- Update to version 3.3.3+git0.465d8e2fc:
(boo#1257976 CVE-2026-26081 CVE-2026-26080)
* [RELEASE] Released version 3.3.3
* BUG/MAJOR: quic: fix parsing frame type
* BUG/MAJOR: quic: reject invalid token
* BUG/MINOR: backend: fix access on shared counters array
* BUG/MINOR: quic: ensure handshake speed up is only run once per conn
* BUG/MINOR: ssl: SSL_CERT_DIR environment variable doesn't affect haproxy
* MINOR: activity: allow to switch per-task lock/memory profiling at runtime
* MEDIUM: activity: apply and use new finegrained task profiling settings
* MINOR: activity: support setting/clearing lock/memory watching for task profiling
* BUG/MINOR: startup: handle a possible strdup() failure
* BUG/MINOR: startup: fix allocation error message of progname string
* BUG/MINOR: config: Fix setting of alt_proto
* MEDIUM: backend: make "balance random" consider req rate when loads are equal
* DOC: config: mention the limitation on server id range for consistent hash
* BUG/MEDIUM: lb-chash: always properly initialize lb_nodes with dynamic servers
* CLEANUP: lb-chash: free lb_nodes from chash's deinit(), not global
* BUG/MINOR: cpu-topo: count cores not cpus to distinguish core types
* CLEANUP: haproxy: fix bad line wrapping in run_poll_loop()
* BUG/MEDIUM: threads: Atomically set TH_FL_SLEEPING and clr FL_NOTIFIED
OBS-URL: https://build.opensuse.org/request/show/1332730
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=176
(boo#1257976 CVE-2026-26081 CVE-2026-26080)
* [RELEASE] Released version 3.3.3
* BUG/MAJOR: quic: fix parsing frame type
* BUG/MAJOR: quic: reject invalid token
* BUG/MINOR: backend: fix access on shared counters array
* BUG/MINOR: quic: ensure handshake speed up is only run once per conn
* BUG/MINOR: ssl: SSL_CERT_DIR environment variable doesn't affect haproxy
* MINOR: activity: allow to switch per-task lock/memory profiling at runtime
* MEDIUM: activity: apply and use new finegrained task profiling settings
* MINOR: activity: support setting/clearing lock/memory watching for task profiling
* BUG/MINOR: startup: handle a possible strdup() failure
* BUG/MINOR: startup: fix allocation error message of progname string
* BUG/MINOR: config: Fix setting of alt_proto
* MEDIUM: backend: make "balance random" consider req rate when loads are equal
* DOC: config: mention the limitation on server id range for consistent hash
* BUG/MEDIUM: lb-chash: always properly initialize lb_nodes with dynamic servers
* CLEANUP: lb-chash: free lb_nodes from chash's deinit(), not global
* BUG/MINOR: cpu-topo: count cores not cpus to distinguish core types
* CLEANUP: haproxy: fix bad line wrapping in run_poll_loop()
* BUG/MEDIUM: threads: Atomically set TH_FL_SLEEPING and clr FL_NOTIFIED
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=353
- Readd USE_RELRO_NOW=1, USE_STACKPROTECTOR=1, USE_PIE=1
- adapt haproxy-1.6.0-sec-options.patch so the build no longer
complains about unused options
- drop CPU="%{_target_cpu}" as it is unused
- migrate to DEBUG_CFLAGS to OPT_CFLAGS
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=346
- Update to version 3.2.8+git0.9200f398d:
* [RELEASE] Released version 3.2.8
* BUG/MINOR: acme: wrong dns-01 challenge in the log
* BUG/MEDIUM: server: close a race around ready_srv when deleting a server
* BUG/MEDIUM: connections: permit to permanently remove an idle conn
* BUG/MEDIUM: mux-h2: make sure not to move a dead connection to idle
* BUG/MEDIUM: mux-h1: fix 414 / 431 status code reporting
* SCRIPTS: build-ssl: fix rpath in AWS-LC install for openssl and bssl bin
* OPTIM: backend: skip conn reuse for incompatible proxies
* BUG/MINOR: resolvers: ensure fair round robin iteration
* BUG/MINOR: ssl: returns when SSL_CTX_new failed during init
* BUG/MINOR: resolvers: Apply dns-accept-family setting on additional records
* BUG/MINOR: init: Do not close previously created fd in stdio_quiet
* MINOR: http: fix 405,431,501 default errorfile
* MINOR: ssl-sample: add ssl_fc_early_rcvd() to detect use of early data
* DOC: config: slightly clarify the ssl_fc_has_early() behavior
* BUG/MEDIUM: ssl: Crash because of dangling ckch_store reference in a ckch instance
* MINOR: backend: srv_is_up converter
* MINOR: backend: srv_queue helper
