Accepting request 1299269 from server:http

- Update to version 3.2.4+git0.98813a13e:

OBS-URL: https://build.opensuse.org/request/show/1299269
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=164

README.SUSE.PACKAGING

@@ -1,8 +1,14 @@
 Packaging notes regarding QUIC:
 
-We enable QUIC for Tumbleweed where OpenSSL 3.x is the default.
-OpenSSL is not the perfect fit, but it's better than nothing - the best recommendation by HAProxy currently seems to be AWS-LC, but we do not ship it.
-
+By default we enable QUIC with OpenSSL for Tumbleweed. OpenSSL is not the perfect fit - the best recommendation by HAProxy currently seems to be AWS-LC:
 https://github.com/haproxy/wiki/wiki/SSL-Libraries-Support-Status#tldr
 
-Note to remove USE_QUIC_OPENSSL_COMPAT if switching to a different implementation in the future.
+The project configuration can be adjusted to enable QUIC with AWS-LC:
+
+```
+Macros:
+%_with_awslc 1
+# for < 1600
+%_with_quic 1
+:Macros
+```

_service

@@ -6,7 +6,7 @@
     <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
-    <param name="revision">v3.2.0</param>
+    <param name="revision">v3.2.4</param>
     <param name="changesgenerate">enable</param>
   </service>
 

_servicedata

@@ -1,6 +1,6 @@
 <servicedata>
   <service name="tar_scm">
     <param name="url">http://git.haproxy.org/git/haproxy-3.2.git/</param>
-    <param name="changesrevision">e134140d282c006417945d78e7964cc8fa14586a</param>
+    <param name="changesrevision">98813a13eb3ff00b7500827c64e1a6ad1aa47bd5</param>
   </service>
-</servicedata>
+</servicedata>

haproxy-3.2.4+git0.98813a13e.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c3272f81f2ba911add30aa562dd2a2a72c04f4722d2b7d1f1f5ca07f3d85c536
+size 5252727

