From deb5095fcde14f4b45bb9ceeb7f5773aabe7c183aa73f189a3682a8b79142a4b Mon Sep 17 00:00:00 2001 From: Peter Varkoly Date: Fri, 16 Feb 2024 09:26:49 +0000 Subject: [PATCH 1/3] Accepting request 1144067 from home:crameleon:branches:server:http - Set /run/haproxy as the default PID file and socket location (more canonical location for transient files) - Allow custom stats socket names (allows users to define multiple sockets with different access levels as /run/haproxy/stats-*.sock) OBS-URL: https://build.opensuse.org/request/show/1144067 OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=299 --- haproxy-service.patch | 11 +++++++++++ haproxy-tmpfiles.conf | 1 + haproxy.cfg | 2 +- haproxy.changes | 6 ++++++ haproxy.spec | 20 ++++++++++++++++++-- usr.sbin.haproxy.apparmor | 8 ++++++-- 6 files changed, 43 insertions(+), 5 deletions(-) create mode 100644 haproxy-service.patch create mode 100644 haproxy-tmpfiles.conf diff --git a/haproxy-service.patch b/haproxy-service.patch new file mode 100644 index 0000000..f4cc91a --- /dev/null +++ b/haproxy-service.patch @@ -0,0 +1,11 @@ +--- a/admin/systemd/haproxy.service.in 2024-01-18 15:32:19.000000000 +0100 ++++ b/admin/systemd/haproxy.service.in 2024-02-04 23:58:30.873980359 +0100 +@@ -6,7 +6,7 @@ + [Service] + EnvironmentFile=-/etc/default/haproxy + EnvironmentFile=-/etc/sysconfig/haproxy +-Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock" ++Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy/pid" "EXTRAOPTS=-S /run/haproxy/master.sock" + ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS + ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS + ExecReload=/bin/kill -USR2 $MAINPID diff --git a/haproxy-tmpfiles.conf b/haproxy-tmpfiles.conf new file mode 100644 index 0000000..c53bd36 --- /dev/null +++ b/haproxy-tmpfiles.conf @@ -0,0 +1 @@ +D /run/haproxy 0750 root haproxy diff --git a/haproxy.cfg b/haproxy.cfg index 4468995..857de94 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -5,7 +5,7 @@ global user haproxy group haproxy daemon - stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640 level operator + stats socket /run/haproxy/stats.sock user haproxy group haproxy mode 0640 level operator tune.bufsize 32768 tune.ssl.default-dh-param 2048 ssl-default-bind-ciphers ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH diff --git a/haproxy.changes b/haproxy.changes index 87b3cd2..15181e9 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Sun Feb 4 22:52:43 UTC 2024 - Georg Pfuetzenreuter + +- Set /run/haproxy as the default PID file and socket location +- Allow custom stats socket names + ------------------------------------------------------------------- Wed Jan 24 13:40:54 UTC 2024 - varkoly@suse.com diff --git a/haproxy.spec b/haproxy.spec index 2c943fe..bc858fb 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -1,7 +1,7 @@ # # spec file for package haproxy # -# Copyright (c) 2019 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ %bcond_with quic %if 0%{?suse_version} >= 1230 @@ -46,8 +46,10 @@ %if 0%{?suse_version} >= 1500 %bcond_without sysusers +%bcond_without tmpfiles %else %bcond_with sysusers +%bcond_with tmpfiles %endif Name: haproxy @@ -96,9 +98,11 @@ Source2: usr.sbin.haproxy.apparmor Source3: local.usr.sbin.haproxy.apparmor Source4: haproxy.cfg Source5: haproxy-user.conf +Source6: haproxy-tmpfiles.conf Patch1: haproxy-1.6.0_config_haproxy_user.patch Patch2: haproxy-1.6.0-makefile_lib.patch Patch3: haproxy-1.6.0-sec-options.patch +Patch4: haproxy-service.patch # Source98: series Source99: haproxy-rpmlintrc @@ -195,6 +199,9 @@ ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name} %if %{with sysusers} install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf %endif +%if %{with tmpfiles} +install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf +%endif %else install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name} ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name} @@ -224,6 +231,11 @@ rm examples/*init* %if %{with apparmor} && %{with apparmor_reload} %apparmor_reload /etc/apparmor.d/usr.sbin.haproxy %endif +%if %{with systemd} +%if %{with tmpfiles} +%tmpfiles_create %{_tmpfilesdir}/%{name}.conf +%endif +%endif %service_add_post %{pkg_name}.service %preun @@ -268,6 +280,10 @@ getent passwd %{pkg_name} >/dev/null || \ %if %{with sysusers} %{_sysusersdir}/haproxy-user.conf %endif +%if %{with tmpfiles} +%{_tmpfilesdir}/%{name}.conf +%dir %ghost %{_rundir}/%{name} +%endif %else %config(noreplace) %{_sysconfdir}/init.d/%{pkg_name} %endif diff --git a/usr.sbin.haproxy.apparmor b/usr.sbin.haproxy.apparmor index dc3402a..c698d15 100644 --- a/usr.sbin.haproxy.apparmor +++ b/usr.sbin.haproxy.apparmor @@ -28,11 +28,15 @@ profile haproxy /usr/sbin/haproxy { /dev/shm/haproxy_startup_logs_* rwlk, + # old stats socket location, for compatibility /var/lib/haproxy/stats rwl, /var/lib/haproxy/stats.*.bak rwl, /var/lib/haproxy/stats.*.tmp rwl, - /{,var/}run/haproxy.pid rw, - /{,var/}run/haproxy-master.sock* rwlk, + # new stats socket location + /run/haproxy/stats*.sock{,*.{bak,tmp}} rwl, + + /{,var/}run/haproxy/pid rw, + /{,var/}run/haproxy/master.sock* rwlk, /sys/devices/system/node/ r, From 63f04f452c769305f131edfdd9506817cbcc374dfb990b0cb4c8baffa548af61 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Mon, 26 Feb 2024 19:55:48 +0000 Subject: [PATCH 2/3] - Update to version 2.9.6+git0.9eafce5dc: OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=300 --- _service | 1 + _servicedata | 2 +- haproxy-2.9.3+git0.de3ab549a.tar.gz | 3 - haproxy-2.9.6+git0.9eafce5dc.tar.gz | 3 + haproxy.changes | 92 +++++++++++++++++++++++++++++ haproxy.spec | 2 +- 6 files changed, 98 insertions(+), 5 deletions(-) delete mode 100644 haproxy-2.9.3+git0.de3ab549a.tar.gz create mode 100644 haproxy-2.9.6+git0.9eafce5dc.tar.gz diff --git a/_service b/_service index 8c7a99d..66a38dc 100644 --- a/_service +++ b/_service @@ -6,6 +6,7 @@ @PARENT_TAG@+git@TAG_OFFSET@.%h v(.*) \1 + v2.9.6 enable diff --git a/_servicedata b/_servicedata index 27b48e0..2856f53 100644 --- a/_servicedata +++ b/_servicedata @@ -1,6 +1,6 @@ https://git.haproxy.org/git/haproxy-2.9.git - de3ab549a598bd3817bd77ae2ea5c03544637c3d + 9eafce5dcb188671be3adf5b217e30c85f2b0cf3 \ No newline at end of file diff --git a/haproxy-2.9.3+git0.de3ab549a.tar.gz b/haproxy-2.9.3+git0.de3ab549a.tar.gz deleted file mode 100644 index 394c9de..0000000 --- a/haproxy-2.9.3+git0.de3ab549a.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f81e9424ba96082a38a58efa28d37b236152a824a4ffe31bf0cfceb8af164010 -size 4640798 diff --git a/haproxy-2.9.6+git0.9eafce5dc.tar.gz b/haproxy-2.9.6+git0.9eafce5dc.tar.gz new file mode 100644 index 0000000..d21efe0 --- /dev/null +++ b/haproxy-2.9.6+git0.9eafce5dc.