Accepting request 774671 from server:http

OBS-URL: https://build.opensuse.org/request/show/774671 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=82
2020-02-19 11:41:00 +00:00 · 2020-02-19 11:41:00 +00:00 · e54ac01865
commit e54ac01865
parent 10ce703ea7 01a99e5686
8 changed files with 179 additions and 16 deletions
--- a/2
+++ b/2
@ -6,7 +6,7 @@
    <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
-    <param name="revision">v2.1.1</param>
+    <param name="revision">v2.1.3</param>
    <param name="changesgenerate">enable</param>
  </service>

--- a/2
+++ b/2
@ -1,6 +1,6 @@
 <servicedata>
  <service name="tar_scm">
    <param name="url">http://git.haproxy.org/git/haproxy-2.1.git</param>
-    <param name="changesrevision">4ae521379e97fb23630fc60516e6f19c03a93b58</param>
+    <param name="changesrevision">5c020bbddc3d9573f02cde383abc983ad0781fc1</param>
  </service>
 </servicedata>
--- a/haproxy-2.1.1+git0.4ae521379.tar.gz
+++ b/haproxy-2.1.1+git0.4ae521379.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8a23806a9d221107ae782b3d97e0163ab21d1dff62d147ebdd8d8e4f14a28e92
-size 2737454
--- a/haproxy-2.1.3+git0.5c020bbdd.tar.gz
+++ b/haproxy-2.1.3+git0.5c020bbdd.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e0a0b380bdd6f34240a7470e86d6c83463e8a2a98e2922b6e9fa8a55dd1bcd41
+size 2752990
--- a/haproxy-user.conf
+++ b/haproxy-user.conf
@ -0,0 +1,3 @@
+# Type Name ID GECOS [HOME]
+u haproxy - "User for haproxy" /var/lib/haproxy
+
--- a/haproxy.cfg
+++ b/haproxy.cfg
@ -32,4 +32,3 @@ listen stats
  stats enable
  stats uri     /
  stats refresh 5s
-  rspadd Server:\ haproxy/1.6
--- a/haproxy.changes
+++ b/haproxy.changes
@ -1,3 +1,135 @@
+-------------------------------------------------------------------
+Fri Feb 14 13:23:23 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
+
+- Remove unsupported options from example haproxy.cfg
+- Make haproxy useable for containers
+  - Use sysusers.d to create users.
+  - Use systemd_ordering instead of requiring systemd.
+  - Own vim syntax directory instead of requiring vim. This also
+    solves the problem the directory got never removed if vim is
+    updated before haproxy.
+
+-------------------------------------------------------------------
+Wed Feb 12 15:42:26 UTC 2020 - mrueckert@suse.de
+
+- Update to version 2.1.3+git0.5c020bbdd:
+  * [RELEASE] Released version 2.1.3
+  * BUG/MINOR: tcp: don't try to set defaultmss when value is negative
+  * BUG/MINOR: http-ana: Set HTX_FL_PROXY_RESP flag if a server perform a redirect
+  * BUG/MINOR: http-ana: Don't overwrite outgoing data when an error is reported
+  * MINOR: htx/channel: Add a function to copy an HTX message in a channel's buffer
+  * MINOR: htx: Add a function to append an HTX message to another one
+  * DOC: word converter ignores delimiters at the start or end of input string
+  * MINOR: build: add aix72-gcc build TARGET and power{8,9} CPUs
+  * BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener
+  * BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init
+  * BUG/MEDIUM: listener: only consider running threads when resuming listeners
+  * BUG/MINOR: dns: allow 63 char in hostname
+  * BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit
+  * DOC: schematic of the SSL certificates architecture
+  * BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init
+  * SCRIPTS: announce-release: allow the user to force to overwrite old files
+  * SCRIPTS: announce-release: place the send command in the mail's header
+  * CONTRIB: debug: also support reading values from stdin
+  * MINOR: acl: Warn when an ACL is named 'or'
+  * CONTRIB: debug: support reporting multiple values at once
+  * CONTRIB: debug: add the possibility to decode the value as certain types only
+  * CONTRIB: debug: add missing flags SF_HTX and SF_MUX
+  * BUG/MINOR: ssl: clear the SSL errors on DH loading failure
+  * BUG/MINOR: ssl: we may only ignore the first 64 errors
+  * BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty.
+  * BUG/MEDIUM: memory: Add a rwlock before freeing memory.
+  * MINOR: memory: Only init the pool spinlock once.
+  * BUG/MEDIUM: memory_pool: Update the seq number in pool_flush().
+  * BUG/MEDIUM: connections: Don't forget to unlock when killing a connection.
+  * BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2
+  * BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer.
+  * BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error
+  * BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack
+  * BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure.
+  * MINOR: lua: Add HLUA_PREPEND_C?PATH build option
+  * MINOR: lua: Add lua-prepend-path configuration option
+  * MINOR: lua: Add hlua_prepend_path function
+  * BUILD: cfgparse: silence a bogus gcc warning on 32-bit machines
