SHA256
1
0
forked from pool/haproxy

41 Commits

Author SHA256 Message Date
0e41ed7404 Accepting request 1299269 from server:http
- Update to version 3.2.4+git0.98813a13e:

OBS-URL: https://build.opensuse.org/request/show/1299269
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=164
2025-08-14 09:36:25 +00:00
967a286928 - Update to version 3.2.4+git0.98813a13e:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=334
2025-08-13 16:50:20 +00:00
34ef7e85fd Accepting request 1291449 from server:http
- Update to version 3.2.3+git0.1844da7c6:
  * [RELEASE] Released version 3.2.3
  * BUILD/MEDIUM: deviceatlas: fix when installed in custom locations.
  * BUG/MINOR: http-act: Fix parsing of the expression argument for pause action
  * BUG/MINOR: ssl: crash in ssl_sock_io_cb() with SSL traces and idle connections
  * BUG/MINOR: ssl/ocsp: fix definition discrepancies with ocsp_update_init()
  * BUG/MINOR: quic: Missing TLS 1.3 QUIC cipher suites and groups inits (OpenSSL 3.5 QUIC API)
  * CI: github: update to OpenSSL 3.5.1
  * BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5
  * BUILD: quic: QUIC build against OpenSSL 3.5 broken
  * CI: github: update the stable CI to ubuntu-24.04
  * CI: github: add an OpenSSL 3.5.0 job
  * CI: enable USE_QUIC=1 for OpenSSL versions >= 3.5.0

OBS-URL: https://build.opensuse.org/request/show/1291449
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=163
2025-07-09 15:29:29 +00:00
61db165886 - Update to version 3.2.3+git0.1844da7c6:
* [RELEASE] Released version 3.2.3
  * BUILD/MEDIUM: deviceatlas: fix when installed in custom locations.
  * BUG/MINOR: http-act: Fix parsing of the expression argument for pause action
  * BUG/MINOR: ssl: crash in ssl_sock_io_cb() with SSL traces and idle connections
  * BUG/MINOR: ssl/ocsp: fix definition discrepancies with ocsp_update_init()
  * BUG/MINOR: quic: Missing TLS 1.3 QUIC cipher suites and groups inits (OpenSSL 3.5 QUIC API)
  * CI: github: update to OpenSSL 3.5.1
  * BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5
  * BUILD: quic: QUIC build against OpenSSL 3.5 broken
  * CI: github: update the stable CI to ubuntu-24.04
  * CI: github: add an OpenSSL 3.5.0 job
  * CI: enable USE_QUIC=1 for OpenSSL versions >= 3.5.0

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=333
2025-07-09 09:20:21 +00:00
66fa96f327 Accepting request 1289848 from server:http
- Update to version 3.2.2+git0.a55102f09:

OBS-URL: https://build.opensuse.org/request/show/1289848
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=162
2025-07-02 15:30:56 +00:00
2a379227d3 - Update to version 3.2.2+git0.a55102f09:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=332
2025-07-02 10:10:12 +00:00
5af7ca5968 Accepting request 1287782 from server:http
OBS-URL: https://build.opensuse.org/request/show/1287782
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=161
2025-06-24 18:46:47 +00:00
Peter Varkoly
195d2f83d3 Accepting request 1287667 from home:crameleon:branches:server:http
- Repair rc_symlink conditionals
- Update QUIC documentation in README.SUSE.PACKAGING

OBS-URL: https://build.opensuse.org/request/show/1287667
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=331
2025-06-23 04:08:39 +00:00
0ea7418fe3 Accepting request 1286645 from server:http
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1286645
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=160
2025-06-18 15:58:33 +00:00
66a98a2cf5 - modernize spec file with spec-cleaner. some changes (mostly
whitespaces) got reverted for readability

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=330
2025-06-11 10:51:33 +00:00
854e7a6f4d - Add support to build against aws-lc with --with=awslc or in the
project config
  ```
  %define _with_awslc 1
  Macros:
  %_with_awslc 1
  :Macros
  ```

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=329
2025-06-11 10:46:53 +00:00
759a264a53 Accepting request 1282598 from server:http
VUL-0: CVE-2025-32464: haproxy: HAProxy 2.2 through 3.1.6, in certain
  uncommon configurations, has a sample_conv_regsub heap-based buffer
  overflow because of mishandling of the replacement of multiple short
  patterns with a longer one. (bsc#1240971)

OBS-URL: https://build.opensuse.org/request/show/1282598
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=159
2025-06-04 18:27:29 +00:00
Peter Varkoly
43b169d35f VUL-0: CVE-2025-32464: haproxy: HAProxy 2.2 through 3.1.6, in certain
uncommon configurations, has a sample_conv_regsub heap-based buffer
  overflow because of mishandling of the replacement of multiple short
  patterns with a longer one. (bsc#1240971)

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=328
2025-06-04 08:22:46 +00:00
2bbc771d5b Accepting request 1280971 from server:http
- Update apparmor profile to allow new cpu binding handling

- Update to version 3.2.0+git0.e134140d2:
  https://www.haproxy.com/blog/announcing-haproxy-3-2 
  https://www.mail-archive.com/haproxy@formilux.org/msg45917.html

OBS-URL: https://build.opensuse.org/request/show/1280971
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=158
2025-05-30 12:35:09 +00:00
b15ec4e153 remove broken line
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=327
2025-05-28 17:54:27 +00:00
e7f0aec0b8 - Update apparmor profile to allow new cpu binding handling
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=326
2025-05-28 17:16:15 +00:00
b1953059a2 - Update to version 3.2.0+git0.e134140d2:
https://www.haproxy.com/blog/announcing-haproxy-3-2 
  https://www.mail-archive.com/haproxy@formilux.org/msg45917.html

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=325
2025-05-28 16:40:10 +00:00
847f9a655c Accepting request 1270823 from server:http
- Update to version 3.1.7+git0.c3f408945:

OBS-URL: https://build.opensuse.org/request/show/1270823
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=157
2025-04-20 07:35:02 +00:00
20ef41886f fix sources list
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=324
2025-04-18 12:43:02 +00:00
f80d28e581 - Update to version 3.1.7+git0.c3f408945:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=323
2025-04-18 12:39:11 +00:00
ca7986132d Build with QUIC on Tumbleweed
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=322
2025-03-27 21:17:37 +00:00
21f2a7893b Accepting request 1255020 from server:http
- Update to version 3.1.6+git0.d929ca290:

OBS-URL: https://build.opensuse.org/request/show/1255020
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=156
2025-03-21 19:23:39 +00:00
94fc335f53 - Update to version 3.1.6+git0.d929ca290:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=321
2025-03-21 13:42:17 +00:00
b56a561a2c Accepting request 1252921 from server:http
- Update to version 3.1.5+git0.076df0292:

OBS-URL: https://build.opensuse.org/request/show/1252921
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=155
2025-03-14 22:52:10 +00:00
94939f7e33 - Update to version 3.1.5+git0.076df0292:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=320
2025-03-13 23:14:24 +00:00
fc98941f5a - apparmor: fix debug output when running in a vm (/sys paths
differ from hardware)

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=319
2025-03-13 23:12:08 +00:00
700b890740 Accepting request 1241220 from server:http
- Update to version 3.1.3+git0.929bedf83:

OBS-URL: https://build.opensuse.org/request/show/1241220
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=154
2025-01-30 13:52:01 +00:00
42aa8d8712 - Update to version 3.1.3+git0.929bedf83:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=318
2025-01-29 15:42:12 +00:00
c3714e04fc Accepting request 1230629 from server:http
- Update to version 3.1.1+git0.717960de0:

OBS-URL: https://build.opensuse.org/request/show/1230629
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=153
2024-12-12 20:20:27 +00:00
562bf3feb1 - Update to version 3.1.1+git0.717960de0:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=317
2024-12-12 15:14:26 +00:00
32cb98c389 Accepting request 1228096 from server:http
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1228096
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=152
2024-12-04 14:26:50 +00:00
d75127d1f6 Accepting request 1226579 from server:http
- Update to version 3.1.0+git0.f2b97918e:
  https://www.haproxy.com/blog/announcing-haproxy-3-1

OBS-URL: https://build.opensuse.org/request/show/1226579
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=151
2024-11-26 19:57:22 +00:00
a1fc63cf96 https://www.mail-archive.com/haproxy@formilux.org/msg45435.html
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=316
2024-11-26 18:43:12 +00:00
81275fc656 https://www.haproxy.com/blog/announcing-haproxy-3-1
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=315
2024-11-26 15:03:59 +00:00
53a8febe2f - Update to version 3.1.0+git0.f2b97918e:
* [RELEASE] Released version 3.1.0
  * MINOR: version: mention that 3.1 is stable now
  * DOC: install: update the list of supported versions
  * DOC: management: mention "show sess help" and "show quic help"
  * MINOR: cli/quic: Add a "help" keyword to show quic
  * MINOR: cli: Add a "help" keyword to show sess
  * BUG/MEDIUM: quic: prevent EMSGSIZE with GSO for larger bufsize
  * DOC: quic: Amend the pacing information about BBR.
  * MINOR: quic: make bbr consider the max window size setting
  * BUG/MEDIUM: http-ana: Don't release too early the L7 buffer

OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=314
2024-11-26 15:01:02 +00:00
fb737f344c Accepting request 1222555 from server:http
- Update to version 3.0.6+git0.c2c009086:

OBS-URL: https://build.opensuse.org/request/show/1222555
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=150
2024-11-08 10:59:57 +00:00
23309ade56 - Update to version 3.0.6+git0.c2c009086:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=313
2024-11-07 18:41:19 +00:00
e50bff0d4f Accepting request 1207938 from server:http
- Update to version 3.0.5+git0.8e879a52e: (VUL-0: CVE-2024-49214 boo#1231612)

OBS-URL: https://build.opensuse.org/request/show/1207938
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=149
2024-10-15 12:59:23 +00:00
Peter Varkoly
f05b095d58 Adapt change log
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=312
2024-10-14 13:04:44 +00:00
6cb342b0f6 Accepting request 1204834 from server:http
- Update to version 3.0.5+git0.8e879a52e:

OBS-URL: https://build.opensuse.org/request/show/1204834
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/haproxy?expand=0&rev=148
2024-10-01 15:19:18 +00:00
937d22b54e - Update to version 3.0.5+git0.8e879a52e:
OBS-URL: https://build.opensuse.org/package/show/server:http/haproxy?expand=0&rev=311
2024-09-30 19:37:22 +00:00
9 changed files with 824 additions and 69 deletions

3
README.SUSE Normal file
View File

@@ -0,0 +1,3 @@
Notes regarding QUIC (only available on Tumbleweed):
We currently only build with OpenSSL, this requires setting "limited-quic" in the "global" configuration section (which comes with missing out on 0-RTT support).

14
README.SUSE.PACKAGING Normal file
View File

@@ -0,0 +1,14 @@
Packaging notes regarding QUIC:
By default we enable QUIC with OpenSSL for Tumbleweed. OpenSSL is not the perfect fit - the best recommendation by HAProxy currently seems to be AWS-LC:
https://github.com/haproxy/wiki/wiki/SSL-Libraries-Support-Status#tldr
The project configuration can be adjusted to enable QUIC with AWS-LC:
```
Macros:
%_with_awslc 1
# for < 1600
%_with_quic 1
:Macros
```

View File

@@ -1,12 +1,12 @@
<services>
<service name="tar_scm" mode="manual">
<param name="url">http://git.haproxy.org/git/haproxy-3.0.git/</param>
<param name="url">http://git.haproxy.org/git/haproxy-3.2.git/</param>
<param name="scm">git</param>
<param name="filename">haproxy</param>
<param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="revision">v3.0.4</param>
<param name="revision">v3.2.4</param>
<param name="changesgenerate">enable</param>
</service>

View File

@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-3.0.git/</param>
<param name="changesrevision">7a59afa93ba909a8219307e62f88f81abe7615ef</param>
<param name="url">http://git.haproxy.org/git/haproxy-3.2.git/</param>
<param name="changesrevision">98813a13eb3ff00b7500827c64e1a6ad1aa47bd5</param>
</service>
</servicedata>

BIN
haproxy-3.0.4+git0.7a59afa93.tar.gz (Stored with Git LFS)

Binary file not shown.

View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c3272f81f2ba911add30aa562dd2a2a72c04f4722d2b7d1f1f5ca07f3d85c536
size 5252727

