rpm/haproxy
SHA256
1
0
Fork 0
forked from pool/haproxy
Code Pull Requests Activity

Accepting request 203204 from network:ha-clustering:Factory

Browse Source 
Resubmit of haproxy after applying license patch from legal.

OBS-URL: https://build.opensuse.org/request/show/203204
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=1
This commit is contained in:
Tomáš Chvátal 2013-10-15 08:42:00 +00:00 committed by Git OBS Bridge
commit 75e24e96f9
10 changed files with 1184 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

32
haproxy-1.2.16_config_haproxy_user.patch Normal file
View File

@ -0,0 +1,32 @@
Index: examples/examples.cfg
===================================================================
--- examples/examples.cfg.orig
+++ examples/examples.cfg
@@ -3,8 +3,8 @@
# log 127.0.0.1 local1
maxconn 4000
ulimit-n 8000
- uid 0
- gid 0
+ user haproxy
+ group haproxy
# chroot /tmp
# nbproc 2
# daemon
Index: examples/haproxy.cfg
===================================================================
--- examples/haproxy.cfg.orig
+++ examples/haproxy.cfg
@@ -5,9 +5,9 @@
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
- chroot /usr/share/haproxy
- uid 99
- gid 99
+ chroot /var/lib/haproxy
+ user haproxy
+ group haproxy
daemon
#debug
#quiet

3
haproxy-1.4.24.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:680928f4d001be3b59b69d4501f41aeea69e7e56bf183fa032ad6144cf97c7ef
size 836768

13
haproxy-makefile_lib.patch Normal file
View File

@ -0,0 +1,13 @@
Index: Makefile
===================================================================
--- Makefile.orig
+++ Makefile
@@ -460,7 +460,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE),)
PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local)
ifneq ($(PCREDIR),)
PCRE_INC := $(PCREDIR)/include
-PCRE_LIB := $(PCREDIR)/lib
+PCRE_LIB := $(PCREDIR)/$(LIB)
endif
ifeq ($(USE_STATIC_PCRE),)

2
haproxy-rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
addFilter('wrong-file-end-of-line-encoding .*/examples/errorfiles/.*\.http$')
addFilter('file-contains-current-date /usr/share/doc/packages/haproxy/examples/haproxy.spec')

