SLFO-pool/haproxy
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main haproxy revision 1e01a14d9b6ad881a95ac5e65a203459

Browse Source
This commit is contained in:
Adrian Schröter 2024-10-03 17:18:54 +02:00
parent ebe8cb2d9d
commit f0bbe65f4b
13 changed files with 616 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_service
View File

@ -1,12 +1,12 @@
<services>
<service name="tar_scm" mode="manual">
<param name="url">http://git.haproxy.org/git/haproxy-2.8.git</param>
<param name="url">http://git.haproxy.org/git/haproxy-3.0.git/</param>
<param name="scm">git</param>
<param name="filename">haproxy</param>
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="revision">v2.8.3</param>
<param name="revision">v3.0.4</param>
<param name="changesgenerate">enable</param>
</service>

4
_servicedata
View File

@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-2.8.git</param>
<param name="changesrevision">86e043add353743a7808b52ccbf3573694034e63</param>
<param name="url">http://git.haproxy.org/git/haproxy-3.0.git/</param>
<param name="changesrevision">7a59afa93ba909a8219307e62f88f81abe7615ef</param>
</service>
</servicedata>

10
haproxy-1.6.0-makefile_lib.patch
View File

@ -1,8 +1,8 @@
Index: haproxy-2.8/Makefile
Index: haproxy-3.0/Makefile
===================================================================
--- haproxy-2.8.orig/Makefile
+++ haproxy-2.8/Makefile
@@ -750,7 +750,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US
--- haproxy-3.0.orig/Makefile
+++ haproxy-3.0/Makefile
@@ -784,7 +784,7 @@ ifneq ($(USE_PCRE:0=)$(USE_STATIC_PCRE:0
PCREDIR := $(shell $(PCRE_CONFIG) --prefix 2>/dev/null || echo /usr/local)
ifneq ($(PCREDIR),)
PCRE_INC := $(PCREDIR)/include
@ -11,7 +11,7 @@ Index: haproxy-2.8/Makefile
endif
PCRE_CFLAGS := $(if $(PCRE_INC),-I$(PCRE_INC))
@@ -768,7 +768,7 @@ ifneq ($(USE_PCRE2)$(USE_STATIC_PCRE2)$(
@@ -802,7 +802,7 @@ ifneq ($(USE_PCRE2:0=)$(USE_STATIC_PCRE2
PCRE2DIR := $(shell $(PCRE2_CONFIG) --prefix 2>/dev/null || echo /usr/local)
ifneq ($(PCRE2DIR),)
PCRE2_INC := $(PCRE2DIR)/include

8
haproxy-1.6.0-sec-options.patch
View File

@ -4,11 +4,11 @@ Date: Mon Jun 17 13:00:08 2019 +0000
SUSE: Makefile sec options
Index: haproxy-2.8/Makefile
Index: haproxy-3.0/Makefile
===================================================================
--- haproxy-2.8.orig/Makefile
+++ haproxy-2.8/Makefile
@@ -849,6 +849,35 @@ ifneq ($(TRACE),)
--- haproxy-3.0.orig/Makefile
+++ haproxy-3.0/Makefile
@@ -887,6 +887,35 @@ ifneq ($(TRACE),)
COPTS += -finstrument-functions
endif

BIN
haproxy-2.8.3+git0.86e043add.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

BIN
haproxy-3.0.4+git0.7a59afa93.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

11
haproxy-service.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/admin/systemd/haproxy.service.in 2024-01-18 15:32:19.000000000 +0100
+++ b/admin/systemd/haproxy.service.in 2024-02-04 23:58:30.873980359 +0100
@@ -6,7 +6,7 @@
[Service]
EnvironmentFile=-/etc/default/haproxy
EnvironmentFile=-/etc/sysconfig/haproxy
-Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
+Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/pid" "EXTRAOPTS=-S /run/haproxy/master.sock"
ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS
ExecReload=/bin/kill -USR2 $MAINPID

1
haproxy-tmpfiles.conf Normal file
View File

@ -0,0 +1 @@
D /run/haproxy 0750 root haproxy

2
haproxy.cfg
View File

@ -5,7 +5,7 @@ global
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
stats socket /run/haproxy/stats.sock user haproxy group haproxy mode 0640 level operator
tune.bufsize 32768
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH

561
haproxy.changes
View File

@ -1,3 +1,538 @@
-------------------------------------------------------------------
Tue Sep 03 14:08:47 UTC 2024 - mrueckert@suse.de
- Update to version 3.0.4+git0.7a59afa93: (CVE-2024-45506 boo#1229993)
* [RELEASE] Released version 3.0.4
* BUG/MEDIUM: mux-pt: Fix condition to perform a shutdown for writes in mux_pt_shut()
* BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns
* BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only)
* BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf
* MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places
* BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered
* BUG/MINOR: quic: unexploited retransmission cases for Initial pktns.
* BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli
* BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown
* BUG/MINIR: proxy: Match on 429 status when trying to perform a L7 retry
* BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready
* BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding
* MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status
* DOC: quic: fix default minimal value for max window size
* MEDIUM: log: relax some checks and emit diag warnings instead in lf_expr_postcheck()
* Revert "MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface"
* BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn
* MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2)
* BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue()
* MINOR: queue: add a function to check for TOCTOU after queueing
* MEDIUM: h1: allow to preserve keep-alive on T-E + C-L
* MINOR: quic: Add information to "show quic" for CUBIC cc.
* MINOR: quic: Dump TX in flight bytes vs window values ratio.
* BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature
* BUG/MINOR: quic: Lack of precision when computing K (cubic only cc)
* MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface
* BUG/MINOR: quic: Non optimal first datagram.
* BUG/MINOR: cli: Atomically inc the global request counter between CLI commands
* BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution
* BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter
* DOC: config: improve the http-keep-alive section
* DOC: configuration: issuers-chain-path not compatible with OCSP
* BUG/MAJOR: mux-h2: force a hard error upon short read with pending error
* BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path
* DOC: install: don't reference removed CPU arg
* BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts
* BUG/MINOR: session: Eval L4/L5 rules defined in the default section
* CLEANUP: quic: rename TID affinity elements
* CLEANUP: proto: rename TID affinity callbacks
* BUG/MEDIUM: quic: prevent crash on accept queue full
* BUILD: listener: silence a build warning about unused value without threads
* MINOR: proto: extend connection thread rebind API
-------------------------------------------------------------------
Thu Jul 11 14:57:46 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- refreshed patches:
haproxy-1.6.0-makefile_lib.patch
haproxy-1.6.0-sec-options.patch
-------------------------------------------------------------------
Thu Jul 11 14:56:11 UTC 2024 - mrueckert@suse.de
- Update to version 3.0.3+git0.95a607c4b:
* [RELEASE] Released version 3.0.3
* BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past
* DEV: flags/quic: decode quic_conn flags
* BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread
* BUG/MEDIUM: h1: Reject empty Transfer-encoding header
* BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value
* BUG/MINOR: h1: Fail to parse empty transfer coding names
* BUG/MINOR: jwt: fix variable initialisation
* Revert "MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD"
* BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx
* DOC: configuration: update maxconn description
* MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD
* BUG/MINOR: jwt: don't try to load files with HMAC algorithm
* BUG/MEDIUM: server: fix race on server_atomic_sync()
* DOC: configuration: more details about the master-worker mode
* BUG/MEDIUM: hlua/cli: Fix lua CLI commands to work with applet's buffers
* BUG/MINOR: promex: Remove Help prefix repeated twice for each metric
* BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking
* BUG/MINOR: quic: fix race-condition on trace for CID retrieval
* BUG/MINOR: quic: fix race condition in qc_check_dcid()
* BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid()
* BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid
* BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid
* BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or error
* MINOR: activity: make the memory profiling hash size configurable at build time
* BUG/MINOR: server: fix first server template name lookup UAF
* DOC: configuration: add details about crt-store in bind "crt" keyword
* BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session
* BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct()
* DEV: flags/show-fd-to-flags: adapt to recent versions
* BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure
* BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure
* BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure
* BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission
* DOC: api/event_hdl: small updates, fix an example and add some precisions
* SCRIPTS: git-show-backports: do not truncate git-show output
* BUG/MAJOR: quic: fix padding with short packets
* DOC: management: document ptr lookup for table commands
* DOC: configuration: fix alphabetical order of bind options
* BUG/MEDIUM: proxy: fix email-alert invalid free
* REGTESTS: ssl: fix some regtests 'feature cmd' start condition
* DEBUG: hlua: distinguish burst timeout errors from exec timeout errors
* BUG/MINOR: log: fix broken '+bin' logformat node option
-------------------------------------------------------------------
Sun Jun 16 06:44:56 UTC 2024 - andreas.stieger@gmx.de
- Update to version 3.0.2+git0.a45a8e623:
* [RELEASE] Released version 3.0.2
* DOC: management: rename show stats domain cli "dns" to "resolvers"
* DOC/MINOR: management: add -dZ option
* DOC/MINOR: management: add missed -dR and -dv options
* BUG/MINOR: quic: fix padding of INITIAL packets
* BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request
* CLEANUP: log/proxy: fix comment in proxy_free_common()
* BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions
* MINOR: proxy: add proxy_free_common() helper function
* BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section
* DOC: config: add missing context hint for new server and proxy keywords
* DOC: config: add missing section hint for "guid" proxy keyword
* DOC: config: move "hash-key" from proxy to server options
* BUG/MEDIUM: log: fix lf_expr_postcheck() behavior with default section
* BUG/MINOR: proxy: fix header_unique_id leak on deinit()
* BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit()
