Accepting request 1151945 from server:http

- Update to version 2.9.6+git0.9eafce5dc: OBS-URL: https://build.opensuse.org/request/show/1151945 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=141
2024-02-27 21:47:47 +00:00 · 2024-02-27 21:47:47 +00:00 · 7f357eb567
commit 7f357eb567
parent c5c1fb4d23 d5bbd3f762
10 changed files with 142 additions and 10 deletions
--- a/1
+++ b/1
@ -6,6 +6,7 @@
    <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
    <param name="versionrewrite-pattern">v(.*)</param>
    <param name="versionrewrite-replacement">\1</param>
+    <param name="revision">v2.9.6</param>
    <param name="changesgenerate">enable</param>
  </service>

--- a/2
+++ b/2
@ -1,6 +1,6 @@
 <servicedata>
  <service name="tar_scm">
    <param name="url">https://git.haproxy.org/git/haproxy-2.9.git</param>
-    <param name="changesrevision">de3ab549a598bd3817bd77ae2ea5c03544637c3d</param>
+    <param name="changesrevision">9eafce5dcb188671be3adf5b217e30c85f2b0cf3</param>
  </service>
 </servicedata>
--- a/haproxy-2.9.3+git0.de3ab549a.tar.gz
+++ b/haproxy-2.9.3+git0.de3ab549a.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f81e9424ba96082a38a58efa28d37b236152a824a4ffe31bf0cfceb8af164010
-size 4640798
--- a/haproxy-2.9.6+git0.9eafce5dc.tar.gz
+++ b/haproxy-2.9.6+git0.9eafce5dc.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7c5464be0c02ff2c9c2051c47c1116179ebba29155b96024e1a3181bc57640ef
+size 4649129
--- a/haproxy-service.patch
+++ b/haproxy-service.patch
@ -0,0 +1,11 @@
+--- a/admin/systemd/haproxy.service.in	2024-01-18 15:32:19.000000000 +0100
+++ b/admin/systemd/haproxy.service.in	2024-02-04 23:58:30.873980359 +0100
+@@ -6,7 +6,7 @@
+ [Service]
+ EnvironmentFile=-/etc/default/haproxy
+ EnvironmentFile=-/etc/sysconfig/haproxy
+-Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
+Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/pid" "EXTRAOPTS=-S /run/haproxy/master.sock"
+ ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
+ ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS
+ ExecReload=/bin/kill -USR2 $MAINPID
--- a/haproxy-tmpfiles.conf
+++ b/haproxy-tmpfiles.conf
@ -0,0 +1 @@
+D /run/haproxy 0750 root haproxy
--- a/haproxy.cfg
+++ b/haproxy.cfg
@ -5,7 +5,7 @@ global
  user haproxy
  group haproxy
  daemon
-  stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
+  stats socket /run/haproxy/stats.sock user haproxy group haproxy mode 0640 level operator
  tune.bufsize 32768
  tune.ssl.default-dh-param 2048
  ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
--- a/haproxy.changes
+++ b/haproxy.changes
@ -1,3 +1,102 @@
+-------------------------------------------------------------------
+Mon Feb 26 19:55:05 UTC 2024 - mrueckert@suse.de
+
+- Update to version 2.9.6+git0.9eafce5dc:
+  * [RELEASE] Released version 2.9.6
+  * BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI
+  * BUG/MAJOR: promex: fix crash on deleted server
+
+-------------------------------------------------------------------
+Mon Feb 26 19:54:49 UTC 2024 - mrueckert@suse.de
+
+- Update to version 2.9.5+git0.260dbb8a6:
+  * [RELEASE] Released version 2.9.5
+  * BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams
+  * BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C
+  * BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty
+  * BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty
+  * MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
+  * BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides
+  * MINOR: muxes: Announce support for zero-copy forwarding on consumer side
+  * MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side
+  * MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield
+  * CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield
+  * BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up
+  * BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending
+  * MINOR: quic: Add a counter for reordered packets
+  * MINOR: quic: Dynamic packet reordering threshold
+  * MINOR: quic: Update K CUBIC calculation (RFC 9438)
+  * BUG/MEDIUM: quic: Wrong K CUBIC calculation.
+  * BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
+  * BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
+  * BUILD: address a few remaining calloc(size, n) cases
+  * CI: Update to actions/cache@v4
+  * BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs
+  * BUG/MINOR: vars/cli: fix missing LF after "get var" output
+  * DOC: internal: update missing data types in peers-v2.0.txt
+  * DOC: config: fix misplaced "bytes_{in,out}"
+  * DOC: config: fix typos for "bytes_{in,out}"
+  * DOC: config: fix misplaced "txn.conn_retries"
+  * DOC: install: recommend pcre2
+  * REGTESTS: ssl: Add OCSP related tests
+  * REGTESTS: ssl: Fix empty line in cli command input
+  * BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list"
+  * BUG/MINOR: ssl: Destroy ckch instances before the store during deinit
+  * BUG/MEDIUM: ocsp: Separate refcount per instance and per store
+  * MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid
+  * BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line
+  * BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
+  * MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT
+  * BUILD: debug: remove leftover parentheses in ABORT_NOW()
+  * MINOR: debug: make ABORT_NOW() store the caller's line number when using abort
+  * MINOR: debug: make sure calls to ha_crash_now() are never merged
+  * MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding
+  * MINOR: quic: Stop using 1024th of a second.
+  * BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation
+  * CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438)
+  * BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call
+  * BUILD: quic: Variable name typo inside a BUG_ON().
+  * BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit.
+  * BUG/MINOR: diag: run the final diags before quitting when using -c
+  * BUG/MINOR: diag: always show the version before dumping a diag warning
+
+-------------------------------------------------------------------
+Mon Feb 26 19:54:25 UTC 2024 - mrueckert@suse.de
+
+- Update to version 2.9.4+git0.4e071ad92:
+  * [RELEASE] Released version 2.9.4
+  * BUG/MEDIUM: h1: always reject the NUL character in header values
+  * BUG/MINOR: h1-htx: properly initialize the err_pos field
+  * DOC: httpclient: add dedicated httpclient section
+  * BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
+  * BUG/MINOR: h1: Don't support LF only at the end of chunks
+  * BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON
+  * BUG/MEDIUM: qpack: allow 6xx..9xx status codes
+  * BUG/MEDIUM: h3: do not crash on invalid response status code
+  * MINOR: h3: add traces for stream sending function
+  * BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions
+  * DOC: configuration: clarify http-request wait-for-body
+  * BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf
+  * MINOR: quic: extract qc_stream_buf free in a dedicated function
+  * MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT)
+  * CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
+  * BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available
+  * BUG/MEDIUM: cache: Fix crash when deleting secondary entry
+  * BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var()
+  * BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs
+  * BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI
+  * MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc
+  * BUG/MEDIUM: mux-h2: refine connection vs stream error on headers
+  * DOC: configuration: fix set-dst in actions keywords matrix
+  * BUG/MINOR: h3: fix checking on NULL Tx buffer
+
+-------------------------------------------------------------------
+Sun Feb  4 22:52:43 UTC 2024 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
+
+- Set /run/haproxy as the default PID file and socket location
+  Adds haproxy-service.patch
+- Allow custom stats socket names
+
 -------------------------------------------------------------------
 Wed Jan 24 13:40:54 UTC 2024 - varkoly@suse.com

