Accepting request 638409 from server:http

OBS-URL: https://build.opensuse.org/request/show/638409
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=66

_service

@@ -6,7 +6,7 @@
     <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>    
-    <param name="revision">master</param>
+    <param name="revision">v1.8.14</param>
     <param name="changesgenerate">enable</param>
   </service>
 

_servicedata

@@ -5,4 +5,4 @@
             <param name="url">http://git.haproxy.org/git/haproxy-1.7.git</param>
           <param name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service name="tar_scm">
                 <param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param>
-              <param name="changesrevision">c1bfcd002f54d1d84a99282d13f875c2649f3d70</param></service></servicedata>
+              <param name="changesrevision">52e4d43ba395c950c9d2121ca55b105ed54a85a4</param></service></servicedata>

haproxy-1.8.13~git4.c1bfcd00.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bb9c02870d1f0fc4b2b0b2694c63a8307d915b10e56d149bf447532bf8da7973
-size 2124124

haproxy-1.8.14~git0.52e4d43b.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4acb722dca31ed8b25ced0e5280b7bd8b93962dd4769973752da46a9080db106
+size 2131958

haproxy.changes

@@ -1,3 +1,71 @@
+-------------------------------------------------------------------
+Thu Sep 20 13:03:31 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
+
+- also fix the systemd case for the apparmor_reload change
+
+-------------------------------------------------------------------
+Thu Sep 20 12:50:35 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
+
+- only reload the apparmor profile on newer distros, seems older
+  distros do not have apparmor-rpm-macros yet
+
+-------------------------------------------------------------------
+Thu Sep 20 12:45:57 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
+
+- only use network namespaces on 12.x and newer, failed to build on
+  sle11
+
+-------------------------------------------------------------------
+Thu Sep 20 12:39:42 UTC 2018 - Marcus Rueckert <mrueckert@suse.de>
+
+- guard all parts referring to systemd to fix build on sle 11
+
+-------------------------------------------------------------------
+Thu Sep 20 12:34:47 UTC 2018 - mrueckert@suse.de
+
+- Update to version 1.8.14~git0.52e4d43b: (bsc#1108683) (CVE-2018-14645)
+  * [RELEASE] Released version 1.8.14
+  * BUG/CRITICAL: hpack: fix improper sign check on the header index value
+  * BUG/MINOR: cli: make sure the "getsock" command is only called on connections
+  * BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4
+  * BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list
+  * DOC: Fix typos in lua documentation
+  * BUG/MINOR: server: Crash when setting FQDN via CLI.
+  * BUG/MAJOR: kqueue: Don't reset the changes number by accident.
+  * BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors
+  * BUG/MINOR: http/threads: atomically increment the error snapshot ID
+  * BUG/MINOR: dns: check and link servers' resolvers right after config parsing
+  * BUG/MEDIUM: h2: fix risk of memory leak on malformated wrapped frames
+  * BUG/MEDIUM: session: fix reporting of handshake processing time in the logs
+  * BUG/MINOR: stream: use atomic increments for the request counter
+  * MINOR: thread: implement HA_ATOMIC_XADD()
+  * BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1
+  * BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file
+  * BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.
+  * BUG/MAJOR: thread: lua: Wrong SSL context initialization.
+  * BUG/MEDIUM: hlua: Make sure we drain the output buffer when done.
+  * BUG/MEDIUM: lua: reset lua transaction between http requests
+  * BUG/MEDIUM: mux_pt: dereference the connection with care in mux_pt_wake()
+  * BUG/MINOR: lua: Bad HTTP client request duration.
+  * BUG/MEDIUM: unix: provide a ->drain() function
+  * DOC: Fix spelling error in configuration doc
+  * BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations
+  * BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates
+  * BUG/MEDIUM: lua: socket timeouts are not applied
+  * DOC: ssl: Use consistent naming for TLS protocols
+  * DOC: dns: explain set server ... fqdn requires resolver
+  * BUG/MINOR: map: fix map_regm with backref
+  * BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.
+  * BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle.
+  * BUG/MINOR: ssl: empty connections reported as errors.
+  * BUG/MEDIUM: cli: make "show fd" thread-safe
+  * MEDIUM: hathreads: implement a more flexible rendez-vous point
+  * BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point
+  * MINOR: threads: add more consistency between certain variables in no-thread case
+  * BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7
+  * MINOR: threads: Introduce double-width CAS on x86_64 and arm.
+  * BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers
+
 -------------------------------------------------------------------
 Fri Aug 17 11:41:35 UTC 2018 - kgronlund@suse.com
 
