + ocsp = NULL; -- if (!((SSL *)conn->xprt_ctx)->packet_length) { -+ if (SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE) { + #ifndef SSL_CTX_get_tlsext_status_cb ++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB ++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128 ++#endif + # define SSL_CTX_get_tlsext_status_cb(ctx, cb) \ +- *cb = (void (*) (void))ctx->tlsext_status_cb; ++ *cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb) + #endif + SSL_CTX_get_tlsext_status_cb(ctx, &callback); + +@@ -823,7 +826,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char + int key_type; + EVP_PKEY *pkey; + +-#ifdef SSL_CTX_get_tlsext_status_arg ++#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER) ++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG ++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129 ++#endif + SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg); + #else + cb_arg = ctx->tlsext_status_arg; +@@ -3539,7 +3545,7 @@ int ssl_sock_handshake(struct connection *conn, unsign + OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx); + empty_handshake = state == TLS_ST_BEFORE; + #else +- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; + #endif + + if (empty_handshake) { +@@ -3617,7 +3623,7 @@ int ssl_sock_handshake(struct connection *conn, unsign + state = SSL_get_state((SSL *)conn->xprt_ctx); + empty_handshake = state == TLS_ST_BEFORE; + #else +- empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length; ++ empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE; + #endif + if (empty_handshake) { if (!errno) { - if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) - conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