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7c5464be0c02ff2c9c2051c47c1116179ebba29155b96024e1a3181bc57640ef +size 4649129 diff --git a/haproxy.changes b/haproxy.changes index 15181e9..745e760 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -1,3 +1,95 @@ +------------------------------------------------------------------- +Mon Feb 26 19:55:05 UTC 2024 - mrueckert@suse.de + +- Update to version 2.9.6+git0.9eafce5dc: + * [RELEASE] Released version 2.9.6 + * BUG/MAJOR: ssl/ocsp: crash with ocsp when old process exit or using ocsp CLI + * BUG/MAJOR: promex: fix crash on deleted server + +------------------------------------------------------------------- +Mon Feb 26 19:54:49 UTC 2024 - mrueckert@suse.de + +- Update to version 2.9.5+git0.260dbb8a6: + * [RELEASE] Released version 2.9.5 + * BUG/MEDIUM: mux-h2: Don't report error on SE for closed H2 streams + * BUG/MEDIUM: mux-h2: Don't report error on SE if error is only pending on H2C + * BUG/MEDIUM: mux-h2: Only Report H2C error on read error if demux buffer is empty + * BUG/MEDIUM: mux-h2: Switch pending error to error if demux buffer is empty + * MINOR: muxes/applet: Simplify checks on options to disable zero-copy forwarding + * BUG/MAJOR: stconn: Check support for zero-copy forwarding on both sides + * MINOR: muxes: Announce support for zero-copy forwarding on consumer side + * MINOR: stconn: Add SE flag to announce zero-copy forwarding on consumer side + * MINOR: stconn: Rename SE_FL_MAY_FASTFWD and reorder bitfield + * CLEANUP: stconn: Move SE flags set by app layer at the end of the bitfield + * BUG/MEDIUM: stconn: Don't check pending shutdown to wake an applet up + * BUG/MEDIUM: stconn: Allow expiration update when READ/WRITE event is pending + * MINOR: quic: Add a counter for reordered packets + * MINOR: quic: Dynamic packet reordering threshold + * MINOR: quic: Update K CUBIC calculation (RFC 9438) + * BUG/MEDIUM: quic: Wrong K CUBIC calculation. + * BUG/MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing + * BUG/MEDIUM: pool: fix rare risk of deadlock in pool_flush() + * BUILD: address a few remaining calloc(size, n) cases + * CI: Update to actions/cache@v4 + * BUG/MEDIUM: cli: fix once for all the problem of missing trailing LFs + * BUG/MINOR: vars/cli: fix missing LF after "get var" output + * DOC: internal: update missing data types in peers-v2.0.txt + * DOC: config: fix misplaced "bytes_{in,out}" + * DOC: config: fix typos for "bytes_{in,out}" + * DOC: config: fix misplaced "txn.conn_retries" + * DOC: install: recommend pcre2 + * REGTESTS: ssl: Add OCSP related tests + * REGTESTS: ssl: Fix empty line in cli command input + * BUG/MINOR: ssl: Reenable ocsp auto-update after an "add ssl crt-list" + * BUG/MINOR: ssl: Destroy ckch instances before the store during deinit + * BUG/MEDIUM: ocsp: Separate refcount per instance and per store + * MINOR: ssl: Use OCSP_CERTID instead of ckch_store in ckch_store_build_certid + * BUG/MINOR: ssl: Clear the ckch instance when deleting a crt-list line + * BUG/MINOR: ssl: Duplicate ocsp update mode when dup'ing ckch + * MINOR: debug: make BUG_ON() catch build errors even without DEBUG_STRICT + * BUILD: debug: remove leftover parentheses in ABORT_NOW() + * MINOR: debug: make ABORT_NOW() store the caller's line number when using abort + * MINOR: debug: make sure calls to ha_crash_now() are never merged + * MINOR: compiler: add a new DO_NOT_FOLD() macro to prevent code folding + * MINOR: quic: Stop using 1024th