haproxy.changes

@@ -1,3 +1,174 @@
+-------------------------------------------------------------------
+Wed Aug 13 16:49:42 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to version 3.2.4+git0.98813a13e:
+  * [RELEASE] Released version 3.2.4
+  * BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer
+  * BUG/MEDIUM: mux-quic: adjust wakeup behavior
+  * DOC: config: recommend single quoting passwords
+  * DOC: management: fix typo in commit f4f93c56
+  * BUG/MINOR: init: Initialize random seed earlier in the init process
+  * BUG/MEDIUM: ssl: fix build with AWS-LC
+  * BUG/MEDIUM: ssl: Fix 0rtt to the server
+  * MINOR: sock: update broken accept4 detection for older hardwares.
+  * BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR
+  * BUILD: compat: always set _POSIX_VERSION to ease comparisons
+  * BUILD: compat: provide relaxed versions of the MIN/MAX macros
+  * DOC: list missing global QUIC settings
+  * CLEANUP: http-client: Remove useless indentation when sending request body
+  * BUG/MINOR: mux-quic: ensure close-spread-time is properly applied
+  * BUG/MINOR mux-quic: apply correctly timeout on output pending data
+  * BUG/MINOR: hq-interop: fix FIN transmission
+  * BUG/MINOR: logs: fix log-steps extra log origins selection
+  * BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS
+  * BUG/MINOR: halog: exit with error when some output filters are set simultaneosly
+  * BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init
+  * MINOR: h3: remove unused outbuf in h3_resp_headers_send()
+  * BUG/MINOR: quic: Wrong source address use on FreeBSD
+  * BUG/MEDIUM: h3: handle interim response properly on FE side
+  * MINOR: qmux: change API for snd_buf FIN transmission
+  * BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side)
+  * BUG/MINOR: h3: properly realloc buffer after interim response encoding
+  * BUG/MEDIUM: h3: do not overwrite interim with final response
+  * BUG/MINOR: h1-htx: Don't forget to init flags in h1_format_htx_msg function
+  * BUG/MINOR: mux-h1: Use configured error files if possible for early H1 errors
+  * MINOR: h1-htx: Add function to format an HTX message in its H1 representation
+  * BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM
+  * BUG/MEDIUM: http-client: Drain the request if an early response is received
+  * BUG/MINOR: http-client: Reject any 101-switching-protocols response
+  * BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode
+  * BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred
+  * BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred
+  * BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred
+  * BUG/MEDIUM: quic: Crash after QUIC server callbacks restoration (OpenSSL 3.5)
+  * MINOR: quic: Prevent QUIC build with OpenSSL 3.5 new QUIC API version < 3.5.1
+  * BUG/MINOR: listener: really assign distinct IDs to shards
+  * MEDIUM: ssl/cli: relax crt insertion in crt-list of type directory
+  * DOC: management: clarify usage of -V with -c
+  * MEDIUM: acme: use lowercase for challenge names in configuration
+  * BUG/MINOR: acme: possible integer underflow in acme_txt_record()
+  * MINOR: acme: update the log for DNS-01
+  * MEDIUM: acme: allow to wait and restart the task for DNS-01
+  * MINOR: acme: emit the DNS-01 challenge details on the dpapi sink
+  * MINOR: acme: emit a log for DNS-01 challenge response
+  * BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator
+  * BUILD: acme: avoid declaring TRACE_SOURCE in acme-t.h
+  * CLEANUP: ssl: Rename ssl_trace-t.h to ssl_trace.h
+  * BUG/MEDIUM: mux-quic: ensure Early-data header is set
+  * BUG/MINOR: hlua: take default-path into account with lua-load-per-thread
+  * BUG/MEDIUM: logs: fix sess_build_logline_orig() recursion with options
+  * BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established
+  * BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket
+  * BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket
+  * BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet
+  * MINOR: acme: implement traces
+  * MINOR: acme: add ACME to the haproxy -vv feature list
+  * CLEANUP: acme: fix wrong spelling of "resources"
+  * BUG/MINOR: acme: allow "processing" in challenge requests
+  * MINOR: acme: remove acme_req_auth() and use acme_post_as_get() instead
+  * BUG/MEDIUM: acme: use POST-as-GET instead of GET for resources
+  * BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers
+  * DOC: deviceatlas build clarifications
+
+-------------------------------------------------------------------
+Wed Jul 09 09:19:41 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to version 3.2.3+git0.1844da7c6:
+  * [RELEASE] Released version 3.2.3
+  * BUILD/MEDIUM: deviceatlas: fix when installed in custom locations.
