net/haproxy: sync with upstream

Taken from: HardenedBSD

net/haproxy/Makefile

@@ -2,9 +2,9 @@
 # $FreeBSD$
 
 PORTNAME=	haproxy
-PORTVERSION=	1.6.10
+PORTVERSION=	1.7.8
 CATEGORIES=	net www
-MASTER_SITES=	http://www.haproxy.org/download/1.6/src/
+MASTER_SITES=	http://www.haproxy.org/download/1.7/src/
 DISTFILES=	${PORTNAME}-${DISTVERSION}${EXTRACT_SUFX}
 
 MAINTAINER=	demon@FreeBSD.org
@@ -18,12 +18,13 @@ CONFLICTS_INSTALL=	haproxy-devel-[0-9]*
 USES=		cpe gmake
 USE_RC_SUBR=	haproxy
 
-DEVICEATLAS_VERSION=	2.1
+DEVICEATLAS_VERSION=	2.1.2_1
 DEVICEATLAS_DISTFILE=	deviceatlas-enterprise-c-${DEVICEATLAS_VERSION}
 DEVICEATLAS_REGISTRATION_URL=	https://deviceatlas.com/deviceatlas-haproxy-module
 
 MAKE_ARGS=	TARGET=freebsd DEFINE=-DFREEBSD_PORTS USE_GETADDRINFO=1 \
-		USE_ZLIB=1 USE_CPU_AFFINITY=1 CC="${CC}" CFLAGS="${CFLAGS}"
+		USE_ZLIB=1 USE_CPU_AFFINITY=1 USE_REGPARM=1 USE_ACCEPT4=1 \
+		CC="${CC}" DEBUG_CFLAGS="" CPU_CFLAGS="${CFLAGS}"
 
 OPTIONS_DEFINE=		DOCS EXAMPLES LUA OPENSSL DEVICEATLAS
 OPTIONS_RADIO=		PCRE
@@ -46,12 +47,12 @@ MAKE_ARGS+=	USE_PCRE=1 USE_STATIC_PCRE=1 USE_PCRE_JIT=1
 .endif
 
 .if ${PORT_OPTIONS:MDEVICEATLAS}
-.if !exists(${DISTDIR}/${DEVICEATLAS_DISTFILE}.zip)
+.if !exists(${DISTDIR}/${DEVICEATLAS_DISTFILE}.tgz)
 IGNORE?=	you must manually fetch the DeviceAtlas Device Detection C API from ${DEVICEATLAS_REGISTRATION_URL} and place it in ${DISTDIR} and then run make again
 .else
 RESTRICTED=	The redistribution of the DeviceAtlas Device Detection C API is not permitted
-DISTFILES+=	${DEVICEATLAS_DISTFILE}.zip
-MAKE_ARGS+=	USE_DEVICEATLAS=1 DEVICEATLAS_SRC=${WRKDIR}/deviceatlas-enterprise-c-${DEVICEATLAS_VERSION}
+DISTFILES+=	${DEVICEATLAS_DISTFILE}.tgz
+MAKE_ARGS+=	USE_DEVICEATLAS=1 DEVICEATLAS_SRC=${WRKDIR}/deviceatlas-enterprise-c-${DEVICEATLAS_VERSION}/Src
 .endif
 .if ! ${PORT_OPTIONS:MDPCRE} && ! ${PORT_OPTIONS:MSPCRE}
 IGNORE?=	enable PCRE support to use DeviceAtlas

net/haproxy/distinfo

@@ -1,5 +1,5 @@
-TIMESTAMP = 1479715109
-SHA256 (haproxy-1.6.10.tar.gz) = 5c865e0238d31b03ec7e31d4bf1a20d08984eea7fcf4bbb36a40bd35d8744460
-SIZE (haproxy-1.6.10.tar.gz) = 1571842
-SHA256 (deviceatlas-enterprise-c-2.1.zip) = a02fc29486d245b1c8d946c663b71ba981e88fee8d037f5bc1bf255deb287974
-SIZE (deviceatlas-enterprise-c-2.1.zip) = 504286
+TIMESTAMP = 1499429680
+SHA256 (haproxy-1.7.8.tar.gz) = ec90153ccedd20ad4015d3eaf76b502ff1f61b431d54c22b8457b5784a9ae142
+SIZE (haproxy-1.7.8.tar.gz) = 1746321
+SHA256 (deviceatlas-enterprise-c-2.1.2_1.tgz) = 984e1ae3147459a4ed0a8d5053d83dd05ce8c5127cd3cb055be35a74e9217372
+SIZE (deviceatlas-enterprise-c-2.1.2_1.tgz) = 184432