591
haproxy.changes Normal file
View File

@ -0,0 +1,591 @@
-------------------------------------------------------------------
Thu Oct 10 15:16:32 UTC 2013 - cdenicolo@suse.com
- license update: GPL-2.0+ and LGPL-2.1+
only header files are LGPL, the rest is still GPL
-------------------------------------------------------------------
Tue Jun 18 09:14:13 UTC 2013 - mrueckert@suse.de
- update to 1.4.24 (bnc#825412)
- BUG/MAJOR: backend: consistent hash can loop forever in certain
circumstances
- BUG/MEDIUM: checks: disable TCP quickack when pure TCP checks
are used
- MEDIUM: protocol: implement a "drain" function in protocol
layers
- BUG/CRITICAL: fix a possible crash when using negative header
occurrences CVE-2013-2175
-------------------------------------------------------------------
Wed Apr 3 14:47:43 UTC 2013 - mrueckert@suse.de
- update to 1.4.23 CVE-2013-1912
- CONTRIB: halog: sort URLs by avg bytes_read or total bytes_read
- BUG: fix garbage data when http-send-name-header replaces an
existing header
- BUG/MEDIUM: remove supplementary groups when changing gid
- BUG/MINOR: Correct logic in cut_crlf()
- BUG/MINOR: config: use a copy of the file name in proxy
configurations
- BUG/MINOR: epoll: correctly disable FD polling in fd_rem()
- MINOR: halog: sort output by cookie code
- BUG/MINOR: halog: -ad/-ac report the correct number of output
lines
- BUG/MINOR: halog: fix help message for -ut/-uto
- BUG/MEDIUM: http: set DONTWAIT on data when switching to tunnel
mode
- BUG/MEDIUM: command-line option -D must have precedence over
"debug"
- OPTIM: halog: keep a fast path for the lines-count only
- MINOR: halog: add a parameter to limit output line count
- BUG: halog: fix broken output limitation
- MEDIUM: checks: avoid accumulating TIME_WAITs during checks
- MEDIUM: checks: prevent TIME_WAITs from appearing also on
timeouts
- BUG/MAJOR: cli: show sess <id> may randomly corrupt the
back-ref list
- BUG/MINOR: http: don't report client aborts as server errors
- BUG/MINOR: http: don't log a 503 on client errors while waiting
for requests
- BUG/MEDIUM: tcp: process could theorically crash on lack of
source ports
- BUG/MINOR: http: don't abort client connection on premature
responses
- BUILD: no need to clean up when making git-tar
- MINOR: http: always report PR-- flags for redirect rules
- BUG/MINOR: time: frequency counters are not totally accurate
- BUG/MINOR: http: don't process abortonclose when request was
sent
- BUG/MINOR: epoll: use a fix maxevents argument in epoll_wait()
- BUG/MINOR: config: fix improper check for failed memory alloc
in ACL parser
- BUG/MEDIUM: checks: ensure the health_status is always within
bounds
- CLEANUP: http: remove a useless null check
- BUG/MEDIUM: signal: signal handler does not properly check for
signal bounds
- BUG/MEDIUM: uri_auth: missing NULL check and memory leak on
memory shortage
- CLEANUP: config: slowstart is never negative
- BUILD: improve the makefile's support for libpcre
- BUG/MINOR: checks: fix an warning introduced by commit 2f61455a
- MEDIUM: halog: add support for counting per source address
(-ic)
- DOC: mention the new HTTP 307 and 308 redirect statues
(cherry picked from commit
b67fdc4cd8bde202f2805d98683ddab929469a05)
- MEDIUM: poll: do not use FD_* macros anymore
- BUG/MAJOR: ev_select: disable the select() poller if maxsock >
FD_SETSIZE
- BUILD: enable poll() by default in the makefile
- BUILD: add explicit support for Mac OS/X
- BUG/CRITICAL: using HTTP information in tcp-request content may
crash the process CVE-2013-1912
- MEDIUM: http: implement redirect 307 and 308
- MINOR: http: status 301 should not be marked non-cacheable
- adapt haproxy-makefile_lib.patch to the rewritten Makefile
-------------------------------------------------------------------
Mon Nov 12 14:10:33 UTC 2012 - mrueckert@suse.de
- switch license tag to spdx format.
-------------------------------------------------------------------
Mon Nov 12 13:50:46 UTC 2012 - mrueckert@suse.de
- update to 1.4.22
- BUG/MEDIUM: option forwardfor if-none doesn't work with some
configurations
- MINOR: balance uri: added 'whole' parameter to include query
string in hash calculation
- DOC: specify the default value for maxconn in the context of a
proxy
- BUG/MINOR: checks: expire on timeout.check if smaller than
timeout.connect
- REORG/MINOR: use dedicated proxy flags for the cookie handling
- BUG/MINOR: config: do not report twice the incompatibility
between cookie and non-http
- MINOR: http: add support for "httponly" and "secure" cookie
attributes
- MEDIUM: stats: add support for soft stop/soft start in the
admin interface
- BUILD: add support for linux kernels >= 2.6.28
- MINOR: contrib/iprange: add a network IP range to mask
converter
- BUILD: add an AIX 5.2 (and later) target.
- MINOR: halog: use the more recent dual-mode fgets2
implementation
- BUG/MEDIUM: ebtree: ebmb_insert() must not call cmp_bits on
full-length matches
- CLEANUP: halog: make clean should also remove .o files
(cherry picked from commit
8ad4193100aafa19f04929670371bf823dbe11d0)
- OPTIM: halog: make use of memchr() on platforms which provide a
fast one
- OPTIM: halog: improve cold-cache behaviour when loading a file
- [MINOR] config: make it possible to specify a cookie even
without a server
- MINOR: config: tolerate server "cookie" setting in non-HTTP
mode
- BUG/MINOR: tarpit: fix condition to return the HTTP 500 message
-------------------------------------------------------------------
Tue Oct 30 16:02:03 UTC 2012 - mrueckert@suse.de
- fix description in the init script
-------------------------------------------------------------------
Tue May 22 16:47:45 UTC 2012 - pascal.bleser@opensuse.org
- update to 1.4.21 (bnc#763833) CVE-2012-2391
- MINOR: patch for minor typo (ressources/resources)
- CLEANUP: fix typo in findserver() log message
- DOC: cleanup indentation, alignment, columns and chapters
- DOC: fix some keywords arguments documentation