View File

@@ -1,3 +1,701 @@
-------------------------------------------------------------------
Wed Aug 13 16:49:42 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to version 3.2.4+git0.98813a13e:
* [RELEASE] Released version 3.2.4
* BUG/MEDIUM: http-client: Test HTX_FL_EOM flag before commiting the HTX buffer
* BUG/MEDIUM: mux-quic: adjust wakeup behavior
* DOC: config: recommend single quoting passwords
* DOC: management: fix typo in commit f4f93c56
* BUG/MINOR: init: Initialize random seed earlier in the init process
* BUG/MEDIUM: ssl: fix build with AWS-LC
* BUG/MEDIUM: ssl: Fix 0rtt to the server
* MINOR: sock: update broken accept4 detection for older hardwares.
* BUG/MINOR: stick-table: cap sticky counter idx with tune.nb_stk_ctr instead of MAX_SESS_STKCTR
* BUILD: compat: always set _POSIX_VERSION to ease comparisons
* BUILD: compat: provide relaxed versions of the MIN/MAX macros
* DOC: list missing global QUIC settings
* CLEANUP: http-client: Remove useless indentation when sending request body
* BUG/MINOR: mux-quic: ensure close-spread-time is properly applied
* BUG/MINOR mux-quic: apply correctly timeout on output pending data
* BUG/MINOR: hq-interop: fix FIN transmission
* BUG/MINOR: logs: fix log-steps extra log origins selection
* BUG/MEDIUM: threads: Disable the workaround to load libgcc_s on macOS
* BUG/MINOR: halog: exit with error when some output filters are set simultaneosly
* BUG/MINOR: applet: Don't trigger BUG_ON if the tid is not on appctx init
* MINOR: h3: remove unused outbuf in h3_resp_headers_send()
* BUG/MINOR: quic: Wrong source address use on FreeBSD
* BUG/MEDIUM: h3: handle interim response properly on FE side
* MINOR: qmux: change API for snd_buf FIN transmission
* BUG/MINOR: h3: ensure that invalid status code are not encoded (FE side)
* BUG/MINOR: h3: properly realloc buffer after interim response encoding
* BUG/MEDIUM: h3: do not overwrite interim with final response
* BUG/MINOR: h1-htx: Don't forget to init flags in h1_format_htx_msg function
* BUG/MINOR: mux-h1: Use configured error files if possible for early H1 errors
* MINOR: h1-htx: Add function to format an HTX message in its H1 representation
* BUG/MEDIUM: http-client: Notify applet has more data to deliver until the EOM
* BUG/MEDIUM: http-client: Drain the request if an early response is received
* BUG/MINOR: http-client: Reject any 101-switching-protocols response
* BUG/MINOR: http-client: Ignore 1XX interim responses in non-HTX mode
* BUG/MEDIUM: http-client: Ask for more room when request data cannot be xferred
* BUG/MEDIUM: http-client: Properly inc input data when HTX blocks are xferred
* BUG/MEDIUM: http-client: Don't wake http-client applet if nothing was xferred
* BUG/MEDIUM: quic: Crash after QUIC server callbacks restoration (OpenSSL 3.5)
* MINOR: quic: Prevent QUIC build with OpenSSL 3.5 new QUIC API version < 3.5.1
* BUG/MINOR: listener: really assign distinct IDs to shards
* MEDIUM: ssl/cli: relax crt insertion in crt-list of type directory
* DOC: management: clarify usage of -V with -c
* MEDIUM: acme: use lowercase for challenge names in configuration
* BUG/MINOR: acme: possible integer underflow in acme_txt_record()
* MINOR: acme: update the log for DNS-01
* MEDIUM: acme: allow to wait and restart the task for DNS-01
* MINOR: acme: emit the DNS-01 challenge details on the dpapi sink
* MINOR: acme: emit a log for DNS-01 challenge response
* BUG/MEDIUM: hlua_fcn: ensure systematic watcher cleanup for server list iterator
* BUILD: acme: avoid declaring TRACE_SOURCE in acme-t.h
* CLEANUP: ssl: Rename ssl_trace-t.h to ssl_trace.h
* BUG/MEDIUM: mux-quic: ensure Early-data header is set
* BUG/MINOR: hlua: take default-path into account with lua-load-per-thread
* BUG/MEDIUM: logs: fix sess_build_logline_orig() recursion with options
* BUG/MEDIUM: dns: Reset reconnect tempo when connection is finally established
* BUG/MEDIUM: hlua: Report to SC when output data are blocked on a lua socket
* BUG/MEDIUM: hlua: Report to SC when data were consumed on a lua socket
* BUG/MINOR: hlua: Skip headers when a receive is performed on an HTTP applet
* MINOR: acme: implement traces
* MINOR: acme: add ACME to the haproxy -vv feature list
* CLEANUP: acme: fix wrong spelling of "resources"
* BUG/MINOR: acme: allow "processing" in challenge requests
* MINOR: acme: remove acme_req_auth() and use acme_post_as_get() instead
* BUG/MEDIUM: acme: use POST-as-GET instead of GET for resources
* BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers
* DOC: deviceatlas build clarifications
-------------------------------------------------------------------
Wed Jul 09 09:19:41 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to version 3.2.3+git0.1844da7c6:
* [RELEASE] Released version 3.2.3
* BUILD/MEDIUM: deviceatlas: fix when installed in custom locations.
* BUG/MINOR: http-act: Fix parsing of the expression argument for pause action
* BUG/MINOR: ssl: crash in ssl_sock_io_cb() with SSL traces and idle connections
* BUG/MINOR: ssl/ocsp: fix definition discrepancies with ocsp_update_init()
* BUG/MINOR: quic: Missing TLS 1.3 QUIC cipher suites and groups inits (OpenSSL 3.5 QUIC API)
* CI: github: update to OpenSSL 3.5.1
* BUG/MEDIUM: quic: SSL/TCP handshake failures with OpenSSL 3.5
* BUILD: quic: QUIC build against OpenSSL 3.5 broken
* CI: github: update the stable CI to ubuntu-24.04
* CI: github: add an OpenSSL 3.5.0 job
* CI: enable USE_QUIC=1 for OpenSSL versions >= 3.5.0
-------------------------------------------------------------------
Wed Jul 02 10:07:48 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to version 3.2.2+git0.a55102f09:
* [RELEASE] Released version 3.2.2
* BUILD: dev/phash: remove the accidentally committed a.out file
* BUG/MINOR: httpclient: wrongly named httpproxy flag
* DOC: Fix 'jwt_verify' converter doc
* BUG/MINOR: jwt: Copy input and parameters in dedicated buffers in jwt_verify converter
* BUG/MEDIUM: mux-h2: Properly handle connection error during preface sending
* BUG/MEDIUM: hlua: Forbid any L6/L7 sample fetche functions from lua services
* MINOR: ssl: check TLS1.3 ciphersuites again in clienthello with recent AWS-LC
* BUG/MINOR: tools: use my_unsetenv instead of unsetenv
* SCRIPTS: drop the HTML generation from announce-release
* DOC: config: crt-list clarify default cert + cert-bundle
* MINOR: quic: Useless TX buffer size reduction in closing state
* BUG/MINOR: quic: wrong QUIC_FT_CONNECTION_CLOSE(0x1c) frame encoding
* DOC: configuration: add details on prefer-client-ciphers
* BUG/MINOR: log: Be able to use %ID alias at anytime of the stream's evaluation
* BUG/MINOR: stream: Avoid recursive evaluation for unique-id based on itself
* BUG/MINOR: tools: only reset argument start upon new argument
* MINOR: fwlc: Factorize code.
* BUG/MAJOR: fwlc: Count an avoided server as unusable.
* BUG/MINOR: mux-quic/h3: properly handle too low peer fctl initial stream
* DOC: config: prefer-last-server: add notes for non-deterministic algorithms
* BUG/MEDIUM: check: Set SOCKERR by default when a connection error is reported
* MINOR: cli: handle EOS/ERROR first
* BUG/MEDIUM: cli: Don't consume data if outbuf is full or not available
* BUG/MINOR: quic: Fix OSSL_FUNC_SSL_QUIC_TLS_got_transport_params_fn callback (OpenSSL3.5)
* BUG/MINOR: http-ana: Properly handle keep-query redirect option if no QS
* BUG/MINOR: config/server: reject QUIC addresses
-------------------------------------------------------------------
Wed Jul 02 10:07:34 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to version 3.2.1+git0.f4d1a4e27:
* [RELEASE] Released version 3.2.1
* BUG/MINIR: h1: Fix doc of 'accept-unsafe-...-request' about URI parsing
* BUG/MEDIUM: fd: Use the provided tgid in fd_insert() to get tgroup_info
* BUG/MINOR: quic: Missing SSL session object freeing
* BUG/MINOR: config: fix arg number reported on empty arg warning
* BUG/MINOR: config: emit warning for empty args only in discovery mode
* BUG/MEDIUM: cli: Properly parse empty lines and avoid crashed
* BUG/MINOR: mux-spop: Fix null-pointer deref on SPOP stream allocation failure
* BUG/MEDIUM: check: Requeue healthchecks on I/O events to handle check timeout
* BUG/MAJOR: leastconn: Protect tree_elt with the lbprm lock
* DOC: config: Fix a typo in 2.7 (Name format for maps and ACLs)
* BUILD: tools: properly define ha_dump_backtrace() to avoid a build warning
-------------------------------------------------------------------
Mon Jun 30 10:20:11 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- always build with quic when using awslc
