Accepting request 1219806 from devel:kubic

- Update from 3.1.6 to 3.2.0
- Important: please read the migration guide when migrating to version 3.2.0
- Version 3.2.0 changes
  - acme
      * Remove same email requirement for certresolvers (#11019 by Emrio)
      * Add support for custom CA certificates by certificate resolver (#10816 by ldez)
      * Add 30 day certificatesDuration step (#10970 by luker983)
  - docker
      * Support HTTP BasicAuth for docker and swarm endpoint (#10776 by 985492783)
  - k8s, k8s/gatewayapi
      * Add supported features to the Gateway API GatewayClass status (#11056 by rtribotte)
      * Update sigs.k8s.io/gateway-api to v1.2.0-rc1 (#11124 by rtribotte)
      * Add support for backend protocol selection in HTTP and GRPC routes (#11051 by rtribotte)
      * Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support (#11042 by rtribotte)
      * Support HTTPRoute destination port matching (#11134 by kevinpollet)
      * