SHA256
1
0
forked from pool/haproxy

Accepting request 774671 from server:http

OBS-URL: https://build.opensuse.org/request/show/774671
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=82
This commit is contained in:
Dominique Leuenberger 2020-02-19 11:41:00 +00:00 committed by Git OBS Bridge
commit e54ac01865
8 changed files with 179 additions and 16 deletions

View File

@ -6,7 +6,7 @@
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="revision">v2.1.1</param>
<param name="revision">v2.1.3</param>
<param name="changesgenerate">enable</param>
</service>

View File

@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-2.1.git</param>
<param name="changesrevision">4ae521379e97fb23630fc60516e6f19c03a93b58</param>
<param name="changesrevision">5c020bbddc3d9573f02cde383abc983ad0781fc1</param>
</service>
</servicedata>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8a23806a9d221107ae782b3d97e0163ab21d1dff62d147ebdd8d8e4f14a28e92
size 2737454

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e0a0b380bdd6f34240a7470e86d6c83463e8a2a98e2922b6e9fa8a55dd1bcd41
size 2752990

3
haproxy-user.conf Normal file
View File

@ -0,0 +1,3 @@
# Type Name ID GECOS [HOME]
u haproxy - "User for haproxy" /var/lib/haproxy

View File

@ -32,4 +32,3 @@ listen stats
stats enable
stats uri /
stats refresh 5s
rspadd Server:\ haproxy/1.6

View File

@ -1,3 +1,135 @@
-------------------------------------------------------------------
Fri Feb 14 13:23:23 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
- Remove unsupported options from example haproxy.cfg
- Make haproxy useable for containers
- Use sysusers.d to create users.
- Use systemd_ordering instead of requiring systemd.
- Own vim syntax directory instead of requiring vim. This also
solves the problem the directory got never removed if vim is
updated before haproxy.
-------------------------------------------------------------------
Wed Feb 12 15:42:26 UTC 2020 - mrueckert@suse.de
- Update to version 2.1.3+git0.5c020bbdd:
* [RELEASE] Released version 2.1.3
* BUG/MINOR: tcp: don't try to set defaultmss when value is negative
* BUG/MINOR: http-ana: Set HTX_FL_PROXY_RESP flag if a server perform a redirect
* BUG/MINOR: http-ana: Don't overwrite outgoing data when an error is reported
* MINOR: htx/channel: Add a function to copy an HTX message in a channel's buffer
* MINOR: htx: Add a function to append an HTX message to another one
* DOC: word converter ignores delimiters at the start or end of input string
* MINOR: build: add aix72-gcc build TARGET and power{8,9} CPUs
* BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener
* BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init
* BUG/MEDIUM: listener: only consider running threads when resuming listeners
* BUG/MINOR: dns: allow 63 char in hostname
* BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit
* DOC: schematic of the SSL certificates architecture
* BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init
* SCRIPTS: announce-release: allow the user to force to overwrite old files
* SCRIPTS: announce-release: place the send command in the mail's header
* CONTRIB: debug: also support reading values from stdin
* MINOR: acl: Warn when an ACL is named 'or'
* CONTRIB: debug: support reporting multiple values at once
* CONTRIB: debug: add the possibility to decode the value as certain types only
* CONTRIB: debug: add missing flags SF_HTX and SF_MUX
* BUG/MINOR: ssl: clear the SSL errors on DH loading failure
* BUG/MINOR: ssl: we may only ignore the first 64 errors
* BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty.
* BUG/MEDIUM: memory: Add a rwlock before freeing memory.
* MINOR: memory: Only init the pool spinlock once.
* BUG/MEDIUM: memory_pool: Update the seq number in pool_flush().
* BUG/MEDIUM: connections: Don't forget to unlock when killing a connection.
* BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2
* BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer.
* BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error
* BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack
* BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure.
* MINOR: lua: Add HLUA_PREPEND_C?PATH build option
* MINOR: lua: Add lua-prepend-path configuration option
* MINOR: lua: Add hlua_prepend_path function
* BUILD: cfgparse: silence a bogus gcc warning on 32-bit machines
* BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers"
* BUG/MINOR: stktable: report the current proxy name in error messages
* BUG/MEDIUM: 0rtt: Only consider the SSL handshake.
* BUG/MINOR: ssl/cli: ocsp_issuer must be set w/ "set ssl cert"
* BUG/MINOR: ssl: typo in previous patch
* BUG/MINOR: ssl: memory leak w/ the ocsp_issuer
* BUG/MINOR: ssl: increment issuer refcount if in chain
* CLEANUP: stats: shut up a wrong null-deref warning from gcc 9.2
* BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded
* BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent
* BUG/MEDIUM: netscaler: Don't forget to allocate storage for conn->src/dst.
* BUG/MINOR: http_act: don't check capture id in backend
* MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive
* BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak
* BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak
* BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak
* BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing
* BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing
* BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules
* BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters
* BUILD: pattern: include errno.h
* BUG/MINOR: 51d: Fix bug when HTX is enabled
* BUG/MINOR: dns: Make dns_query_id_seed unsigned
* BUG/MINOR: cache: Fix leak of cache name in error path
* BUG/MINOR: pattern: handle errors from fgets when trying to load patterns
* BUG/MEDIUM: connection: add a mux flag to indicate splice usability
* BUG/MINOR: stream: don't mistake match rules for store-request rules
* BUG/MEDIUM: cli: _getsocks must send the peers sockets
* REGTEST: add sample_fetches/hashes.vtc to validate hashes
* BUG/MAJOR: hashes: fix the signedness of the hash inputs
* BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed().
* BUG/MEDIUM: mworker: remain in mworker mode during reload
* REGTEST: mcli/mcli_start_progs: start 2 programs
* BUG/MINOR: cli/mworker: can't start haproxy with 2 programs
* BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary
* BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch
* BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send()
* BUG/MEDIUM: tasks: Use the MT macros in tasklet_free().
* BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached
* BUG/MEDIUM: session: do not report a failure when rejecting a session
* BUG/MINOR: channel: inject output data at the end of output
* BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied
* BUG/MINOR: proxy: Fix input data copy when an error is captured
* BUG/MINOR: h1: Report the right error position when a header value is invalid
* MINOR: ssl: Remove unused variable "need_out".
* MINOR: config: disable busy polling on old processes
* BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection.
* BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready.
* BUG/MINOR: checks: refine which errno values are really errors.
-------------------------------------------------------------------
Fri Feb 07 12:48:02 UTC 2020 - mrueckert@suse.de
- Update to version 2.1.2+git0.d5b6759b5:
* [RELEASE] Released version 2.1.2
* BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility
* BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream
* BUG/MINOR: state-file: do not leak memory on parse errors
* BUG/MINOR: state-file: do not store duplicates in the global tree
* BUG/MEDIUM: state-file: do not allocate a full buffer for each server entry
* BUG/MINOR: ssl: openssl-compat: Fix getm_ defines
* BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd
* MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute
* BUG/MEDIUM: ssl: Revamp the way early data are handled.
* BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing
* MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task
* MINOR: http: add a new "replace-path" action
* MINOR: debug: support logging to various sinks
* BUG/MEDIUM: ssl: Don't set the max early data we can receive too early.
* MINOR: sample: Validate the number of bits for the sha2 converter
* BUG/MINOR: sample: always check converters' arguments
* BUG/MINOR: sample: fix the closing bracket and LF in the debug converter
* DOC: clarify the fact that replace-uri works on a full URI
-------------------------------------------------------------------
Fri Feb 7 12:46:02 UTC 2020 - Marcus Rueckert <mrueckert@suse.de>
- drop the udev buildrequires completely
-------------------------------------------------------------------
Thu Jan 23 13:10:03 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>