net/haproxy/files/patch-src_ssl__sock.c

@@ -0,0 +1,45 @@
+--- src/ssl_sock.c.orig	2017-07-07 09:49:34 UTC
++++ src/ssl_sock.c
+@@ -794,8 +794,11 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
+ 		ocsp = NULL;
+ 
+ #ifndef SSL_CTX_get_tlsext_status_cb
++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB
++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB 128
++#endif
+ # define SSL_CTX_get_tlsext_status_cb(ctx, cb) \
+-	*cb = (void (*) (void))ctx->tlsext_status_cb;
++	*cb = SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0, (void (**)(void))cb)
+ #endif
+ 	SSL_CTX_get_tlsext_status_cb(ctx, &callback);
+ 
+@@ -823,7 +826,10 @@ static int ssl_sock_load_ocsp(SSL_CTX *c
+ 		int key_type;
+ 		EVP_PKEY *pkey;
+ 
+-#ifdef SSL_CTX_get_tlsext_status_arg
++#if defined(SSL_CTX_get_tlsext_status_arg) || defined(LIBRESSL_VERSION_NUMBER)
++#ifndef SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG
++#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG 129
++#endif
+ 		SSL_CTX_ctrl(ctx, SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG, 0, &cb_arg);
+ #else
+ 		cb_arg = ctx->tlsext_status_arg;
+@@ -3539,7 +3545,7 @@ int ssl_sock_handshake(struct connection
+ 					OSSL_HANDSHAKE_STATE state = SSL_get_state((SSL *)conn->xprt_ctx);
+ 					empty_handshake = state == TLS_ST_BEFORE;
+ #else
+-					empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
++					empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
+ #endif
+ 
+ 					if (empty_handshake) {
+@@ -3617,7 +3623,7 @@ int ssl_sock_handshake(struct connection
+ 			state = SSL_get_state((SSL *)conn->xprt_ctx);
+ 			empty_handshake = state == TLS_ST_BEFORE;
+ #else
+-			empty_handshake = !((SSL *)conn->xprt_ctx)->packet_length;
++			empty_handshake = SSL_state((SSL *)conn->xprt_ctx) == SSL_ST_BEFORE;
+ #endif
+ 			if (empty_handshake) {
+ 				if (!errno) {

net/haproxy/pkg-descr

@@ -3,4 +3,4 @@ availability, load balancing, and proxying for TCP and HTTP-based
 applications. It is particularly suited for web sites crawling under
 very high loads while needing persistence or Layer7 processing.
 
-WWW: http://haproxy.1wt.eu/
+WWW: http://www.haproxy.org

net/haproxy/pkg-plist

@@ -1,6 +1,10 @@
 man/man1/haproxy.1.gz
 sbin/halog
 sbin/haproxy
+%%PORTDOCS%%%%DOCSDIR%%/51Degrees-device-detection.txt
+%%PORTDOCS%%%%DOCSDIR%%/DeviceAtlas-device-detection.txt
+%%PORTDOCS%%%%DOCSDIR%%/SPOE.txt
+%%PORTDOCS%%%%DOCSDIR%%/WURFL-device-detection.txt
 %%PORTDOCS%%%%DOCSDIR%%/acl.fig
 %%PORTDOCS%%%%DOCSDIR%%/architecture.txt
 %%PORTDOCS%%%%DOCSDIR%%/close-options.txt
@@ -37,6 +41,7 @@ sbin/haproxy
 %%PORTDOCS%%%%DOCSDIR%%/internals/entities.pdf
 %%PORTDOCS%%%%DOCSDIR%%/internals/entities.svg
 %%PORTDOCS%%%%DOCSDIR%%/internals/entities.txt
+%%PORTDOCS%%%%DOCSDIR%%/internals/filters.txt
 %%PORTDOCS%%%%DOCSDIR%%/internals/hashing.txt
 %%PORTDOCS%%%%DOCSDIR%%/internals/header-parser-speed.txt
 %%PORTDOCS%%%%DOCSDIR%%/internals/header-tree.txt
@@ -64,6 +69,7 @@ sbin/haproxy
 %%PORTDOCS%%%%DOCSDIR%%/lua-api/index.rst
 %%PORTDOCS%%%%DOCSDIR%%/lua.txt
 %%PORTDOCS%%%%DOCSDIR%%/management.txt
+%%PORTDOCS%%%%DOCSDIR%%/netscaler-client-ip-insertion-protocol.txt
 %%PORTDOCS%%%%DOCSDIR%%/network-namespaces.txt
 %%PORTDOCS%%%%DOCSDIR%%/proxy-protocol.txt
 %%PORTDOCS%%%%DOCSDIR%%/queuing.fig
@@ -92,3 +98,4 @@ sbin/haproxy
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/ssl.cfg
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/stats_haproxy.sh
 %%PORTEXAMPLES%%%%EXAMPLESDIR%%/transparent_proxy.cfg
+%%PORTEXAMPLES%%%%EXAMPLESDIR%%/wurfl-example.cfg