* BUG/MEDIUM: cli: do not return ACKs one char at a time
* MINOR: cli: create cli_raw_rcv_buf() from the generic applet_raw_rcv_buf()
* MINOR: applet: do not put SE_FL_WANT_ROOM on rcv_buf() if the channel is empty
* BUG/MEDIUM: mt_list: Use atomic operations to prevent compiler optims
* BUG/MINOR: stick-tables: properly index string-type keys
* BUG/MEDIUM: applet: Improve again spinning loops detection with the new API
* BUG/MEDIUM: mt_lists: Avoid el->prev = el->next = el
OBS-URL: https://build.opensuse.org/request/show/1316410
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=169
* [RELEASE] Released version 3.2.8
* BUG/MINOR: acme: wrong dns-01 challenge in the log
* BUG/MEDIUM: server: close a race around ready_srv when deleting a server
* BUG/MEDIUM: connections: permit to permanently remove an idle conn
* BUG/MEDIUM: mux-h2: make sure not to move a dead connection to idle
* BUG/MEDIUM: mux-h1: fix 414 / 431 status code reporting
* SCRIPTS: build-ssl: fix rpath in AWS-LC install for openssl and bssl bin
* OPTIM: backend: skip conn reuse for incompatible proxies
* BUG/MINOR: resolvers: ensure fair round robin iteration
* BUG/MINOR: ssl: returns when SSL_CTX_new failed during init
* BUG/MINOR: resolvers: Apply dns-accept-family setting on additional records
* BUG/MINOR: init: Do not close previously created fd in stdio_quiet
* MINOR: http: fix 405,431,501 default errorfile
* MINOR: ssl-sample: add ssl_fc_early_rcvd() to detect use of early data
* DOC: config: slightly clarify the ssl_fc_has_early() behavior
* BUG/MEDIUM: ssl: Crash because of dangling ckch_store reference in a ckch instance
* MINOR: backend: srv_is_up converter
* MINOR: backend: srv_queue helper
* BUG/MEDIUM: cli: do not return ACKs one char at a time
* MINOR: cli: create cli_raw_rcv_buf() from the generic applet_raw_rcv_buf()
* MINOR: applet: do not put SE_FL_WANT_ROOM on rcv_buf() if the channel is empty
* BUG/MEDIUM: mt_list: Use atomic operations to prevent compiler optims
* BUG/MINOR: stick-tables: properly index string-type keys
* BUG/MEDIUM: applet: Improve again spinning loops detection with the new API
* BUG/MEDIUM: mt_lists: Avoid el->prev = el->next = el
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=340
* [RELEASE] Released version 3.2.5
* BUG/MEDIUM: pattern: fix possible infinite loops on deletion (try 2)
* DEBUG: stick-tables: export stktable_add_pend_updates() for better reporting
* BUG/MEDIUM: ring: invert the length check to avoid an int overflow
* BUG/MINOR: resolvers: always normalize FQDN from response
* BUG/MINOR: ocsp: Crash when updating CA during ocsp updates
* BUG/MEDIUM: http_ana: fix potential NULL deref in http_process_req_common()
* BUG/MINOR: ocsp: prototype inconsistency
* BUG/MINOR: ssl: Fix potential NULL deref in trace callback
* BUG/MINOR: ssl: Potential NULL deref in trace macro
* BUG/MEDIUM: jws: return size_t in JWS functions
* BUG/MINOR: acme: null pointer dereference upon allocation failure
* BUG/MAJOR: stream: Force channel analysis on successful synchronous send
* BUG/MAJOR: stream: Remove READ/WRITE events on channels after analysers eval
* BUG/MINOR: stick-table: make sure never to miss a process_table_expire update
* BUG/MEDIUM: stick-tables: don't loop on non-expirable entries
* BUG/MINOR: activity: fix reporting of task latency
* BUG/MEDIUM: ssl: create the mux immediately on early data
* BUG/MEDIUM: h1: Allow reception if we have early data
* BUG/MEDIUM: checks: fix ALPN inheritance from server
* OPTIM: check: do not delay MUX for ALPN if SSL not active
* BUG/MEDIUM: mux-h2: Reinforce conditions to report an error to app-layer stream
* BUG/MEDIUM: mux-h2: Report RST/error to app-layer stream during 0-copy fwding
* BUG/MINOR: mux-h2: Remove H2_CF_DEM_DFULL flags when the demux buffer is reset
* BUG/MEDIUM: mux-h2: Restart reading when mbuf ring is no longer full
* BUG/MEDIUM: mux-h2; Don't block reveives in H2_CS_ERROR and H2_CS_ERROR2 states
* BUG/MEDIUM: mux-h2: Reset MUX blocking flags when a send error is caught
* CLEANUP: quic: fix typo in quic_tx trace
* BUG/MINOR: cpu_topo: work around a small bug in musl's CPU_ISSET()
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=335