* BUG/MINOR: proxy: fix dyncookie_key leak on deinit()
* BUG/MINOR: proxy: fix check_{command,path} leak on deinit()
* BUG/MINOR: proxy: fix email-alert leak on deinit()
* BUG/MINOR: proxy: fix log_tag leak on deinit()
* BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit()
* MINOR: log: fix "http-send-name-header" ignore warning message
-------------------------------------------------------------------
Mon Jun 10 14:52:46 UTC 2024 - mrueckert@suse.de
- Update to version 3.0.1+git0.471a1b2f1:
* [RELEASE] Released version 3.0.1
* BUG/MINOR: mux-h1: Use the right variable to set NEGO_FF_FL_EXACT_SIZE flag
* BUG/MAJOR: mux-h1: Properly copy chunked input data during zero-copy nego
* BUG/MEDIUM: stconn/mux-h1: Fix suspect change causing timeouts
* BUG/MINOR: quic: ensure Tx buf is always purged
* BUG/MINOR: quic: fix computed length of emitted STREAM frames
* BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL
* BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration
* BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego
* CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume()
* BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path
* BUG/MINOR: hlua: prevent LJMP in hlua_traceback()
* BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage
* BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP
* CLEANUP: hlua: use hlua_pusherror() where relevant
* BUG/MINOR: quic: prevent crash on qc_kill_conn()
* BUG/MEDIUM: mux-quic: Unblock zero-copy forwarding if the txbuf can be released
* MEDIUM: stconn: Be able to unblock zero-copy data forwarding from done_fastfwd
* BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless
* BUG/MINOR: hlua: use CertCache.set() from various hlua contexts
* DOC: configuration: add an example for keywords from crt-store
* BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory
* BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser
* BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning
-------------------------------------------------------------------
Fri May 31 12:07:48 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- AppArmor: allow haproxy to read the files needed for the
"p post_mortem" support
-------------------------------------------------------------------
Wed May 29 14:00:25 UTC 2024 - mrueckert@suse.de
- Update to version 3.0.0+git0.5590ada47:
https://www.haproxy.com/blog/announcing-haproxy-3-0
https://www.mail-archive.com/haproxy@formilux.org/msg44993.html
-------------------------------------------------------------------
Mon Feb 26 19:55:05 UTC 2024 - mrueckert@suse.de
- Update to version 2.9.6+git0.9eafce5dc:
* [RELEASE] Released version 2.9.6
* BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI
* BUG/MAJOR: promex: fix crash on deleted server
-------------------------------------------------------------------
Mon Feb 26 19:54:49 UTC 2024 - mrueckert@suse.de
- Update to version 2.9.5+git0.260dbb8a6:
* [RELEASE] Released version 2.9.5
* BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams
* BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C
* BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty
* BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty
* MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
* BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides
* MINOR: muxes: Announce support for zero-copy forwarding on consumer side
* MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side
* MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield
* CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield
* BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up
* BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending
* MINOR: quic: Add a counter for reordered packets
* MINOR: quic: Dynamic packet reordering threshold
* MINOR: quic: Update K CUBIC calculation (RFC 9438)
* BUG/MEDIUM: quic: Wrong K CUBIC calculation.
* BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
* BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
* BUILD: address a few remaining calloc(size, n) cases
* CI: Update to actions/cache@v4
* BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs
* BUG/MINOR: vars/cli: fix missing LF after "get var" output
* DOC: internal: update missing data types in peers-v2.0.txt
* DOC: config: fix misplaced "bytes_{in,out}"
* DOC: config: fix typos for "bytes_{in,out}"
* DOC: config: fix misplaced "txn.conn_retries"
* DOC: install: recommend pcre2
* REGTESTS: ssl: Add OCSP related tests
* REGTESTS: ssl: Fix empty line in cli command input
* BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list"
* BUG/MINOR: ssl: Destroy ckch instances before the store during deinit
* BUG/MEDIUM: ocsp: Separate refcount per instance and per store
* MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid
* BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line
* BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
* MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT
* BUILD: debug: remove leftover parentheses in ABORT_NOW()
* MINOR: debug: make ABORT_NOW() store the caller's line number when using abort
* MINOR: debug: make sure calls to ha_crash_now() are never merged
* MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding
* MINOR: quic: Stop using 1024th of a second.
* BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation
* CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438)
* BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call
* BUILD: quic: Variable name typo inside a BUG_ON().
* BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit.
* BUG/MINOR: diag: run the final diags before quitting when using -c
* BUG/MINOR: diag: always show the version before dumping a diag warning
-------------------------------------------------------------------
Mon Feb 26 19:54:25 UTC 2024 - mrueckert@suse.de
- Update to version 2.9.4+git0.4e071ad92:
* [RELEASE] Released version 2.9.4
* BUG/MEDIUM: h1: always reject the NUL character in header values
* BUG/MINOR: h1-htx: properly initialize the err_pos field
* DOC: httpclient: add dedicated httpclient section
* BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
* BUG/MINOR: h1: Don't support LF only at the end of chunks
* BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON
* BUG/MEDIUM: qpack: allow 6xx..9xx status codes
* BUG/MEDIUM: h3: do not crash on invalid response status code
* MINOR: h3: add traces for stream sending function
* BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions
* DOC: configuration: clarify http-request wait-for-body
* BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf
* MINOR: quic: extract qc_stream_buf free in a dedicated function
* MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT)
* CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
* BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available
* BUG/MEDIUM: cache: Fix crash when deleting secondary entry
* BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var()
* BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs
* BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI
* MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc
* BUG/MEDIUM: mux-h2: refine connection vs stream error on headers
* DOC: configuration: fix set-dst in actions keywords matrix
* BUG/MINOR: h3: fix checking on NULL Tx buffer
-------------------------------------------------------------------
Sun Feb 4 22:52:43 UTC 2024 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Set /run/haproxy as the default PID file and socket location
Adds haproxy-service.patch
- Allow custom stats socket names
-------------------------------------------------------------------
Wed Jan 24 13:40:54 UTC 2024 - varkoly@suse.com
- Update to version 2.9.3+git0.de3ab549a:
* [RELEASE] Released version 2.9.3
* BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT)
* BUG/MINOR: mux-h2: also count streams for refused ones
* BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control
* BUILD: quic: missing include for quic_tp
* [RELEASE] Released version 2.9.2
* DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay
* REGTESTS: add a test to ensure map-ordering is preserved
* BUG/MINOR: map: list-based matching potential ordering regression
* CLEANUP: quic: Double quic_dgram_parse() prototype declaration.
* MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name
* MINOR: ot: logsrv struct becomes logger
* MINOR: mux-h2: support limiting the total number of H2 streams per connection
* BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up
* BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked during nego
* BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable
* BUG/MEDIUM: h3: fix incorrect snd_buf return value
* BUILD: quic: Missing quic_ssl.h header protection
* CLEANUP: quic: Remaining useless code into server part
* REGTESTS: check attach-srv out of order declaration
* MINOR: debug: add features and build options to "show dev"
* MINOR: global: export a way to list build options
* CI: use semantic version compare for determing "latest" OpenSSL
* BUG/MINOR: h3: disable fast-forward on buffer alloc failure
* BUG/MINOR: h3: close connection on sending alloc errors
* BUG/MINOR: h3: properly handle alloc failure on finalize
* MINOR: h3: add traces for connection init stage
* BUG/MINOR: h3: close connection on header list too big
* MINOR: h3: check connection error during sending
* BUG/MINOR: quic: Missing call to TLS message callbacks
* BUG/MINOR: quic: Wrong keylog callback setting.
* BUG/MINOR: mux-quic: disable fast-fwd if connection on error
* BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission
* DOC: fix typo for fastfwd QUIC option
* BUG/MINOR: server/event_hdl: propagate map port info through inetaddr event
* MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype
* MINOR: server/event_hdl: add server_inetaddr struct to facilitate event data usage
* BUG/MEDIUM: stats: unhandled switching rules with TCP frontend
* MINOR: stats: store the parent proxy in stats ctx (http)
* BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in error
* BUG/MINOR: server: Use the configured address family for the initial resolution
* DOC: config: Update documentation about local haproxy response
* BUG/MINOR: resolvers: default resolvers fails when network not configured
-------------------------------------------------------------------
Fri Dec 15 15:15:07 UTC 2023 - varkoly@suse.com
- Update to version 2.9.1+git0.f72603ceb:
* [RELEASE] Released version 2.9.1
* DOC: config: also add arguments to the converters in the table
* DOC: config: add arguments to sample fetch methods in the table
* BUG/MEDIUM: mux-quic: report early error on stream
* BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty
* CLEANUP: mux-h1: Fix a trace message about C-L header addition
* BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally
* BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding
* BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side
* BUG/MEDIUM: quic: QUIC CID removed from tree without locking
* MINOR: version: mention that it's stable now
* BUG/MINOR: ext-check: cannot use without preserve-env
* BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions
* BUILD: ssl: update types in wolfssl cert selection callback
* BUG/MEDIUM: quic: Possible buffer overflow when building TLS records
* BUG/MINOR: mworker/cli: fix set severity-output support
* DOC: configuration: typo req.ssl_hello_type
* BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
* BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
* MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
* BUG/MINOR: ssl: Double free of OCSP Certificate ID
-------------------------------------------------------------------
Mon Dec 11 09:20:20 UTC 2023 - Dirk Müller <dmueller@suse.com>
- Update to version 2.9.0+git0.fddb8c13b:
new major branch:
https://www.haproxy.com/blog/announcing-haproxy-2-9
https://www.mail-archive.com/haproxy@formilux.org/msg44400.html
-------------------------------------------------------------------
Thu Dec 07 14:28:36 UTC 2023 - mrueckert@suse.de
- Update to version 2.8.5+git0.aaba8d090:
* [RELEASE] Released version 2.8.5
* BUG/MEDIUM: proxy: always initialize the default settings after init
* BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA)
* BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate
* MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback
* BUG/MINOR: ssl: Double free of OCSP Certificate ID
* BUG/MINOR: quic: Packet number spaces too lately initialized
* BUG/MINOR: quic: Missing QUIC connection path member initialization
* BUG/MINOR: quic: Possible leak of TX packets under heavy load
* BUG/MEDIUM: quic: Possible crash during retransmissions and heavy load
* BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed
* BUG/MEDIUM: peers: fix partial message decoding
* DOC: Clarify the differences between field() and word()
* BUG/MINOR: sample: Make the `word` converter compatible with `-m found`
* REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter
* DOC: config: fix monitor-fail typo
* DOC: config: add matrix entry for "max-session-srv-conns"
* DOC: config: specify supported sections for "max-session-srv-conns"
* BUG/MINOR: cfgparse-listen: fix warning being reported as an alert
* BUG/MINOR: config: Stopped parsing upon unmatched environment variables
* BUG/MINOR: quic_tp: fix preferred_address decoding
* DOC: config: fix missing characters in set-spoe-group action
* BUG/MINOR: h3: always reject PUSH_PROMISE
* BUG/MINOR: h3: fix TRAILERS encoding
* BUG/MEDIUM: master/cli: Properly pin the master CLI on thread 1 / group 1
* BUG/MINOR: compression: possible NULL dereferences in comp_prepare_compress_request()
* BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding
* DOC: lua: fix Proxy.get_mode() output
* DOC: lua: add sticktable class reference from Proxy.stktable
* REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY
* DOC: config: fix timeout check inheritance restrictions
* DOC: 51d: updated 51Degrees repo URL for v3.2.10
* BUG/MINOR: server: do not leak default-server in defaults sections
* BUG/MINOR: quic: Possible RX packet memory leak under heavy load
* BUG/MEDIUM: quic: Possible crash for connections to be killed
* BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them
* BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly
* REGTESTS: http: add a test to validate chunked responses delivery
* BUG/MINOR: proxy/stktable: missing frees on proxy cleanup
* MINOR: stktable: add stktable_deinit function
* BUG/MINOR: stream/cli: report correct stream age in "show sess"
* BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover()
* BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover()
* BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover()
* BUG/MAJOR: quic: complete thread migration before tcp-rules
-------------------------------------------------------------------
Fri Nov 24 11:31:13 UTC 2023 - mrueckert@suse.de
- Update to version 2.8.4+git0.a4ebf9d3b:
* [RELEASE] Released version 2.8.4
* BUG/MINOR: stconn: Report read activity on non-indep streams for partial sends
* BUG/MINOR: stconn/applet: Report send activity only if there was output data
* BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer
* BUG/MINOR: stconn: Fix streamer detection for HTX streams
* MINOR: channel: Add functions to get info on buffers and deal with HTX streams
* MINOR: htx: Use a macro for overhead induced by HTX
* BUG/MEDIUM: stconn: Update fsb date on partial sends
* BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented
* BUG/MEDIUM: mworker: set the master variable earlier
* BUG/MEDIUM: applet: Report a send activity everytime data were sent
* BUG/MEDIUM: stconn: Report a send activity everytime data were sent
* REGTESTS: http: Improve script testing abortonclose option
* BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only
* MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads
* MINOR: connection: Add a CTL flag to notify mux it should wait for reads again
* BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up
* BUG/MEDIUM: connection: report connection errors even when no mux is installed
* DOC: quic: Wrong syntax for "quic-cc-algo" keyword.
* BUG/MINOR: sink: don't learn srv port from srv addr
* BUG/MEDIUM: applet: Remove appctx from buffer wait list on release
* DOC: config: use the word 'backend' instead of 'proxy' in 'track' description
* BUG/MINOR: quic: fix retry token check inconsistency
* DOC: management: -q is quiet all the time
* BUG/MEDIUM: stconn: Don't update stream expiration date if already expired
* BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures
* BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets
* BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack ranges tree
* BUG/MINOR: quic: idle timer task requeued in the past
* BUG/MEDIUM: pool: fix releasable pool calculation when overloaded
* BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period
* BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts
* BUG/MINOR: stick-table/cli: Check for invalid ipv4 key
* BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure
* BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure
* CLEANUP: htx: Properly indent htx_reserve_max_data() function
* BUG/MINOR: stconn: Sanitize report for read activity
* BUG/MEDIUM: Don't apply a max value on room_needed in sc_need_room()
* BUG/MEDIUM: stconn: Don't report rcv/snd expiration date if SC cannot epxire
* BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range()
* BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure
* BUG/MINOR: stktable: missing free in parse_stick_table()
* BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure
* BUG/MEDIUM: ssl: segfault when cipher is NULL
* BUG/MINOR: mux-quic: fix early close if unset client timeout
* BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA
* MEDIUM: quic: count quic_conn for global sslconns
* MEDIUM: quic: count quic_conn instance for maxconn
* MINOR: frontend: implement a dedicated actconn increment function
* BUG/MINOR: ssl: use a thread-safe sslconns increment
* BUG/MINOR: quic: do not consider idle timeout on CLOSING state
* BUG/MEDIUM: server: "proto" not working for dynamic servers
* MINOR: connection: add conn_pr_mode_to_proto_mode() helper func
* DEBUG: mux-h2/flags: fix list of h2c flags used by the flags decoder
* MINOR: lua: Add flags to configure logging behaviour
* BUG/MINOR: ssl: load correctly @system-ca when ca-base is define
* DOC: internal: filters: fix reference to entities.pdf
* BUG/MINOR: mux-h2: update tracked counters with req cnt/req err
* BUG/MINOR: mux-h2: commit the current stream ID even on reject
* BUG/MEDIUM: peers: Fix synchro for huge number of tables
* BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task
* BUG/MINOR: trace: fix trace parser error reporting
* BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again
* BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending
* BUG/MINOR: mux-h2: make up other blocked streams upon removal from list
* BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first request
* BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash
* BUG/MINOR: mux-quic: fix free on qcs-new fail alloc
* BUG/MINOR: h3: strengthen host/authority header parsing
* BUG/MINOR: mux-quic: support initial 0 max-stream-data
* BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream
* BUG/MINOR: quic: reject packet with no frame
* BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos
* BUG/MEDIUM: stconn: Fix comparison sign in sc_need_room()
* BUG/MINOR: hq-interop: simplify parser requirement
* BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set
* BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set
* BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was tried
* BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only
* MINOR: hlua: Test the hlua struct first when the lua socket is connecting
* MINOR: hlua: Save the lua socket's server in its context
* MINOR: hlua: Save the lua socket's timeout in its context
* MINOR: hlua: Don't preform operations on a not connected socket
* MINOR: hlua: Set context's appctx when the lua socket is created
* BUG/MEDIUM: http-ana: Try to handle response before handling server abort
* BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed
* BUG/MEDIUM: actions: always apply a longest match on prefix lookup
* BUG/MINOR: mux-quic: remove full demux flag on ncbuf release
* BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams
* MINOR: pattern: fix pat_{parse,match}_ip() function comments
* BUG/MINOR: server: add missing free for server->rdr_pfx
* BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers
* BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API
* BUG/MEDIUM: master/cli: Pin the master CLI on the first thread of the group 1