-------------------------------------------------------------------
Fri Jun 20 10:44:20 UTC 2025 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Repair rc_symlink conditionals
-------------------------------------------------------------------
Fri Jun 20 00:45:43 UTC 2025 - Georg Pfuetzenreuter <mail+rpm@georg-pfuetzenreuter.net>
- Update QUIC documentation in README.SUSE.PACKAGING
-------------------------------------------------------------------
Wed Jun 11 10:50:55 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- modernize spec file with spec-cleaner. some changes (mostly
whitespaces) got reverted for readability
-------------------------------------------------------------------
Wed Jun 11 10:44:58 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Add support to build against aws-lc with --with=awslc or in the
project config
```
Macros:
%_with_awslc 1
:Macros
```
-------------------------------------------------------------------
Wed May 28 17:15:55 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update apparmor profile to allow new cpu binding handling
-------------------------------------------------------------------
Wed May 28 16:37:31 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to version 3.2.0+git0.e134140d2:
https://www.haproxy.com/blog/announcing-haproxy-3-2
https://www.mail-archive.com/haproxy@formilux.org/msg45917.html
VUL-0: CVE-2025-32464: haproxy: HAProxy 2.2 through 3.1.6, in certain
uncommon configurations, has a sample_conv_regsub heap-based buffer
overflow because of mishandling of the replacement of multiple short
patterns with a longer one. (bsc#1240971)
-------------------------------------------------------------------
Fri Apr 18 12:38:48 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to version 3.1.7+git0.c3f408945:
* [RELEASE] Released version 3.1.7
* BUG/MINOR: rhttp: ensure GOAWAY can be emitted after reversal
* BUG/MINOR: rhttp: fix reconnect if timeout connect unset
* BUG/MINOR: mux-h2: prevent past scheduling with idle connections
* MINOR: compiler: rely on builtin detection for __builtin_unreachable()
* MINOR: debug: make ha_stuck_warning() print the whole message at once
* MINOR: debug: make ha_stuck_warning() only work for the current thread
* MEDIUM: wdt: always make the faulty thread report its own warnings
* MINOR: pass a valid buffer pointer to ha_thread_dump_one()
* MINOR: debug: remove unused case of thr!=tid in ha_thread_dump_one()
* MINOR: debug: always reset the dump pointer when done
* MINOR: tinfo: keep a copy of the pointer to the thread dump buffer
* MINOR: debug: protect ha_dump_backtrace() against risks of re-entrance
* MINOR: tools: protect dladdr() against reentrant calls from the debug handler
* MINOR: tools: also protect the library name resolution against concurrent accesses
* BUG/MINOR: debug: detect and prevent re-entrance in ha_thread_dump_fill()
* BUG/MINOR: wdt/debug: avoid signal re-entrance between debugger and watchdog
* BUG/MINOR debug: fix !USE_THREAD_DUMP in ha_thread_dump_fill()
* BUG/MINOR: threads: set threads_idle and threads_harmless even with no threads
* BUILD: makefile: enable backtrace by default on musl
* MINOR: compiler: add ASSUME_NONNULL() to tell the compiler a pointer is valid
* MINOR: compiler: also enable __builtin_assume() for ASSUME()
* MINOR: compiler: add a new "ASSUME" macro to help the compiler
* MINOR: compiler: add a __has_builtin() macro to detect features more easily
* BUG/MEDIUM: hlua: fix hlua_applet_{http,tcp}_fct() yield regression (lost data)
* BUG/MINOR: h3: reject request URI with invalid characters
* BUG/MINOR: h3: reject invalid :path in request
* BUG/MINOR: h3: filter upgrade connection header
* BUG/MEDIUM: h3: trim whitespaces in header value prior to QPACK encoding
* BUG/MEDIUM: h3: trim whitespaces when parsing headers value
* MINOR: debug: detect call instructions and show the branch target in backtraces
* MINOR: debug: in call traces, dump the 8 bytes before the return address, not after
* MINOR: tools: let dump_addr_and_bytes() support dumping before the offset
* BUILD: quic: fix overflow in global tune
* MINOR: quic: define quic_tune
* MINOR: quic: transform pacing settings into a global option
* MINOR: quic: allow BBR testing without pacing
* MINOR: quic: remove references to burst in quic-cc-algo parsing
* BUG/MEDIUM: http-ana: Report 502 from req analyzer only during rsp forwarding
* BUG/MINOR: http-ana: Properly detect client abort when forwarding the response
* DOC: config: add the missing "force-cfg-parser-pause" to the global kw index
* DOC: config: add the missing "profiling.memory" to the global kw index
* BUG/MINOR: debug: remove the trailing \n from BUG_ON() statements
* BUG/MINOR: hlua: fix invalid errmsg use in hlua_init()
* BUG/MINOR: backend: do not use the source port when hashing clientip
* BUG/MEDIUM: sample: fix risk of overflow when replacing multiple regex back-refs
* BUG/MINOR: log: fix CBOR encoding with LOG_VARTEXT_START() + lf_encode_chunk()
* CLEANUP: log: adjust _lf_cbor_encode_byte() comment
* BUG/MINOR: hlua_fcn: fix potential UAF with Queue:pop_wait()
* MINOR: task: add thread safe notification_new and notification_wake variants
* TESTS: Fix build for filltab25.c
* BUG/MEDIUM: stream: Fix a possible freeze during a forced shut on a stream
* DOC: update INSTALL to reflect the minimum compiler version
* BUILD: quic_sock: address a strict-aliasing build warning with gcc 5 and 6
* BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port
* BUG/MINOR: backend: do not overwrite srv dst address on reuse
* BUG/MINOR: rhttp: fix incorrect dst/dst_port values
* BUILD: compiler: undefine the CONCAT() macro if already defined
* DOC: config: fix two missing "content" in "tcp-request" examples
* BUG/MINOR: config: silence .notice/.warning/.alert in discovery mode
* BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init char arrays
* BUG/MINOR: mux-quic: remove extra BUG_ON() in _qcc_send_stream()
* BUG/MEDIUM: mux-quic: fix crash on RS/SS emission if already close local
* BUG/MEDIUM: peers: prevent learning expiration too far in futur from unsync node
* BUG/MINOR: peers: fix expire learned from a peer not converted from ms to ticks
* MINOR: log: support "raw" logformat node typecast
-------------------------------------------------------------------
Tue Mar 25 18:12:19 UTC 2025 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Build with QUIC on Tumbleweed
-------------------------------------------------------------------
Fri Mar 21 13:41:55 UTC 2025 - mrueckert@suse.de
- Update to version 3.1.6+git0.d929ca290:
* [RELEASE] Released version 3.1.6
* BUILD: tools: avoid a build warning on gcc-4.8 in resolve_sym_name()
* MINOR: tools: teach resolve_sym_name() a few more common symbols
* MINOR: tools: ease the declaration of known symbols in resolve_sym_name()
* MINOR: tools: improve symbol resolution without dl_addr
* MINOR: cli: export cli_io_handler() to ease symbol resolution
* BUG/MEDIUM: stream: don't use localtime in dumps from a signal handler
* MINOR: tinfo: split the signal handler report flags into 3
* IMPORT: plock: use cpu_relax() for a shorter time in EBO
* IMPORT: plock: lower the slope of the exponential back-off
* IMPORT: plock: give higher precedence to W than S
* BUG/MINOR: mux-h2: Reset streams with NO_ERROR code if full response was already sent
* BUG/MEDIUM: hlua/cli: fix cli applet UAF in hlua_applet_wakeup()
* BUG/MINOR: limits: compute_ideal_maxconn: don't cap remain if fd_hard_limit=0
* BUILD: tools: silence a build warning when USE_THREAD=0
* MINOR: tools: use only opportunistic symbols resolution
* BUG/MINOR: stats: fix capabilities and hide settings for some generic metrics
* DOC: management: rename some last occurences from domain "dns" to "resolvers"
* MINOR: compiler: add a new __decl_thread_var() macro to declare local variables
* MINOR: compiler: add a simple macro to concatenate resolved strings
* BUG/MEDIUM: thread: use pthread_self() not ha_pthread[tid] in set_affinity
* MINOR: startup: adjust alert messages, when capabilities are missed
* BUG/MINOR: cfgparse-tcp: relax namespace bind check
* MINOR: stream/cli: make "show sess" support filtering on front/back/server
* MINOR: stream/cli: rework "show sess" to better consider optional arguments
* BUG/MINOR: stream: fix age calculation in "show sess" output
* MINOR: cfgparse/peers: provide more info when ignoring invalid "peer" or "server" lines
* BUG/MINOR: server: dont return immediately from parse_server() when skipping checks