- MINOR: stats admin: allow unordered parameters in POST requests
- MINOR: stats admin: use the backend id instead of its name in
the form
- BUG/MAJOR: trash must always be the size of a buffer
- DOC: fix minor regex example issue and improve doc on stats
- BUG/MAJOR: possible crash when using capture headers on TCP
frontends
- MINOR: config: disable header captures in TCP mode and complain
- BUG/MEDIUM: balance source did not properly hash IPv6 addresses
- CLEANUP: http: message parser must ignore HTTP_MSG_ERROR
- CLEANUP: remove a few warning about unchecked return values in
debug code
- CLEANUP: http: remove unused http_msg->col
- BUG/MINOR: http: error snapshots are wrong if buffer wraps
- BUG/MAJOR: checks: don't call set_server_status_* when no LB
algo is set
- MINOR: proxy: make findproxy() return proxies from numeric IDs
too
- BUILD: http: stop gcc-4.1.2 from complaining about possibly
uninitialized values
- BUG/MINOR: stop connect timeout when connect succeeds
-------------------------------------------------------------------
Sun Mar 11 19:16:20 UTC 2012 - pascal.bleser@opensuse.org
- update to 1.4.20:
- BUG/MINOR: fix typo in processing of http-send-name-header
- BUG/MEDIUM: correctly disable servers tracking another disabled servers.
- BUG/MEDIUM: zero-weight servers must not dequeue requests from the backend
- MINOR: halog: add some help on the command line (cherry picked from
commit 615674cdec067066a42f53f5d55628ab7b207e6c)
- BUG: queue: fix dequeueing sequence on HTTP keep-alive sessions
- BUG: http: disable TCP delayed ACKs when forwarding content-length data
- BUG: checks: fix server maintenance exit sequence
- BUG/MINOR: stream_sock: don't remove BF_EXPECT_MORE and BF_SEND_DONTWAIT on
partial writes
- DOC: enumerate valid status codes for "observe layer7"
-------------------------------------------------------------------
Wed Feb 8 15:30:58 UTC 2012 - mrueckert@suse.de
- update to 1.4.19
- MEDIUM: http: add support for sending the server's name in the
outgoing request
- BUG/MINOR: fix options forwardfor if-none when an alternative
header name is specified
- MINOR: task: new function task_schedule() to schedule a wake up
- BUG/MEDIUM: checks: fix slowstart behaviour when server
tracking is in use
- BUG: tcp: option nolinger does not work on backends
- BUG: ebtree: ebst_lookup() could return the wrong entry
- BUG: http: re-enable TCP quick-ack upon incomplete HTTP
requests
- CLEANUP: ebtree: remove a few annoying signedness warnings
- CLEANUP: ebtree: remove 4-year old harmless typo in duplicates
insertion code
- CLEANUP: ebtree: remove another typo, a wrong initialization in
insertion code
- BUG: proto_tcp: set AF_INET on tproxy for use with recent
kernels
- MINOR: halog: add support for matching queued requests
- BUG: http: tighten the list of allowed characters in a URI
-------------------------------------------------------------------
Wed Nov 9 12:09:33 UTC 2011 - mrueckert@suse.de
- update to 1.4.18
- [MINOR] http: *_dom matching header functions now also split on
":"
- [MINOR] halog: support backslash-escaped quotes
- BUILD/MINOR: fix the source URL in the spec file
- DOC: acl is http_first_req, not http_req_first
- BUG/MEDIUM: don't trim last spaces from headers consisting only
of spaces
- MINOR: acl: add new matches for header/path/url length
- [MINOR] halog: do not consider byte 0x8A as end of line
- [OPTIM] halog: make fgets parse more bytes by blocks
- [OPTIM] halog: add assembly version of the field lookup code
- [CLEANUP] startup: report only the basename in the usage
message
- [DOC] update the README file to reflect new naming rules for
patches
-------------------------------------------------------------------
Mon Sep 05 22:26:59 UTC 2011 - pascal.bleser@opensuse.org
- update to 1.4.17:
- [MINOR] halog: add support for termination code matching (-tcn/-TCN)
- [MINOR] halog: make SKIP_CHAR stop on field delimiters
- [MINOR] halog: add support for HTTP log matching (-H)
- [MINOR] halog: gain back performance before SKIP_CHAR fix
- [OPTIM] halog: cache some common fields positions
- [OPTIM] halog: check once for correct line format and reuse the pointer
- [OPTIM] halog: remove many 'if' by using a function pointer for the filters
- [OPTIM] halog: remove support for tab delimiters in input data
- [MINOR] halog: add -hs/-HS to filter by HTTP status code range
- [CLEANUP] update the year in the copyright banner
- [BUG] check: http-check expect + regex would crash in defaults section
- [MEDIUM] http: make x-forwarded-for addition conditional
- [DOC] fixed a few "sensible" -> "sensitive" errors
- [MINOR] stats: display "<NONE>" instead of the frontend name when unknown
- [BUG] http: trailing white spaces must also be trimmed after headers
- [MINOR] http: take a capture of too large requests and responses
- [MINOR] http: take a capture of truncated responses
- [MINOR] http: take a capture of bad content-lengths.
-------------------------------------------------------------------
Sat Aug 13 22:49:36 UTC 2011 - mrueckert@suse.de
- update to version 1.4.16
- [BUG] checks: fix support of Mysqld >= 5.5 for mysql-check
- [DOC] Minor spelling fixes and grammatical enhancements
- [CLEANUP] Remove assigned but unused variables
- [BUG] checks: http-check expect could fail a check on
multi-packet responses
- [DOC] fix minor typo in the "dispatch" doc
- [MINOR] http: make the "HTTP 200" status code configurable.
- [MINOR] http: partially revert the chunking optimization for
now
- [MINOR] stream_sock: always clear BF_EXPECT_MORE upon complete
transfer
- [CLEANUP] stream_sock: remove unneeded FL_TCP and factor out
test
- [MEDIUM] http: add support for "http-no-delay"
- [OPTIM] http: optimize chunking again in non-interactive mode
- [OPTIM] stream_sock: avoid fast-forwarding of partial data
- [OPTIM] stream_sock: don't use splice on too small payloads
- [BUG] stats: support url-encoded forms
- [BUG] halog: correctly handle truncated last line
