diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4b647b8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/haproxy-1.5.18.tar.gz
diff --git a/.haproxy.metadata b/.haproxy.metadata
new file mode 100644
index 0000000..cbf16fb
--- /dev/null
+++ b/.haproxy.metadata
@@ -0,0 +1 @@
+041c02197316ec342aecfe52e989c70b49856063 SOURCES/haproxy-1.5.18.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/halog-unused-variables.patch b/SOURCES/halog-unused-variables.patch
new file mode 100644
index 0000000..37b66ea
--- /dev/null
+++ b/SOURCES/halog-unused-variables.patch
@@ -0,0 +1,135 @@
+--- contrib/halog/halog.c.orig 2014-07-25 01:56:07.000000000 -0500
++++ contrib/halog/halog.c 2014-07-25 15:24:56.996876765 -0500
+@@ -462,7 +462,7 @@ int convert_date(const char *field)
+ {
+ unsigned int h, m, s, ms;
+ unsigned char c;
+- const char *b, *e;
++ const char *e;
+
+ h = m = s = ms = 0;
+ e = field;
+@@ -477,7 +477,6 @@ int convert_date(const char *field)
+ }
+
+ /* hour + ':' */
+- b = e;
+ while (1) {
+ c = *(e++) - '0';
+ if (c > 9)
+@@ -488,7 +487,6 @@ int convert_date(const char *field)
+ goto out_err;
+
+ /* minute + ':' */
+- b = e;
+ while (1) {
+ c = *(e++) - '0';
+ if (c > 9)
+@@ -499,7 +497,6 @@ int convert_date(const char *field)
+ goto out_err;
+
+ /* second + '.' or ']' */
+- b = e;
+ while (1) {
+ c = *(e++) - '0';
+ if (c > 9)
+@@ -512,7 +509,6 @@ int convert_date(const char *field)
+ /* if there's a '.', we have milliseconds */
+ if (c == (unsigned char)('.' - '0')) {
+ /* millisecond second + ']' */
+- b = e;
+ while (1) {
+ c = *(e++) - '0';
+ if (c > 9)
+@@ -535,7 +531,7 @@ int convert_date_to_timestamp(const char
+ {
+ unsigned int d, mo, y, h, m, s;
+ unsigned char c;
+- const char *b, *e;
++ const char *e;
+ time_t rawtime;
+ static struct tm * timeinfo;
+ static int last_res;
+@@ -622,7 +618,6 @@ int convert_date_to_timestamp(const char
+ }
+
+ /* hour + ':' */
+- b = e;
+ while (1) {
+ c = *(e++) - '0';
+ if (c > 9)
+@@ -633,7 +628,6 @@ int convert_date_to_timestamp(const char
+ goto out_err;
+
+ /* minute + ':' */
+- b = e;
+ while (1) {
+ c = *(e++) - '0';
+ if (c > 9)
+@@ -644,7 +638,6 @@ int convert_date_to_timestamp(const char
+ goto out_err;
+
+ /* second + '.' or ']' */
+- b = e;
+ while (1) {
+ c = *(e++) - '0';
+ if (c > 9)
+@@ -686,10 +679,10 @@ void truncated_line(int linenum, const c
+
+ int main(int argc, char **argv)
+ {
+- const char *b, *e, *p, *time_field, *accept_field, *source_field;
++ const char *b, *p, *time_field, *accept_field, *source_field;
+ const char *filter_term_code_name = NULL;
+ const char *output_file = NULL;
+- int f, last, err;
++ int f, last;
+ struct timer *t = NULL;
+ struct eb32_node *n;
+ struct url_stat *ustat = NULL;
+@@ -941,7 +934,7 @@ int main(int argc, char **argv)
+ }
+ }
+
+- e = field_stop(time_field + 1);
++ field_stop(time_field + 1);
+ /* we have field TIME_FIELD in [time_field]..[e-1] */
+ p = time_field;
+ f = 0;
+@@ -965,17 +958,15 @@ int main(int argc, char **argv)
+ }
+ }
+
+- e = field_stop(time_field + 1);
++ field_stop(time_field + 1);
+ /* we have field TIME_FIELD in [time_field]..[e-1], let's check only the response time */
+
+ p = time_field;
+- err = 0;
+ f = 0;
+ while (!SEP(*p)) {
+ tps = str2ic(p);
+ if (tps < 0) {
+ tps = -1;
+- err = 1;
+ }
+ if (++f == 4)
+ break;
+@@ -1701,7 +1692,7 @@ void filter_count_ip(const char *source_
+ void filter_graphs(const char *accept_field, const char *time_field, struct timer **tptr)
+ {
+ struct timer *t2;
+- const char *e, *p;
++ const char *p;
+ int f, err, array[5];
+
+ if (!time_field) {
+@@ -1712,7 +1703,7 @@ void filter_graphs(const char *accept_fi
+ }
+ }
+
+- e = field_stop(time_field + 1);
++ field_stop(time_field + 1);
+ /* we have field TIME_FIELD in [time_field]..[e-1] */
+
+ p = time_field;
diff --git a/SOURCES/halog.1 b/SOURCES/halog.1
new file mode 100644
index 0000000..39a9711
--- /dev/null
+++ b/SOURCES/halog.1
@@ -0,0 +1,108 @@
+.TH HALOG "1" "July 2013" "halog" "User Commands"
+.SH NAME
+halog \- HAProxy log statistics reporter
+.SH SYNOPSIS
+.B halog
+[\fI-h|--help\fR]
+.br
+.B halog
+[\fIoptions\fR] <LOGFILE
+.SH DESCRIPTION
+.B halog
+reads HAProxy log data from stdin and extracts and displays lines matching
+user-specified criteria.