* BUG/MINOR: cfgparse/peers: properly handle ignored local peer case
* BUG/MINOR: cfgparse/peers: fix inconsistent check for missing peer server
* BUG/MEIDUM: startup: return to initial cwd only after check_config_validity()
* BUG/MINOR: log: set proper smp size for balance log-hash
* CLEANUP: log: removing "log-balance" references
* CI: github: fix h2spec.config proxy names
* TESTS: ist: fix wrong array size
* BUG/MINOR: server: check for either proxy-protocol v1 or v2 to send hedaer
* BUG/MEDIUM: mux-fcgi: Try to fully fill demux buffer on receive if not empty
* CLEANUP: h3: fix documentation of h3_rcv_buf()
* BUG/MINOR: h3: do not report transfer as aborted on preemptive response
* BUG/MINOR: server: fix the "server-template" prefix memory leak
* BUG/MEDIUM: server: properly initialize PROXY v2 TLVs
* BUG/MINOR: h2: always trim leading and trailing LWS in header values
* BUG/MEDIUM: stream: use non-blocking freq_ctr calls from the stream dumper
* MINOR: freq_ctr: provide non-blocking read functions
* BUG/MEDIUM: stream: never allocate connection addresses from signal handler
* MINOR: tinfo: add a new thread flag to indicate a call from a sig handler
* BUG/MINOR: mux-h1: always make sure h1s->sd exists in h1_dump_h1s_info()
* BUG/MINOR: stream: do not call co_data() from __strm_dump_to_buffer()
* MINOR: clock: always use atomic ops for global_now_ms
* BUG/MINOR: sink: add tempo between 2 connection attempts for sft servers
* BUG/MINOR: log: fix outgoing abns address family
* BUG/MEDIUM: uxst: fix outgoing abns address family in connect()
* BUG/MINOR: cfgparse: fix NULL ptr dereference in cfg_parse_peers
-------------------------------------------------------------------
Thu Mar 13 23:12:51 UTC 2025 - mrueckert@suse.de
- Update to version 3.1.5+git0.076df0292:
* [RELEASE] Released version 3.1.5
* BUG/MEDIUM: spoe/mux-spop: Introduce an NOOP action to deal with empty ACK
* BUG/MEDIUM: applet: Don't handle EOI/EOS/ERROR is applet is waiting for room
* [RELEASE] Released version 3.1.4
* DOC: option redispatch should mention persist options
* BUG/MINOR: stats-json: Define JSON_INT_MAX as a signed integer
* BUG/MINOR: flt-trace: Support only one name option
* BUG/MINOR: auth: Fix a leak on error path when parsing user's groups
* BUG/MINOR: config/userlist: Support one 'users' option for 'group' directive
* BUG/MINOR: cli: Fix a possible infinite loop in _getsocks()
* BUG/MINOR: cli: Fix memory leak on error for _getsocks command
* BUG/MINOR: cli: Don't set SE flags from the cli applet
* MINOR: mux-spop: Set SPOP_CF_ERROR flag on connection error only
* MINOR: mux-spop: Report EOI on the SE when a ACK is received for a stream
* MINOR: flt-spoe: Report end of input immediately after applet init
* BUG/MEDIUM: flt-spoe: Properly handle end of stream from the SPOE applet
* BUG/MEDIUM: applet: Don't pretend to have more data to handle EOI/EOS/ERROR
* BUG/MEDIUM: flt-spoe: Set/test applet flags instead of SE flags from I/O handler
* BUG/MINOR: http-check: Don't pretend a C-L heeader is set before adding it
* BUG/MINOR: tcp-rules: Don't forward close during tcp-response content rules eval
* BUG/MEDIUM: mux-fcgi: Properly handle read0 on partial records
* DOC: htx: clarify <mark> parameter for htx_xfer_blks()
* BUG/MEDIUM: htx: wrong count computation in htx_xfer_blks()
* MEDIUM: epoll: skip reports of stale file descriptors
* DEBUG: epoll: store and compare the FD's generation count with reported event
* MINOR: fd: add a generation number to file descriptors
* DEBUG: fd: add a counter of takeovers of an FD since it was last opened
* BUG/MEDIUM: chunk: make sure to flush the trash pool before resizing
* MINOR: epoll: permit to mask certain specific events
* MINOR: quic: adapt credit based pacing to BBR
* MINOR: quic: remove unused pacing burst in bind_conf/quic_cc_path
* MEDIUM: quic: use dynamic credit for pacing
* MEDIUM: mux-quic: reduce pacing CPU usage with passive wait
* MEDIUM: quic: implement credit based pacing
* MINOR: mux-quic: increment pacing retry counter on expired
* MINOR: quic: rename pacing_rate cb to pacing_inter
* BUG/MINOR: stktable: invalid use of stkctr_set_entry() with mixed table types
* BUG/MINOR: mux-h2: Properly handle full or truncated HTX messages on shut
* REGTESTS: Fix truncated.vtc to send 0-CRLF
* BUG/MINOR: mux-quic: prevent crash after MUX init failure
* BUG/MINOR: quic: prevent crash on conn access after MUX init failure
* BUG/MINOR: fcgi: Don't set the status to 302 if it is already set
* BUG/MEDIUM: filters: Handle filters registered on data with no payload callback
* BUG/MINOR: cli: Wait for the last ACK when FDs are xferred from the old worker
* BUG/MEDIUM: cli: Be sure to drop all input data in END state
* BUG/MINOR: ssl/cli: "show ssl crt-list" lacks sigals
* BUG/MINOR: ssl/cli: "show ssl crt-list" lacks client-sigals
* BUG/MEDIUM: fd: mark FD transferred to another process as FD_CLONED
* BUG/MINOR: mworker: post_section_parser for the last section in discovery
* BUG/MINOR: mworker: section ignored in discovery after a post_section_parser
* BUG/MINOR: quic: fix CRYPTO payload size calcul for encoding
* BUG/MINOR: quic: reserve length field for long header encoding
* BUG/MEDIUM: debug: close a possible race between thread dump and panic()
* BUG/MEDIUM: ssl: chosing correct certificate using RSA-PSS with TLSv1.3
-------------------------------------------------------------------
Thu Mar 13 23:11:31 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- apparmor: fix debug output when running in a vm (/sys paths
differ from hardware)
-------------------------------------------------------------------
Wed Jan 29 15:41:08 UTC 2025 - mrueckert@suse.de
- Update to version 3.1.3+git0.929bedf83:
* [RELEASE] Released version 3.1.3
* BUILD: ssl: more cleaner approach to WolfSSL without renegotiation
* BUILD: ssl: allow to build without the renegotiation API of WolfSSL
* CLEANUP: quic: remove unused prototype
* BUG/MINOR: stream: Properly handle "on-marked-up shutdown-backup-sessions"
* BUG/MINOR: ssl: put ssl_sock_load_ca under SSL_NO_GENERATE_CERTIFICATES
* BUG/MINOR: quic: do not increase congestion window if app limited
* BUG/MEDIUM: mux-h1: Properly close H1C if an error is reported before sending data
* BUILD: quic: Move an ASSUME_NONNULL() for variable which is not null
* MINOR: quic: Add a BUG_ON() on quic_tx_packet refcount
* BUG/MINOR: quic: ensure a detached coalesced packet can't access its neighbours
* BUG/MINOR: init: set HAPROXY_STARTUP_VERSION from the variable, not the macro
* BUG/MAJOR: log/sink: possible sink collision in sink_new_from_srv()
* BUG/MAJOR: quic: reject too large CRYPTO frames
* BUG/MEDIUM: promex: Use right context pointers to dump backends extra-counters
* BUG/MEDIUM: stktable: fix missing lock on some table converters
* BUG/MINOR: quic: reject NEW_TOKEN frames from clients
* BUG/MINOR: stktable: fix big-endian compatiblity in smp_to_stkey()
-------------------------------------------------------------------
Wed Jan 29 15:40:52 UTC 2025 - mrueckert@suse.de
- Update to version 3.1.2+git0.cda631a79:
* [RELEASE] Released version 3.1.2
* BUG/MEDIUM: h1-htx: Properly handle bodyless messages
* BUG/MEDIUM: promex/resolvers: Don't dump metrics if no nameserver is defined
* BUG/MINOR: mux-quic: handle closure of uni-stream
* MINOR: mux-quic: change return value of qcs_attach_sc()
* MINOR: mux-quic: add traces on sd attach
* BUG/MINOR: mux-quic: fix wakeup on qcc_set_error()
* MINOR: config: Alert about extra arguments for errorfile and errorloc
* BUG/MINOR: log: Allow to use if/unless conditionnals for do-log action
* BUG/MEDIUM: mux-quic: do not attach on already closed stream
* BUG/MAJOR: mux-quic: properly fix BUG_ON on empty STREAM emission
* Revert "BUG/MAJOR: mux-quic: fix BUG_ON on empty STREAM emission"
* BUG/MEDIUM: mux-h2: Count copied data when looping on RX bufs in h2_rcv_buf()
* BUG/MAJOR: mux-quic: fix BUG_ON on empty STREAM emission
* DOC: config: add missing "track-sc0" in action keywords matrix
* BUG/MINOR: stats: fix segfault caused by uninitialized value in "show schema json"
* BUG/MEDIUM: queue: Make process_srv_queue return the number of streams
* MINOR: hlua: rename "tune.lua.preserve-smp-bool" to "tune.lua.bool-sample-conversion"
* BUG/MINOR: h2/rhttp: fix HTTP2 conn counters on reverse
* CLEANUP: mux-quic: remove dead err label in qcc_build_frms()
* BUG/MEDIUM: mux-quic: prevent BUG_ON() by refreshing frms on MAX_DATA
* REGTESTS: fix lua-based regtests using tune.lua.smp-preserve-bool
* MINOR: hlua: add option to preserve bool type from smp to lua