- [DOC] fix typos, "#" is a sharp, not a dash
-------------------------------------------------------------------
Fri Apr 15 22:14:24 UTC 2011 - pascal.bleser@opensuse.org
- revert splitting out the documentation
-------------------------------------------------------------------
Thu Apr 14 19:18:45 UTC 2011 - pascal.bleser@opensuse.org
- split out documentation and examples into haproxy-doc
- add rpmlintrc to suppress false positive warnings about
script examples in documentation files (without exec flag)
- fix license
-------------------------------------------------------------------
Tue Apr 12 15:31:38 UTC 2011 - mrueckert@suse.de
- update to version 1.4.15
- [CRITICAL] fix risk of crash when dealing with space in
response cookies
- additional changes from 1.4.14
- [MINOR] config: fix endianness of server check port
- [BUG] http: fix possible incorrect forwarded wrapping chunk
size (take 2)
- [MINOR] tools: add two macros MID_RANGE and MAX_RANGE
- [BUG] http: fix content-length handling on 32-bit platforms
- [OPTIM] buffers: uninline buffer_forward()
-------------------------------------------------------------------
Wed Mar 9 12:00:23 UTC 2011 - mrueckert@suse.de
- update to 1.4.13
- config: don't crash on empty pattern files.
- additional changes from 1.4.12
- stats: add support for several packets in stats admin
- stats: admin commands must check the proxy state
- stats: admin web interface must check the proxy state
- http: update the header list's tail when removing the last
header
- fix typos (http-request instead of http-check) (cherry
picked from commit 8f2a1e72bebea700f37add40997b716fdfd86b9c)
- http: use correct ACL pointer when evaluating authentication
- cfgparse: correctly count one socket per port in ranges
- startup: set the rlimits before binding ports, not after.
- acl: srv_id must return no match when the server is NULL
- acl: fd leak when reading patterns from file
- fix minor typo in "usesrc"
- http: fix possible incorrect forwarded wrapping chunk size
- http: fix computation of message body length after forwarding
has started
- http: balance url_param did not work with first parameters on
POST
- update the url_param regression test to test check_post too
-------------------------------------------------------------------
>>>>>>> ./haproxy.changes.r40
Tue Feb 15 14:30:53 UTC 2011 - mrueckert@suse.de
- update to 1.4.11
- cfgparse: Check whether the path given for the stats socket
actually fits into the sockaddr_un structure to avoid
truncation.
- fix a minor typo
- fix ignore-persist documentation
- http: fix http-pretend-keepalive and httpclose/tunnel mode
- add warnings on features not compatible with multi-process mode
- acl: add be_id/srv_id to match backend's and server's id
- log: add support for passing the forwarded hostname
- log: ability to override the syslog tag
- fix minor typos in the doc
- fix another typo in the doc
- http chunking: don't report a parsing error on connection
errors
- stream_interface: truncate buffers when sending error messages
- http: fix incorrect error reporting during data transfers
- session: correctly leave turn-around and queue states on abort
- session: release slot before processing pending connections
- stats: report HTTP message state and buffer flags in error
dumps
- http: support wrapping messages in error captures
- http: capture incorrectly chunked message bodies
- stats: add global event ID and count
- http: don't send each chunk in a separate packet
- acl: fix handling of empty lines in pattern files
- ebtree: fix ebmb_lookup() with len smaller than the tree's keys
- ebtree: ebmb_lookup: reduce stack usage by moving the return
code out of the loop
-------------------------------------------------------------------
Mon Nov 29 13:57:37 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.10:
* a possible crash when using Cookie-based persistence with
appsessions was fixed
* header processing could become wrong after a single reqidel
rule removed exactly two headers
* some out-of-memory conditions were not correctly handled in
appsession or cookie captures
* users of appsessions are strongly encouraged to upgrade
-------------------------------------------------------------------
Tue Nov 2 13:11:15 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.9:
* the Web interface now allows you to enable or disable servers
* the ECV and LDAPv3 checks were merged
* the MySQL check was improved to support a real login sequence
* persistence cookies can now be timestamped to support a maximum
idle time and a maximum life time, and can be removed by the
server if needed (e.g. logout)
* the SNMP plugin was improved to report socket stats
* some Cacti templates were merged
* the halog tool can now instantly report per-URL response times
-------------------------------------------------------------------
Tue Aug 17 15:46:13 UTC 2010 - mrueckert@suse.de
- implement graceful restart in the init script
-------------------------------------------------------------------
Tue Jun 22 14:49:12 UTC 2010 - mrueckert@suse.de
- update to 1.4.8:
* mention 'option http-server-close' effect in Tq section
* summarize and highlight persistent connections behaviour
* add configuration samples
* stick_table: the fix for the memory leak caused a regression
* client: don't add a new session to the list too early
-------------------------------------------------------------------
Thu Jun 10 09:03:34 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.7:
* fixes problems where consistent hashing was broken when no
server ID was specified in the configuration
* some errors were incorrectly reported as failed instead of
denied in the statistics
* the dispatch and http_proxy modes were fixed
* a few termination flags in the logs used for troubleshooting
were corrected
* a few other minor issues were fixed
* upgrading is recommended
-------------------------------------------------------------------