+.SH OPTIONS
+.SS Input filters \fR(several filters may be combined)
+.TP
+\fB\-H\fR
+Only match lines containing HTTP logs (ignore TCP)
+.TP
+\fB\-E\fR
+Only match lines without any error (no 5xx status)
+.TP
+\fB\-e\fR
+Only match lines with errors (status 5xx or negative)
+.TP
+\fB\-rt\fR|\fB\-RT\fR <time>
+Only match response times larger|smaller than <time>
+.TP
+\fB\-Q\fR|\fB\-QS\fR
+Only match queued requests (any queue|server queue)
+.TP
+\fB\-tcn\fR|\fB\-TCN\fR <code>
+Only match requests with/without termination code <code>
+.TP
+\fB\-hs\fR|\fB\-HS\fR <[min][:][max]>
+Only match requests with HTTP status codes within/not within min..max. Any of
+them may be omitted. Exact code is checked for if no ':' is specified.
+.SS
+Modifiers
+.TP
+\fB\-v\fR
+Invert the input filtering condition
+.TP
+\fB\-q\fR
+Don't report errors/warnings
+.TP
+\fB\-m\fR <lines>
+Limit output to the first <lines> lines
+.SS
+Output filters \fR\- only one may be used at a time
+.TP
+\fB\-c\fR
+Only report the number of lines that would have been printed
+.TP
+\fB\-pct\fR
+Output connect and response times percentiles
+.TP
+\fB\-st\fR
+Output number of requests per HTTP status code
+.TP
+\fB\-cc\fR
+Output number of requests per cookie code (2 chars)
+.TP
+\fB\-tc\fR
+Output number of requests per termination code (2 chars)
+.TP
+\fB\-srv\fR
+Output statistics per server (time, requests, errors)
+.TP
+\fB\-u\fR*
+Output statistics per URL (time, requests, errors)
+.br
+Additional characters indicate the output sorting key:
+.RS
+.TP
+\fB\-u\fR
+URL
+.TP
+\fB\-uc\fR
+Request count
+.TP
+\fB\-ue\fR
+Error count
+.TP
+\fB\-ua\fR
+Average response time
+.TP
+\fB\-ut\fR
+Average total time
+.TP
+\fB\-uao\fR, \fB\-uto\fR
+Average times computed on valid ('OK') requests
+.TP
+\fB\-uba\fR
+Average bytes returned
+.TP
+\fB\-ubt\fR
+Total bytes returned
+.RE
+.SH "SEE ALSO"
+.BR haproxy (1)
+.SH AUTHOR
+.PP
+\fBhalog\fR was written by Willy Tarreau <w@1wt.eu> and is part of \fBhaproxy\fR(1).
+.PP
+This manual page was written by Apollon Oikonomopoulos <apoikos@gmail.com> for the Debian project (but may
+be used by others).
+
diff --git a/SOURCES/haproxy-systemd-wrapper-exit-code.patch b/SOURCES/haproxy-systemd-wrapper-exit-code.patch
new file mode 100644
index 0000000..f5215e6
--- /dev/null
+++ b/SOURCES/haproxy-systemd-wrapper-exit-code.patch
@@ -0,0 +1,69 @@
+From 8c8c86d008da636d208ddeb8ac9cf9c06c4164a3 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Thu, 3 Nov 2016 20:31:40 +0100
+Subject: [PATCH] BUG/MEDIUM: systemd-wrapper: return correct exit codes
+
+Gabriele Cerami reported the the exit codes of the systemd-wrapper are
+wrong. In short, it directly returns the output of the wait syscall's
+status, which is a composite value made of error code an signal numbers.
