Sync from SUSE:SLFO:Main haproxy revision 44fa97000958bb786ac1de8687260368

2025-05-19 19:38:46 +02:00
parent 10fb8562e6
commit fe3d031d76
8 changed files with 172 additions and 7 deletions
--- a/README.SUSE
+++ b/README.SUSE
@@ -0,0 +1,3 @@
+Notes regarding QUIC (only available on Tumbleweed):
+
+We currently only build with OpenSSL, this requires setting "limited-quic" in the "global" configuration section (which comes with missing out on 0-RTT support).
--- a/README.SUSE.PACKAGING
+++ b/README.SUSE.PACKAGING
@@ -0,0 +1,8 @@
+Packaging notes regarding QUIC:
+
+We enable QUIC for Tumbleweed where OpenSSL 3.x is the default.
+OpenSSL is not the perfect fit, but it's better than nothing - the best recommendation by HAProxy currently seems to be AWS-LC, but we do not ship it.
+
+https://github.com/haproxy/wiki/wiki/SSL-Libraries-Support-Status#tldr
+
+Note to remove USE_QUIC_OPENSSL_COMPAT if switching to a different implementation in the future.
--- a/2
+++ b/2
@@ -6,7 +6,7 @@
    <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
-    <param name="revision">v3.1.5</param>
+    <param name="revision">v3.1.7</param>
    <param name="changesgenerate">enable</param>
  </service>