Mon May 17 20:29:02 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.6:
* a minor precision about RDP cookies was added to the
documentation
* a new ACL keyword was added
* those who had no problem building and running 1.4.5 don't need
to upgrade
- drop haproxy-fix_dprintf.patch, merged upstream
-------------------------------------------------------------------
Fri May 14 07:18:03 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.5:
* Haproxy can now read huge ACL pattern lists from files and
match inputs against them without any noticeable performance
impact, making geolocation possible
* adds a new "ignore-persist" directive, allowing it to ignore
the persistence cookie if an ACL-based condition is matched
(which is useful for static objects in stateful farms)
* a few other minor improvements
* a nice performance boost of the log analyzer, which can now
process more than 1 GB of logs per second and report request
counts by status codes
-------------------------------------------------------------------
Thu Apr 8 09:41:51 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.4:
* brings a new option to work around optimization issues with
Tomcat and Jetty in server close mode, and for a bug in Jetty's
handling of Expect: 100-continue
* a very old appsession unexpected match of shorter cookie names
was also fixed
* a new feature to make it possible to connect to a server from
an IP found in a header was merged: it allows you to run
stunnel+haproxy in transparent mode together
-------------------------------------------------------------------
Fri Apr 2 23:42:44 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.3:
* fxes a regression introduced in 1.4.2 which could cause a
connection to still be attempted on the server side in case of
an error on the client side; this issue could even lead to a
crash if a Layer7 hash algorithm was used, so this code was
strengthened
* the configuration parser now detects many more inappropriate
options in TCP mode and emits related warnings
* it is now possible to indicate in the configuration that a
server will start in the "disabled" state
* other very minor issues were fixed
-------------------------------------------------------------------
Thu Mar 18 12:00:49 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.2:
* fixes a very rare case of stuck client sessions when using
keep-alive
* fixes a url_param hash bug which could result in a dead server
in very rare situations
* fixes status codes 501 and 505 which could cause a server to be
marked down if on-error was used
* fixes a risk of getting truncated HTTP responses when
chunk-encoding was used
* fixes an issue with anonymous ACLs
* improvements on health checks
-------------------------------------------------------------------
Fri Mar 5 00:45:12 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.1:
* some errors were incorrectly reported as 502 with the flags
"SL" in the logs; this is now fixed
* other minor issues were fixed
* documentation was updated
-------------------------------------------------------------------
Fri Feb 26 20:44:34 UTC 2010 - pascal.bleser@opensuse.org
- update to 1.4.0:
* new features:
+ keep-alive
+ IP-based stickiness
+ consistent hashing
+ support for the RDP protocol
+ a much nicer stats interface
+ a much-improved performance level
* add -fno-strict-aliasing
- changes from 1.4rc1:
* new features:
+ server maintenance mode
+ HTTP authentication (server and proxy)
+ secure passwords
+ conditional request/response header rewriting using ACLs
+ anonymous ACLs that can be declared inline
+ support for HTTP/1.1 101+Upgrade status code to support non-
HTTP protocols such as WebSocket
-------------------------------------------------------------------
Thu Feb 11 15:20:01 UTC 2010 - mrueckert@suse.de
- update to 1.3.23
-------------------------------------------------------------------
Tue Sep 15 14:09:34 CEST 2009 - mrueckert@suse.de
- update to 1.3.20
-------------------------------------------------------------------
Fri Apr 3 13:54:40 CEST 2009 - mrueckert@suse.de
- update to 1.3.17
-------------------------------------------------------------------
Mon Mar 9 16:40:38 CET 2009 - mrueckert@suse.de
- update to 1.3.15.8
-------------------------------------------------------------------
Wed Feb 4 15:13:15 CET 2009 - mrueckert@suse.de
- update to 1.3.15.7
-------------------------------------------------------------------
Mon Sep 15 15:52:45 CEST 2008 - mrueckert@suse.de
- update to 1.3.15.4
-------------------------------------------------------------------
Sun Nov 4 21:21:35 CET 2007 - mrueckert@suse.de
- update to 1.3.13.1:
too many changes see changelog file
-------------------------------------------------------------------
Mon Apr 2 00:53:38 CEST 2007 - mrueckert@suse.de
- prepared spec for easy split out of -snapshot packages.
- added vim syntax file
-------------------------------------------------------------------
Mon Mar 19 17:50:33 CET 2007 - mrueckert@suse.de
- update to 1.2.17:
- replaced the linked-list with a faster rbtree in the scheduler
- add user/group support (Marcus Rueckert)
- add the "except" keyword to the "forwardfor" option (Bryan
Germann)
- re-implemented support for multi-line headers (was
incidently reverted)
- fixed possible crash when no cookie was set on a server
- fixed various length checks in appsession
- fixed unlikely memory leak in appsession in case of memory
shortage
- updates to the architecture guide
- remove haproxy-1.2.16_username_groupname_support.patch:
patch included upstream
-------------------------------------------------------------------
Mon Jan 8 00:27:17 CET 2007 - mrueckert@suse.de
- initial package of 1.2.16
- added 2 patches:
haproxy-1.2.16_config_haproxy_user.patch
haproxy-1.2.16_username_groupname_support.patch
the patches allow to specify username and groupname instead of
uid/gid. The patches are needed as we do not have a static
uid/gid for the haproxy user/group.