+  * BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers"
+  * BUG/MINOR: stktable: report the current proxy name in error messages
+  * BUG/MEDIUM: 0rtt: Only consider the SSL handshake.
+  * BUG/MINOR: ssl/cli: ocsp_issuer must be set w/ "set ssl cert"
+  * BUG/MINOR: ssl: typo in previous patch
+  * BUG/MINOR: ssl: memory leak w/ the ocsp_issuer
+  * BUG/MINOR: ssl: increment issuer refcount if in chain
+  * CLEANUP: stats: shut up a wrong null-deref warning from gcc 9.2
+  * BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded
+  * BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
+  * BUG/MEDIUM: netscaler: Don't forget to allocate storage for conn->src/dst.
+  * BUG/MINOR: http_act: don't check capture id in backend
+  * MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive
+  * BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak
+  * BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak
+  * BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak
+  * BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing
+  * BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing
+  * BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
+  * BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters
+  * BUILD: pattern: include errno.h
+  * BUG/MINOR: 51d: Fix bug when HTX is enabled
+  * BUG/MINOR: dns: Make dns_query_id_seed unsigned
+  * BUG/MINOR: cache: Fix leak of cache name in error path
+  * BUG/MINOR: pattern: handle errors from fgets when trying to load patterns
+  * BUG/MEDIUM: connection: add a mux flag to indicate splice usability
+  * BUG/MINOR: stream: don't mistake match rules for store-request rules
+  * BUG/MEDIUM: cli: _getsocks must send the peers sockets
+  * REGTEST: add sample_fetches/hashes.vtc to validate hashes
+  * BUG/MAJOR: hashes: fix the signedness of the hash inputs
+  * BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed().
+  * BUG/MEDIUM: mworker: remain in mworker mode during reload
+  * REGTEST: mcli/mcli_start_progs: start 2 programs
+  * BUG/MINOR: cli/mworker: can't start haproxy with 2 programs
+  * BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary
+  * BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch
+  * BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send()
+  * BUG/MEDIUM: tasks: Use the MT macros in tasklet_free().
+  * BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached
+  * BUG/MEDIUM: session: do not report a failure when rejecting a session
+  * BUG/MINOR: channel: inject output data at the end of output
+  * BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied
+  * BUG/MINOR: proxy: Fix input data copy when an error is captured
+  * BUG/MINOR: h1: Report the right error position when a header value is invalid
+  * MINOR: ssl: Remove unused variable "need_out".
+  * MINOR: config: disable busy polling on old processes
+  * BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection.
+  * BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready.
+  * BUG/MINOR: checks: refine which errno values are really errors.
+
+-------------------------------------------------------------------
+Fri Feb 07 12:48:02 UTC 2020 - mrueckert@suse.de
+
+- Update to version 2.1.2+git0.d5b6759b5:
+  * [RELEASE] Released version 2.1.2
+  * BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility
+  * BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream
+  * BUG/MINOR: state-file: do not leak memory on parse errors
+  * BUG/MINOR: state-file: do not store duplicates in the global tree
+  * BUG/MEDIUM: state-file: do not allocate a full buffer for each server entry
+  * BUG/MINOR: ssl: openssl-compat: Fix getm_ defines
+  * BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd
+  * MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute
+  * BUG/MEDIUM: ssl: Revamp the way early data are handled.
+  * BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
+  * MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task
+  * MINOR: http: add a new "replace-path" action
+  * MINOR: debug: support logging to various sinks
+  * BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.
+  * MINOR: sample: Validate the number of bits for the sha2 converter
+  * BUG/MINOR: sample: always check converters' arguments
+  * BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
+  * DOC: clarify the fact that replace-uri works on a full URI
+
+-------------------------------------------------------------------
+Fri Feb  7 12:46:02 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
+
+- drop the udev buildrequires completely
+
 -------------------------------------------------------------------
 Thu Jan 23 13:10:03 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/haproxy.spec
+++ b/haproxy.spec
@ -46,8 +46,14 @@
 %bcond_with    apparmor_reload
 %endif