* DOC: config: add "tune.lua.burst-timeout" to the list of global parameters
* DOC: config: reorder "tune.lua.*" keywords by alphabetical order
* DOC: config: add example for server "track" keyword
* MINOR: mux-quic: hide traces when woken up on pacing only
* MINOR: trace: implement tracing disabling API
* MEDIUM: mux-quic: remove pacing specific code on qcc_io_cb
* MEDIUM/OPTIM: mux-quic: do not rebuild frms list on every send
* MINOR: mux-quic: split STREAM and RS/SS emission
* MINOR: mux-quic: extract code to build STREAM frames list
* MEDIUM/OPTIM: mux-quic: implement purg_list
* MEDIUM/OPTIM: mux-quic: define a recv_list for demux resumption
* MINOR: mux-quic: refactor wait-for-handshake support
* MINOR: quic: add traces
* CLEANUP: mux-quic: remove unused qcc member send_retry_list
* BUG/MEDIUM: mux-quic: do not mix qcc_io_send() return codes with pacing
* BUILD: debug: only dump/reset glitch counters when really defined
* BUG/MEDIUM: queues: Do not use pendconn_grab_from_px().
* BUG/MEDIUM: queues: Make sure we call process_srv_queue() when leaving
* BUG/MEDIUM: stconn: Only consider I/O timers to update stream's expiration date
* CLEANUP: quic: Rename some BBR functions in relation with bw probing
* BUG/MINOR: quic: missing Startup accelerating probing bw states
* REGTESTS: ssl: add a PEM with mix of LF and CRLF line endings
* BUG/MINOR: cli: cli_snd_buf: preserve \r\n for payload lines
* BUG/MINOR: quic: too permissive exit condition for high loss detection in Startup (BBR)
* BUG/MINOR: quic: fix the wrong tracked recovery start time value
* CLEANUP: quic: remove a wrong comment about ->app_limited (drs)
* MINOR: quic: reduce the private data size of QUIC cc algos
* BUG/MINOR: quic: reduce packet losses at least during ProbeBW_CRUISE (BBR)
* BUG/MINOR: quic: underflow issue for bbr_inflight_hi_from_lost_packet()
* BUG/MINOR: quic: remove max_bw filter from delivery rate sampling
* BUG/MINOR: quic: wrong bbr_target_inflight() implementation
* BUG/MINOR: quic: fix BBB max bandwidth oscillation issue.
* BUG/MINOR: quic: wrong logical statement in in_recovery_period() (BBR)
* MINOR: window_filter: rely on the time to update the filter samples (QUIC/BBR)
-------------------------------------------------------------------
Thu Dec 12 15:13:23 UTC 2024 - mrueckert@suse.de
- Update to version 3.1.1+git0.717960de0:
* [RELEASE] Released version 3.1.1
* BUG/MINOR: hlua_fcn: restore server pairs iterator pointer consistency
* BUG/MINOR: server-state: Fix expiration date of srvrq_check tasks
* BUG/MINOR: http-fetch: Ignore empty argument string for query()
* BUG/MEDIUM: stats/server: use watcher to track server during stats dump
* MINOR: list: define a watcher type
* BUG/MINOR: stats: decrement srv refcount on stats-file release
* BUG/MINOR: resolvers: handle a possible strdup() failure
* BUG/MINOR: ssl_crtlist: handle a possible strdup() failure
* BUG/MINOR: namespace: handle a possible strdup() failure
* BUG/MEDIUM: mworker: report status, if daemonized master fails
* BUG/MEDIUM: startup: report status if daemonized process fails
* BUG/MEDIUM: startup: don't daemonize if started with -c
* BUG/MINOR: startup: fix error path for master, if can't open pidfile
* BUG/MINOR: mworker: fix -D -W -sf/-st modes
* BUG/MINOR: mworker: don't save program PIDs in oldpids
* BUG/MINOR: mux-h2: fix expression when detecting excess of CONTINUATION frames
* MINOR: mux-h2/glitches: add a description to the H2 glitches
* CLEANUP: mux-h2/traces: reword certain ambiguous traces
* MINOR: mux-h2/traces: add a missing trace on negative initial window size
* BUILD: debug: fix build issues in COUNT_IF() with -Wunused-value
* BUG/MINOR: debug: COUNT_IF() should return true/false
* DOC: config: fix confusing init-state examples
* BUG/MINOR: config: Fix parsing of accept-invalid-http-{request,response}
* BUG/MEDIUM: mux-h2: make sure not to touch dummy streams when sending WU
* BUG/MINOR: quic: remove startup alert if GSO unsupported
* BUG/MINOR: quic: remove startup alert if conn socket-owner unsupported
* BUG/MEDIUM: mux-quic: remove pacing status when everything is sent
* BUG/MINOR: init: do not call fork_poller() for non-forked processes
* BUG/MEDIUM: init: make sure only daemonized processes change their session
* BUG/MINOR: quic: fix bbr_inflight() calls with wrong gain value
* BUG/MINOR: startup: fix pidfile creation
* BUG/MINOR: startup: close pidfd and free global.pidfile in handle_pidfile()
* BUG/MINOR: signal: register default handler for SIGINT in signal_init()
* BUILD: quic: fix a build error about an non initialized timestamp
* BUG/MINOR: h1-htx: Use default reason if not set when formatting the response
* BUG/MEDIUM: http-ana: Reset request flag about data sent to perform a L7 retry
* BUG/MEDIUM: quic: prevent stream freeze on pacing
* BUG/MEDIUM: event_hdl: fix uninitialized value in async mode when no data is provided
* BUG/MINOR: improve BBR throughput on very fast links
* BUG/MINOR: log: fix lf_text() behavior with empty string
* MINOR: proxy: Add support of 421-Misdirected-Request in retry-on status
* BUG/MEDIUM: sock: Remove FD_POLL_HUP during connect() if FD_POLL_ERR is not set
-------------------------------------------------------------------
Tue Nov 26 14:57:39 UTC 2024 - mrueckert@suse.de
- Update to version 3.1.0+git0.f2b97918e:
https://www.mail-archive.com/haproxy@formilux.org/msg45435.html
https://www.haproxy.com/blog/announcing-haproxy-3-1
-------------------------------------------------------------------
Thu Nov 07 18:40:53 UTC 2024 - mrueckert@suse.de
- Update to version 3.0.6+git0.c2c009086:
* [RELEASE] Released version 3.0.6
* MINOR: debug: move the "recover now" warn message after the optional notes
* BUILD: Missing inclusion header for ssize_t type
* BUILD: debug: also declare strlen() in __ABORT_NOW()
* DEBUG: wdt: add a stats counter "BlockedTrafficWarnings" in show info
* DEBUG: wdt: make the blocked traffic warning delay configurable
* DEBUG: cli: make it possible for "debug dev loop" to trigger warnings
* DEBUG: wdt: better detect apparently locked up threads and warn about them
* MINOR: debug: add a function to dump a stuck thread
* MINOR: wdt: move the local timers to a struct
* MINOR: debug: remove the redundant process.thread_info array from post_mortem
* MINOR: debug: also add fdtab and acitvity to struct post_mortem
* MINOR: debug: also add a pointer to struct global to post_mortem
* MINOR: debug: do not limit backtraces to stuck threads
* MINOR: debug: print gdb hints when crashing
* MINOR: connection: add new sample fetch functions fc_err_name and bc_err_name
* MINOR: rawsock: set connection error codes when returning from recv/send/splice
* MINOR: connection: add more connection error codes to cover common errno
* BUG/MINOR: stats: Fix the name for the total number of streams created
* MINOR: stream/stats: Expose the total number of streams ever created in stats
* MINOR: stream/stats: Expose the current number of streams in stats
* MINOR: cli/debug: show dev: add cmdline and version
* BUG/MINOR: quic: fix malformed probing packet building
* CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry
* DOC: config: document connection error 44 (reverse connect failure)
* BUG/MEDIUM: promex: Fix dump of extra counters
* MINOR: stream: Save last evaluated rule on invalid yield
* BUG/MINOR: http-ana: Report internal error if an action yields on a final eval
* BUG/MEDIUM: mux-h1: Fix how timeouts are applied on H1 connections
* DOC: config: add missing glitch_{cnt,rate} sample definitions
* DOC: config: add missing glitch_{cnt,rate} data types
* BUG/MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly
* BUG/MINOR: trace: stop rewriting argv with -dt
* MINOR: cli: remove non-printable characters from 'debug dev fd'
* MINOR: debug: store important pointers in post_mortem
* MINOR: debug: place the post_mortem struct in its own section.
* MINOR: debug: place a magic pattern at the beginning of post_mortem
* MINOR: pools: export the pools variable
* BUILD: debug: silence a build warning with threads disabled
* BUG/MEDIUM: server: fix race on servers_list during server deletion
* BUG/MINOR: stconn: Don't disable 0-copy FF if EOS was reported on consumer side
* BUG/MINOR: http-ana: Fix wrong client abort reports during responses forwarding
* BUG/MEDIUM: stconn: Report blocked send if sends are blocked by an error
* BUG/MINOR: server: fix dynamic server leak with check on failed init
* MINOR: activity/memprofile: show per-DSO stats
