pool/haproxy
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 714254 from server:http

Browse Source 
- Update to version 2.0.1+git27.5db881ff:
  * BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2
  * BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it.
  * BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si
  * MINOR: stream-int: Factorize processing done after sending data in si_cs_send()
  * BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
  * BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted
  * BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
  * BUG/MEDIUM: http/applet: Finish request processing when a service is registered
  * MINOR: action: Add the return code ACT_RET_DONE for actions
  * BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
  * MINOR: server: Add "no-tfo" option.
  * BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
  * BUG/MEDIUM: servers: Authorize tfo in default-server.
  * BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux.
  * BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent
  * BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
  * BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit()
  * BUG/MINOR: hlua: Don't use channel_htx_recv_max()
  * BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
  * BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed.
  * BUG/MEDIUM: connections: Always call shutdown, with no linger.
  * BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
  * BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
  * BUG/MEDIUM: checks: unblock signals in external checks
  * BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported
  * BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
  * BUG/MINOR: mworker/cli: don't output a \n before the response
  * BUG/MINOR: mux-h1: Make format errors during output formatting fatal
  * BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages

OBS-URL: https://build.opensuse.org/request/show/714254
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=71
This commit is contained in:
Dominique Leuenberger 2019-07-11 11:17:17 +00:00 committed by Git OBS Bridge
commit 215237a5b2
10 changed files with 220 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
_service
View File

@ -1,12 +1,12 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param>
<param name="url">http://git.haproxy.org/git/haproxy-2.0.git</param>
<param name="scm">git</param>
<param name="filename">haproxy</param>
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="revision">v1.8.20</param>
<param name="revision">master</param>
<param name="changesgenerate">enable</param>
</service>

12
_servicedata
View File

@ -1,8 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-1.6.git</param>
<param name="changesrevision">864bf78c3b6898eb12ece5f0a44032090f26f57f</param></service><service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-1.7.git</param>
<param name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param>
<param name="changesrevision">6fb9fadc5311cd00beb522a35596d3aa63f24fdb</param></service></servicedata>
<service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-2.0.git</param>
<param name="changesrevision">5db881ff0506bd5bb6caf9d80a06e79afa7473ca</param>
</service>
</servicedata>

21
haproxy-1.6.0-makefile_lib.patch
View File

@ -1,9 +1,9 @@
Index: Makefile
===================================================================
--- Makefile.orig
+++ Makefile
@@ -647,7 +647,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US
PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local)
diff --git a/Makefile b/Makefile
index d62fead7..33fa6338 100644
--- a/Makefile
+++ b/Makefile
@@ -619,7 +619,7 @@ PCRE_CONFIG := pcre-config
PCREDIR := $(shell $(PCRE_CONFIG) --prefix 2>/dev/null || echo /usr/local)
ifneq ($(PCREDIR),)
PCRE_INC := $(PCREDIR)/include
-PCRE_LIB := $(PCREDIR)/lib
@ -11,3 +11,12 @@ Index: Makefile
endif
ifeq ($(USE_STATIC_PCRE),)
@@ -638,7 +638,7 @@ PCRE2_CONFIG := pcre2-config
PCRE2DIR := $(shell $(PCRE2_CONFIG) --prefix 2>/dev/null || echo /usr/local)
ifneq ($(PCRE2DIR),)
PCRE2_INC := $(PCRE2DIR)/include
-PCRE2_LIB := $(PCRE2DIR)/lib
+PCRE2_LIB := $(PCRE2DIR)/$(LIB)
ifeq ($(PCRE2_WIDTH),)
PCRE2_WIDTH = 8

18
haproxy-1.6.0-sec-options.patch
View File

@ -1,9 +1,15 @@
Index: Makefile
===================================================================
--- Makefile.orig
+++ Makefile
@@ -674,6 +674,35 @@ OPTIONS_CFLAGS += -DUSE_TFO
BUILD_OPTIONS += $(call ignore_implicit,USE_TFO)
commit 88413472b09e2ecd4ad2b4a00992184c14d5723c
Author: Kristoffer Gronlund <kgronlund@suse.com>
Date: Mon Jun 17 13:00:08 2019 +0000
SUSE: Makefile sec options
diff --git a/Makefile b/Makefile
index 33fa6338..3777ad6d 100644
--- a/Makefile
+++ b/Makefile
@@ -675,6 +675,35 @@ endif
endif
endif
+# PIE