--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 <servicedata>
  <service name="tar_scm">
    <param name="url">http://git.haproxy.org/git/haproxy-3.1.git/</param>
-    <param name="changesrevision">076df02923212eb5631dc58681d387d034090792</param>
+    <param name="changesrevision">c3f40894532072afb380f1779bce1ef85974df2f</param>
  </service>
 </servicedata>
--- a/haproxy-3.1.5+git0.076df0292.tar.gz
+++ b/haproxy-3.1.5+git0.076df0292.tar.gz
--- a/haproxy-3.1.7+git0.c3f408945.tar.gz
+++ b/haproxy-3.1.7+git0.c3f408945.tar.gz
--- a/haproxy.changes
+++ b/haproxy.changes
@@ -1,3 +1,137 @@
+-------------------------------------------------------------------
+Fri Apr 18 12:38:48 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to version 3.1.7+git0.c3f408945:
+  * [RELEASE] Released version 3.1.7
+  * BUG/MINOR: rhttp: ensure GOAWAY can be emitted after reversal
+  * BUG/MINOR: rhttp: fix reconnect if timeout connect unset
+  * BUG/MINOR: mux-h2: prevent past scheduling with idle connections
+  * MINOR: compiler: rely on builtin detection for __builtin_unreachable()
+  * MINOR: debug: make ha_stuck_warning() print the whole message at once
+  * MINOR: debug: make ha_stuck_warning() only work for the current thread
+  * MEDIUM: wdt: always make the faulty thread report its own warnings
+  * MINOR: pass a valid buffer pointer to ha_thread_dump_one()
+  * MINOR: debug: remove unused case of thr!=tid in ha_thread_dump_one()
+  * MINOR: debug: always reset the dump pointer when done
+  * MINOR: tinfo: keep a copy of the pointer to the thread dump buffer
+  * MINOR: debug: protect ha_dump_backtrace() against risks of re-entrance
+  * MINOR: tools: protect dladdr() against reentrant calls from the debug handler
+  * MINOR: tools: also protect the library name resolution against concurrent accesses
+  * BUG/MINOR: debug: detect and prevent re-entrance in ha_thread_dump_fill()
+  * BUG/MINOR: wdt/debug: avoid signal re-entrance between debugger and watchdog
+  * BUG/MINOR debug: fix !USE_THREAD_DUMP in ha_thread_dump_fill()
+  * BUG/MINOR: threads: set threads_idle and threads_harmless even with no threads
+  * BUILD: makefile: enable backtrace by default on musl
+  * MINOR: compiler: add ASSUME_NONNULL() to tell the compiler a pointer is valid
+  * MINOR: compiler: also enable __builtin_assume() for ASSUME()
+  * MINOR: compiler: add a new "ASSUME" macro to help the compiler
+  * MINOR: compiler: add a __has_builtin() macro to detect features more easily
+  * BUG/MEDIUM: hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data)
+  * BUG/MINOR: h3: reject request URI with invalid characters
+  * BUG/MINOR: h3: reject invalid :path in request
+  * BUG/MINOR: h3: filter upgrade connection header
+  * BUG/MEDIUM: h3: trim whitespaces in header value prior to QPACK encoding
+  * BUG/MEDIUM: h3: trim whitespaces when parsing headers value
+  * MINOR: debug: detect call instructions and show the branch target in backtraces
+  * MINOR: debug: in call traces, dump the 8 bytes before the return address, not after
+  * MINOR: tools: let dump_addr_and_bytes() support dumping before the offset
+  * BUILD: quic: fix overflow in global tune
+  * MINOR: quic: define quic_tune
+  * MINOR: quic: transform pacing settings into a global option
+  * MINOR: quic: allow BBR testing without pacing
+  * MINOR: quic: remove references to burst in quic-cc-algo parsing
+  * BUG/MEDIUM: http-ana: Report 502 from req analyzer only during rsp forwarding
+  * BUG/MINOR: http-ana: Properly detect client abort when forwarding the response
+  * DOC: config: add the missing "force-cfg-parser-pause" to the global kw index
+  * DOC: config: add the missing "profiling.memory" to the global kw index
+  * BUG/MINOR: debug: remove the trailing \n from BUG_ON() statements
+  * BUG/MINOR: hlua: fix invalid errmsg use in hlua_init()
+  * BUG/MINOR: backend: do not use the source port when hashing clientip
+  * BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refs
+  * BUG/MINOR: log: fix CBOR encoding with LOG_VARTEXT_START() + lf_encode_chunk()
+  * CLEANUP: log: adjust _lf_cbor_encode_byte() comment
+  * BUG/MINOR: hlua_fcn: fix potential UAF with Queue:pop_wait()
+  * MINOR: task: add thread safe notification_new and notification_wake variants
+  * TESTS: Fix build for filltab25.c
+  * BUG/MEDIUM: stream: Fix a possible freeze during a forced shut on a stream
+  * DOC: update INSTALL to reflect the minimum compiler version
+  * BUILD: quic_sock: address a strict-aliasing build warning with gcc 5 and 6
+  * BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port
+  * BUG/MINOR: backend: do not overwrite srv dst address on reuse
+  * BUG/MINOR: rhttp: fix incorrect dst/dst_port values
+  * BUILD: compiler: undefine the CONCAT() macro if already defined
+  * DOC: config: fix two missing "content" in "tcp-request" examples
+  * BUG/MINOR: config: silence .notice/.warning/.alert in discovery mode
+  * BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init char arrays
+  * BUG/MINOR: mux-quic: remove extra BUG_ON() in _qcc_send_stream()
+  * BUG/MEDIUM: mux-quic: fix crash on RS/SS emission if already close local
+  * BUG/MEDIUM: peers: prevent learning expiration too far in futur from unsync node
+  * BUG/MINOR: peers: fix expire learned from a peer not converted from ms to ticks
+  * MINOR: log: support "raw" logformat node typecast
+
+-------------------------------------------------------------------
+Tue Mar 25 18:12:19 UTC 2025 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
+
+- Build with QUIC on Tumbleweed
+
+-------------------------------------------------------------------
+Fri Mar 21 13:41:55 UTC 2025 - mrueckert@suse.de
+
+- Update to version 3.1.6+git0.d929ca290:
+  * [RELEASE] Released version 3.1.6
+  * BUILD: tools: avoid a build warning on gcc-4.8 in resolve_sym_name()
+  * MINOR: tools: teach resolve_sym_name() a few more common symbols
+  * MINOR: tools: ease the declaration of known symbols in resolve_sym_name()
+  * MINOR: tools: improve symbol resolution without dl_addr
+  * MINOR: cli: export cli_io_handler() to ease symbol resolution
+  * BUG/MEDIUM: stream: don't use localtime in dumps from a signal handler
+  * MINOR: tinfo: split the signal handler report flags into 3
+  * IMPORT: plock: use cpu_relax() for a shorter time in EBO
+  * IMPORT: plock: lower the slope of the exponential back-off
+  * IMPORT: plock: give higher precedence to W than S
+  * BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent
+  * BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup()
+  * BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0
+  * BUILD: tools: silence a build warning when USE_THREAD=0
+  * MINOR: tools: use only opportunistic symbols resolution
+  * BUG/MINOR: stats: fix capabilities and hide settings for some generic metrics
+  * DOC: management: rename some last occurences from domain "dns" to "resolvers"
+  * MINOR: compiler: add a new __decl_thread_var() macro to declare local variables
+  * MINOR: compiler: add a simple macro to concatenate resolved strings
+  * BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity
+  * MINOR: startup: adjust alert messages, when capabilities are missed
+  * BUG/MINOR: cfgparse-tcp: relax namespace bind check
+  * MINOR: stream/cli: make "show sess" support filtering on front/back/server
+  * MINOR: stream/cli: rework "show sess" to better consider optional arguments
+  * BUG/MINOR: stream: fix age calculation in "show sess" output
+  * MINOR: cfgparse/peers: provide more info when ignoring invalid "peer" or "server" lines
+  * BUG/MINOR: server: dont return immediately from parse_server() when skipping checks
+  * BUG/MINOR: cfgparse/peers: properly handle ignored local peer case
+  * BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server
+  * BUG/MEIDUM: startup: return to initial cwd only after check_config_validity()
+  * BUG/MINOR: log: set proper smp size for balance log-hash
+  * CLEANUP: log: removing "log-balance" references
+  * CI: github: fix h2spec.config proxy names
+  * TESTS: ist: fix wrong array size
+  * BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer
+  * BUG/MEDIUM: mux-fcgi: Try to fully fill demux buffer on receive if not empty
+  * CLEANUP: h3: fix documentation of h3_rcv_buf()
+  * BUG/MINOR: h3: do not report transfer as aborted on preemptive response
+  * BUG/MINOR: server: fix the "server-template" prefix memory leak
+  * BUG/MEDIUM: server: properly initialize PROXY v2 TLVs
+  * BUG/MINOR: h2: always trim leading and trailing LWS in header values
+  * BUG/MEDIUM: stream: use non-blocking freq_ctr calls from the stream dumper
+  * MINOR: freq_ctr: provide non-blocking read functions
+  * BUG/MEDIUM: stream: never allocate connection addresses from signal handler
+  * MINOR: tinfo: add a new thread flag to indicate a call from a sig handler
+  * BUG/MINOR: mux-h1: always make sure h1s->sd exists in h1_dump_h1s_info()
+  * BUG/MINOR: stream: do not call co_data() from __strm_dump_to_buffer()
+  * MINOR: clock: always use atomic ops for global_now_ms
+  * BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers
+  * BUG/MINOR: log: fix outgoing abns address family
+  * BUG/MEDIUM: uxst: fix outgoing abns address family in connect()
+  * BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers
+
 -------------------------------------------------------------------
 Thu Mar 13 23:12:51 UTC 2025 - mrueckert@suse.de