+  * BUG/MINOR: http-act: Fix parsing of the expression argument for pause action
+  * BUG/MINOR: ssl: crash in ssl_sock_io_cb() with SSL traces and idle connections
+  * BUG/MINOR: ssl/ocsp: fix definition discrepancies with ocsp_update_init()
+  * BUG/MINOR: quic: Missing TLS 1.3 QUIC cipher suites and groups inits (OpenSSL 3.5 QUIC API)
+  * CI: github: update to OpenSSL 3.5.1
+  * BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5
+  * BUILD: quic: QUIC build against OpenSSL 3.5 broken
+  * CI: github: update the stable CI to ubuntu-24.04
+  * CI: github: add an OpenSSL 3.5.0 job
+  * CI: enable USE_QUIC=1 for OpenSSL versions >= 3.5.0
+
+-------------------------------------------------------------------
+Wed Jul 02 10:07:48 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to version 3.2.2+git0.a55102f09:
+  * [RELEASE] Released version 3.2.2
+  * BUILD: dev/phash: remove the accidentally committed a.out file
+  * BUG/MINOR: httpclient: wrongly named httpproxy flag
+  * DOC: Fix 'jwt_verify' converter doc
+  * BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter
+  * BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending
+  * BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services
+  * MINOR: ssl: check TLS1.3 ciphersuites again in clienthello with recent AWS-LC
+  * BUG/MINOR: tools: use my_unsetenv instead of unsetenv
+  * SCRIPTS: drop the HTML generation from announce-release
+  * DOC: config: crt-list clarify default cert + cert-bundle
+  * MINOR: quic: Useless TX buffer size reduction in closing state
+  * BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding
+  * DOC: configuration: add details on prefer-client-ciphers
+  * BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation
+  * BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself
+  * BUG/MINOR: tools: only reset argument start upon new argument
+  * MINOR: fwlc: Factorize code.
+  * BUG/MAJOR: fwlc: Count an avoided server as unusable.
+  * BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream
+  * DOC: config: prefer-last-server: add notes for non-deterministic algorithms
+  * BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported
+  * MINOR: cli: handle EOS/ERROR first
+  * BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available
+  * BUG/MINOR: quic: Fix OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn callback (OpenSSL3.5)
+  * BUG/MINOR: http-ana: Properly handle keep-query redirect option if no QS
+  * BUG/MINOR: config/server: reject QUIC addresses
+
+-------------------------------------------------------------------
+Wed Jul 02 10:07:34 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Update to version 3.2.1+git0.f4d1a4e27:
+  * [RELEASE] Released version 3.2.1
+  * BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing
+  * BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info
+  * BUG/MINOR: quic: Missing SSL session object freeing
+  * BUG/MINOR: config: fix arg number reported on empty arg warning
+  * BUG/MINOR: config: emit warning for empty args only in discovery mode
+  * BUG/MEDIUM: cli: Properly parse empty lines and avoid crashed
+  * BUG/MINOR: mux-spop: Fix null-pointer deref on SPOP stream allocation failure
+  * BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout
+  * BUG/MAJOR: leastconn: Protect tree_elt with the lbprm lock
+  * DOC: config: Fix a typo in 2.7 (Name format for maps and ACLs)
+  * BUILD: tools: properly define ha_dump_backtrace() to avoid a build warning
+
+-------------------------------------------------------------------
+Mon Jun 30 10:20:11 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- always build with quic when using awslc
+
+-------------------------------------------------------------------
+Fri Jun 20 10:44:20 UTC 2025 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
+
+- Repair rc_symlink conditionals
+
+-------------------------------------------------------------------
+Fri Jun 20 00:45:43 UTC 2025 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
+
+- Update QUIC documentation in README.SUSE.PACKAGING
+
+-------------------------------------------------------------------
+Wed Jun 11 10:50:55 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- modernize spec file with spec-cleaner. some changes (mostly
+  whitespaces) got reverted for readability
+
+-------------------------------------------------------------------
+Wed Jun 11 10:44:58 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
+
+- Add support to build against aws-lc with --with=awslc or in the
+  project config
+
+  ```
+  Macros:
+  %_with_awslc 1
+  :Macros
+  ```
+
 -------------------------------------------------------------------
 Wed May 28 17:15:55 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
 