+In general it contains the signal number on the lower bits and the error
+code on the higher bits, but exit() truncates it to the lowest 8 bits,
+causing config validations to incorrectly report a success. Example :
+
+ $ ./haproxy-systemd-wrapper -c -f /dev/null
+ <7>haproxy-systemd-wrapper: executing /tmp/haproxy -c -f /dev/null -Ds
+ Configuration file has no error but will not start (no listener) => exit(2).
+ <5>haproxy-systemd-wrapper: exit, haproxy RC=512
+ $ echo $?
+ 0
+
+If the process is killed however, the signal number is directly reported
+in the exit code.
+
+Let's fix all this to ensure that the exit code matches what the shell does,
+which means that codes 0..127 are for exit codes, codes 128..254 for signals,
+and code 255 for unknown exit code. Now the return code is correct :
+
+ $ ./haproxy-systemd-wrapper -c -f /dev/null
+ <7>haproxy-systemd-wrapper: executing /tmp/haproxy -c -f /dev/null -Ds
+ Configuration file has no error but will not start (no listener) => exit(2).
+ <5>haproxy-systemd-wrapper: exit, haproxy RC=2
+ $ echo $?
+ 2
+
+ $ ./haproxy-systemd-wrapper -f /tmp/cfg.conf
+ <7>haproxy-systemd-wrapper: executing /tmp/haproxy -f /dev/null -Ds
+ ^C
+ <5>haproxy-systemd-wrapper: exit, haproxy RC=130
+ $ echo $?
+ 130
+
+This fix must be backported to 1.6 and 1.5.
+---
+ src/haproxy-systemd-wrapper.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/haproxy-systemd-wrapper.c b/src/haproxy-systemd-wrapper.c
+index 4e4d039..86520ca 100644
+--- a/src/haproxy-systemd-wrapper.c
++++ b/src/haproxy-systemd-wrapper.c
+@@ -215,6 +215,16 @@ int main(int argc, char **argv)
+ }
+ }
+
++ /* return either exit code or signal+128 */
++ if (WIFEXITED(status))
++ status = WEXITSTATUS(status);
++ else if (WIFSIGNALED(status))
++ status = 128 + WTERMSIG(status);
++ else if (WIFSTOPPED(status))
++ status = 128 + WSTOPSIG(status);
++ else
++ status = 255;
++
+ fprintf(stderr, SD_NOTICE "haproxy-systemd-wrapper: exit, haproxy RC=%d\n",
+ status);
+ return status;
+--
+2.7.4
+
diff --git a/SOURCES/haproxy-tcp-user-timeout.patch b/SOURCES/haproxy-tcp-user-timeout.patch
new file mode 100644
index 0000000..97544e4
--- /dev/null
+++ b/SOURCES/haproxy-tcp-user-timeout.patch
@@ -0,0 +1,131 @@
+From a8d1818959a7a2351d94e077b60e84b0b35ec231 Mon Sep 17 00:00:00 2001
+From: Willy Tarreau <w@1wt.eu>
+Date: Wed, 4 Feb 2015 00:45:58 +0100
+Subject: [PATCH] MEDIUM: tcp: implement tcp-ut bind option to set
+ TCP_USER_TIMEOUT
+
+On Linux since 2.6.37, it's possible to set the socket timeout for
+pending outgoing data, with an accuracy of 1 millisecond. This is
+pretty handy to deal with dead connections to clients and or servers.
+
+For now we only implement it on the frontend side (bind line) so
+that when a client disappears from the net, we're able to quickly
+get rid of its connection and possibly release a server connection.
+This can be useful with long-lived connections where an application
+level timeout is not suited because long pauses are expected (remote
+terminals, connection pools, etc).
+
+Thanks to Thijs Houtenbos and John Eckersberg for the suggestion.
+---
+ doc/configuration.txt | 13 +++++++++++++
+ include/types/listener.h | 1 +
+ src/proto_tcp.c | 42 +++++++++++++++++++++++++++++++++++++++++-
+ 3 files changed, 55 insertions(+), 1 deletion(-)
+
+diff --git a/doc/configuration.txt b/doc/configuration.txt
+index 6714afb..e131e99 100644
+--- a/doc/configuration.txt
++++ b/doc/configuration.txt
+@@ -8652,6 +8652,19 @@ strict-sni
+ a certificate. The default certificate is not used.
+ See the "crt" option for more information.
+
++tcp-ut <delay>
++ Sets the TCP User Timeout for all incoming connections instanciated from this
++ listening socket. This option is available on Linux since version 2.6.37. It
++ allows haproxy to configure a timeout for sockets which contain data not
++ receiving an acknoledgement for the configured delay. This is especially
++ useful on long-lived connections experiencing long idle periods such as
++ remote terminals or database connection pools, where the client and server
++ timeouts must remain high to allow a long period of idle, but where it is
++ important to detect that the client has disappeared in order to release all
++ resources associated with its connection (and the server's session). The
++ argument is a delay expressed in milliseconds by default. This only works
++ for regular TCP connections, and is ignored for other protocols.