@@ -90,7 +158,7 @@ Mon Jun 25 05:16:57 UTC 2018 - kgronlund@suse.com
 Tue May 29 07:09:26 UTC 2018 - kgronlund@suse.com
 
 - Update to version 1.8.9~git9.6d82e611:
-  * BUG/MEDIUM: cache: don't cache when an Authorization header is present (VUL-1) (bsc#1094846)
+  * BUG/MEDIUM: cache: don't cache when an Authorization header is present (VUL-1) (bsc#1094846) (CVE-2018-11469)
   * BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure.
   * BUG/MINOR: ssl/lua: prevent lua from affecting automatic maxconn computation
   * BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags

haproxy.spec

@@ -15,11 +15,12 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 %if 0%{?suse_version} >= 1230
 %bcond_without tcp_fast_open
+%bcond_without network_namespace
 %else
 %bcond_with tcp_fast_open
+%bcond_with network_namespace
 %endif
 
-%bcond_without network_namespace
 %if 0%{?suse_version} > 1320
 %bcond_without lua
 %else
@@ -37,10 +38,16 @@
 %else
 %bcond_with pcre_jit
 %endif
+
 %bcond_without  apparmor
+%if 0%{?suse_version} > 1320
+%bcond_without apparmor_reload
+%else
+%bcond_with    apparmor_reload
+%endif
 
 Name:           haproxy
-Version:        1.8.13~git4.c1bfcd00
+Version:        1.8.14~git0.52e4d43b
 Release:        0
 #
 #
@@ -53,7 +60,7 @@ Requires:       apparmor-profiles
 BuildRequires:  apparmor-abstractions
 Requires:       apparmor-abstractions
 %endif
-%if 0%{?suse_version} >= 1315
+%if %{with apparmor_reload}
 BuildRequires:  apparmor-rpm-macros
 %endif
 %endif
@@ -142,14 +149,18 @@ make \
     %if %{with network_namespace}
     USE_NS=1 \
     %endif
+%if %{with systemd}
     USE_SYSTEMD=1 \
+%endif
     USE_PIE=1 \
     USE_STACKPROTECTOR=1 \
     USE_RELRO_NOW=1 \
     LIB="%{_lib}" \
     PREFIX="%{_prefix}" \
     DEBUG_CFLAGS="%{optflags}"
+%if %{with systemd}
 make -C contrib/systemd  PREFIX="%{_prefix}"
+%endif
 make -C contrib/halog    PREFIX="%{_prefix}" \
     DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"
 
@@ -188,7 +199,7 @@ getent passwd %{pkg_name} >/dev/null || \
 %service_add_pre %{pkg_name}.service
 
 %post
-%if %{with apparmor} && (0%{?suse_version} >= 1315)
+%if %{with apparmor} && %{with apparmor_reload}
 %apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
 %endif
 %service_add_post %{pkg_name}.service
@@ -203,7 +214,7 @@ getent passwd %{pkg_name} >/dev/null || \
 
 %post
 %fillup_and_insserv %{pkg_name}
-%if %{with apparmor} && (0%{?suse_version} >= 1315)
+%if %{with apparmor} && %{with apparmor_reload}
 %apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
 %endif