* BUG/MINOR: promex: fix backend_agg_check_status
* BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records
* BUG/MINOR: hlua/init: coroutine may not resume itself
* BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume()
* CI: musl: drop shopt in workflow invocation
* CI: musl: highlight section if there are coredumps
* Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token"
* BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread
* MINOR: hlua: add hlua_stream_ctx_prepare helper function
* BUILD: quic: fix build on centos 8 and USE_QUIC_OPENSSL_COMPAT
* BUG/MINOR: quic: ssl_quic_initial_ctx() uses error count not error code
* BUG/MINOR: quic: allow-0rtt warning must only be emitted with quic bind
* BUILD: Makefile: add USE_QUIC_OPENSSL_COMPAT to make help
* MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option
* MINOR: quic+openssl_compat: Do not start without "limited-quic"
* MINOR: quic: Warning for OpenSSL wrapper QUIC bindings without "limited-quic"
* BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels
* DOC: quic: Add "limited-quic" new tuning setting
* MINOR: quic: Add "limited-quic" new tuning setting
* MINOR: quic: SSL context initialization with QUIC OpenSSL wrapper.
* MINOR: quic: Add a quic_openssl_compat struct to quic_conn struct
* MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog()
* MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper
* MINOR: quic: Export some KDF functions (QUIC-TLS)
* MINOR: quic: Add a compilation option for the QUIC OpenSSL wrapper
* MINOR: quic: Do not enable 0RTT with SSL_set_quic_early_data_enabled()
* MINOR: quic: Set the QUIC connection as extra data before calling SSL_set_quic_method()
* MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT
* MINOR: quic: Include QUIC opensssl wrapper header from TLS stacks compatibility header
* MINOR: quic: QUIC openssl wrapper implementation
* BUG/MINOR: quic: Wrong cluster secret initialization
* BUG/MINOR: quic: Leak of frames to send.
* BUILD: bug: make BUG_ON() void to avoid a rare warning
-------------------------------------------------------------------
Thu Sep 07 22:07:54 UTC 2023 - mrueckert@suse.de
@ -60,7 +595,7 @@ Wed Aug 30 09:04:25 UTC 2023 - Peter Varkoly <varkoly@suse.com>
- Apply upstream patch for the ppc64le issue:
Add patch:
0001-IMPORT-xxhash-update-xxHash-to-version-0.8.2.patch
0001-IMPORT-xxhash-update-xxHash-to-version-0.8.2.patch
Remove patch:
fix-invalid-parameter-combination-for-AltiVec-intrinsic-__builtin_vec_ld.patch
@ -870,7 +1405,7 @@ Thu Dec 01 15:25:38 UTC 2022 - mrueckert@suse.de
-------------------------------------------------------------------
Tue Nov 22 13:13:45 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
- reenable the pcre jit after the last change
- reenable the pcre jit after the last change
-------------------------------------------------------------------
Fri Oct 14 11:20:34 UTC 2022 - Stephan Kulow <coolo@suse.com>
@ -2075,7 +2610,7 @@ Fri May 14 08:31:04 UTC 2021 - mrueckert@suse.de
- Update to version 2.4.0+git0.6cbbecf09:
https://www.haproxy.com/blog/announcing-haproxy-2-4/
for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
- refreshed patches to apply cleanly again
haproxy-1.6.0-makefile_lib.patch
@ -2637,7 +3172,7 @@ Sat Oct 24 01:18:29 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
-------------------------------------------------------------------
Fri Oct 2 14:38:51 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- use parallel build
- use parallel build
-------------------------------------------------------------------
Fri Oct 02 14:37:00 UTC 2020 - mrueckert@suse.de
@ -4312,7 +4847,7 @@ Sun Mar 4 08:36:21 UTC 2018 - jengelh@inai.de
-------------------------------------------------------------------
Fri Mar 2 16:37:25 UTC 2018 - kgronlund@suse.com
- Ensure haproxy home directory is not world readable (bsc#1077716)
- Ensure haproxy home directory is not world readable (bsc#1077716)
-------------------------------------------------------------------
Thu Feb 08 13:15:17 UTC 2018 - kgronlund@suse.com
@ -4371,7 +4906,7 @@ Thu Feb 08 13:15:17 UTC 2018 - kgronlund@suse.com
-------------------------------------------------------------------
Thu Feb 8 07:21:58 UTC 2018 - kgronlund@suse.com
- Add dependency on apparmor-profiles (bsc#1079985)
- Add dependency on apparmor-profiles (bsc#1079985)
-------------------------------------------------------------------
Sun Dec 31 02:26:13 UTC 2017 - mrueckert@suse.de
@ -4498,7 +5033,7 @@ Mon Dec 04 10:33:40 UTC 2017 - kgronlund@suse.com
-------------------------------------------------------------------
Tue Nov 28 13:54:07 UTC 2017 - kgronlund@suse.com
- License is now GPL-3.0+ and LGPL-2.1+
- License is now GPL-3.0+ and LGPL-2.1+
-------------------------------------------------------------------
Mon Nov 27 13:40:32 UTC 2017 - mrueckert@suse.de
@ -5705,7 +6240,7 @@ Wed Nov 26 11:50:42 UTC 2014 - mrueckert@suse.de
- 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
- 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
- 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
-------------------------------------------------------------------
Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com
@ -5723,7 +6258,7 @@ Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com
- 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch
- 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch
- 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
- 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch
-------------------------------------------------------------------
Sun Nov 09 21:52:00 UTC 2014 - Led <ledest@gmail.com>
@ -5814,7 +6349,7 @@ Thu Oct 9 14:14:35 UTC 2014 - kgronlund@suse.com
- BUG/MEDIUM: systemd: set KillMode to 'mixed'
- Add patch:
- 0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
- 0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch
-------------------------------------------------------------------
Wed Oct 8 12:53:41 UTC 2014 - kgronlund@suse.com
@ -5862,7 +6397,7 @@ Mon Oct 6 09:09:58 UTC 2014 - kgronlund@suse.com
- 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch
- 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch
- 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch
-------------------------------------------------------------------
Thu Sep 25 16:10:08 UTC 2014 - kgronlund@suse.com
@ -6098,12 +6633,12 @@ Tue Jun 24 12:23:55 UTC 2014 - mrueckert@suse.de
-------------------------------------------------------------------
Tue Jun 24 09:51:25 UTC 2014 - kgronlund@suse.com
- Install vim file to a more appropriate location
- Install vim file to a more appropriate location
-------------------------------------------------------------------
Mon Jun 23 09:19:04 UTC 2014 - kgronlund@suse.com
- added pre macro for systemd service file
- added pre macro for systemd service file
-------------------------------------------------------------------
Mon Jun 23 08:28:06 UTC 2014 - kgronlund@suse.com