++
+ tfo
+ Is an optional keyword which is supported only on Linux kernels >= 3.7. It
+ enables TCP Fast Open on the listening socket, which means that clients which
+diff --git a/include/types/listener.h b/include/types/listener.h
+index 83b63af..2d71df6 100644
+--- a/include/types/listener.h
++++ b/include/types/listener.h
+@@ -175,6 +175,7 @@ struct listener {
+ struct list wait_queue; /* link element to make the listener wait for something (LI_LIMITED) */
+ unsigned int analysers; /* bitmap of required protocol analysers */
+ int maxseg; /* for TCP, advertised MSS */
++ int tcp_ut; /* for TCP, user timeout */
+ char *interface; /* interface name or NULL */
+
+ struct list by_fe; /* chaining in frontend's list of listeners */
+diff --git a/src/proto_tcp.c b/src/proto_tcp.c
+index cfa62f7..e98a9fb 100644
+--- a/src/proto_tcp.c
++++ b/src/proto_tcp.c
+@@ -838,6 +838,15 @@ int tcp_bind_listener(struct listener *listener, char *errmsg, int errlen)
+ }
+ }
+ #endif
++#if defined(TCP_USER_TIMEOUT)
++ if (listener->tcp_ut) {
++ if (setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT,
++ &listener->tcp_ut, sizeof(listener->tcp_ut)) == -1) {
++ msg = "cannot set TCP User Timeout";
++ err |= ERR_WARN;
++ }
++ }
++#endif
+ #if defined(TCP_DEFER_ACCEPT)
+ if (listener->options & LI_O_DEF_ACCEPT) {
+ /* defer accept by up to one second */
+@@ -1986,8 +1995,36 @@ static int bind_parse_mss(char **args, int cur_arg, struct proxy *px, struct bin
+ }
+ #endif
+
++#ifdef TCP_USER_TIMEOUT
++/* parse the "tcp-ut" bind keyword */
++static int bind_parse_tcp_ut(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
++{
++ const char *ptr = NULL;
++ struct listener *l;
++ unsigned int timeout;
++
++ if (!*args[cur_arg + 1]) {
++ memprintf(err, "'%s' : missing TCP User Timeout value", args[cur_arg]);
++ return ERR_ALERT | ERR_FATAL;
++ }
++
++ ptr = parse_time_err(args[cur_arg + 1], &timeout, TIME_UNIT_MS);
++ if (ptr) {
++ memprintf(err, "'%s' : expects a positive delay in milliseconds", args[cur_arg]);
++ return ERR_ALERT | ERR_FATAL;
++ }
++
++ list_for_each_entry(l, &conf->listeners, by_bind) {
++ if (l->addr.ss_family == AF_INET || l->addr.ss_family == AF_INET6)
++ l->tcp_ut = timeout;
++ }
++
++ return 0;
++}
++#endif
++
+ #ifdef SO_BINDTODEVICE
+-/* parse the "mss" bind keyword */
++/* parse the "interface" bind keyword */
+ static int bind_parse_interface(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
+ {
+ struct listener *l;
+@@ -2056,6 +2093,9 @@ static struct bind_kw_list bind_kws = { "TCP", { }, {
+ #ifdef TCP_MAXSEG
+ { "mss", bind_parse_mss, 1 }, /* set MSS of listening socket */
+ #endif
++#ifdef TCP_USER_TIMEOUT
++ { "tcp-ut", bind_parse_tcp_ut, 1 }, /* set User Timeout on listening socket */
++#endif
+ #ifdef TCP_FASTOPEN
+ { "tfo", bind_parse_tfo, 0 }, /* enable TCP_FASTOPEN of listening socket */
+ #endif
+--
+1.9.3
+
diff --git a/SOURCES/haproxy.cfg b/SOURCES/haproxy.cfg
new file mode 100644
index 0000000..324ad5e
--- /dev/null
+++ b/SOURCES/haproxy.cfg
@@ -0,0 +1,86 @@
+#---------------------------------------------------------------------
+# Example configuration for a possible web application. See the
+# full configuration options online.
