From f0bbe65f4b28d096cbed01d75b0de93cec2c8a2994d104f036269d5a192a2cd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Thu, 3 Oct 2024 17:18:54 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main haproxy revision 1e01a14d9b6ad881a95ac5e65a203459 --- _service | 4 +- _servicedata | 4 +- haproxy-1.6.0-makefile_lib.patch | 10 +- haproxy-1.6.0-sec-options.patch | 8 +- haproxy-2.8.3+git0.86e043add.tar.gz | 3 - haproxy-3.0.4+git0.7a59afa93.tar.gz | 3 + haproxy-service.patch | 11 + haproxy-tmpfiles.conf | 1 + haproxy.cfg | 2 +- haproxy.changes | 561 +++++++++++++++++++++++++++- haproxy.spec | 22 +- series | 1 + usr.sbin.haproxy.apparmor | 21 +- 13 files changed, 616 insertions(+), 35 deletions(-) delete mode 100644 haproxy-2.8.3+git0.86e043add.tar.gz create mode 100644 haproxy-3.0.4+git0.7a59afa93.tar.gz create mode 100644 haproxy-service.patch create mode 100644 haproxy-tmpfiles.conf diff --git a/_service b/_service index 10825bb..cd5b4e6 100644 --- a/_service +++ b/_service @@ -1,12 +1,12 @@ - http://git.haproxy.org/git/haproxy-2.8.git + http://git.haproxy.org/git/haproxy-3.0.git/ git haproxy @PARENT_TAG@+git@TAG_OFFSET@.%h v(.*) \1 - v2.8.3 + v3.0.4 enable diff --git a/_servicedata b/_servicedata index 5aeaad5..5267e6c 100644 --- a/_servicedata +++ b/_servicedata @@ -1,6 +1,6 @@ - http://git.haproxy.org/git/haproxy-2.8.git - 86e043add353743a7808b52ccbf3573694034e63 + http://git.haproxy.org/git/haproxy-3.0.git/ + 7a59afa93ba909a8219307e62f88f81abe7615ef \ No newline at end of file diff --git a/haproxy-1.6.0-makefile_lib.patch b/haproxy-1.6.0-makefile_lib.patch index 28c0e55..652f4c1 100644 --- a/haproxy-1.6.0-makefile_lib.patch +++ b/haproxy-1.6.0-makefile_lib.patch @@ -1,8 +1,8 @@ -Index: haproxy-2.8/Makefile +Index: haproxy-3.0/Makefile =================================================================== ---- haproxy-2.8.orig/Makefile -+++ haproxy-2.8/Makefile -@@ -750,7 +750,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US +--- haproxy-3.0.orig/Makefile ++++ haproxy-3.0/Makefile +@@ -784,7 +784,7 @@ ifneq ($(USE_PCRE:0=)$(USE_STATIC_PCRE:0 PCREDIR := $(shell $(PCRE_CONFIG) --prefix 2>/dev/null || echo /usr/local) ifneq ($(PCREDIR),) PCRE_INC := $(PCREDIR)/include @@ -11,7 +11,7 @@ Index: haproxy-2.8/Makefile endif PCRE_CFLAGS := $(if $(PCRE_INC),-I$(PCRE_INC)) -@@ -768,7 +768,7 @@ ifneq ($(USE_PCRE2)$(USE_STATIC_PCRE2)$( +@@ -802,7 +802,7 @@ ifneq ($(USE_PCRE2:0=)$(USE_STATIC_PCRE2 PCRE2DIR := $(shell $(PCRE2_CONFIG) --prefix 2>/dev/null || echo /usr/local) ifneq ($(PCRE2DIR),) PCRE2_INC := $(PCRE2DIR)/include diff --git a/haproxy-1.6.0-sec-options.patch b/haproxy-1.6.0-sec-options.patch index ca494a9..3bbbee7 100644 --- a/haproxy-1.6.0-sec-options.patch +++ b/haproxy-1.6.0-sec-options.patch @@ -4,11 +4,11 @@ Date: Mon Jun 17 13:00:08 2019 +0000 SUSE: Makefile sec options -Index: haproxy-2.8/Makefile +Index: haproxy-3.0/Makefile =================================================================== ---- haproxy-2.8.orig/Makefile -+++ haproxy-2.8/Makefile -@@ -849,6 +849,35 @@ ifneq ($(TRACE),) +--- haproxy-3.0.orig/Makefile ++++ haproxy-3.0/Makefile +@@ -887,6 +887,35 @@ ifneq ($(TRACE),) COPTS += -finstrument-functions endif diff --git a/haproxy-2.8.3+git0.86e043add.tar.gz b/haproxy-2.8.3+git0.86e043add.tar.gz deleted file mode 100644 index 7e09ac5..0000000 --- a/haproxy-2.8.3+git0.86e043add.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:212ef2f8f77f916a49f905e88f76fc1c94543507d8581b814cfc05095a06581a -size 4483617 diff --git a/haproxy-3.0.4+git0.7a59afa93.tar.gz b/haproxy-3.0.4+git0.7a59afa93.tar.gz new file mode 100644 index 0000000..66871ab --- /dev/null +++ b/haproxy-3.0.4+git0.7a59afa93.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:34d7ba5f03b2b7f75aec659c77a75717a5f7535bb2ae70ac18c9142adb9481e1 +size 4831532 diff --git a/haproxy-service.patch b/haproxy-service.patch new file mode 100644 index 0000000..f4cc91a --- /dev/null +++ b/haproxy-service.patch @@ -0,0 +1,11 @@ +--- a/admin/systemd/haproxy.service.in 2024-01-18 15:32:19.000000000 +0100 ++++ b/admin/systemd/haproxy.service.in 2024-02-04 23:58:30.873980359 +0100 +@@ -6,7 +6,7 @@ + [Service] + EnvironmentFile=-/etc/default/haproxy + EnvironmentFile=-/etc/sysconfig/haproxy +-Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock" ++Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/pid" "EXTRAOPTS=-S /run/haproxy/master.sock" + ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS + ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS + ExecReload=/bin/kill -USR2 $MAINPID diff --git a/haproxy-tmpfiles.conf b/haproxy-tmpfiles.conf new file mode 100644 index 0000000..c53bd36 --- /dev/null +++ b/haproxy-tmpfiles.conf @@ -0,0 +1 @@ +D /run/haproxy 0750 root haproxy diff --git a/haproxy.cfg b/haproxy.cfg index 4468995..857de94 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -5,7 +5,7 @@ global user haproxy group haproxy daemon - stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator + stats socket /run/haproxy/stats.sock user haproxy group haproxy mode 0640 level operator tune.bufsize 32768 tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH diff --git a/haproxy.changes b/haproxy.changes index 9dc176e..84d4d6a 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,538 @@ +------------------------------------------------------------------- +Tue Sep 03 14:08:47 UTC 2024 - mrueckert@suse.de + +- Update to version 3.0.4+git0.7a59afa93: (CVE-2024-45506 boo#1229993) + * [RELEASE] Released version 3.0.4 + * BUG/MEDIUM: mux-pt: Fix condition to perform a shutdown for writes in mux_pt_shut() + * BUG/MINOR: Crash on O-RTT RX packet after dropping Initial pktns + * BUG/MINOR: quic: Too shord datagram during O-RTT handshakes (aws-lc only) + * BUG/MAJOR: mux-h2: always clear MUX_MFULL and DEM_MROOM when clearing the mbuf + * MINOR: mux-h2: try to clear DEM_MROOM and MUX_MFULL at more places + * BUG/MEDIUM: mux-h1: Properly handle empty message when an error is triggered + * BUG/MINOR: quic: unexploited retransmission cases for Initial pktns. + * BUG/MEDIUM: cli: Always release back endpoint between two commands on the mcli + * BUG/MEDIUM: mux-pt: Never fully close the connection on shutdown + * BUG/MINIR: proxy: Match on 429 status when trying to perform a L7 retry + * BUG/MEDIUM: stream: Prevent mux upgrades if client connection is no longer ready + * BUG/MEDIUM: mux-h2: Set ES flag when necessary on 0-copy data forwarding + * MINOR: proxy: Add support of 429-Too-Many-Requests in retry-on status + * DOC: quic: fix default minimal value for max window size + * MEDIUM: log: relax some checks and emit diag warnings instead in lf_expr_postcheck() + * Revert "MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface" + * BUG/MEDIUM: init: fix fd_hard_limit default in compute_ideal_maxconn + * MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD (take #2) + * BUG/MEDIUM: queue: deal with a rare TOCTOU in assign_server_and_queue() + * MINOR: queue: add a function to check for TOCTOU after queueing + * MEDIUM: h1: allow to preserve keep-alive on T-E + C-L + * MINOR: quic: Add information to "show quic" for CUBIC cc. + * MINOR: quic: Dump TX in flight bytes vs window values ratio. + * BUG/MEDIUM: jwt: Clear SSL error queue on error when checking the signature + * BUG/MINOR: quic: Lack of precision when computing K (cubic only cc) + * MEDIUM: sink: don't set NOLINGER flag on the outgoing stream interface + * BUG/MINOR: quic: Non optimal first datagram. + * BUG/MINOR: cli: Atomically inc the global request counter between CLI commands + * BUG/MINOR: server: Don't warn fallback IP is used during init-addr resolution + * BUG/MINOR: stick-table: fix crash for src_inc_gpc() without stkcounter + * DOC: config: improve the http-keep-alive section + * DOC: configuration: issuers-chain-path not compatible with OCSP + * BUG/MAJOR: mux-h2: force a hard error upon short read with pending error + * BUG/MEDIUM: ssl_sock: fix deadlock in ssl_sock_load_ocsp() on error path + * DOC: install: don't reference removed CPU arg + * BUG/MEDIUM: debug/cli: fix "show threads" crashing with low thread counts + * BUG/MINOR: session: Eval L4/L5 rules defined in the default section + * CLEANUP: quic: rename TID affinity elements + * CLEANUP: proto: rename TID affinity callbacks + * BUG/MEDIUM: quic: prevent crash on accept queue full + * BUILD: listener: silence a build warning about unused value without threads + * MINOR: proto: extend connection thread rebind API + +------------------------------------------------------------------- +Thu Jul 11 14:57:46 UTC 2024 - Marcus Rueckert + +- refreshed patches: + haproxy-1.6.0-makefile_lib.patch + haproxy-1.6.0-sec-options.patch + +------------------------------------------------------------------- +Thu Jul 11 14:56:11 UTC 2024 - mrueckert@suse.de + +- Update to version 3.0.3+git0.95a607c4b: + * [RELEASE] Released version 3.0.3 + * BUG/MEDIUM: bwlim: Be sure to never set the analyze expiration date in past + * DEV: flags/quic: decode quic_conn flags + * BUG/MEDIUM: spoe: Be sure to create a SPOE applet if none on the current thread + * BUG/MEDIUM: h1: Reject empty Transfer-encoding header + * BUG/MINOR: h1: Reject empty coding name as last transfer-encoding value + * BUG/MINOR: h1: Fail to parse empty transfer coding names + * BUG/MINOR: jwt: fix variable initialisation + * Revert "MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD" + * BUG/MEDIUM: peers: Fix crash when syncing learn state of a peer without appctx + * DOC: configuration: update maxconn description + * MEDIUM: init: set default for fd_hard_limit via DEFAULT_MAXFD + * BUG/MINOR: jwt: don't try to load files with HMAC algorithm + * BUG/MEDIUM: server: fix race on server_atomic_sync() + * DOC: configuration: more details about the master-worker mode + * BUG/MEDIUM: hlua/cli: Fix lua CLI commands to work with applet's buffers + * BUG/MINOR: promex: Remove Help prefix repeated twice for each metric + * BUG/MEDIUM: quic: fix possible exit from qc_check_dcid() without unlocking + * BUG/MINOR: quic: fix race-condition on trace for CID retrieval + * BUG/MINOR: quic: fix race condition in qc_check_dcid() + * BUG/MEDIUM: quic: fix race-condition in quic_get_cid_tid() + * BUG/MEDIUM: h3: ensure the ":scheme" pseudo header is totally valid + * BUG/MEDIUM: h3: ensure the ":method" pseudo header is totally valid + * BUG/MEDIUM: server/dns: prevent DOWN/UP flap upon resolution timeout or error + * MINOR: activity: make the memory profiling hash size configurable at build time + * BUG/MINOR: server: fix first server template name lookup UAF + * DOC: configuration: add details about crt-store in bind "crt" keyword + * BUG/MEDIUM: stick-table: Decrement the ref count inside lock to kill a session + * BUG/MINOR: hlua: report proper context upon error in hlua_cli_io_handler_fct() + * DEV: flags/show-fd-to-flags: adapt to recent versions + * BUG/MINOR: quic: fix BUG_ON() on Tx pkt alloc failure + * BUG/MINOR: h3: fix BUG_ON() crash on control stream alloc failure + * BUG/MINOR: mux-quic: fix crash on qcs SD alloc failure + * BUG/MINOR: h3: fix crash on STOP_SENDING receive after GOAWAY emission + * DOC: api/event_hdl: small updates, fix an example and add some precisions + * SCRIPTS: git-show-backports: do not truncate git-show output + * BUG/MAJOR: quic: fix padding with short packets + * DOC: management: document ptr lookup for table commands + * DOC: configuration: fix alphabetical order of bind options + * BUG/MEDIUM: proxy: fix