28
haproxy-1.6.0_config_haproxy_user.patch
View File

@ -15,20 +15,6 @@ Index: haproxy-1.6.0/examples/acl-content-sw.cfg
pidfile /var/run/haproxy.pid
daemon
quiet
Index: haproxy-1.6.0/examples/auth.cfg
===================================================================
--- haproxy-1.6.0.orig/examples/auth.cfg
+++ haproxy-1.6.0/examples/auth.cfg
@@ -1,7 +1,7 @@
global
-# chroot /var/empty/
-# uid 451
-# gid 451
+ user haproxy
+ group haproxy
+ chroot /var/lib/haproxy
log 192.168.131.214:8514 local4 debug
maxconn 8192
Index: haproxy-1.6.0/examples/content-sw-sample.cfg
===================================================================
@ -64,20 +50,6 @@ Index: haproxy-1.6.0/examples/option-http_proxy.cfg
nbproc 4
daemon
Index: haproxy-1.6.0/examples/ssl.cfg
===================================================================
--- haproxy-1.6.0.orig/examples/ssl.cfg
+++ haproxy-1.6.0/examples/ssl.cfg
@@ -4,6 +4,9 @@
global
maxconn 100
+ chroot /var/lib/haproxy
+ user haproxy
+ group haproxy
defaults
mode http
Index: haproxy-1.6.0/examples/transparent_proxy.cfg
===================================================================
--- haproxy-1.6.0.orig/examples/transparent_proxy.cfg

3
haproxy-1.8.20~git0.6fb9fadc.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2532e32c049351060e35aa4d5fda51ca76e1c411b00b8578609134250cd06000
size 2142728

3
haproxy-2.0.1+git27.5db881ff.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:728a964b51d9438b5a4d0098fccbcc697f55869f10a273e4f47d8d00d99934f8
size 2618306

175
haproxy.changes
View File

@ -1,3 +1,178 @@
-------------------------------------------------------------------
Tue Jul 09 11:48:41 UTC 2019 - kgronlund@suse.com
- Update to version 2.0.1+git27.5db881ff:
* BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2
* BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it.
* BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si
* MINOR: stream-int: Factorize processing done after sending data in si_cs_send()
* BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
* BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted
* BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
* BUG/MEDIUM: http/applet: Finish request processing when a service is registered
* MINOR: action: Add the return code ACT_RET_DONE for actions
* BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
* MINOR: server: Add "no-tfo" option.
* BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
* BUG/MEDIUM: servers: Authorize tfo in default-server.
* BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux.
* BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent
* BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
* BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit()
* BUG/MINOR: hlua: Don't use channel_htx_recv_max()
* BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
* BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed.
* BUG/MEDIUM: connections: Always call shutdown, with no linger.
* BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
* BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
* BUG/MEDIUM: checks: unblock signals in external checks
* BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported
* BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
* BUG/MINOR: mworker/cli: don't output a \n before the response
* BUG/MINOR: mux-h1: Make format errors during output formatting fatal
* BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages
* BUG/MEDIUM: proto_htx: Don't add EOM on 1xx informational messages
* BUG/MINOR: log: Detect missing sampling ranges in config
* BUG/MINOR: memory: Set objects size for pools in the per-thread cache
* BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing message is formatted
* BUG/MINOR: htx: Save hdrs_bytes when the HTX start-line is replaced
* BUG/MEDIUM: ssl: Don't do anything in ssl_subscribe if we have no ctx.
* BUG/MEDIUM: connections: Always add the xprt handshake if needed.
* BUG/MEDIUM: stream_interface: Don't add SI_FL_ERR the state is < SI_ST_CON.
* BUG/MINOR: spoe: Fix memory leak if failing to allocate memory
* BUG/MEDIUM: mworker/cli: command pipelining doesn't work anymore
* BUG/MEDIUM: mworker: don't call the thread and fdtab deinit
* BUG/MINOR: mworker-prog: Fix segmentation fault during cfgparse
* BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL condition.
* BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock
* BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is checked
* BUG/MEDIUM: mux-h2: Reset padlen when several frames are demux
-------------------------------------------------------------------
Sun Jun 30 10:24:18 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Correct version line, which should be 2.0.0+git6.
-------------------------------------------------------------------
Tue Jun 18 12:09:15 UTC 2019 - Marcus Rueckert <mrueckert@suse.de>
- allow the new master socket path in the apparmor profile
-------------------------------------------------------------------
Tue Jun 18 12:04:20 UTC 2019 - mrueckert@suse.de
- Update to version 2.0.0~git6.41dc8432:
* BUG/MEDIUM: htx: Fully update HTX message when the block value is changed
* MINOR: htx: Add the function htx_change_blk_value_len()
* BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses
* BUG/MINOR: mux-h1: Add the header connection in lower case in outgoing messages
* BUG/MINOR: lua/htx: Make txn.req_req_* and txn.res_rep_* HTX aware
* BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is built
-------------------------------------------------------------------
Mon Jun 17 12:33:47 UTC 2019 - kgronlund@suse.com
- Update to version 2.0.0~git0.ba23630a:
- new internal native HTTP representation called HTX, was already in 1.9
and is now enabled by default in 2.0 ;
- end-to-end HTTP/2 support including trailers and continuation frames,
as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using
the H2 preface;
- server connection pooling and more advanced reuse, with ALPN protocol
negotiation (already in 1.9) ;
- layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers
as well as on the frontend ;
- much more scalable multi-threading, which is even enabled by default on
platforms where it was successfully tested ; by default, as many threads
are started as the number of CPUs haproxy is allowed to run on. This
removes a lot of configuration burden in VMs and containers ;
- automatic maxconn setting for the process and the frontends, directly
based on the number of available FDs (easier configuration in containers
and with systemd) ;
- logging to stdout for use in containers and systemd (already in 1.9).
Logs can now provide micro-second resolution for some events ;
- peers now support SSL, declaration of multiple stick-tables directly in
the peers section, and synchronization of server names, not just IDs ;
- In master-worker mode, the master process now exposes its own CLI and
can communicate with all other processes (including the stopping ones),
even allowing to connect to their CLI and check their state. It is also
possible to start some sidecar programs and monitor them from the master,
and the master can automatically kill old processes that survived too
many reloads ;
- the incoming connections are load-balanced between all threads depending
on their load to minimize the processing time and maximize the capacity
(already in 1.9) ;
- the SPOE connection load-balancing was significantly improved in order
to reduce high percentiles of SPOA response time (already in 1.9) ;
- the "random" load balancing algorithm and a power-of-two-choices variant
were introduced ;
- statistics improvements with per-thread counters for certain things, and
a prometheus exporter for all our statistics;
- lots of debugging help, it's easier to produce a core dump, there are
new commands on the CLI to control various things, there is a watchdog
to fail cleanly when a thread deadlock or a spinning task are detected,
so overall it should provide a better experience in field and less
round trips between users and developers (hence less stress during an
incident).
- all 3 device detection engines are now compatible with multi-threading
and can be build-tested without any external dependencies ;
- "do-resolve" http-request action to perform a DNS resolution on any,
sample, and resolvers now support relying on /etc/resolv.conf to match
the local resolver ;
- log sampling and balancing : it's now possible to send 1 log every 10
to a server, or to spread the logging load over multiple log servers;
- a new SPOA agent (spoa_server) allows to interface haproxy with Python
and Lua programs ;
- support for Solaris' event ports (equivalent of kqueue or epoll) which
will significantly improve the performance there when dealing with
numerous connections ;
- some warnings are now reported for some deprecated options that will
be removed in 2.1. Since 2.0 is long term supported, there's no
emergency to convert them, however if you see these warnings, you
need to understand that you're among their extremely rare users and
just because of this you may be taking risks by keeping them ;
- A new SOCKS4 server-side layer was provided ; it allows outgoing
connections to be forwarded through a SOCKS4 proxy (such as ssh -D).
- priority- and latency- aware server queues : it is possible now to
assign priorities to certain requests and/or to give them a time
bonus or penalty to refine control of the traffic and be able to
engage on SLAs.
- internally the architecture was significantly redesigned to allow to
further improve performance and make it easier to implement protocols
that span over multiple layers (such as QUIC). This work started in
1.9 and will continue with 2.1.
- the I/O, applets and tasks now share the same multi-threaded scheduler,
giving a much better responsiveness and fairness between all tasks as
is visible with the CLI which always responds instantly even under
extreme loads (started in 1.9) ;
- the internal buffers were redesigned to ease zero-copy operations, so
that it is possible to sustain a high bandwidth even when forwarding
HTTP/1 to/from HTTP/2 (already in 1.9) ;
-------------------------------------------------------------------
Fri May 03 12:56:13 UTC 2019 - kgronlund@suse.com