+#
+# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
+#
+#---------------------------------------------------------------------
+
+#---------------------------------------------------------------------
+# Global settings
+#---------------------------------------------------------------------
+global
+ # to have these messages end up in /var/log/haproxy.log you will
+ # need to:
+ #
+ # 1) configure syslog to accept network log events. This is done
+ # by adding the '-r' option to the SYSLOGD_OPTIONS in
+ # /etc/sysconfig/syslog
+ #
+ # 2) configure local2 events to go to the /var/log/haproxy.log
+ # file. A line like the following can be added to
+ # /etc/sysconfig/syslog
+ #
+ # local2.* /var/log/haproxy.log
+ #
+ log 127.0.0.1 local2
+
+ chroot /var/lib/haproxy
+ pidfile /var/run/haproxy.pid
+ maxconn 4000
+ user haproxy
+ group haproxy
+ daemon
+
+ # turn on stats unix socket
+ stats socket /var/lib/haproxy/stats
+
+#---------------------------------------------------------------------
+# common defaults that all the 'listen' and 'backend' sections will
+# use if not designated in their block
+#---------------------------------------------------------------------
+defaults
+ mode http
+ log global
+ option httplog
+ option dontlognull
+ option http-server-close
+ option forwardfor except 127.0.0.0/8
+ option redispatch
+ retries 3
+ timeout http-request 10s
+ timeout queue 1m
+ timeout connect 10s
+ timeout client 1m
+ timeout server 1m
+ timeout http-keep-alive 10s
+ timeout check 10s
+ maxconn 3000
+
+#---------------------------------------------------------------------
+# main frontend which proxys to the backends
+#---------------------------------------------------------------------
+frontend main *:5000
+ acl url_static path_beg -i /static /images /javascript /stylesheets
+ acl url_static path_end -i .jpg .gif .png .css .js
+
+ use_backend static if url_static
+ default_backend app
+
+#---------------------------------------------------------------------
+# static backend for serving up images, stylesheets and such
+#---------------------------------------------------------------------
+backend static
+ balance roundrobin
+ server static 127.0.0.1:4331 check
+
+#---------------------------------------------------------------------
+# round robin balancing between the various backends
+#---------------------------------------------------------------------
+backend app
+ balance roundrobin
+ server app1 127.0.0.1:5001 check
+ server app2 127.0.0.1:5002 check
+ server app3 127.0.0.1:5003 check
+ server app4 127.0.0.1:5004 check
+
diff --git a/SOURCES/haproxy.logrotate b/SOURCES/haproxy.logrotate
new file mode 100644
index 0000000..96544e0
--- /dev/null
+++ b/SOURCES/haproxy.logrotate
@@ -0,0 +1,12 @@
+/var/log/haproxy.log {
+ daily
+ rotate 10
+ missingok
+ notifempty
+ compress
+ sharedscripts
+ postrotate
+ /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
+ /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
+ endscript
+}
diff --git a/SOURCES/haproxy.service b/SOURCES/haproxy.service
new file mode 100644
index 0000000..2d4c954
--- /dev/null
+++ b/SOURCES/haproxy.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=HAProxy Load Balancer
+After=syslog.target network.target
+
+[Service]
+EnvironmentFile=/etc/sysconfig/haproxy
+ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS
+ExecReload=/bin/kill -USR2 $MAINPID
+KillMode=mixed
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SOURCES/haproxy.sysconfig b/SOURCES/haproxy.sysconfig
new file mode 100644
index 0000000..2b38e35
--- /dev/null
+++ b/SOURCES/haproxy.sysconfig
@@ -0,0 +1,4 @@
+# Add extra options to the haproxy daemon here. This can be useful for
+# specifying multiple configuration files with multiple -f options.
+# See haproxy(1) for a complete list of options.