haproxy.spec

@@ -15,7 +15,14 @@
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 
 # => notes regarding QUIC in README.SUSE.PACKAGING
-%if 0%{?suse_version} > 1600
+
+%define pkg_name haproxy
+%define pkg_home %{_localstatedir}/lib/%{pkg_name}
+%{!?vim_data_dir:%global vim_data_dir %{_datadir}/vim/%(readlink %{_datadir}/vim/current)}
+
+%bcond_with awslc
+
+%if 0%{?suse_version} > 1600 || %{with awslc}
 %bcond_without quic
 %else
 %bcond_with quic
@@ -65,11 +72,42 @@
 %endif
 
 Name:           haproxy
-Version:        3.2.0+git0.e134140d2
+Version:        3.2.4+git0.98813a13e
 Release:        0
 #
+Summary:        The Reliable, High Performance TCP/HTTP Load Balancer
+License:        GPL-3.0-or-later AND LGPL-2.1-or-later
+Group:          Productivity/Networking/Web/Proxy
+#
+URL:            https://www.haproxy.org/
+#               source URL in _service file
+Source:         haproxy-%{version}.tar.gz
+Source1:        %{pkg_name}.init
+Source2:        usr.sbin.haproxy.apparmor
+Source3:        local.usr.sbin.haproxy.apparmor
+Source4:        haproxy.cfg
+Source5:        haproxy-user.conf
+Source6:        haproxy-tmpfiles.conf
+Source7:        README.SUSE
+Source8:        README.SUSE.PACKAGING
+#
+Source98:       series
+Source99:       haproxy-rpmlintrc
+Patch1:         haproxy-1.6.0_config_haproxy_user.patch
+Patch2:         haproxy-1.6.0-makefile_lib.patch
+Patch3:         haproxy-1.6.0-sec-options.patch
+Patch4:         haproxy-service.patch
+BuildRequires:  libgcrypt-devel
+BuildRequires:  pcre2-devel
+BuildRequires:  pkgconfig
+BuildRequires:  vim
+BuildRequires:  zlib-devel
+Provides:       %{name}-doc = %{version}
+Obsoletes:      %{name}-doc < %{version}
+Provides:       haproxy-1.5 = %{version}
+Obsoletes:      haproxy-1.5 < %{version}
+#
 #
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %if %{with apparmor}
 %if 0%{?suse_version} <= 1315
 BuildRequires:  apparmor-profiles
@@ -82,59 +120,28 @@ Recommends:     apparmor-abstractions
 BuildRequires:  apparmor-rpm-macros
 %endif
 %endif
-BuildRequires:  libgcrypt-devel
 %if %{with lua}
 BuildRequires:  lua-devel >= 5.3
 %endif
-BuildRequires:  pcre2-devel
-BuildRequires:  zlib-devel
+%if %{with awslc}
+BuildRequires:  aws-lc-devel
+%else
 BuildRequires:  openssl-devel
-BuildRequires:  pkg-config
+%endif
 %if %{with systemd}
-BuildRequires:  pkgconfig(systemd)
 BuildRequires:  pkgconfig(libsystemd)
+BuildRequires:  pkgconfig(systemd)
 %if %{with sysusers}
 BuildRequires:  sysuser-shadow
 BuildRequires:  sysuser-tools
 %endif
 %endif
-BuildRequires:  vim
-%define pkg_name haproxy
-%define pkg_home /var/lib/%{pkg_name}
-#
-Url:            http://www.haproxy.org/
-#               source URL in _service file
-Source:         haproxy-%{version}.tar.gz
-Source1:        %{pkg_name}.init
-Source2:        usr.sbin.haproxy.apparmor
-Source3:        local.usr.sbin.haproxy.apparmor
-Source4:        haproxy.cfg
-Source5:        haproxy-user.conf
-Source6:        haproxy-tmpfiles.conf
-Source7:        README.SUSE
-Source8:        README.SUSE.PACKAGING
-Patch1:         haproxy-1.6.0_config_haproxy_user.patch
-Patch2:         haproxy-1.6.0-makefile_lib.patch
-Patch3:         haproxy-1.6.0-sec-options.patch
-Patch4:         haproxy-service.patch
-#
-Source98:       series
-Source99:       haproxy-rpmlintrc
-#
-Summary:        The Reliable, High Performance TCP/HTTP Load Balancer
-License:        GPL-3.0+ and LGPL-2.1+
-Group:          Productivity/Networking/Web/Proxy
-Provides:       %{name}-doc = %{version}
-Obsoletes:      %{name}-doc < %{version}
-Provides:       haproxy-1.5 = %{version}
-Obsoletes:      haproxy-1.5 < %{version}
 %if %{with systemd}
 %{?systemd_ordering}
 %if %{with sysusers}
 %sysusers_requires
 %endif
 %endif
-%{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}
 
 %description
 HAProxy implements an event-driven, mono-process model which enables support
@@ -152,18 +159,22 @@ the most work done from every CPU cycle.
 cp %{SOURCE7} .
 
 %build
-make %{?_smp_mflags} \
+%make_build \
     TARGET=linux-glibc \
     CPU="%{_target_cpu}" \
     USE_PCRE2=1 \
     %if %{with pcre2_jit}
     USE_PCRE2_JIT=1 \
     %endif
-    %ifarch %ix86
+    %ifarch %{ix86}
     USE_REGPARM=1 \
     %endif
     USE_GETADDRINFO=1 \
+%if %{with awslc}
+    USE_OPENSSL_AWSLC=1 \
+%else
     USE_OPENSSL=1 \
+%endif
     %if %{with lua}
     USE_LUA=1 \
     %endif
@@ -185,7 +196,9 @@ make %{?_smp_mflags} \
     USE_PROMEX=1 \
     %if %{with quic}
     USE_QUIC=1 \
+%if %{without awslc}
     USE_QUIC_OPENSSL_COMPAT=1 \
+%endif
     %endif
     %if %{with opentracing}
     USE_OT=1 \
@@ -195,23 +208,23 @@ make %{?_smp_mflags} \
     %endif
     DEBUG_CFLAGS="%{optflags}" V=1
 %if %{with systemd}
-make -C admin/systemd  PREFIX="%{_prefix}"
+%make_build -C admin/systemd  PREFIX="%{_prefix}"
 %if %{with sysusers}
 %sysusers_generate_pre %{SOURCE5} haproxy haproxy-user.conf
 %endif
 %endif
-make admin/halog/halog DEBUG_CFLAGS="%{optflags}" V=1
+%make_build admin/halog/halog DEBUG_CFLAGS="%{optflags}"
 
 %install
 install -D -m 0755 %{pkg_name}         %{buildroot}%{_sbindir}/%{pkg_name}
 install -d -m 0750                     %{buildroot}%{_sysconfdir}/%{pkg_name}/
-install    -m 0640 %{S:4}              %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
+install    -m 0640 %{SOURCE4}              %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
 
 install -D -m 0755 admin/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
 
 %if %{with systemd}
 install -D -m 0644 admin/systemd/%{pkg_name}.service  %{buildroot}%{_unitdir}/%{pkg_name}.service
-%if %{with rc_symlinks}
+%if %{with rc_symlink}
 ln -sf /sbin/service   %{buildroot}%{_sbindir}/rc%{pkg_name}
 %endif
 %if %{with sysusers}
@@ -221,7 +234,7 @@ install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
 install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
 %endif
 %else
-install -D -m 0755 %{S:1}                      %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
+install -D -m 0755 %{SOURCE1}                      %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
 ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
 %endif
 