* MINOR: activity/memprofile: always return "other" bin on NULL return address
* BUG/MEDIUM: connection/http-reuse: fix address collision on unhandled address families
* BUG/MEDIUM: mux-h2: Remove H2S from send list if data are sent via 0-copy FF
* BUG/MEDIUM: stats-html: Never dump more data than expected during 0-copy FF
* BUG/MINOR: mux-quic: do not close STREAM with empty FIN if no data sent
* BUG/MINOR: mworker: fix mworker-max-reloads parser
* DOC: config: fix rfc7239 forwarded typo in desc
* BUG/MEDIUM: quic: avoid freezing 0RTT connections
* BUG/MINOR: quic: avoid leaking post handshake frames
* REGTESTS: Never reuse server connection in http-messaging/truncated.vtc
* BUG/MAJOR: filters/htx: Add a flag to state the payload is altered by a filter
* BUG/MEDIUM: stconn: Check FF data of SC to perform a shutdown in sc_notify()
* BUG/MINOR: http-ana: Don't report a server abort if response payload is invalid
* BUG/MEDIUM: stconn: Wait iobuf is empty to shut SE down during a check send
* BUG/MINOR: httpclient: return NULL when no proxy available during httpclient_new()
* BUG/MEDIUM: queue: make sure never to queue when there's no more served conns
* BUG/MEDIUM: mux-quic: ensure timeout server is active for short requests
* BUG/MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}()
* BUG/MEDIUM: hlua: make hlua_ctx_renew() safe
* BUG/MEDIUM: server: server stuck in maintenance after FQDN change
* MEDIUM: debug: on panic, make the target thread automatically allocate its buf
* MINOR: debug: replace ha_thread_dump() with its two components
* MINOR: debug: make ha_thread_dump_done() take the pointer to be used
* MINOR: debug: slightly change the thread_dump_pointer signification
* MINOR: debug: split ha_thread_dump() in two parts
* MINOR: chunk: drop the global thread_dump_buffer
* MINOR: debug: make mark_tainted() return the previous value
* BUG/MINOR: http-ana: Disable fast-fwd for unfinished req waiting for upgrade
* BUG/MINOR: mux-h1: Fix condition to set EOI on SE during zero-copy forwarding
* BUG/MEDIUM: queue: always dequeue the backend when redistributing the last server
* MINOR: server: make srv_shutdown_sessions() call pendconn_redistribute()
* BUG/MINOR: queue: make sure that maintenance redispatches server queue
* BUG/MEDIUM: stream: make stream_shutdown() async-safe
* MINOR: task: define two new one-shot events for use with WOKEN_OTHER or MSG
* MINOR: tools: do not attempt to use backtrace() on linux without glibc
* BUILD: tools: only include execinfo.h for the real backtrace() function
* BUG/MINOR: cfgparse-global: fix allowed args number for setenv
* BUG/MINOR: server: make sure the HMAINT state is part of MAINT
* BUG/MEDIUM: cli: Deadlock when setting frontend maxconn
* BUG/MEDIUM: cli: Be sure to catch immediate client abort
* BUG/MINOR: mux-quic: report glitches to session
* REGTESTS: shorten a bit the delay for the h1/h2 upgrade test
* REGTESTS: h1/h2: Update script testing H1/H2 protocol upgrades
* BUG/MEDIUM: mux-h1/mux-h2: Reject upgrades with payload on H2 side only
* MINOR: mux-h1: Set EOI on SE during demux when both side are in DONE state
* BUG/MINOR: h2: reject extended connect for h2c protocol
* BUG/MINOR: h1: do not forward h2c upgrade header token
* MINOR: connection: No longer include stconn type header in connection-t.h
-------------------------------------------------------------------
Mon Sep 30 19:36:53 UTC 2024 - mrueckert@suse.de
- Update to version 3.0.5+git0.8e879a52e: (VUL-0: CVE-2024-49214 boo#1231612)
* [RELEASE] Released version 3.0.5
* BUG/MINOR: quic: prevent freeze after early QCS closure
* BUG/MEDIUM: quic: handle retransmit for standalone FIN STREAM
* MINOR: quic: implement function to check if STREAM is fully acked
* MINOR: quic: convert qc_stream_desc release field to flags
* BUG/MINOR: cfgparse-listen: fix option httpslog override warning message
* BUG/MEDIUM: promex: Wait to have the request before sending the response
* BUG/MEDIUM: cache/stats: Wait to have the request before sending the response
* BUG/MEDIUM: sc_strm/applet: Wake applet after a successfull synchronous send
* DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options
* BUG/MINOR: peers: local entries updates may not be advertised after resync
* BUG/MEDIUM: queue: implement a flag to check for the dequeuing
* BUG/MINOR: clock: validate that now_offset still applies to the current date
* BUG/MINOR: clock: make time jump corrections a bit more accurate
* BUG/MINOR: polling: fix time reporting when using busy polling
* MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option
* BUG/MINOR: pattern: do not leave a leading comma on "set" error messages
* BUG/MINOR: h1-htx: Don't flag response as bodyless when a tunnel is established
* BUG/MAJOR: mux-h1: Wake SC to perform 0-copy forwarding in CLOSING state
* BUG/MEDIUM: pattern: prevent UAF on reused pattern expr
* BUG/MINOR: pattern: prevent const sample from being tampered in pat_match_beg()
* BUG/MEDIUM: clock: detect and cover jumps during execution
* REGTESTS: fix random failures with wrong_ip_port_logging.vtc under load
* DOC: configuration: place the HAPROXY_HTTP_LOG_FMT example on the correct line
* BUG/MINOR: quic: Too short datagram during packet building failures (aws-lc only)
* BUG/MINOR: quic: Crash from trace dumping SSL eary data status (AWS-LC)
* BUG/MEDIUM: quic: always validate sender address on 0-RTT
* MINOR: quic: Add trace for QUIC_EV_CONN_IO_CB event.
* MINOR: quic: Implement qc_ssl_eary_data_accepted().
* MINOR: quic: Modify NEW_TOKEN frame structure (qf_new_token struct)
* BUG/MINOR: quic: Missing incrementation in NEW_TOKEN frame builder
* MINOR: quic: Token for future connections implementation.
* MEDIUM: ssl/quic: implement quic crypto with EVP_AEAD
* MINOR: quic: Implement quic_tls_derive_token_secret().
* MINOR: tools: Implement ipaddrcpy().
* BUG/MEDIUM: clock: also update the date offset on time jumps
* BUILD: quic: 32bits build broken by wrong integer conversions for printf()
* BUG/MINOR: cfgparse-global: remove tune.fast-forward from common_kw_list
* DOC: config: correct the table for option tcplog
* BUG/MINOR: pattern: pat_ref_set: return 0 if err was found
* BUG/MINOR: pattern: pat_ref_set: fix UAF reported by coverity
* BUG/MINOR: h3: properly reject too long header responses
* BUG/MINOR: proto_uxst: delete fd from fdtab if listen() fails
* BUG/MINOR: mux-quic: do not send too big MAX_STREAMS ID
* REGTESTS: mcli: test the pipelined commands on master CLI
* BUG/MEDIUM: mworker/cli: fix pipelined modes on master CLI
* MINOR: channel: implement ci_insert() function
* BUG/MINOR: proto_tcp: keep error msg if listen() fails
* BUG/MINOR: proto_tcp: delete fd from fdtab if listen() fails
* BUG/MINOR: quic/trace: make quic_conn_enc_level_init() emit NEW not CLOSE
* BUG/MINOR: trace/quic: make "qconn" selectable as a lockon criterion
* BUG/MINOR: trace: automatically start in waiting mode with "start <evt>"
* BUG/MEDIUM: trace: fix null deref in lockon mechanism since TRACE_ENABLED()
* BUG/MINOR: trace/quic: permit to lock on frontend/connect/session etc
* BUG/MINOR: trace/quic: enable conn/session pointer recovery from quic_conn
* DOC: configuration: fix alphabetical ordering of {bs,fs}.aborted
* BUG/MINOR: fcgi-app: handle a possible strdup() failure
* BUG/MEDIUM: peer: Notify the applet won't consume data when it waits for sync
* BUG/MEDIUM: mux-h2: Propagate term flags to SE on error in h2s_wake_one_stream
* BUG/MEDIUM: h2: Only report early HTX EOM for tunneled streams
* BUG/MEDIUM: http-ana: Report error on write error waiting for the response
* BUG/MEDIUM: quic: prevent conn freeze on 0RTT undeciphered content
* BUG/MEDIUM: ssl: 0-RTT initialized at the wrong place for AWS-LC
* BUG/MEDIUM: ssl: reactivate 0-RTT for AWS-LC
* BUG/MINOR: stconn: bs.id and fs.id had their dependencies incorrect
* BUILD: mux-pt: Use the right name for the sedesc variable
* BUG/MEDIUM: mux-pt/mux-h1: Release the pipe on connection error on sending path
* BUG/MEDIUM: stconn: Report error on SC on send if a previous SE error was set
* BUG/MEDIUM: server/addr: fix tune.events.max-events-at-once event miss and leak
-------------------------------------------------------------------
Tue Sep 03 14:08:47 UTC 2024 - mrueckert@suse.de
@@ -7133,7 +7831,6 @@ Wed Mar 9 12:00:23 UTC 2011 - mrueckert@suse.de
- update the url_param regression test to test check_post too
-------------------------------------------------------------------
>>>>>>> ./haproxy.changes.r40
Tue Feb 15 14:30:53 UTC 2011 - mrueckert@suse.de
- update to 1.4.11