+OPTIONS=""
diff --git a/SOURCES/iprange-return-type.patch b/SOURCES/iprange-return-type.patch
new file mode 100644
index 0000000..f330f7a
--- /dev/null
+++ b/SOURCES/iprange-return-type.patch
@@ -0,0 +1,17 @@
+--- contrib/iprange/iprange.c.orig 2014-06-27 14:01:26.020159479 -0500
++++ contrib/iprange/iprange.c 2014-06-27 14:01:42.149275554 -0500
+@@ -111,7 +111,7 @@ static void usage(const char *argv0)
+ "\n", argv0);
+ }
+
+-main(int argc, char **argv)
++int main(int argc, char **argv)
+ {
+ char line[MAXLINE];
+ int l, lnum;
+@@ -198,4 +198,5 @@ main(int argc, char **argv)
+ convert_range(sa, da, he, NULL);
+ }
+ }
++ exit(0);
+ }
diff --git a/SPECS/haproxy.spec b/SPECS/haproxy.spec
new file mode 100644
index 0000000..30dca25
--- /dev/null
+++ b/SPECS/haproxy.spec
@@ -0,0 +1,397 @@
+%define haproxy_user haproxy
+%define haproxy_group %{haproxy_user}
+%define haproxy_home %{_localstatedir}/lib/haproxy
+%define haproxy_confdir %{_sysconfdir}/haproxy
+%define haproxy_datadir %{_datadir}/haproxy
+
+%global _hardened_build 1
+
+Name: haproxy
+Version: 1.5.18
+Release: 7%{?dist}
+Summary: TCP/HTTP proxy and load balancer for high availability environments
+
+Group: System Environment/Daemons
+License: GPLv2+
+
+URL: http://www.haproxy.org/
+Source0: http://www.haproxy.org/download/1.5/src/haproxy-%{version}.tar.gz
+Source1: %{name}.service
+Source2: %{name}.cfg
+Source3: %{name}.logrotate
+Source4: %{name}.sysconfig
+Source5: halog.1
+
+Patch0: halog-unused-variables.patch
+Patch1: iprange-return-type.patch
+Patch2: haproxy-tcp-user-timeout.patch
+Patch3: haproxy-systemd-wrapper-exit-code.patch
+
+BuildRequires: pcre-devel
+BuildRequires: zlib-devel
+BuildRequires: openssl-devel
+BuildRequires: systemd-units
+
+Requires(pre): shadow-utils
+Requires(post): systemd
+Requires(preun): systemd
+Requires(postun): systemd
+
+%description
+HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high
+availability environments. Indeed, it can:
+ - route HTTP requests depending on statically assigned cookies
+ - spread load among several servers while assuring server persistence
+ through the use of HTTP cookies
+ - switch to backup servers in the event a main server fails
+ - accept connections to special ports dedicated to service monitoring
+ - stop accepting connections without breaking existing ones
+ - add, modify, and delete HTTP headers in both directions
+ - block requests matching particular patterns
+ - report detailed status to authenticated users from a URI
+ intercepted by the application
+
+%prep
+%setup -q
+%patch0 -p0
+%patch1 -p0
+%patch2 -p1
+%patch3 -p1
+
+%build
+regparm_opts=
+%ifarch %ix86 x86_64
+regparm_opts="USE_REGPARM=1"
+%endif
+
+%{__make} %{?_smp_mflags} CPU="generic" TARGET="linux2628" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 ${regparm_opts} ADDINC="%{optflags}" USE_LINUX_TPROXY=1 ADDLIB="%{__global_ldflags}" DEFINE=-DTCP_USER_TIMEOUT=18
+
+pushd contrib/halog
+%{__make} halog OPTIMIZE="%{optflags}"
+popd
+
+pushd contrib/iprange
+%{__make} iprange OPTIMIZE="%{optflags}"
+popd
+
+%install
+%{__make} install-bin DESTDIR=%{buildroot} PREFIX=%{_prefix} TARGET="linux2628"
+%{__make} install-man DESTDIR=%{buildroot} PREFIX=%{_prefix}
+
+%{__install} -p -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
+%{__install} -p -D -m 0644 %{SOURCE2} %{buildroot}%{haproxy_confdir}/%{name}.cfg
+%{__install} -p -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
+%{__install} -p -D -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
+%{__install} -p -D -m 0644 %{SOURCE5} %{buildroot}%{_mandir}/man1/halog.1
+%{__install} -d -m 0755 %{buildroot}%{haproxy_home}
+%{__install} -d -m 0755 %{buildroot}%{haproxy_datadir}
+%{__install} -d -m 0755 %{buildroot}%{_bindir}
+%{__install} -p -m 0755 ./contrib/halog/halog %{buildroot}%{_bindir}/halog
+%{__install} -p -m 0755 ./contrib/iprange/iprange %{buildroot}%{_bindir}/iprange
+%{__install} -p -m 0644 ./examples/errorfiles/* %{buildroot}%{haproxy_datadir}
+
+for httpfile in $(find ./examples/errorfiles/ -type f)
+do
+ %{__install} -p -m 0644 $httpfile %{buildroot}%{haproxy_datadir}
+done
+
+%{__rm} -rf ./examples/errorfiles/
+
+find ./examples/* -type f ! -name "*.cfg" -exec %{__rm} -f "{}" \;
+
+for textfile in $(find ./ -type f -name "*.txt" -o -name README)
+do
+ %{__mv} $textfile $textfile.old
+ iconv --from-code ISO8859-1 --to-code UTF-8 --output $textfile $textfile.old
+ %{__rm} -f $textfile.old
+done
+
+%pre
+getent group %{haproxy_group} >/dev/null || groupadd -f -g 188 -r %{haproxy_group}
+if ! getent passwd %{haproxy_user} >/dev/null ; then
+ if ! getent passwd 188 >/dev/null ; then
+ useradd -r -u 188 -g %{haproxy_group} -d %{haproxy_home} -s /sbin/nologin -c "haproxy" %{haproxy_user}
+ else
+ useradd -r -g %{haproxy_group} -d %{haproxy_home} -s /sbin/nologin -c "haproxy" %{haproxy_user}
+ fi
+fi
+
+%post