@@ -229,9 +242,9 @@ install -d -m 0750                          %{buildroot}%{pkg_home}
 install -D -m 0644 admin/syntax-highlight/haproxy.vim     %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
 install -D -m 0644 doc/%{pkg_name}.1        %{buildroot}%{_mandir}/man1/%{pkg_name}.1
 %if %{with apparmor}
-install -D -m 0644 %{S:2}                   %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
-install -D -m 0644 %{S:3}                   %{buildroot}/etc/apparmor.d/local/haproxy
-install -D -m 0644 %{S:3}                   %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
+install -D -m 0644 %{SOURCE2}                   %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.haproxy
+install -D -m 0644 %{SOURCE3}                   %{buildroot}%{_sysconfdir}/apparmor.d/local/haproxy
+install -D -m 0644 %{SOURCE3}                   %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.haproxy
 %endif
 
 rm examples/*init*
@@ -247,7 +260,7 @@ rm examples/*init*
 
 %post
 %if %{with apparmor} && %{with apparmor_reload}
-%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
+%apparmor_reload %{_sysconfdir}/apparmor.d/usr.sbin.haproxy
 %endif
 %if %{with systemd}
 %if %{with tmpfiles}
@@ -261,19 +274,17 @@ rm examples/*init*
 
 %postun
 %service_del_postun %{pkg_name}.service
-
 %else
-
 %pre
-getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
+getent group %{pkg_name} >/dev/null || %{_sbindir}/groupadd -r %{pkg_name}
 getent passwd %{pkg_name} >/dev/null || \
-	/usr/sbin/useradd  -g %{pkg_name} -s /bin/false -r \
+	%{_sbindir}/useradd  -g %{pkg_name} -s /bin/false -r \
 	-c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name}
 
 %post
 %fillup_and_insserv %{pkg_name}
 %if %{with apparmor} && %{with apparmor_reload}
-%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
+%apparmor_reload %{_sysconfdir}/apparmor.d/usr.sbin.haproxy
 %endif
 
 %preun
@@ -281,17 +292,15 @@ getent passwd %{pkg_name} >/dev/null || \
 
 %postun
 %restart_on_update %{pkg_name}
-%{insserv_cleanup}
-
+%insserv_cleanup
 %endif
 
 %files
-%defattr(-,root,root,-)
 %license LICENSE
 %doc README.SUSE CHANGELOG README.md
 %doc doc/* examples/
 %doc admin/netsnmp-perl/ admin/selinux/
-%dir               %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
+%dir %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
 %config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/*
 %if %{with systemd}
 %{_unitdir}/%{pkg_name}.service
@@ -307,22 +316,22 @@ getent passwd %{pkg_name} >/dev/null || \
 %endif
 %{_sbindir}/haproxy
 %{_sbindir}/haproxy-halog
-%if %{with rc_symlinks}
+%if %{with rc_symlink}
 %{_sbindir}/rchaproxy
 %endif
 %dir %attr(-,root,haproxy) %{pkg_home}
-%{_mandir}/man1/%{pkg_name}.1.gz
+%{_mandir}/man1/%{pkg_name}.1%{?ext_man}
 %dir %{_datadir}/vim
 %dir %{vim_data_dir}
 %dir %{vim_data_dir}/syntax
 %{vim_data_dir}/syntax/%{pkg_name}.vim
 %if %{with apparmor}
 %if 0%{?suse_version} == 1110
-%dir /etc/apparmor.d/local/
+%dir %{_sysconfdir}/apparmor.d/local/
 %endif
-%config(noreplace)        /etc/apparmor.d/usr.sbin.haproxy
-%config(noreplace) %ghost /etc/apparmor.d/local/haproxy
-%config(noreplace) %ghost /etc/apparmor.d/local/usr.sbin.haproxy
+%config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.haproxy
+%config(noreplace) %ghost %{_sysconfdir}/apparmor.d/local/haproxy
+%config(noreplace) %ghost %{_sysconfdir}/apparmor.d/local/usr.sbin.haproxy
 %endif
 
 %changelog