--- a/haproxy.spec
+++ b/haproxy.spec
@@ -14,7 +14,19 @@

 # Please submit bugfixes or comments via https://bugs.opensuse.org/

+# => notes regarding QUIC in README.SUSE.PACKAGING
+%if 0%{?suse_version} > 1600
+%bcond_without quic
+%else
 %bcond_with quic
+%endif
+
+%if 0%{?suse_version} > 1500
+%bcond_with    rc_symlink
+%else
+%bcond_without rc_symlink
+%endif
+
 %if 0%{?suse_version} >= 1230
 %bcond_without tcp_fast_open
 %bcond_without network_namespace
@@ -53,7 +65,7 @@
 %endif

 Name:           haproxy
-Version:        3.1.5+git0.076df0292
+Version:        3.1.7+git0.c3f408945
 Release:        0
 #
 #
@@ -99,6 +111,8 @@ Source3:        local.usr.sbin.haproxy.apparmor
 Source4:        haproxy.cfg
 Source5:        haproxy-user.conf
 Source6:        haproxy-tmpfiles.conf
+Source7:        README.SUSE
+Source8:        README.SUSE.PACKAGING
 Patch1:         haproxy-1.6.0_config_haproxy_user.patch
 Patch2:         haproxy-1.6.0-makefile_lib.patch
 Patch3:         haproxy-1.6.0-sec-options.patch
@@ -135,6 +149,7 @@ the most work done from every CPU cycle.

 %prep
 %autosetup -p1
+cp %{SOURCE7} .

 %build
 make %{?_smp_mflags} \
@@ -170,6 +185,7 @@ make %{?_smp_mflags} \
    USE_PROMEX=1 \
    %if %{with quic}
    USE_QUIC=1 \
+    USE_QUIC_OPENSSL_COMPAT=1 \
    %endif
    %if %{with opentracing}
    USE_OT=1 \
@@ -195,7 +211,9 @@ install -D -m 0755 admin/halog/halog %{buildroot}%{_sbindir}/haproxy-halog

 %if %{with systemd}
 install -D -m 0644 admin/systemd/%{pkg_name}.service  %{buildroot}%{_unitdir}/%{pkg_name}.service
+%if %{with rc_symlinks}
 ln -sf /sbin/service   %{buildroot}%{_sbindir}/rc%{pkg_name}
+%endif
 %if %{with sysusers}
 install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
 %endif
@@ -270,7 +288,7 @@ getent passwd %{pkg_name} >/dev/null || \
 %files
 %defattr(-,root,root,-)
 %license LICENSE
-%doc CHANGELOG README.md
+%doc README.SUSE CHANGELOG README.md
 %doc doc/* examples/
 %doc admin/netsnmp-perl/ admin/selinux/
 %dir               %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
@@ -289,7 +307,9 @@ getent passwd %{pkg_name} >/dev/null || \
 %endif
 %{_sbindir}/haproxy
 %{_sbindir}/haproxy-halog
+%if %{with rc_symlinks}
 %{_sbindir}/rchaproxy
+%endif
 %dir %attr(-,root,haproxy) %{pkg_home}
 %{_mandir}/man1/%{pkg_name}.1.gz
 %dir %{_datadir}/vim