+%systemd_post %{name}.service
+
+%preun
+%systemd_preun %{name}.service
+
+%postun
+%systemd_postun_with_restart %{name}.service
+
+%files
+%defattr(-,root,root,-)
+%doc doc/* examples/
+%doc CHANGELOG LICENSE README ROADMAP VERSION
+%dir %{haproxy_confdir}
+%dir %{haproxy_datadir}
+%{haproxy_datadir}/*
+%config(noreplace) %{haproxy_confdir}/%{name}.cfg
+%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%{_unitdir}/%{name}.service
+%{_sbindir}/%{name}
+%{_sbindir}/%{name}-systemd-wrapper
+%{_bindir}/halog
+%{_bindir}/iprange
+%{_mandir}/man1/*
+%attr(-,%{haproxy_user},%{haproxy_group}) %dir %{haproxy_home}
+
+%changelog
+* Thu Nov 30 2017 Ryan O'Hara <rohara@redhat.com> - 1.5.18-7
+- Rebuild with openssl-1.0.2k (#1509139)
+
+* Mon May 01 2017 Ryan O'Hara <rohara@redhat.com> - 1.5.18-6
+- Use KillMode=mixed in systemd service file (#1444709)
+
+* Thu Mar 16 2017 Ryan O'Hara <rohara@redhat.com> - 1.5.18-5
+- Use soft-static allocation for haproxy UID/GID (#1386130)
+
+* Wed Nov 16 2016 Ryan O'Hara <rohara@redhat.com> - 1.5.18-4
+- Return correct exit codes from systemd-wrapper (#1391990)
+
+* Tue Jun 21 2016 Ryan O'Hara <rohara@redhat.com> - 1.5.18-3
+- Fix TCP user timeout patch for 1.5.18 release
+
+* Thu Jun 16 2016 Ryan O'Hara <rohara@redhat.com> - 1.5.18-2
+- Add TARGET to install-bin for haproxy-systemd-wrapper
+
+* Wed Jun 15 2016 Ryan O'Hara <rohara@redhat.com> - 1.5.18-1
+- Update to stable release 1.5.18 (#1344012)
+
+* Tue Aug 25 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.14-3
+- Add EnvironmentFile to systemd service (#1191675)
+
+* Mon Jul 06 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.14-1
+- Update to stable release 1.5.14 (CVE-2015-3281, #1212193)
+
+* Wed Jun 24 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.12-2
+- Rebase TCP uset timeout patch for 1.5.12 release (#1212193)
+
+* Tue Jun 23 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.12-1
+- Update to stable release 1.5.12 (#1212193)
+
+* Thu May 21 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.4-5
+- Define TCP_USER_TIMEOUT at build time (#1190776)
+
+* Wed Mar 04 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.4-4
+- Read sysconfig file for extra options (#1191675)
+
+* Wed Mar 04 2015 Ryan O'Hara <rohara@redhat.com> - 1.5.4-3
+- Add tcp-ut bind option to set TCP_USER_TIMEOUT (#1190776)
+
+* Tue Nov 18 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.4-2
+- Fix date in changelog
+
+* Tue Sep 02 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.4-1
+- Update to stable release 1.5.4 (#1111714)
+
+* Fri Jul 25 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.3-1
+- Update to stable release 1.5.3 (#1111714)
+
+* Tue Jul 15 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.2-1
+- Update to stable release 1.5.2 (#1111714)
+
+* Tue Jul 08 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.1-6
+- Cleanup spec file (#1068642)
+
+* Tue Jul 08 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.1-5
+- Minor changes to summary and description (#1067146)
+
+* Tue Jul 08 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.1-4
+- Include iprange tool (#1078487)
+
+* Tue Jul 08 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.1-3
+- Include man page for halog (#1078461)
+
+* Tue Jul 08 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.1-2
+- Build with openssl and zlib (#1112184)
+
+* Tue Jul 08 2014 Ryan O'Hara <rohara@redhat.com> - 1.5.1-1
+- Update to stable release 1.5.1 (#1111714)
+
+* Fri Feb 28 2014 Ryan O'Hara <rohara@redhat.com> - 1.5-0.3.dev22
+- Use haproxy-systemd-wrapper in service file (#1067060)
+
+* Wed Feb 12 2014 Ryan O'Hara <rohara@redhat.com> - 1.5-0.2.dev22
+- Specify assigned UID in useradd
+
+* Mon Feb 10 2014 Ryan O'Hara <rohara@redhat.com> - 1.5-0.1.dev22
+- Update to development release 1.5-dev22 (#1043658)
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.4.24-3
+- Mass rebuild 2014-01-24
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.4.24-2
+- Mass rebuild 2013-12-27
+
+* Mon Jun 17 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.24-1
+- Update to 1.4.24 (CVE-2013-2174, #975160)
+
+* Tue Apr 30 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.23-3
+- Build with PIE flags (#955182)
+
+* Mon Apr 22 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.23-2
+- Build with PIE flags (#955182)
+
+* Tue Apr 02 2013 Ryan O'Hara <rohara@redhat.com> - 1.4.23-1
+- Update to 1.4.23 (CVE-2013-1912, #947697)
+- Drop supplementary groups after setuid/setgid (#894626)
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.22-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Fri Oct 12 2012 Robin Lee <cheeselee@fedoraproject.org> - 1.4.22-1
+- Update to 1.4.22 (CVE-2012-2942, #824544)
+- Use linux2628 build target
+- No separate x86_64 build target for halog
+- halog build honors rpmbuild optflags
+- Specfile cleanup