of a second. + * BUG/MINOR: quic: fix possible integer wrap around in cubic window calculation + * CLEANUP: quic: Code clarifications for QUIC CUBIC (RFC 9438) + * BUG/MINOR: ssl: Fix error message after ssl_sock_load_ocsp call + * BUILD: quic: Variable name typo inside a BUG_ON(). + * BUG/MINOR: quic: Wrong ack ranges handling when reaching the limit. + * BUG/MINOR: diag: run the final diags before quitting when using -c + * BUG/MINOR: diag: always show the version before dumping a diag warning + +------------------------------------------------------------------- +Mon Feb 26 19:54:25 UTC 2024 - mrueckert@suse.de + +- Update to version 2.9.4+git0.4e071ad92: + * [RELEASE] Released version 2.9.4 + * BUG/MEDIUM: h1: always reject the NUL character in header values + * BUG/MINOR: h1-htx: properly initialize the err_pos field + * DOC: httpclient: add dedicated httpclient section + * BUG/MEDIUM: h1: Don't support LF only to mark the end of a chunk size + * BUG/MINOR: h1: Don't support LF only at the end of chunks + * BUG/MEDIUM: quic: fix crash on invalid qc_stream_buf_free() BUG_ON + * BUG/MEDIUM: qpack: allow 6xx..9xx status codes + * BUG/MEDIUM: h3: do not crash on invalid response status code + * MINOR: h3: add traces for stream sending function + * BUG/MAJOR: ssl_sock: Always clear retry flags in read/write functions + * DOC: configuration: clarify http-request wait-for-body + * BUG/MEDIUM: quic: remove unsent data from qc_stream_desc buf + * MINOR: quic: extract qc_stream_buf free in a dedicated function + * MINOR: quic: Stop hardcoding a scale shifting value (CUBIC_BETA_SCALE_FACTOR_SHIFT) + * CLEANUP: quic: Remove unused CUBIC_BETA_SCALE_FACTOR_SHIFT macro. + * BUG/MINOR: quic: newreno QUIC congestion control algorithm no more available + * BUG/MEDIUM: cache: Fix crash when deleting secondary entry + * BUG/MINOR: hlua: fix uninitialized var in hlua_core_get_var() + * BUG/MINOR: jwt: fix jwt_verify crash on 32-bit archs + * BUG/MEDIUM: cli: some err/warn msg dumps add LR into CSV output on stat's CLI + * MINOR: mux-h2/traces: add a missing trace on connection WU with negative inc + * BUG/MEDIUM: mux-h2: refine connection vs stream error on headers + * DOC: configuration: fix set-dst in actions keywords matrix + * BUG/MINOR: h3: fix checking on NULL Tx buffer + ------------------------------------------------------------------- Sun Feb 4 22:52:43 UTC 2024 - Georg Pfuetzenreuter diff --git a/haproxy.spec b/haproxy.spec index bc858fb..0c45dbf 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -53,7 +53,7 @@ %endif Name: haproxy -Version: 2.9.3+git0.de3ab549a +Version: 2.9.6+git0.9eafce5dc Release: 0 # # From d5bbd3f762be8c2ccd20336c8cd6c10d26c7acb5ad59f9dc21616b904259c529 Mon Sep 17 00:00:00 2001 From: Marcus Rueckert Date: Mon, 26 Feb 2024 19:58:07 +0000 Subject: [PATCH 3/3] Adds haproxy-service.patch OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=301 --- haproxy.changes | 1 + 1 file changed, 1 insertion(+) diff --git a/haproxy.changes b/haproxy.changes index 745e760..122f424 100644 --- a/haproxy.changes +++ b/haproxy.changes @@ -94,6 +94,7 @@ Mon Feb 26 19:54:25 UTC 2024 - mrueckert@suse.de Sun Feb 4 22:52:43 UTC 2024 - Georg Pfuetzenreuter - Set /run/haproxy as the default PID file and socket location + Adds haproxy-service.patch - Allow custom stats socket names -------------------------------------------------------------------