248
haproxy.init Normal file
View File

@ -0,0 +1,248 @@
#!/bin/sh
#
### BEGIN INIT INFO
# Provides: haproxy
# Required-Start: $syslog $remote_fs
# Should-Start: $time ypbind sendmail
# Required-Stop: $syslog $remote_fs
# Should-Stop: $time ypbind sendmail
# Default-Start: 3 5
# Default-Stop: 0 1 2 6
# Short-Description: haproxy
# Description: Start haproxy a reliable, high performance TCP/HTTP load balancer
### END INIT INFO
#
# Any extensions to the keywords given above should be preceeded by
# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
#
# Notes on Required-Start/Should-Start:
# * There are two different issues that are solved by Required-Start
# and Should-Start
# (a) Hard dependencies: This is used by the runlevel editor to determine
# which services absolutely need to be started to make the start of
# this service make sense. Example: nfsserver should have
# Required-Start: $portmap
# Also, required services are started before the dependent ones.
# The runlevel editor will warn about such missing hard dependencies
# and suggest enabling. During system startup, you may expect an error,
# if the dependency is not fulfilled.
# (b) Specifying the init script ordering, not real (hard) dependencies.
# This is needed by insserv to determine which service should be
# started first (and at a later stage what services can be started
# in parallel). The tag Should-Start: is used for this.
# It tells, that if a service is available, it should be started
# before. If not, never mind.
# * When specifying hard dependencies or ordering requirements, you can
# use names of services (contents of their Provides: section)
# or pseudo names starting with a $. The following ones are available
# according to LSB (1.1):
# $local_fs all local file systems are mounted
# (most services should need this!)
# $remote_fs all remote file systems are mounted
# (note that /usr may be remote, so
# many services should Require this!)
# $syslog system logging facility up
# $network low level networking (eth card, ...)
# $named hostname resolution available
# $netdaemons all network daemons are running
# The $netdaemons pseudo service has been removed in LSB 1.2.
# For now, we still offer it for backward compatibility.
# These are new (LSB 1.2):
# $time the system time has been set correctly
# $portmap SunRPC portmapping service available
# UnitedLinux extensions:
# $ALL indicates that a script should be inserted
# at the end
# * The services specified in the stop tags
# (Required-Stop/Should-Stop)
# specify which services need to be still running when this service
# is shut down. Often the entries there are just copies or a subset
# from the respective start tag.
# * Should-Start/Stop are now part of LSB as of 2.0,
# formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
# insserv does support both variants.
# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
# (%fillup_and_insserv macro in %post of many RPMs) to specify whether
# a startup script should default to be enabled after installation.
# It's not used by insserv.
#
# Note on runlevels:
# 0 - halt/poweroff 6 - reboot
# 1 - single user 2 - multiuser without network exported
# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
#
# Note on script names:
# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
# A registry has been set up to manage the init script namespace.
# http://www.lanana.org/
# Please use the names already registered or register one or use a
# vendor prefix.
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
HAPROXY_BIN=/usr/sbin/haproxy
test -x $HAPROXY_BIN || { echo "$HAPROXY_BIN not installed";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
HAPROXY_PID="/var/run/haproxy.pid"
HAPROXY_CONF="/etc/haproxy/haproxy.cfg"
## Check for existence of needed config file and read it
#HAPROXY_CONFIG=/etc/sysconfig/haproxy
#test -r $HAPROXY_CONFIG || { echo "$HAPROXY_CONFIG not existing";
# if [ "$1" = "stop" ]; then exit 0;
# else exit 6; fi; }
#
## Read config
#. $HAPROXY_CONFIG
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
. /etc/rc.status
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
function haproxy_check() {
HAPROXY_CONFIG_CHECK="$($HAPROXY_BIN -c -q -f $HAPROXY_CONF 2>&1)"
if [ $? -ne 0 ] ; then
echo "" >&2
echo "$HAPROXY_CONFIG_CHECK" >&2
rc_failed
rc_status -v
exit 1
else
return 0
fi
}
case "$1" in
start)
echo -n "Starting haproxy "
## Start daemon with startproc(8). If this fails
## the return value is set appropriately by startproc.
haproxy_check
/sbin/startproc $HAPROXY_BIN -D -f $HAPROXY_CONF -p $HAPROXY_PID
# Remember status and be verbose
rc_status -v
;;
stop)
echo -n "Shutting down haproxy "
## Stop daemon with killproc(8) and if this fails
## killproc sets the return value according to LSB.
/sbin/killproc -TERM $HAPROXY_BIN
# Remember status and be verbose
rc_status -v
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
# we us reload here for a graceful restart during update
$0 reload
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
haproxy_check
$0 stop
$0 start
# Remember status and be quiet
rc_status
;;
check)
## Stop the service and regardless of whether it was
## running or not, start it again.
echo -n "Checking config of haproxy "
haproxy_check
rc_status -v
;;
reload|force-reload)
## Like force-reload, but if daemon does not support
## signaling, do nothing (!)
haproxy_check
# If it supports signaling:
echo -n "Reload service haproxy "
$HAPROXY_BIN -p $HAPROXY_PID -D -f $HAPROXY_CONF -sf $(cat $HAPROXY_PID)
rc_status -v
;;
status)
echo -n "Checking for service haproxy "
## Check status with checkproc(8), if process is running
## checkproc will return with exit status 0.
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
# NOTE: checkproc returns LSB compliant status values.
/sbin/checkproc $HAPROXY_BIN
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload, print out the
## argument to this init script which is required for a reload.
## Note: probe is not (yet) part of LSB (as of 1.9)
test $HAPROXY_CONF -nt $HAPROXY_PID && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit

107
haproxy.spec Normal file
View File

@ -0,0 +1,107 @@
#
# spec file for package haproxy
#
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
Name: haproxy
Version: 1.4.24
Release: 0
#
License: GPL-2.0+ and LGPL-2.1+
Group: Productivity/Networking/Web/Proxy
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: pcre-devel libgcrypt-devel
BuildRequires: udev
%define pkg_name haproxy
%define pkg_home /var/lib/%{pkg_name}
#
Url: http://haproxy.1wt.eu/
Source: http://haproxy.1wt.eu/download/1.4/src/haproxy-%{version}.tar.gz
Source1: %{pkg_name}.init
Source2: http://haproxy.1wt.eu/download/contrib/haproxy.vim
Patch1: haproxy-1.2.16_config_haproxy_user.patch
Patch2: haproxy-makefile_lib.patch
Source99: haproxy-rpmlintrc
#
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
Provides: %{name}-doc = %{version}
Obsoletes: %{name}-doc < %{version}
%description
HAProxy implements an event-driven, mono-process model which enables support
for very high number of simultaneous connections at very high speeds.
Multi-process or multi-threaded models can rarely cope with thousands of
connections because of memory limits, system scheduler limits, and lock
contention everywhere. Event-driven models do not have these problems because
implementing all the tasks in user-space allows a finer resource and time
management. The down side is that those programs generally don't scale well on
multi-processor systems. That's the reason why they must be optimized to get
the most work done from every CPU cycle.
%prep
%setup -q
%patch1
%patch2
%build
%{__make} \
TARGET=linux26 \
CPU="%{_target_cpu}" \
USE_PCRE=1 \
USE_LIBCRYPT=1 \
LIB="%{_lib}" \
DEBUG="%{optflags} -fno-strict-aliasing"
%install
%{__install} -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name}
%{__install} -D -m 0644 examples/%{pkg_name}.cfg %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
%{__install} -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
%{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
%{__install} -d -m 0755 %{buildroot}%{pkg_home}
%{__install} -D -m 0644 %{S:2} %{buildroot}%{_datadir}/%{pkg_name}/%{pkg_name}.vim
%{__install} -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1
gzip %{buildroot}%{_mandir}/man1/%{pkg_name}.1
%clean
%{?buildroot:%{__rm} -rf %{buildroot}}
%pre
/usr/sbin/groupadd -r %{pkg_name} &>/dev/null ||:
/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r -c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name} &>/dev/null ||:
%post
%fillup_and_insserv %{pkg_name}
%preun
%stop_on_removal %{pkg_name}
%postun
%restart_on_update %{pkg_name}
%{insserv_cleanup}
%files
%defattr(-,root,root,-)
%doc CHANGELOG README LICENSE
%doc ROADMAP TODO doc/* examples
%dir %{_sysconfdir}/%{pkg_name}
%config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
%{_sbindir}/haproxy
%{_sbindir}/rchaproxy
%{pkg_home}
%doc %{_mandir}/man1/%{pkg_name}.1.gz
%{_datadir}/%{pkg_name}
%changelog