--- a/haproxy.spec
+++ b/haproxy.spec
@ -1,7 +1,7 @@
 #
 # spec file for package haproxy
 #
-# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/

 %bcond_with quic
 %if 0%{?suse_version} >= 1230
@ -46,12 +46,14 @@

 %if 0%{?suse_version} >= 1500
 %bcond_without sysusers
+%bcond_without tmpfiles
 %else
 %bcond_with sysusers
+%bcond_with tmpfiles
 %endif

 Name:           haproxy
-Version:        2.9.3+git0.de3ab549a
+Version:        2.9.6+git0.9eafce5dc
 Release:        0
 #
 #
@ -96,9 +98,11 @@ Source2:        usr.sbin.haproxy.apparmor
 Source3:        local.usr.sbin.haproxy.apparmor
 Source4:        haproxy.cfg
 Source5:        haproxy-user.conf
+Source6:        haproxy-tmpfiles.conf
 Patch1:         haproxy-1.6.0_config_haproxy_user.patch
 Patch2:         haproxy-1.6.0-makefile_lib.patch
 Patch3:         haproxy-1.6.0-sec-options.patch
+Patch4:         haproxy-service.patch
 #
 Source98:       series
 Source99:       haproxy-rpmlintrc
@ -195,6 +199,9 @@ ln -sf /sbin/service   %{buildroot}%{_sbindir}/rc%{pkg_name}
 %if %{with sysusers}
 install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
 %endif
+%if %{with tmpfiles}
+install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
+%endif
 %else
 install -D -m 0755 %{S:1}                      %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
 ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
@ -224,6 +231,11 @@ rm examples/*init*
 %if %{with apparmor} && %{with apparmor_reload}
 %apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
 %endif
+%if %{with systemd}
+%if %{with tmpfiles}
+%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
+%endif
+%endif
 %service_add_post %{pkg_name}.service

 %preun
@ -268,6 +280,10 @@ getent passwd %{pkg_name} >/dev/null || \
 %if %{with sysusers}
 %{_sysusersdir}/haproxy-user.conf
 %endif
+%if %{with tmpfiles}
+%{_tmpfilesdir}/%{name}.conf
+%dir %ghost %{_rundir}/%{name}
+%endif
 %else
 %config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
 %endif
--- a/usr.sbin.haproxy.apparmor
+++ b/usr.sbin.haproxy.apparmor
@ -28,11 +28,15 @@ profile haproxy /usr/sbin/haproxy {

  /dev/shm/haproxy_startup_logs_* rwlk,

+  # old stats socket location, for compatibility
  /var/lib/haproxy/stats rwl,
  /var/lib/haproxy/stats.*.bak rwl,
  /var/lib/haproxy/stats.*.tmp rwl,
-  /{,var/}run/haproxy.pid rw,
-  /{,var/}run/haproxy-master.sock* rwlk,
+  # new stats socket location
+  /run/haproxy/stats*.sock{,*.{bak,tmp}} rwl,
+
+  /{,var/}run/haproxy/pid rw,
+  /{,var/}run/haproxy/master.sock* rwlk,

  /sys/devices/system/node/ r,