Accepting request 957631 from server:http

- Update to version 2.5.4+git0.e55ab4208:

OBS-URL: https://build.opensuse.org/request/show/957631
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=113

_service

@@ -6,7 +6,7 @@
     <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="versionrewrite-replacement">\1</param>
-    <param name="revision">v2.5.1</param>
+    <param name="revision">v2.5.4</param>
     <param name="changesgenerate">enable</param>
   </service>
 

_servicedata

@@ -1,6 +1,6 @@
 <servicedata>
   <service name="tar_scm">
     <param name="url">http://git.haproxy.org/git/haproxy-2.5.git</param>
-    <param name="changesrevision">86b093a51d35d13555b0e255d0c1e25313682929</param>
+    <param name="changesrevision">e55ab42089ee38f5db1f1b3dd9d7072691b2a068</param>
   </service>
 </servicedata>

haproxy-2.5.1+git0.86b093a51.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:846fe3a4612082d5a1839519550b4878fba192a2f6f601f4f6ef1fe6795a762e
-size 3918972

haproxy-2.5.4+git0.e55ab4208.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d27f20fc655b71182f8c5d386a05bc2f62b942ff453b6936653069b763c5909b
+size 3926554

haproxy.changes

@@ -1,3 +1,95 @@
+-------------------------------------------------------------------
+Fri Feb 25 16:21:33 UTC 2022 - mrueckert@suse.de
+
+- Update to version 2.5.4+git0.e55ab4208:
+  * [RELEASE] Released version 2.5.4
+  * BUG/MEDIUM: stream: Abort processing if response buffer allocation fails
+  * CI: github: enable pool debugging by default
+  * REGTESTS: fix the race conditions in 40be_2srv_odd_health_checks
+  * BUG/MINOR: proxy: preset the error message pointer to NULL in parse_new_proxy()
+  * DOC: Fix usage/examples of deprecated ACLs
+  * BUG/MAJOR: mux-h2: Be sure to always report HTX parsing error to the app layer
+  * BUG/MEDIUM: mux-h1: Don't wake h1s if mux is blocked on lack of output buffer
+  * BUG/MEDIUM: htx: Be sure to have a buffer to perform a raw copy of a message
+
+-------------------------------------------------------------------
+Thu Feb 24 18:16:09 UTC 2022 - Marcus Rueckert <mrueckert@suse.de>
+
+- apparmor: profile now needs access to /sys/devices/system/node/
+
+-------------------------------------------------------------------
+Fri Feb 18 21:45:27 UTC 2022 - mrueckert@suse.de
+
+- Update to version 2.5.3+git0.abf078b15:
+  * [RELEASE] Released version 2.5.3
+  * DEBUG: buffer: check in __b_put_blk() whether the buffer room is respected
+  * BUG/MEDIUM: httpclient: limit transfers to the maximum available room
+  * BUG/MINOR: tools: url2sa reads ipv4 too far
+  * CLEANUP: httpclient/cli: fix indentation alignment of the help message
+  * BUG/MINOR: ssl: Missing return value check in ssl_ocsp_response_print
+  * BUG/MINOR: ssl: Fix leak in "show ssl ocsp-response" CLI command
+  * BUG/MINOR: ssl: Add missing return value check in ssl_ocsp_response_print
+  * BUG/MINOR: mailers: negotiate SMTP, not ESMTP
+  * BUG/MINOR: httpclient: reinit flags in httpclient_start()
+  * MINOR: httpclient: Don't limit data transfer to 1024 bytes
+  * BUG/MAJOR: compiler: relax alignment constraints on certain structures
+  * BUG/MEDIUM: fd: always align fdtab[] to 64 bytes
+  * BUG/MEDIUM: resolvers: Really ignore trailing dot in domain names
+  * BUG/MINOR: sink: Use the right field in appctx context in release callback
+  * BUG/MINOR: mworker: fix a FD leak of a sockpair upon a failed reload
+  * BUG/MEDIUM: mworker: close unused transferred FDs on load failure
+  * MINOR: sock: move the unused socket cleaning code into its own function
+
+-------------------------------------------------------------------
+Fri Feb 18 21:44:43 UTC 2022 - mrueckert@suse.de
+
+- Update to version 2.5.2+git0.042feec44: (CVE-2022-0711 boo#1196408)