+%if 0%{?suse_version} >= 1500
+%bcond_without sysusers
+%else
+%bcond_with sysusers
+%endif
+
 Name:           haproxy
-Version:        2.1.1+git0.4ae521379
+Version:        2.1.3+git0.5c020bbdd
 Release:        0
 #
 #
@ -72,10 +78,13 @@ BuildRequires:  pcre-devel
 BuildRequires:  zlib-devel
 BuildRequires:  openssl-devel
 BuildRequires:  pkg-config
-BuildRequires:  pkgconfig(udev)
 %if %{with systemd}
 BuildRequires:  pkgconfig(systemd)
 BuildRequires:  pkgconfig(libsystemd)
+%if %{with sysusers}
+BuildRequires:  sysuser-shadow
+BuildRequires:  sysuser-tools
+%endif
 %endif
 BuildRequires:  vim
 %define pkg_name haproxy
@ -88,6 +97,7 @@ Source1:        %{pkg_name}.init
 Source2:        usr.sbin.haproxy.apparmor
 Source3:        local.usr.sbin.haproxy.apparmor
 Source4:        haproxy.cfg
+Source5:        haproxy-user.conf
 Patch1:         haproxy-1.6.0_config_haproxy_user.patch
 Patch2:         haproxy-1.6.0-makefile_lib.patch
 Patch3:         haproxy-1.6.0-sec-options.patch
@ -101,10 +111,11 @@ Provides:       %{name}-doc = %{version}
 Obsoletes:      %{name}-doc < %{version}
 Provides:       haproxy-1.5 = %{version}
 Obsoletes:      haproxy-1.5 < %{version}
-# this requires is not strictly needed. we only need it for the ownership of the vim data dir
-Requires:       vim
 %if %{with systemd}
-%{?systemd_requires}
+%{?systemd_ordering}
+%if %{with sysusers}
+%sysusers_requires
+%endif
 %endif
 %{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}

@ -161,6 +172,9 @@ make \
    DEBUG_CFLAGS="%{optflags}" V=1
 %if %{with systemd}
 make -C contrib/systemd  PREFIX="%{_prefix}"
+%if %{with sysusers}
+%sysusers_generate_pre %{SOURCE5} haproxy
+%endif
 %endif
 make -C contrib/halog    PREFIX="%{_prefix}" \
    DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"
@ -175,6 +189,9 @@ install -D -m 0755 contrib/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
 %if %{with systemd}
 install -D -m 0644 contrib/systemd/%{pkg_name}.service  %{buildroot}%{_unitdir}/%{pkg_name}.service
 ln -sf /sbin/service   %{buildroot}%{_sbindir}/rc%{pkg_name}
+%if %{with sysusers}
+install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
+%endif
 %else
 install -D -m 0755 %{S:1}                      %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
 ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
@ -190,13 +207,13 @@ install -D -m 0644 %{S:3}                   %{buildroot}/etc/apparmor.d/local/us

 rm examples/*init*

-%pre
-getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
-getent passwd %{pkg_name} >/dev/null || \
-	/usr/sbin/useradd  -g %{pkg_name} -s /bin/false -r \
-	-c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name}

 %if %{with systemd}
+%if %{with sysusers}
+%pre -f haproxy.pre
+%else
+%pre
+%endif
 %service_add_pre %{pkg_name}.service

 %post
@ -213,6 +230,12 @@ getent passwd %{pkg_name} >/dev/null || \

 %else

+%pre
+getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
+getent passwd %{pkg_name} >/dev/null || \
+	/usr/sbin/useradd  -g %{pkg_name} -s /bin/false -r \
+	-c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name}
+
 %post
 %fillup_and_insserv %{pkg_name}
 %if %{with apparmor} && %{with apparmor_reload}
@ -238,6 +261,9 @@ getent passwd %{pkg_name} >/dev/null || \
 %config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/*
 %if %{with systemd}
 %{_unitdir}/%{pkg_name}.service
+%if %{with sysusers}
+%{_sysusersdir}/haproxy-user.conf
+%endif
 %else
 %config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
 %endif
@ -246,6 +272,9 @@ getent passwd %{pkg_name} >/dev/null || \
 %{_sbindir}/rchaproxy
 %dir %attr(-,root,haproxy) %{pkg_home}
 %{_mandir}/man1/%{pkg_name}.1.gz
+%dir %{_datadir}/vim
+%dir %{vim_data_dir}
+%dir %{vim_data_dir}/syntax
 %{vim_data_dir}/syntax/%{pkg_name}.vim
 %if %{with apparmor}
 %if 0%{?suse_version} == 1110