22
haproxy.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package haproxy
#
# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
%bcond_with quic
%if 0%{?suse_version} >= 1230
@ -46,12 +46,14 @@
%if 0%{?suse_version} >= 1500
%bcond_without sysusers
%bcond_without tmpfiles
%else
%bcond_with sysusers
%bcond_with tmpfiles
%endif
Name: haproxy
Version: 2.8.3+git0.86e043add
Version: 3.0.4+git0.7a59afa93
Release: 0
#
#
@ -96,9 +98,11 @@ Source2: usr.sbin.haproxy.apparmor
Source3: local.usr.sbin.haproxy.apparmor
Source4: haproxy.cfg
Source5: haproxy-user.conf
Source6: haproxy-tmpfiles.conf
Patch1: haproxy-1.6.0_config_haproxy_user.patch
Patch2: haproxy-1.6.0-makefile_lib.patch
Patch3: haproxy-1.6.0-sec-options.patch
Patch4: haproxy-service.patch
#
Source98: series
Source99: haproxy-rpmlintrc
@ -195,6 +199,9 @@ ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
%if %{with sysusers}
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
%endif
%if %{with tmpfiles}
install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
%endif
%else
install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
@ -224,6 +231,11 @@ rm examples/*init*
%if %{with apparmor} && %{with apparmor_reload}
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
%endif
%if %{with systemd}
%if %{with tmpfiles}
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%endif
%endif
%service_add_post %{pkg_name}.service
%preun
@ -268,6 +280,10 @@ getent passwd %{pkg_name} >/dev/null || \
%if %{with sysusers}
%{_sysusersdir}/haproxy-user.conf
%endif
%if %{with tmpfiles}
%{_tmpfilesdir}/%{name}.conf
%dir %ghost %{_rundir}/%{name}
%endif
%else
%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
%endif