+  * [RELEASE] Released version 2.5.2
+  * BUG/MINOR: mux-h2: update the session's idle delay before creating the stream
+  * BUG/MEDIUM: h2/hpack: fix emission of HPACK DTSU after settings change
+  * REGTESTS: peers: leave a bit more time to peers to synchronize
+  * REGTESTS: server: close an occasional race on dynamic_server_ssl.vtc
+  * BUG/MAJOR: spoe: properly detach all agents when releasing the applet
+  * BUG/MAJOR: http/htx: prevent unbounded loop in http_manage_server_side_cookies
+  * BUG/MINOR: httpclient/cli: display junk characters in vsn
+  * BUG/MINOR: jwt: Memory leak if same key is used in multiple jwt_verify calls
+  * BUG/MINOR: jwt: Missing pkey free during cleanup
+  * BUG/MINOR: jwt: Double free in deinit function
+  * BUG/MINOR: ssl: Remove empty lines from "show ssl ocsp-response <id>" output
+  * BUG/MEDIUM: httpclient: Xfer the request when the stream is created
+  * BUG/MINOR: httpclient: Revisit HC request and response buffers allocation
+  * BUG/MEDIUM: listener: read-lock the listener during accept()
+  * MINOR: listener: replace the listener's spinlock with an rwlock
+  * DEBUG: fd: make sure we never try to insert/delete an impossible FD number
+  * BUG/MINOR: mworker: does not erase the pidfile upon reload
+  * BUG/MAJOR: sched: prevent rare concurrent wakeup of multi-threaded tasks
+  * DEBUG: pools: replace the link pointer with the caller's address on pool_free()
+  * DEBUG: pools: let's add reverse mapping from cache heads to thread and pool
+  * DEBUG: pools: add extra sanity checks when picking objects from a local cache
+  * BUG/MINOR: pools: always flush pools about to be destroyed
+  * BUG/MINOR: mworker: does not add the -sf in wait mode
+  * BUG/MEDIUM: mworker: don't lose the stats socket on failed reload
+  * REGTESTS: ssl: Fix ssl_errors regtest with OpenSSL 1.0.2
+  * DEBUG: pools: add new build option DEBUG_POOL_INTEGRITY
+  * BUILD: debug/cli: condition test of O_ASYNC to its existence
+  * DEBUG: cli: add a new "debug dev fd" expert command
+  * BUG/MINOR: stream: make the call_rate only count the no-progress calls
+  * BUG/MEDIUM: mcli: always realign wrapping buffers before parsing them
+  * BUG/MEDIUM: mcli: do not try to parse empty buffers
+  * BUG/MEDIUM: cli: Never wait for more data on client shutdown
+  * MEDIUM: h2/hpack: emit a Dynamic Table Size Update after settings change
+  * BUG/MINOR: cli: avoid O(bufsize) parsing cost on pipelined commands
+  * MINOR: channel: add new function co_getdelim() to support multiple delimiters
+  * MEDIUM: cli: yield between each pipelined command
+  * DOC: management: mark "set server ssl" as deprecated
+  * BUG/MEDIUM: server: avoid changing healthcheck ctx with set server ssl
+  * BUILD/MINOR: fix solaris build with clang.
+  * BUG/MINOR: httpclient/lua: don't pop the lua stack when getting headers
+  * BUG/MINOR: httpclient: set default Accept and User-Agent headers
+  * BUG/MINOR: httpclient: don't send an empty body
+  * BUG/MEDIUM: htx: Adjust length to add DATA block in an empty HTX buffer
+  * BUG/MEDIUM: connection: properly leave stopping list on error
+
 -------------------------------------------------------------------
 Fri Feb  4 10:13:35 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
 

haproxy.spec

@@ -55,7 +55,7 @@
 %endif
 
 Name:           haproxy
-Version:        2.5.1+git0.86b093a51
+Version:        2.5.4+git0.e55ab4208
 Release:        0
 #
 #

usr.sbin.haproxy.apparmor

@@ -32,6 +32,8 @@ profile haproxy /usr/sbin/haproxy {
   /{,var/}run/haproxy.pid rw,
   /{,var/}run/haproxy-master.sock* rwlk,
 
+  /sys/devices/system/node/ r,
+
   # Site-specific additions and overrides. See local/README for details.
   #include if exists <local/haproxy>
   #include if exists <local/usr.sbin.haproxy>