email-alert invalid free + * REGTESTS: ssl: fix some regtests 'feature cmd' start condition + * DEBUG: hlua: distinguish burst timeout errors from exec timeout errors + * BUG/MINOR: log: fix broken '+bin' logformat node option + +------------------------------------------------------------------- +Sun Jun 16 06:44:56 UTC 2024 - andreas.stieger@gmx.de + +- Update to version 3.0.2+git0.a45a8e623: + * [RELEASE] Released version 3.0.2 + * DOC: management: rename show stats domain cli "dns" to "resolvers" + * DOC/MINOR: management: add -dZ option + * DOC/MINOR: management: add missed -dR and -dv options + * BUG/MINOR: quic: fix padding of INITIAL packets + * BUG/MAJOR: mux-h1: Prevent any UAF on H1 connection after draining a request + * CLEANUP: log/proxy: fix comment in proxy_free_common() + * BUG/MEDIUM: proxy: fix UAF with {tcp,http}checks logformat expressions + * MINOR: proxy: add proxy_free_common() helper function + * BUG/MINOR: promex: Skip resolvers metrics when there is no resolver section + * DOC: config: add missing context hint for new server and proxy keywords + * DOC: config: add missing section hint for "guid" proxy keyword + * DOC: config: move "hash-key" from proxy to server options + * BUG/MEDIUM: log: fix lf_expr_postcheck() behavior with default section + * BUG/MINOR: proxy: fix header_unique_id leak on deinit() + * BUG/MINOR: proxy: fix source interface and usesrc leaks on deinit() + * BUG/MINOR: proxy: fix dyncookie_key leak on deinit() + * BUG/MINOR: proxy: fix check_{command,path} leak on deinit() + * BUG/MINOR: proxy: fix email-alert leak on deinit() + * BUG/MINOR: proxy: fix log_tag leak on deinit() + * BUG/MINOR: proxy: fix server_id_hdr_name leak on deinit() + * MINOR: log: fix "http-send-name-header" ignore warning message + +------------------------------------------------------------------- +Mon Jun 10 14:52:46 UTC 2024 - mrueckert@suse.de + +- Update to version 3.0.1+git0.471a1b2f1: + * [RELEASE] Released version 3.0.1 + * BUG/MINOR: mux-h1: Use the right variable to set NEGO_FF_FL_EXACT_SIZE flag + * BUG/MAJOR: mux-h1: Properly copy chunked input data during zero-copy nego + * BUG/MEDIUM: stconn/mux-h1: Fix suspect change causing timeouts + * BUG/MINOR: quic: ensure Tx buf is always purged + * BUG/MINOR: quic: fix computed length of emitted STREAM frames + * BUG/MEDIUM: ssl: bad auth selection with TLS1.2 and WolfSSL + * BUG/MEDIUM: ssl: wrong priority whem limiting ECDSA ciphers in ECDSA+RSA configuration + * BUG/MEDIUM: mux-quic: Don't unblock zero-copy fwding if blocked during nego + * CLEANUP: hlua: simplify ambiguous lua_insert() usage in hlua_ctx_resume() + * BUG/MINOR: hlua: fix leak in hlua_ckch_set() error path + * BUG/MINOR: hlua: prevent LJMP in hlua_traceback() + * BUG/MINOR: hlua: fix unsafe hlua_pusherror() usage + * BUG/MINOR: hlua: don't use lua_pushfstring() when we don't expect LJMP + * CLEANUP: hlua: use hlua_pusherror() where relevant + * BUG/MINOR: quic: prevent crash on qc_kill_conn() + * BUG/MEDIUM: mux-quic: Unblock zero-copy forwarding if the txbuf can be released + * MEDIUM: stconn: Be able to unblock zero-copy data forwarding from done_fastfwd + * BUG/MEDIUM: h1-htx: Don't state interim responses are bodyless + * BUG/MINOR: hlua: use CertCache.set() from various hlua contexts + * DOC: configuration: add an example for keywords from crt-store + * BUG/MINOR: tools: fix possible null-deref in env_expand() on out-of-memory + * BUG/MINOR: tcpcheck: report correct error in tcp-check rule parser + * BUG/MINOR: cfgparse: remove the correct option on httpcheck send-state warning + +------------------------------------------------------------------- +Fri May 31 12:07:48 UTC 2024 - Marcus Rueckert + +- AppArmor: allow haproxy to read the files needed for the + "p post_mortem" support + +------------------------------------------------------------------- +Wed May 29 14:00:25 UTC 2024 - mrueckert@suse.de + +- Update to version 3.0.0+git0.5590ada47: + https://www.haproxy.com/blog/announcing-haproxy-3-0 + https://www.mail-archive.com/haproxy@formilux.org/msg44993.html + +------------------------------------------------------------------- +Mon Feb 26 19:55:05 UTC 2024 - mrueckert@suse.de + +- Update to version 2.9.6+git0.9eafce5dc: + * [RELEASE] Released version 2.9.6 + * BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI + * BUG/MAJOR: promex: fix crash on deleted server + +------------------------------------------------------------------- +Mon Feb 26 19:54:49 UTC 2024 - mrueckert@suse.de + +- Update to version 2.9.5+git0.260dbb8a6: + * [RELEASE] Released version 2.9.5 + * BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams + * BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C + * BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty + * BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty + * MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding + * BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides + * MINOR: muxes: Announce support for zero-copy forwarding on consumer side + * MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side + * MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield + * CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield + * BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up + * BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending + * MINOR: quic: Add a counter for reordered packets + * MINOR: quic: Dynamic packet reordering threshold + * MINOR: quic: Update K CUBIC calculation (RFC 9438) + * BUG/MEDIUM: quic: Wrong K CUBIC calculation. + * BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing + * BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush() + * BUILD: address a few remaining calloc(size, n) cases + * CI: Update to actions/cache@v4 + * BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs + * BUG/MINOR: vars/cli: fix missing LF after "get var" output + * DOC: internal: update missing data types in peers-v2.0.txt + * DOC: config: fix misplaced "bytes_{in,out}" + * DOC: config: fix typos for "bytes_{in,out}" + * DOC: config: fix misplaced "txn.conn_retries" + * DOC: install: recommend pcre2 + * REGTESTS: ssl: Add OCSP related tests + * REGTESTS: ssl: Fix empty line in cli command input + * BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list" + * BUG/MINOR: ssl: Destroy ckch instances before the store during deinit + * BUG/MEDIUM: ocsp: Separate refcount per instance and per store + * MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid + * BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line + * BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch + * MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT + * BUILD: debug: remove leftover parentheses in ABORT_NOW() + * MINOR: debug: make ABORT_NOW() store the caller's line number when using abort + * MINOR: debug: make sure calls to ha_crash_now() are never merged + * MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding + * MINOR: quic: Stop using 1024th of a second. + * BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation + * CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438) + * BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call + * BUILD: quic: Variable name typo inside a BUG_ON(). + * BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit. + * BUG/MINOR: diag: run the final diags before quitting when using -c + * BUG/MINOR: diag: always show the version before dumping a diag warning + +------------------------------------------------------------------- +Mon Feb 26 19:54:25 UTC 2024 - mrueckert@suse.de + +- Update to version 2.9.4+git0.4e071ad92: + * [RELEASE] Released version 2.9.4 + * BUG/MEDIUM: h1: always reject the NUL character in header values + * BUG/MINOR: h1-htx: properly initialize the err_pos field + * DOC: httpclient: add dedicated httpclient section + * BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size + * BUG/MINOR: h1: Don't support LF only at the end of chunks + * BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON + * BUG/MEDIUM: qpack: allow 6xx..9xx status codes + * BUG/MEDIUM: h3: do not crash on invalid response status code + * MINOR: h3: add traces for stream sending function + * BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions + * DOC: configuration: clarify http-request wait-for-body + * BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf + * MINOR: quic: extract qc_stream_buf free in a dedicated function + * MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT) + * CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro. + * BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available + * BUG/MEDIUM: cache: Fix crash when deleting secondary entry + * BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var() + * BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs + * BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI + * MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc + * BUG/MEDIUM: mux-h2: refine connection vs stream error on headers + * DOC: configuration: fix set-dst in actions keywords matrix + * BUG/MINOR: h3: fix checking on NULL Tx buffer + +------------------------------------------------------------------- +Sun Feb 4 22:52:43 UTC 2024 - Georg Pfuetzenreuter + +- Set /run/haproxy as the default PID file and socket location + Adds haproxy-service.patch +- Allow custom stats socket names + +------------------------------------------------------------------- +Wed Jan 24 13:40:54 UTC 2024 - varkoly@suse.com + +- Update to version 2.9.3+git0.de3ab549a: + * [RELEASE] Released version 2.9.3 + * BUG/MEDIUM: quic: keylog callback not called (USE_OPENSSL_COMPAT) + * BUG/MINOR: mux-h2: also count streams for refused ones + * BUG/MINOR: mux-quic: do not prevent non-STREAM sending on flow control + * BUILD: quic: missing include for quic_tp + * [RELEASE] Released version 2.9.2 + * DOC: configuration: corrected description of keyword tune.ssl.ocsp-update.mindelay + * REGTESTS: add a test to ensure map-ordering is preserved + * BUG/MINOR: map: list-based matching potential ordering regression + * CLEANUP: quic: Double quic_dgram_parse() prototype declaration. + * MINOR: ssl: Update ssl_fc_curve/ssl_bc_curve to use SSL_get0_group_name + * MINOR: ot: logsrv struct becomes logger + * MINOR: mux-h2: support limiting the total number of H2 streams per connection + * BUG/MEDIUM: spoe: Never create new spoe applet if there is no server up + * BUG/MEDIUM: stconn: Set fsb date if zero-copy forwarding is blocked during nego + * BUG/MEDIUM: stconn: Forward shutdown on write timeout only if it is forwardable + * BUG/MEDIUM: h3: fix incorrect snd_buf return value + * BUILD: quic: Missing quic_ssl.h header protection + * CLEANUP: quic: Remaining useless code into server part + * REGTESTS: check attach-srv out of order declaration + * MINOR: debug: add features and build options to "show dev" + * MINOR: global: export a way to list build options + * CI: use semantic version compare for determing "latest" OpenSSL + * BUG/MINOR: h3: disable fast-forward on buffer alloc failure + * BUG/MINOR: h3: close connection on sending alloc errors + * BUG/MINOR: h3: properly handle alloc failure on finalize + * MINOR: h3: add traces for connection init stage + * BUG/MINOR: h3: close connection on header list too big + * MINOR: h3: check connection error during sending + * BUG/MINOR: quic: Missing call to TLS message callbacks + * BUG/MINOR: quic: Wrong keylog callback setting. + * BUG/MINOR: mux-quic: disable fast-fwd if connection on error + * BUG/MINOR: mux-quic: always report error to SC on RESET_STREAM emission + * DOC: fix typo for fastfwd QUIC option + * BUG/MINOR: server/event_hdl: propagate map port info through inetaddr event + * MINOR: server/event_hdl: update _srv_event_hdl_prepare_inetaddr prototype + * MINOR: server/event_hdl: add server_inetaddr struct to facilitate event data usage + * BUG/MEDIUM: stats: unhandled switching rules with TCP frontend + * MINOR: stats: store the parent proxy in stats ctx (http) + * BUG/MAJOR: stconn: Disable zero-copy forwarding if consumer is shut or in error + * BUG/MINOR: server: Use the configured address family for the initial resolution + * DOC: config: Update documentation about local haproxy response + * BUG/MINOR: resolvers: default resolvers fails when network not configured + +------------------------------------------------------------------- +Fri Dec 15 15:15:07 UTC 2023 - varkoly@suse.com + +- Update to version 2.9.1+git0.f72603ceb: + * [RELEASE] Released version 2.9.1 + * DOC: config: also add arguments to the converters in the table + * DOC: config: add arguments to sample fetch methods in the table + * BUG/MEDIUM: mux-quic: report early error on stream + * BUG/MEDIUM: mux-h2: Report too large HEADERS frame only when rxbuf is empty + * CLEANUP: mux-h1: Fix a trace message about C-L header addition + * BUG/MEDIUM: mux-h1: Explicitly skip request's C-L header if not set originally + * BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding + * BUG/MEDIUM: stconn: Block zero-copy forwarding if EOS/ERROR on consumer side + * BUG/MEDIUM: quic: QUIC CID removed from tree without locking + * MINOR: version: mention that it's stable now + * BUG/MINOR: ext-check: cannot use without preserve-env + * BUG/MEDIUM: map/acl: pat_ref_{set,delete}_by_id regressions + * BUILD: ssl: update types in wolfssl cert selection callback + * BUG/MEDIUM: quic: Possible buffer overflow when building TLS records + * BUG/MINOR: mworker/cli: fix set severity-output support + * DOC: configuration: typo req.ssl_hello_type + * BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA) + * BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate + * MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback + * BUG/MINOR: ssl: Double free of OCSP Certificate ID + +------------------------------------------------------------------- +Mon Dec 11 09:20:20 UTC 2023 - Dirk Müller + +- Update to version 2.9.0+git0.fddb8c13b: + new major branch: + https://www.haproxy.com/blog/announcing-haproxy-2-9 + https://www.mail-archive.com/haproxy@formilux.org/msg44400.html + +------------------------------------------------------------------- +Thu Dec 07 14:28:36 UTC 2023 - mrueckert@suse.de + +- Update to version 2.8.5+git0.aaba8d090: + * [RELEASE] Released version 2.8.5 + * BUG/MEDIUM: proxy: always initialize the default settings after init + * BUG/MINOR: lua: Wrong OCSP CID after modifying an SSL certficate (LUA) + * BUG/MINOR: ssl: Wrong OCSP CID after modifying an SSL certficate + * MINOR: ssl/cli: Add ha_(warning|alert) msgs to CLI ckch callback + * BUG/MINOR: ssl: Double free of OCSP Certificate ID + * BUG/MINOR: quic: Packet number spaces too lately initialized + * BUG/MINOR: quic: Missing QUIC connection path member initialization + * BUG/MINOR: quic: Possible leak of TX packets under heavy load + * BUG/MEDIUM: quic: Possible crash during retransmissions and heavy load + * BUG/MINOR: cache: Remove incomplete entries from the cache when stream is closed + * BUG/MEDIUM: peers: fix partial message decoding + * DOC: Clarify the differences between field() and word() + * BUG/MINOR: sample: Make the `word` converter compatible with `-m found` + * REGTESTS: sample: Test the behavior of consecutive delimiters for the field converter + * DOC: config: fix monitor-fail typo + * DOC: config: add matrix entry for "max-session-srv-conns" + * DOC: config: specify supported sections for "max-session-srv-conns" + * BUG/MINOR: cfgparse-listen: fix warning being reported as an alert + * BUG/MINOR: config: Stopped parsing upon unmatched environment variables + * BUG/MINOR: quic_tp: fix preferred_address decoding + * DOC: config: fix missing characters in set-spoe-group action + * BUG/MINOR: h3: always reject PUSH_PROMISE + * BUG/MINOR: h3: fix TRAILERS encoding + * BUG/MEDIUM: master/cli: Properly pin the master CLI on thread 1 / group 1 + * BUG/MINOR: compression: possible NULL dereferences in comp_prepare_compress_request() + * BUG/MINOR: quic: fix CONNECTION_CLOSE_APP encoding + * DOC: lua: fix Proxy.get_mode() output + * DOC: lua: add sticktable class reference from Proxy.stktable + * REGTESTS: connection: disable http_reuse_be_transparent.vtc if !TPROXY + * DOC: config: fix timeout check inheritance restrictions + * DOC: 51d: updated 51Degrees repo URL for v3.2.10 + * BUG/MINOR: server: do not leak default-server in defaults sections + * BUG/MINOR: quic: Possible RX packet memory leak under heavy load + * BUG/MEDIUM: quic: Possible crash for connections to be killed + * BUG/MINOR: sock: mark abns sockets as non-suspendable and always unbind them + * BUG/MINOR: startup: set GTUNE_SOCKET_TRANSFER correctly + * REGTESTS: http: add a test to validate chunked responses delivery + * BUG/MINOR: proxy/stktable: missing frees on proxy cleanup + * MINOR: stktable: add stktable_deinit function + * BUG/MINOR: stream/cli: report correct stream age in "show sess" + * BUG/MEDIUM: mux-fcgi: fail earlier on malloc in takeover() + * BUG/MEDIUM: mux-h1: fail earlier on malloc in takeover() + * BUG/MEDIUM: mux-h2: fail earlier on malloc in takeover() + * BUG/MAJOR: quic: complete thread migration before tcp-rules + +------------------------------------------------------------------- +Fri Nov 24 11:31:13 UTC 2023 - mrueckert@suse.de + +- Update to version 2.8.4+git0.a4ebf9d3b: + * [RELEASE] Released version 2.8.4 + * BUG/MINOR: stconn: Report read activity on non-indep streams for partial sends + * BUG/MINOR: stconn/applet: Report send activity only if there was output data + * BUG/MINOR: stconn: Use HTX-aware channel's functions to get info on buffer + * BUG/MINOR: stconn: Fix streamer detection for HTX streams + * MINOR: channel: Add functions to get info on buffers and deal with HTX streams + * MINOR: htx: Use a macro for overhead induced by HTX + * BUG/MEDIUM: stconn: Update fsb date on partial sends + * BUG/MEDIUM: stream: Don't call mux .ctl() callback if not implemented + * BUG/MEDIUM: mworker: set the master variable earlier + * BUG/MEDIUM: applet: Report a send activity everytime data were sent + * BUG/MEDIUM: stconn: Report a send activity everytime data were sent + * REGTESTS: http: Improve script testing abortonclose option + * BUG/MEDIUM: stream: Properly handle abortonclose when set on backend only + * MEDIUM: mux-h1: Handle MUX_SUBS_RECV flag in h1_ctl() and susbscribe for reads + * MINOR: connection: Add a CTL flag to notify mux it should wait for reads again + * BUG/MINOR: stconn: Handle abortonclose if backend connection was already set up + * BUG/MEDIUM: connection: report connection errors even when no mux is installed + * DOC: quic: Wrong syntax for "quic-cc-algo" keyword. + * BUG/MINOR: sink: don't learn srv port from srv addr + * BUG/MEDIUM: applet: Remove appctx from buffer wait list on release + * DOC: config: use the word 'backend' instead of 'proxy' in 'track' description + * BUG/MINOR: quic: fix retry token check inconsistency + * DOC: management: -q is quiet all the time + * BUG/MEDIUM: stconn: Don't update stream expiration date if already expired + * BUG/MEDIUM: quic: Avoid some crashes upon TX packet allocation failures + * BUG/MEDIUM: quic: Possible crashes when sending too short Initial packets + * BUG/MEDIUM: quic: Avoid trying to send ACK frames from an empty ack ranges tree + * BUG/MINOR: quic: idle timer task requeued in the past + * BUG/MEDIUM: pool: fix releasable pool calculation when overloaded + * BUG/MEDIUM: freq-ctr: Don't report overshoot for long inactivity period + * BUG/MINOR: mux-h1: Properly handle http-request and http-keep-alive timeouts + * BUG/MINOR: stick-table/cli: Check for invalid ipv4 key + * BUG/MEDIUM: quic: fix sslconns on quic_conn alloc failure + * BUG/MEDIUM: quic: fix actconn on quic_conn alloc failure + * CLEANUP: htx: Properly indent htx_reserve_max_data() function + * BUG/MINOR: stconn: Sanitize report for read activity + * BUG/MEDIUM: Don't apply a max value on room_needed in sc_need_room() + * BUG/MEDIUM: stconn: Don't report rcv/snd expiration date if SC cannot epxire + * BUG/MEDIUM: pattern: don't trim pools under lock in pat_ref_purge_range() + * BUG/MINOR: cfgparse/stktable: fix error message on stktable_init() failure + * BUG/MINOR: stktable: missing free in parse_stick_table() + * BUG/MINOR: tcpcheck: Report hexstring instead of binary one on check failure + * BUG/MEDIUM: ssl: segfault when cipher is NULL + * BUG/MINOR: mux-quic: fix early close if unset client timeout + * BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3 and dual ECDSA/RSA + * MEDIUM: quic: count quic_conn for global sslconns + * MEDIUM: quic: count quic_conn instance for maxconn + * MINOR: frontend: implement a dedicated actconn increment function + * BUG/MINOR: ssl: use a thread-safe sslconns increment + * BUG/MINOR: quic: do not consider idle timeout on CLOSING state + * BUG/MEDIUM: server: "proto" not working for dynamic servers + * MINOR: connection: add conn_pr_mode_to_proto_mode() helper func + * DEBUG: mux-h2/flags: fix list of h2c flags used by the flags decoder + * MINOR: lua: Add flags to configure logging behaviour + * BUG/MINOR: ssl: load correctly @system-ca when ca-base is define + * DOC: internal: filters: fix reference to entities.pdf + * BUG/MINOR: mux-h2: update tracked counters with req cnt/req err + * BUG/MINOR: mux-h2: commit the current stream ID even on reject + * BUG/MEDIUM: peers: Fix synchro for huge number of tables + * BUG/MEDIUM: peers: Be sure to always refresh recconnect timer in sync task + * BUG/MINOR: trace: fix trace parser error reporting + * BUG/MINOR: mux-h2: fix http-request and http-keep-alive timeouts again + * BUG/MEDIUM: mux-h2: Don't report an error on shutr if a shutw is pending + * BUG/MINOR: mux-h2: make up other blocked streams upon removal from list + * BUG/MINOR: mux-h1: Send a 400-bad-request on shutdown before the first request + * BUG/MEDIUM: quic-conn: free unsent frames on retransmit to prevent crash + * BUG/MINOR: mux-quic: fix free on qcs-new fail alloc + * BUG/MINOR: h3: strengthen host/authority header parsing + * BUG/MINOR: mux-quic: support initial 0 max-stream-data + * BUG/MEDIUM: mux-quic: fix RESET_STREAM on send-only stream + * BUG/MINOR: quic: reject packet with no frame + * BUG/MINOR: quic: Avoid crashing with unsupported cryptographic algos + * BUG/MEDIUM: stconn: Fix comparison sign in sc_need_room() + * BUG/MINOR: hq-interop: simplify parser requirement + * BUG/MEDIUM: h1: Ignore C-L value in the H1 parser if T-E is also set + * BUG/MINOR: mux-h1: Ignore C-L when sending H1 messages if T-E is also set + * BUG/MINOR: mux-h1: Handle read0 in rcv_pipe() only when data receipt was tried + * BUG/MEDIUM: hlua: Initialize appctx used by a lua socket on connect only + * MINOR: hlua: Test the hlua struct first when the lua socket is connecting + * MINOR: hlua: Save the lua socket's server in its context + * MINOR: hlua: Save the lua socket's timeout in its context + * MINOR: hlua: Don't preform operations on a not connected socket + * MINOR: hlua: Set context's appctx when the lua socket is created + * BUG/MEDIUM: http-ana: Try to handle response before handling server abort + * BUG/MEDIUM: quic_conn: let the scheduler kill the task when needed + * BUG/MEDIUM: actions: always apply a longest match on prefix lookup + * BUG/MINOR: mux-quic: remove full demux flag on ncbuf release + * BUG/MEDIUM: server/cli: don't delete a dynamic server that has streams + * MINOR: pattern: fix pat_{parse,match}_ip() function comments + * BUG/MINOR: server: add missing free for server->rdr_pfx + * BUG/MAJOR: mux-h2: Report a protocol error for any DATA frame before headers + * BUG/MINOR: freq_ctr: fix possible negative rate with the scaled API + * BUG/MEDIUM: master/cli: Pin the master CLI on the first thread of the group 1 + * BUG/MINOR: promex: fix backend_agg_check_status + * BUG/MEDIUM: mux-fcgi: Don't swap trash and dbuf when handling STDERR records + * BUG/MINOR: hlua/init: coroutine may not resume itself + * BUG/MEDIUM: hlua: don't pass stale nargs argument to lua_resume() + * CI: musl: drop shopt in workflow invocation + * CI: musl: highlight section if there are coredumps + * Revert "BUG/MEDIUM: quic: missing check of dcid for init pkt including a token" + * BUG/MEDIUM: hlua: streams don't support mixing lua-load with lua-load-per-thread + * MINOR: hlua: add hlua_stream_ctx_prepare helper function + * BUILD: quic: fix build on centos 8 and USE_QUIC_OPENSSL_COMPAT + * BUG/MINOR: quic: ssl_quic_initial_ctx() uses error count not error code + * BUG/MINOR: quic: allow-0rtt warning must only be emitted with quic bind + * BUILD: Makefile: add USE_QUIC_OPENSSL_COMPAT to make help + * MINOR: quic+openssl_compat: Emit an alert for "allow-0rtt" option + * MINOR: quic+openssl_compat: Do not start without "limited-quic" + * MINOR: quic: Warning for OpenSSL wrapper QUIC bindings without "limited-quic" + * BUG/MINOR: quic+openssl_compat: Non initialized TLS encryption levels + * DOC: quic: Add "limited-quic" new tuning setting + * MINOR: quic: Add "limited-quic" new tuning setting + * MINOR: quic: SSL context initialization with QUIC OpenSSL wrapper. + * MINOR: quic: Add a quic_openssl_compat struct to quic_conn struct + * MINOR: quic: Call the keylog callback for QUIC openssl wrapper from SSL_CTX_keylog() + * MINOR: quic: Initialize TLS contexts for QUIC openssl wrapper + * MINOR: quic: Export some KDF functions (QUIC-TLS) + * MINOR: quic: Add a compilation option for the QUIC OpenSSL wrapper + * MINOR: quic: Do not enable 0RTT with SSL_set_quic_early_data_enabled() + * MINOR: quic: Set the QUIC connection as extra data before calling SSL_set_quic_method() + * MINOR: quic: Do not enable O-RTT with USE_QUIC_OPENSSL_COMPAT + * MINOR: quic: Include QUIC opensssl wrapper header from TLS stacks compatibility header + * MINOR: quic: QUIC openssl wrapper implementation + * BUG/MINOR: quic: Wrong cluster secret initialization + * BUG/MINOR: quic: Leak of frames to send. + * BUILD: bug: make BUG_ON() void to avoid a rare warning + ------------------------------------------------------------------- Thu Sep 07 22:07:54 UTC 2023 - mrueckert@suse.de @@ -60,7 +595,7 @@ Wed Aug 30 09:04:25 UTC 2023 - Peter Varkoly - Apply upstream patch for the ppc64le issue: Add patch: - 0001-IMPORT-xxhash-update-xxHash-to-version-0.8.2.patch + 0001-IMPORT-xxhash-update-xxHash-to-version-0.8.2.patch Remove patch: fix-invalid-parameter-combination-for-AltiVec-intrinsic-__builtin_vec_ld.patch @@ -870,7 +1405,7 @@ Thu Dec 01 15:25:38 UTC 2022 - mrueckert@suse.de ------------------------------------------------------------------- Tue Nov 22 13:13:45 UTC 2022 - Marcus Rueckert -- reenable the pcre jit after the last change +- reenable the pcre jit after the last change ------------------------------------------------------------------- Fri Oct 14 11:20:34 UTC 2022 - Stephan Kulow @@ -2075,7 +2610,7 @@ Fri May 14 08:31:04 UTC 2021 - mrueckert@suse.de - Update to version 2.4.0+git0.6cbbecf09: https://www.haproxy.com/blog/announcing-haproxy-2-4/ - + for all the details see /usr/share/doc/packages/haproxy/CHANGELOG - refreshed patches to apply cleanly again haproxy-1.6.0-makefile_lib.patch @@ -2637,7 +3172,7 @@ Sat Oct 24 01:18:29 UTC 2020 - Marcus Rueckert ------------------------------------------------------------------- Fri Oct 2 14:38:51 UTC 2020 - Marcus Rueckert -- use parallel build +- use parallel build ------------------------------------------------------------------- Fri Oct 02 14:37:00 UTC 2020 - mrueckert@suse.de @@ -4312,7 +4847,7 @@ Sun Mar 4 08:36:21 UTC 2018 - jengelh@inai.de ------------------------------------------------------------------- Fri Mar 2 16:37:25 UTC 2018 - kgronlund@suse.com -- Ensure haproxy home directory is not world readable (bsc#1077716) +- Ensure haproxy home directory is not world readable (bsc#1077716) ------------------------------------------------------------------- Thu Feb 08 13:15:17 UTC 2018 - kgronlund@suse.com @@ -4371,7 +4906,7 @@ Thu Feb 08 13:15:17 UTC 2018 - kgronlund@suse.com ------------------------------------------------------------------- Thu Feb 8 07:21:58 UTC 2018 - kgronlund@suse.com -- Add dependency on apparmor-profiles (bsc#1079985) +- Add dependency on apparmor-profiles (bsc#1079985) ------------------------------------------------------------------- Sun Dec 31 02:26:13 UTC 2017 - mrueckert@suse.de @@ -4498,7 +5033,7 @@ Mon Dec 04 10:33:40 UTC 2017 - kgronlund@suse.com ------------------------------------------------------------------- Tue Nov 28 13:54:07 UTC 2017 - kgronlund@suse.com -- License is now GPL-3.0+ and LGPL-2.1+ +- License is now GPL-3.0+ and LGPL-2.1+ ------------------------------------------------------------------- Mon Nov 27 13:40:32 UTC 2017 - mrueckert@suse.de @@ -5705,7 +6240,7 @@ Wed Nov 26 11:50:42 UTC 2014 - mrueckert@suse.de - 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch - 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch - 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch - - 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch + - 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch ------------------------------------------------------------------- Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com @@ -5723,7 +6258,7 @@ Thu Nov 20 06:56:23 UTC 2014 - kgronlund@suse.com - 0003-BUG-MEDIUM-ssl-force-a-full-GC-in-case-of-memory-sho.patch - 0004-BUG-MEDIUM-checks-fix-conflicts-between-agent-checks.patch - 0005-BUG-MINOR-config-don-t-inherit-the-default-balance-a.patch - - 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch + - 0006-BUG-MAJOR-frontend-initialize-capture-pointers-earli.patch ------------------------------------------------------------------- Sun Nov 09 21:52:00 UTC 2014 - Led @@ -5814,7 +6349,7 @@ Thu Oct 9 14:14:35 UTC 2014 - kgronlund@suse.com - BUG/MEDIUM: systemd: set KillMode to 'mixed' - Add patch: - - 0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch + - 0001-BUG-MEDIUM-systemd-set-KillMode-to-mixed.patch ------------------------------------------------------------------- Wed Oct 8 12:53:41 UTC 2014 - kgronlund@suse.com @@ -5862,7 +6397,7 @@ Mon Oct 6 09:09:58 UTC 2014 - kgronlund@suse.com - 0018-BUG-MEDIUM-check-rule-less-tcp-check-must-detect-con.patch - 0019-BUG-MINOR-tcp-check-report-the-correct-failed-step-i.patch - 0020-BUG-MINOR-config-don-t-propagate-process-binding-for.patch - + ------------------------------------------------------------------- Thu Sep 25 16:10:08 UTC 2014 - kgronlund@suse.com @@ -6098,12 +6633,12 @@ Tue Jun 24 12:23:55 UTC 2014 - mrueckert@suse.de ------------------------------------------------------------------- Tue Jun 24 09:51:25 UTC 2014 - kgronlund@suse.com -- Install vim file to a more appropriate location +- Install vim file to a more appropriate location ------------------------------------------------------------------- Mon Jun 23 09:19:04 UTC 2014 - kgronlund@suse.com -- added pre macro for systemd service file +- added pre macro for systemd service file ------------------------------------------------------------------- Mon Jun 23 08:28:06 UTC 2014 - kgronlund@suse.com diff --git a/haproxy.spec b/haproxy.spec index 7b32095..1bd8b43 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -1,7 +1,7 @@ # # spec file for package haproxy # -# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ %bcond_with quic %if 0%{?suse_version} >= 1230 @@ -46,12 +46,14 @@ %if 0%{?suse_version} >= 1500 %bcond_without sysusers +%bcond_without tmpfiles %else %bcond_with sysusers +%bcond_with tmpfiles %endif Name: haproxy -Version: 2.8.3+git0.86e043add +Version: 3.0.4+git0.7a59afa93 Release: 0 # # @@ -96,9 +98,11 @@ Source2: usr.sbin.haproxy.apparmor Source3: local.usr.sbin.haproxy.apparmor Source4: haproxy.cfg Source5: haproxy-user.conf +Source6: haproxy-tmpfiles.conf Patch1: haproxy-1.6.0_config_haproxy_user.patch Patch2: haproxy-1.6.0-makefile_lib.patch Patch3: haproxy-1.6.0-sec-options.patch +Patch4: haproxy-service.patch # Source98: series Source99: haproxy-rpmlintrc @@ -195,6 +199,9 @@ ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name} %if %{with sysusers} install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf %endif +%if %{with tmpfiles} +install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf +%endif %else install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name} ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name} @@ -224,6 +231,11 @@ rm examples/*init* %if %{with apparmor} && %{with apparmor_reload} %apparmor_reload /etc/apparmor.d/usr.sbin.haproxy %endif +%if %{with systemd} +%if %{with tmpfiles} +%tmpfiles_create %{_tmpfilesdir}/%{name}.conf +%endif +%endif %service_add_post %{pkg_name}.service %preun @@ -268,6 +280,10 @@ getent passwd %{pkg_name} >/dev/null || \ %if %{with sysusers} %{_sysusersdir}/haproxy-user.conf %endif +%if %{with tmpfiles} +%{_tmpfilesdir}/%{name}.conf +%dir %ghost %{_rundir}/%{name} +%endif %else %config(noreplace) %{_sysconfdir}/init.d/%{pkg_name} %endif diff --git a/series b/series index 67324f1..8ead05e 100644 --- a/series +++ b/series @@ -1,3 +1,4 @@ haproxy-1.6.0_config_haproxy_user.patch haproxy-1.6.0-makefile_lib.patch haproxy-1.6.0-sec-options.patch +haproxy-service.patch diff --git a/usr.sbin.haproxy.apparmor b/usr.sbin.haproxy.apparmor index dc3402a..2bc5b5b 100644 --- a/usr.sbin.haproxy.apparmor +++ b/usr.sbin.haproxy.apparmor @@ -28,13 +28,30 @@ profile haproxy /usr/sbin/haproxy { /dev/shm/haproxy_startup_logs_* rwlk, + # old stats socket location, for compatibility /var/lib/haproxy/stats rwl, /var/lib/haproxy/stats.*.bak rwl, /var/lib/haproxy/stats.*.tmp rwl, - /{,var/}run/haproxy.pid rw, - /{,var/}run/haproxy-master.sock* rwlk, + # new stats socket location + /run/haproxy/stats*.sock{,*.{bak,tmp}} rwl, + /{,var/}run/haproxy/pid rw, + /{,var/}run/haproxy/master.sock* rwlk, + + # This is for the additional debug output in haproxy >= 2.9 + # can be accessed with "p post_mortem" in gdb /sys/devices/system/node/ r, + /sys/devices/system/node/*/cpumap r, + /sys/devices/system/cpu/online r, + /sys/class/dmi/id/sys_vendor r, + /sys/class/dmi/id/product_family r, + /sys/class/dmi/id/product_name r, + /sys/class/dmi/id/board_vendor r, + /sys/firmware/devicetree/base/model r, + /sys/class/dmi/id/board_name r, + /proc/2/status r, + /proc/cpuinfo r, + # end of debug.c files # Site-specific additions and overrides. See local/README for details. #include if exists