diff --git a/_service b/_service
index 8c7a99d..66a38dc 100644
--- a/_service
+++ b/_service
@@ -6,6 +6,7 @@
@PARENT_TAG@+git@TAG_OFFSET@.%h
v(.*)
\1
+ v2.9.6
enable
diff --git a/_servicedata b/_servicedata
index 27b48e0..2856f53 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,6 +1,6 @@
https://git.haproxy.org/git/haproxy-2.9.git
- de3ab549a598bd3817bd77ae2ea5c03544637c3d
+ 9eafce5dcb188671be3adf5b217e30c85f2b0cf3
\ No newline at end of file
diff --git a/haproxy-2.9.3+git0.de3ab549a.tar.gz b/haproxy-2.9.3+git0.de3ab549a.tar.gz
deleted file mode 100644
index 394c9de..0000000
--- a/haproxy-2.9.3+git0.de3ab549a.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f81e9424ba96082a38a58efa28d37b236152a824a4ffe31bf0cfceb8af164010
-size 4640798
diff --git a/haproxy-2.9.6+git0.9eafce5dc.tar.gz b/haproxy-2.9.6+git0.9eafce5dc.tar.gz
new file mode 100644
index 0000000..d21efe0
--- /dev/null
+++ b/haproxy-2.9.6+git0.9eafce5dc.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7c5464be0c02ff2c9c2051c47c1116179ebba29155b96024e1a3181bc57640ef
+size 4649129
diff --git a/haproxy-service.patch b/haproxy-service.patch
new file mode 100644
index 0000000..f4cc91a
--- /dev/null
+++ b/haproxy-service.patch
@@ -0,0 +1,11 @@
+--- a/admin/systemd/haproxy.service.in 2024-01-18 15:32:19.000000000 +0100
++++ b/admin/systemd/haproxy.service.in 2024-02-04 23:58:30.873980359 +0100
+@@ -6,7 +6,7 @@
+ [Service]
+ EnvironmentFile=-/etc/default/haproxy
+ EnvironmentFile=-/etc/sysconfig/haproxy
+-Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
++Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/pid" "EXTRAOPTS=-S /run/haproxy/master.sock"
+ ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
+ ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS
+ ExecReload=/bin/kill -USR2 $MAINPID
diff --git a/haproxy-tmpfiles.conf b/haproxy-tmpfiles.conf
new file mode 100644
index 0000000..c53bd36
--- /dev/null
+++ b/haproxy-tmpfiles.conf
@@ -0,0 +1 @@
+D /run/haproxy 0750 root haproxy
diff --git a/haproxy.cfg b/haproxy.cfg
index 4468995..857de94 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -5,7 +5,7 @@ global
user haproxy
group haproxy
daemon
- stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator
+ stats socket /run/haproxy/stats.sock user haproxy group haproxy mode 0640 level operator
tune.bufsize 32768
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
diff --git a/haproxy.changes b/haproxy.changes
index 87b3cd2..122f424 100644
--- a/haproxy.changes
+++ b/haproxy.changes
@@ -1,3 +1,102 @@
+-------------------------------------------------------------------
+Mon Feb 26 19:55:05 UTC 2024 - mrueckert@suse.de
+
+- Update to version 2.9.6+git0.9eafce5dc:
+ * [RELEASE] Released version 2.9.6
+ * BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI
+ * BUG/MAJOR: promex: fix crash on deleted server
+
+-------------------------------------------------------------------
+Mon Feb 26 19:54:49 UTC 2024 - mrueckert@suse.de
+
+- Update to version 2.9.5+git0.260dbb8a6:
+ * [RELEASE] Released version 2.9.5
+ * BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams
+ * BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C
+ * BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty
+ * BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty
+ * MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding
+ * BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides
+ * MINOR: muxes: Announce support for zero-copy forwarding on consumer side
+ * MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side
+ * MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield
+ * CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield
+ * BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up
+ * BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending
+ * MINOR: quic: Add a counter for reordered packets
+ * MINOR: quic: Dynamic packet reordering threshold
+ * MINOR: quic: Update K CUBIC calculation (RFC 9438)
+ * BUG/MEDIUM: quic: Wrong K CUBIC calculation.
+ * BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing
+ * BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush()
+ * BUILD: address a few remaining calloc(size, n) cases
+ * CI: Update to actions/cache@v4
+ * BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs
+ * BUG/MINOR: vars/cli: fix missing LF after "get var" output
+ * DOC: internal: update missing data types in peers-v2.0.txt
+ * DOC: config: fix misplaced "bytes_{in,out}"
+ * DOC: config: fix typos for "bytes_{in,out}"
+ * DOC: config: fix misplaced "txn.conn_retries"
+ * DOC: install: recommend pcre2
+ * REGTESTS: ssl: Add OCSP related tests
+ * REGTESTS: ssl: Fix empty line in cli command input
+ * BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list"
+ * BUG/MINOR: ssl: Destroy ckch instances before the store during deinit
+ * BUG/MEDIUM: ocsp: Separate refcount per instance and per store
+ * MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid
+ * BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line
+ * BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch
+ * MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT
+ * BUILD: debug: remove leftover parentheses in ABORT_NOW()
+ * MINOR: debug: make ABORT_NOW() store the caller's line number when using abort
+ * MINOR: debug: make sure calls to ha_crash_now() are never merged
+ * MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding
+ * MINOR: quic: Stop using 1024th of a second.
+ * BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation
+ * CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438)
+ * BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call
+ * BUILD: quic: Variable name typo inside a BUG_ON().
+ * BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit.
+ * BUG/MINOR: diag: run the final diags before quitting when using -c
+ * BUG/MINOR: diag: always show the version before dumping a diag warning
+
+-------------------------------------------------------------------
+Mon Feb 26 19:54:25 UTC 2024 - mrueckert@suse.de
+
+- Update to version 2.9.4+git0.4e071ad92:
+ * [RELEASE] Released version 2.9.4
+ * BUG/MEDIUM: h1: always reject the NUL character in header values
+ * BUG/MINOR: h1-htx: properly initialize the err_pos field
+ * DOC: httpclient: add dedicated httpclient section
+ * BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size
+ * BUG/MINOR: h1: Don't support LF only at the end of chunks
+ * BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON
+ * BUG/MEDIUM: qpack: allow 6xx..9xx status codes
+ * BUG/MEDIUM: h3: do not crash on invalid response status code
+ * MINOR: h3: add traces for stream sending function
+ * BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions
+ * DOC: configuration: clarify http-request wait-for-body
+ * BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf
+ * MINOR: quic: extract qc_stream_buf free in a dedicated function
+ * MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT)
+ * CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro.
+ * BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available
+ * BUG/MEDIUM: cache: Fix crash when deleting secondary entry
+ * BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var()
+ * BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs
+ * BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI
+ * MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc
+ * BUG/MEDIUM: mux-h2: refine connection vs stream error on headers
+ * DOC: configuration: fix set-dst in actions keywords matrix
+ * BUG/MINOR: h3: fix checking on NULL Tx buffer
+
+-------------------------------------------------------------------
+Sun Feb 4 22:52:43 UTC 2024 - Georg Pfuetzenreuter
+
+- Set /run/haproxy as the default PID file and socket location
+ Adds haproxy-service.patch
+- Allow custom stats socket names
+
-------------------------------------------------------------------
Wed Jan 24 13:40:54 UTC 2024 - varkoly@suse.com
diff --git a/haproxy.spec b/haproxy.spec
index 2c943fe..0c45dbf 100644
--- a/haproxy.spec
+++ b/haproxy.spec
@@ -1,7 +1,7 @@
#
# spec file for package haproxy
#
-# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
%bcond_with quic
%if 0%{?suse_version} >= 1230
@@ -46,12 +46,14 @@
%if 0%{?suse_version} >= 1500
%bcond_without sysusers
+%bcond_without tmpfiles
%else
%bcond_with sysusers
+%bcond_with tmpfiles
%endif
Name: haproxy
-Version: 2.9.3+git0.de3ab549a
+Version: 2.9.6+git0.9eafce5dc
Release: 0
#
#
@@ -96,9 +98,11 @@ Source2: usr.sbin.haproxy.apparmor
Source3: local.usr.sbin.haproxy.apparmor
Source4: haproxy.cfg
Source5: haproxy-user.conf
+Source6: haproxy-tmpfiles.conf
Patch1: haproxy-1.6.0_config_haproxy_user.patch
Patch2: haproxy-1.6.0-makefile_lib.patch
Patch3: haproxy-1.6.0-sec-options.patch
+Patch4: haproxy-service.patch
#
Source98: series
Source99: haproxy-rpmlintrc
@@ -195,6 +199,9 @@ ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
%if %{with sysusers}
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
%endif
+%if %{with tmpfiles}
+install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
+%endif
%else
install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
@@ -224,6 +231,11 @@ rm examples/*init*
%if %{with apparmor} && %{with apparmor_reload}
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
%endif
+%if %{with systemd}
+%if %{with tmpfiles}
+%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
+%endif
+%endif
%service_add_post %{pkg_name}.service
%preun
@@ -268,6 +280,10 @@ getent passwd %{pkg_name} >/dev/null || \
%if %{with sysusers}
%{_sysusersdir}/haproxy-user.conf
%endif
+%if %{with tmpfiles}
+%{_tmpfilesdir}/%{name}.conf
+%dir %ghost %{_rundir}/%{name}
+%endif
%else
%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
%endif
diff --git a/usr.sbin.haproxy.apparmor b/usr.sbin.haproxy.apparmor
index dc3402a..c698d15 100644
--- a/usr.sbin.haproxy.apparmor
+++ b/usr.sbin.haproxy.apparmor
@@ -28,11 +28,15 @@ profile haproxy /usr/sbin/haproxy {
/dev/shm/haproxy_startup_logs_* rwlk,
+ # old stats socket location, for compatibility
/var/lib/haproxy/stats rwl,
/var/lib/haproxy/stats.*.bak rwl,
/var/lib/haproxy/stats.*.tmp rwl,
- /{,var/}run/haproxy.pid rw,
- /{,var/}run/haproxy-master.sock* rwlk,
+ # new stats socket location
+ /run/haproxy/stats*.sock{,*.{bak,tmp}} rwl,
+
+ /{,var/}run/haproxy/pid rw,
+ /{,var/}run/haproxy/master.sock* rwlk,
/sys/devices/system/node/ r,