1
series
View File

@ -1,3 +1,4 @@
haproxy-1.6.0_config_haproxy_user.patch
haproxy-1.6.0-makefile_lib.patch
haproxy-1.6.0-sec-options.patch
haproxy-service.patch

21
usr.sbin.haproxy.apparmor
View File

@ -28,13 +28,30 @@ profile haproxy /usr/sbin/haproxy {
/dev/shm/haproxy_startup_logs_* rwlk,
# old stats socket location, for compatibility
/var/lib/haproxy/stats rwl,
/var/lib/haproxy/stats.*.bak rwl,
/var/lib/haproxy/stats.*.tmp rwl,
/{,var/}run/haproxy.pid rw,
/{,var/}run/haproxy-master.sock* rwlk,
# new stats socket location
/run/haproxy/stats*.sock{,*.{bak,tmp}} rwl,
/{,var/}run/haproxy/pid rw,
/{,var/}run/haproxy/master.sock* rwlk,
# This is for the additional debug output in haproxy >= 2.9
# can be accessed with "p post_mortem" in gdb
/sys/devices/system/node/ r,
/sys/devices/system/node/*/cpumap r,
/sys/devices/system/cpu/online r,
/sys/class/dmi/id/sys_vendor r,
/sys/class/dmi/id/product_family r,
/sys/class/dmi/id/product_name r,
/sys/class/dmi/id/board_vendor r,
/sys/firmware/devicetree/base/model r,
/sys/class/dmi/id/board_name r,
/proc/2/status r,
/proc/cpuinfo r,
# end of debug.c files
# Site-specific additions and overrides. See local/README for details.
#include if exists <local/haproxy>