+
+* Mon Sep 17 2012 Václav Pavlín <vpavlin@redhat.com> - 1.4.20-3
+- Scriptlets replaced with new systemd macros (#850143)
+
+* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.20-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Tue Apr 03 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.20-1
+- Update to 1.4.20
+
+* Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.19-4
+- fix haproxy.services file
+
+* Sun Feb 19 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.19-3
+- Update to use systemd fixing bug #770305
+
+* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.4.19-2
+- Rebuild against PCRE 8.30
+
+* Sun Jan 29 2012 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.19-1
+- Update to 1.4.19
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.18-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Sep 22 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.18-1
+- Update to 1.4.18
+
+* Tue Apr 26 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.15-1
+- Update to 1.4.15
+
+* Sun Feb 27 2011 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.11-1
+- update to 1.4.11
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Sun Dec 12 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.9-1
+- update to 1.4.9
+
+* Sun Jun 20 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.8-1
+- update to 1.4.8
+
+* Sun May 30 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.4.6-1
+- update to 1.4.6
+
+* Thu Feb 18 2010 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.23-1
+- update to 1.3.23
+
+* Sat Oct 17 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.22-1
+- update to 1.3.22
+- added logrotate configuration
+
+* Mon Oct 12 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.21-1
+- update to 1.3.21
+
+* Sun Oct 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.20-1
+- update to 1.3.20
+
+* Sun Aug 02 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.19-1
+- update to 1.3.19
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.18-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Sun May 17 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.18-1
+- update to 1.3.18
+
+* Sat Apr 11 2009 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.17-1
+- Update to 1.3.17
+
+* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.15.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Dec 30 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.15.7-1
+- update to 1.3.15.7
+- remove upstream patches, they are now part of source distribution
+
+* Sat Nov 22 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.15.6-2
+- apply upstream patches
+
+* Sat Nov 15 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.15.6-1
+- update to 1.3.15.6
+- use new build targets from upstream
+- add in recommended build options for x86 from upstream
+
+* Sat Jun 28 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.6-1
+- update to 1.3.14.6
+- remove gcc 4.3 patch, it has been applied upstream
+- remove MIT license as that code has been removed from upstream
+
+* Mon Apr 14 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.4-1
+- update to 1.3.14.4
+
+* Sun Mar 16 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.3-1
+- update to 1.3.14.3
+
+* Sat Mar 01 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.2-4
+- apply the gcc 4.3 patch to the build process
+
+* Sat Mar 01 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.2-3
+- fix gcc 4.3 bug [#434144]
+- update init script to properly reload configuration
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 1.3.14.2-2
+- Autorebuild for GCC 4.3
+
+* Sun Jan 20 2008 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14.2-1
+- update to 1.3.14.2
+- update make flags that changed with this upstream release
+- added man page installation
+
+* Sun Dec 16 2007 Jeremy Hinegardner <jeremy at hinegardner dot org> - 1.3.14-1
+- update to 1.3.14
+
+* Mon Nov 05 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.4-1
+- update to 1.3.12.4
+
+* Thu Nov 01 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.3-1
+- update to 1.3.12.3
+
+* Fri Sep 21 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.2-3
+- fix init script 'reload' task
+
+* Thu Sep 20 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.2-2
+- update License field
+
+* Thu Sep 20 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.2-1
+- update to 1.3.12.2
+- remove the upstream patch
+
+* Tue Sep 18 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.3.12.1-1
+- switch to 1.3.12.1 branch
+- add patch from upstream with O'Reilly licensing updates.
+- convert ISO-8859-1 doc files to UTF-8
+
+* Sat Mar 24 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.2.17-2
+- addition of haproxy user
+- add license information
+
+* Fri Mar 23 2007 Jeremy Hinegardner <jeremy@hinegardner.org> - 1.2.17-1
+- initial packaging