164
haproxy.vim Normal file
View File

@ -0,0 +1,164 @@
" Vim syntax file
" Language: HAproxy
" Maintainer: Bruno Michel <brmichel@free.fr>
" Last Change: Mar 30, 2007
" Version: 0.3
" URL: http://haproxy.1wt.eu/
" URL: http://vim.sourceforge.net/scripts/script.php?script_id=1845
" It is suggested to add the following line to $HOME/.vimrc :
" au BufRead,BufNewFile haproxy* set ft=haproxy
" For version 5.x: Clear all syntax items
" For version 6.x: Quit when a syntax file was already loaded
if version < 600
syntax clear
elseif exists("b:current_syntax")
finish
endif
if version >= 600
setlocal iskeyword=_,-,a-z,A-Z,48-57
else
set iskeyword=_,-,a-z,A-Z,48-57
endif
" Escaped chars
syn match hapEscape +\\\(\\\| \|n\|r\|t\|#\|x\x\x\)+
" Comments
syn match hapComment /#.*$/ contains=hapTodo
syn keyword hapTodo contained TODO FIXME XXX
syn case ignore
" Sections
syn match hapSection /^\s*\(global\|defaults\)/
syn match hapSection /^\s*\(listen\|frontend\|backend\|ruleset\)/ skipwhite nextgroup=hapSectLabel
syn match hapSectLabel /\S\+/ skipwhite nextgroup=hapIp1 contained
syn match hapIp1 /\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/ nextgroup=hapIp2 contained
syn match hapIp2 /,\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/hs=s+1 nextgroup=hapIp2 contained
" Parameters
syn keyword hapParam chroot cliexp clitimeout contimeout
syn keyword hapParam daemon debug disabled
syn keyword hapParam enabled
syn keyword hapParam fullconn
syn keyword hapParam gid grace
syn keyword hapParam maxconn monitor-uri
syn keyword hapParam nbproc noepoll nopoll
syn keyword hapParam pidfile
syn keyword hapParam quiet
syn keyword hapParam redispatch retries
syn keyword hapParam reqallow reqdel reqdeny reqpass reqtarpit skipwhite nextgroup=hapRegexp
syn keyword hapParam reqiallow reqidel reqideny reqipass reqitarpit skipwhite nextgroup=hapRegexp
syn keyword hapParam rspdel rspdeny skipwhite nextgroup=hapRegexp
syn keyword hapParam rspidel rspideny skipwhite nextgroup=hapRegexp
syn keyword hapParam reqsetbe reqisetbe skipwhite nextgroup=hapRegexp2
syn keyword hapParam reqadd reqiadd rspadd rspiadd
syn keyword hapParam server source srvexp srvtimeout
syn keyword hapParam uid ulimit-n
syn keyword hapParam reqrep reqirep rsprep rspirep skipwhite nextgroup=hapRegexp
syn keyword hapParam errorloc errorloc302 errorloc303 skipwhite nextgroup=hapStatus
syn keyword hapParam default_backend skipwhite nextgroup=hapSectLabel
syn keyword hapParam appsession skipwhite nextgroup=hapAppSess
syn keyword hapParam bind skipwhite nextgroup=hapIp1
syn keyword hapParam balance skipwhite nextgroup=hapBalance
syn keyword hapParam cookie skipwhite nextgroup=hapCookieNam
syn keyword hapParam capture skipwhite nextgroup=hapCapture
syn keyword hapParam dispatch skipwhite nextgroup=hapIpPort
syn keyword hapParam source skipwhite nextgroup=hapIpPort
syn keyword hapParam mode skipwhite nextgroup=hapMode
syn keyword hapParam monitor-net skipwhite nextgroup=hapIPv4Mask
syn keyword hapParam option skipwhite nextgroup=hapOption
syn keyword hapParam stats skipwhite nextgroup=hapStats
syn keyword hapParam server skipwhite nextgroup=hapServerN
syn keyword hapParam source skipwhite nextgroup=hapServerEOL
syn keyword hapParam log skipwhite nextgroup=hapGLog,hapLogIp
" Options and additional parameters
syn keyword hapAppSess contained len timeout
syn keyword hapBalance contained roundrobin source
syn keyword hapLen contained len
syn keyword hapGLog contained global
syn keyword hapMode contained http tcp health
syn keyword hapOption contained abortonclose allbackups checkcache clitcpka dontlognull forceclose forwardfor
syn keyword hapOption contained httpchk httpclose httplog keepalive logasap persist srvtcpka ssl-hello-chk
syn keyword hapOption contained tcplog tcpka tcpsplice
syn keyword hapOption contained except skipwhite nextgroup=hapIPv4Mask
syn keyword hapStats contained uri realm auth scope enable
syn keyword hapLogFac contained kern user mail daemon auth syslog lpr news nextgroup=hapLogLvl skipwhite
syn keyword hapLogFac contained uucp cron auth2 ftp ntp audit alert cron2 nextgroup=hapLogLvl skipwhite
syn keyword hapLogFac contained local0 local1 local2 local3 local4 local5 local6 local7 nextgroup=hapLogLvl skipwhite
syn keyword hapLogLvl contained emerg alert crit err warning notice info debug
syn keyword hapCookieKey contained rewrite insert nocache postonly indirect prefix nextgroup=hapCookieKey skipwhite
syn keyword hapCapture contained cookie nextgroup=hapNameLen skipwhite
syn keyword hapCapture contained request response nextgroup=hapHeader skipwhite
syn keyword hapHeader contained header nextgroup=hapNameLen skipwhite
syn keyword hapSrvKey contained backup cookie check inter rise fall port source minconn maxconn weight usesrc
syn match hapStatus contained /\d\{3}/
syn match hapIPv4Mask contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\(\/\d\{1,2}\)\?/
syn match hapLogIp contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}/ nextgroup=hapLogFac skipwhite
syn match hapIpPort contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}:\d\{1,5}/
syn match hapServerAd contained /\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\(:[+-]\?\d\{1,5}\)\?/ nextgroup=hapSrvEOL skipwhite
syn match hapNameLen contained /\S\+/ nextgroup=hapLen skipwhite
syn match hapCookieNam contained /\S\+/ nextgroup=hapCookieKey skipwhite
syn match hapServerN contained /\S\+/ nextgroup=hapServerAd skipwhite
syn region hapSrvEOL contained start=/\S/ end=/$/ contains=hapSrvKey
syn region hapRegexp contained start=/\S/ end=/\(\s\|$\)/ skip=/\\ / nextgroup=hapRegRepl skipwhite
syn region hapRegRepl contained start=/\S/ end=/$/ contains=hapComment,hapEscape,hapBackRef
syn region hapRegexp2 contained start=/\S/ end=/\(\s\|$\)/ skip=/\\ / nextgroup=hapSectLabel skipwhite
syn match hapBackref contained /\\\d/
" Transparent is a Vim keyword, so we need a regexp to match it
syn match hapParam +transparent+
syn match hapOption +transparent+ contained
" Define the default highlighting.
" For version 5.7 and earlier: only when not done already
" For version 5.8 and later: only when an item doesn't have highlighting yet
if version < 508
command -nargs=+ HiLink hi link <args>
else
command -nargs=+ HiLink hi def link <args>
endif
HiLink hapEscape SpecialChar
HiLink hapBackRef Special
HiLink hapComment Comment
HiLink hapTodo Todo
HiLink hapSection Constant
HiLink hapSectLabel Identifier
HiLink hapParam Keyword
HiLink hapRegexp String
HiLink hapRegexp2 hapRegexp
HiLink hapIp1 Number
HiLink hapIp2 hapIp1
HiLink hapLogIp hapIp1
HiLink hapIpPort hapIp1
HiLink hapIPv4Mask hapIp1
HiLink hapServerAd hapIp1
HiLink hapStatus Number
HiLink hapOption Operator
HiLink hapAppSess hapOption
HiLink hapBalance hapOption
HiLink hapCapture hapOption
HiLink hapCookieKey hapOption
HiLink hapHeader hapOption
HiLink hapGLog hapOption
HiLink hapLogFac hapOption
HiLink hapLogLvl hapOption
HiLink hapMode hapOption
HiLink hapStats hapOption
HiLink hapLen hapOption
HiLink hapSrvKey hapOption
delcommand HiLink
let b:current_syntax = "haproxy"
" vim: ts=8