View File

@@ -14,7 +14,26 @@
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# => notes regarding QUIC in README.SUSE.PACKAGING
%define pkg_name haproxy
%define pkg_home %{_localstatedir}/lib/%{pkg_name}
%{!?vim_data_dir:%global vim_data_dir %{_datadir}/vim/%(readlink %{_datadir}/vim/current)}
%bcond_with awslc
%if 0%{?suse_version} > 1600 || %{with awslc}
%bcond_without quic
%else
%bcond_with quic
%endif
%if 0%{?suse_version} > 1500
%bcond_with rc_symlink
%else
%bcond_without rc_symlink
%endif
%if 0%{?suse_version} >= 1230
%bcond_without tcp_fast_open
%bcond_without network_namespace
@@ -53,11 +72,42 @@
%endif
Name: haproxy
Version: 3.0.4+git0.7a59afa93
Version: 3.2.4+git0.98813a13e
Release: 0
#
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
License: GPL-3.0-or-later AND LGPL-2.1-or-later
Group: Productivity/Networking/Web/Proxy
#
URL: https://www.haproxy.org/
# source URL in _service file
Source: haproxy-%{version}.tar.gz
Source1: %{pkg_name}.init
Source2: usr.sbin.haproxy.apparmor
Source3: local.usr.sbin.haproxy.apparmor
Source4: haproxy.cfg
Source5: haproxy-user.conf
Source6: haproxy-tmpfiles.conf
Source7: README.SUSE
Source8: README.SUSE.PACKAGING
#
Source98: series
Source99: haproxy-rpmlintrc
Patch1: haproxy-1.6.0_config_haproxy_user.patch
Patch2: haproxy-1.6.0-makefile_lib.patch
Patch3: haproxy-1.6.0-sec-options.patch
Patch4: haproxy-service.patch
BuildRequires: libgcrypt-devel
BuildRequires: pcre2-devel
BuildRequires: pkgconfig
BuildRequires: vim
BuildRequires: zlib-devel
Provides: %{name}-doc = %{version}
Obsoletes: %{name}-doc < %{version}
Provides: haproxy-1.5 = %{version}
Obsoletes: haproxy-1.5 < %{version}
#
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with apparmor}
%if 0%{?suse_version} <= 1315
BuildRequires: apparmor-profiles
@@ -70,57 +120,28 @@ Recommends: apparmor-abstractions
BuildRequires: apparmor-rpm-macros
%endif
%endif
BuildRequires: libgcrypt-devel
%if %{with lua}
BuildRequires: lua-devel >= 5.3
%endif
BuildRequires: pcre2-devel
BuildRequires: zlib-devel
%if %{with awslc}
BuildRequires: aws-lc-devel
%else
BuildRequires: openssl-devel
BuildRequires: pkg-config
%endif
%if %{with systemd}
BuildRequires: pkgconfig(systemd)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(systemd)
%if %{with sysusers}
BuildRequires: sysuser-shadow
BuildRequires: sysuser-tools
%endif
%endif
BuildRequires: vim
%define pkg_name haproxy
%define pkg_home /var/lib/%{pkg_name}
#
Url: http://www.haproxy.org/
# source URL in _service file
Source: haproxy-%{version}.tar.gz
Source1: %{pkg_name}.init
Source2: usr.sbin.haproxy.apparmor
Source3: local.usr.sbin.haproxy.apparmor
Source4: haproxy.cfg
Source5: haproxy-user.conf
Source6: haproxy-tmpfiles.conf
Patch1: haproxy-1.6.0_config_haproxy_user.patch
Patch2: haproxy-1.6.0-makefile_lib.patch
Patch3: haproxy-1.6.0-sec-options.patch
Patch4: haproxy-service.patch
#
Source98: series
Source99: haproxy-rpmlintrc
#
Summary: The Reliable, High Performance TCP/HTTP Load Balancer
License: GPL-3.0+ and LGPL-2.1+
Group: Productivity/Networking/Web/Proxy
Provides: %{name}-doc = %{version}
Obsoletes: %{name}-doc < %{version}
Provides: haproxy-1.5 = %{version}
Obsoletes: haproxy-1.5 < %{version}
%if %{with systemd}
%{?systemd_ordering}
%if %{with sysusers}
%sysusers_requires
%endif
%endif
%{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)}
%description
HAProxy implements an event-driven, mono-process model which enables support
@@ -135,20 +156,25 @@ the most work done from every CPU cycle.
%prep
%autosetup -p1
cp %{SOURCE7} .
%build
make %{?_smp_mflags} \
%make_build \
TARGET=linux-glibc \
CPU="%{_target_cpu}" \
USE_PCRE2=1 \
%if %{with pcre2_jit}
USE_PCRE2_JIT=1 \
%endif
%ifarch %ix86
%ifarch %{ix86}
USE_REGPARM=1 \
%endif
USE_GETADDRINFO=1 \
%if %{with awslc}
USE_OPENSSL_AWSLC=1 \
%else
USE_OPENSSL=1 \
%endif
%if %{with lua}
USE_LUA=1 \
%endif
@@ -170,6 +196,9 @@ make %{?_smp_mflags} \
USE_PROMEX=1 \
%if %{with quic}
USE_QUIC=1 \
%if %{without awslc}
USE_QUIC_OPENSSL_COMPAT=1 \
%endif
%endif
%if %{with opentracing}
USE_OT=1 \
@@ -179,23 +208,25 @@ make %{?_smp_mflags} \
%endif
DEBUG_CFLAGS="%{optflags}" V=1
%if %{with systemd}
make -C admin/systemd PREFIX="%{_prefix}"
%make_build -C admin/systemd PREFIX="%{_prefix}"
%if %{with sysusers}
%sysusers_generate_pre %{SOURCE5} haproxy haproxy-user.conf
%endif
%endif
make admin/halog/halog DEBUG_CFLAGS="%{optflags}" V=1
%make_build admin/halog/halog DEBUG_CFLAGS="%{optflags}"
%install
install -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name}
install -d -m 0750 %{buildroot}%{_sysconfdir}/%{pkg_name}/
install -m 0640 %{S:4} %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
install -m 0640 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
install -D -m 0755 admin/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
%if %{with systemd}
install -D -m 0644 admin/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service
%if %{with rc_symlink}
ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
%endif
%if %{with sysusers}
install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
%endif
@@ -203,7 +234,7 @@ install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf
install -D -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/%{name}.conf
%endif
%else
install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
install -D -m 0755 %{SOURCE1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name}
%endif
@@ -211,9 +242,9 @@ install -d -m 0750 %{buildroot}%{pkg_home}
install -D -m 0644 admin/syntax-highlight/haproxy.vim %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
install -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1
%if %{with apparmor}
install -D -m 0644 %{S:2} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy
install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/haproxy
install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
install -D -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/apparmor.d/usr.sbin.haproxy
install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/apparmor.d/local/haproxy
install -D -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/apparmor.d/local/usr.sbin.haproxy
%endif
rm examples/*init*
@@ -229,7 +260,7 @@ rm examples/*init*
%post
%if %{with apparmor} && %{with apparmor_reload}
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
%apparmor_reload %{_sysconfdir}/apparmor.d/usr.sbin.haproxy
%endif
%if %{with systemd}
%if %{with tmpfiles}
@@ -243,19 +274,17 @@ rm examples/*init*
%postun
%service_del_postun %{pkg_name}.service
%else
%pre
getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
getent group %{pkg_name} >/dev/null || %{_sbindir}/groupadd -r %{pkg_name}
getent passwd %{pkg_name} >/dev/null || \
/usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \
%{_sbindir}/useradd -g %{pkg_name} -s /bin/false -r \
-c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name}
%post
%fillup_and_insserv %{pkg_name}
%if %{with apparmor} && %{with apparmor_reload}
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
%apparmor_reload %{_sysconfdir}/apparmor.d/usr.sbin.haproxy
%endif
%preun
@@ -263,17 +292,15 @@ getent passwd %{pkg_name} >/dev/null || \
%postun
%restart_on_update %{pkg_name}
%{insserv_cleanup}
%insserv_cleanup
%endif
%files
%defattr(-,root,root,-)
%license LICENSE
%doc CHANGELOG README
%doc README.SUSE CHANGELOG README.md
%doc doc/* examples/
%doc admin/netsnmp-perl/ admin/selinux/
%dir %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
%dir %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
%config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/*
%if %{with systemd}
%{_unitdir}/%{pkg_name}.service
@@ -289,20 +316,22 @@ getent passwd %{pkg_name} >/dev/null || \
%endif
%{_sbindir}/haproxy
%{_sbindir}/haproxy-halog
%if %{with rc_symlink}
%{_sbindir}/rchaproxy
%endif
%dir %attr(-,root,haproxy) %{pkg_home}
%{_mandir}/man1/%{pkg_name}.1.gz
%{_mandir}/man1/%{pkg_name}.1%{?ext_man}
%dir %{_datadir}/vim
%dir %{vim_data_dir}
%dir %{vim_data_dir}/syntax
%{vim_data_dir}/syntax/%{pkg_name}.vim
%if %{with apparmor}
%if 0%{?suse_version} == 1110
%dir /etc/apparmor.d/local/
%dir %{_sysconfdir}/apparmor.d/local/
%endif
%config(noreplace) /etc/apparmor.d/usr.sbin.haproxy
%config(noreplace) %ghost /etc/apparmor.d/local/haproxy
%config(noreplace) %ghost /etc/apparmor.d/local/usr.sbin.haproxy
%config(noreplace) %{_sysconfdir}/apparmor.d/usr.sbin.haproxy
%config(noreplace) %ghost %{_sysconfdir}/apparmor.d/local/haproxy
%config(noreplace) %ghost %{_sysconfdir}/apparmor.d/local/usr.sbin.haproxy
%endif
%changelog

View File

@@ -43,9 +43,21 @@ profile haproxy /usr/sbin/haproxy {
/sys/devices/system/node/ r,
/sys/devices/system/node/*/cpumap r,
/sys/devices/system/cpu/online r,
/sys/devices/system/node/node[0-9]/cpulist r,
/sys/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/type r,
/sys/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/level r,
/sys/devices/system/cpu/cpu[0-9]*/cache/index[0-9]*/shared_cpu_list r,
/sys/devices/system/cpu/cpu[0-9]*/topology/thread_siblings_list r,
/sys/devices/system/cpu/cpu[0-9]*/topology/cluster_cpus_list r,
/sys/devices/system/cpu/cpu[0-9]*/topology/package_cpus_list r,
/sys/devices/system/cpu/cpu[0-9]*/topology/physical_package_id r,
/sys/devices/system/cpu/cpu[0-9]*/topology/core_siblings_list r,
/sys/class/dmi/id/sys_vendor r,
/sys/devices/virtual/dmi/id/sys_vendor r,
/sys/class/dmi/id/product_family r,
/sys/devices/virtual/dmi/id/product_family r,
/sys/class/dmi/id/product_name r,
/sys/devices/virtual/dmi/id/product_name r,
/sys/class/dmi/id/board_vendor r,
/sys/firmware/devicetree/base/model r,
/sys/class/dmi/id/board_name r,