12
haproxy.spec
View File

@ -47,7 +47,7 @@
%endif
Name: haproxy
Version: 1.8.20~git0.6fb9fadc
Version: 2.0.1+git27.5db881ff
Release: 0
#
#
@ -122,12 +122,12 @@ the most work done from every CPU cycle.
%prep
%setup -q
%patch1 -p1
%patch2
%patch3
%patch2 -p1
%patch3 -p1
%build
make \
TARGET=linux2628 \
TARGET=linux-glibc \
CPU="%{_target_cpu}" \
USE_PCRE=1 \
%if %{with pcre_jit}
@ -180,14 +180,14 @@ ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
%endif
install -d -m 0750 %{buildroot}%{pkg_home}
install -D -m 0644 examples/haproxy.vim %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
install -D -m 0644 contrib/syntax-highlight/haproxy.vim %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
install -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1
%if %{with apparmor}
install -D -m 0644 %{S:2} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
%endif
rm examples/haproxy.spec examples/*init* examples/haproxy.vim
rm examples/*init*
%pre
getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}

1
usr.sbin.haproxy.apparmor
View File

@ -26,6 +26,7 @@
/var/lib/haproxy/stats.*.bak rwl,
/var/lib/haproxy/stats.*.tmp rwl,
/{,var/}run/haproxy.pid rw,
/{,var/}run/haproxy-master.sock* rwlk,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.haproxy>