View File

@ -46,8 +46,14 @@
%bcond_with apparmor_reload
%endif
%if 0%{?suse_version} >= 1500
%bcond_without sysusers
%else
%bcond_with sysusers
%endif
Name: haproxy
Version: 2.1.1+git0.4ae521379
Version: 2.1.3+git0.5c020bbdd
Release: 0
#
#
@ -72,10 +78,13 @@ BuildRequires: pcre-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
BuildRequires: pkg-config
BuildRequires: pkgconfig(udev)
%if %{with systemd}
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(libsystemd)
%if %{with sysusers}
BuildRequires: sysuser-shadow
BuildRequires: sysuser-tools
%endif
%endif
BuildRequires: vim
%define pkg_name haproxy
@ -88,6 +97,7 @@ Source1: %{pkg_name}.init
Source2: usr.sbin.haproxy.apparmor
Source3: local.usr.sbin.haproxy.apparmor
Source4: haproxy.cfg
Source5: haproxy-user.conf
Patch1: haproxy-1.6.0_config_haproxy_user.patch
Patch2: haproxy-1.6.0-makefile_lib.patch
Patch3: haproxy-1.6.0-sec-options.patch
@ -101,10 +111,11 @@ Provides: %{name}-doc = %{version}
Obsoletes: %{name}-doc < %{version}
Provides: haproxy-1.5 = %{version}
Obsoletes: haproxy-1.5 < %{version}
# this requires is not strictly needed. we only need it for the ownership of the vim data dir
Requires: vim
%if %{with systemd}
%{?systemd_requires}
%{?systemd_ordering}
%if %{with sysusers}
%sysusers_requires
%endif
%endif
%{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}
@ -161,6 +172,9 @@ make \
DEBUG_CFLAGS="%{optflags}" V=1
%if %{with systemd}
make -C contrib/systemd PREFIX="%{_prefix}"
%if %{with sysusers}
%sysusers_generate_pre %{SOURCE5} haproxy
%endif
%endif
make -C contrib/halog PREFIX="%{_prefix}" \
DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"
@ -175,6 +189,9 @@ install -D -m 0755 contrib/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
%if %{with systemd}
install -D -m 0644 contrib/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service
ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
%if %{with sysusers}
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
%endif
%else
install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
@ -190,13 +207,13 @@ install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/us
rm examples/*init*
%pre
getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
getent passwd %{pkg_name} >/dev/null || \
/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \
-c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name}
%if %{with systemd}
%if %{with sysusers}
%pre -f haproxy.pre
%else
%pre
%endif
%service_add_pre %{pkg_name}.service
%post
@ -213,6 +230,12 @@ getent passwd %{pkg_name} >/dev/null || \
%else
%pre
getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
getent passwd %{pkg_name} >/dev/null || \
/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \
-c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name}
%post
%fillup_and_insserv %{pkg_name}
%if %{with apparmor} && %{with apparmor_reload}
@ -238,6 +261,9 @@ getent passwd %{pkg_name} >/dev/null || \
%config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/*
%if %{with systemd}
%{_unitdir}/%{pkg_name}.service
%if %{with sysusers}
%{_sysusersdir}/haproxy-user.conf
%endif
%else
%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
%endif
@ -246,6 +272,9 @@ getent passwd %{pkg_name} >/dev/null || \
%{_sbindir}/rchaproxy
%dir %attr(-,root,haproxy) %{pkg_home}
%{_mandir}/man1/%{pkg_name}.1.gz
%dir %{_datadir}/vim
%dir %{vim_data_dir}
%dir %{vim_data_dir}/syntax
%{vim_data_dir}/syntax/%{pkg_name}.vim
%if %{with apparmor}
%if 0%{?suse_version} == 1110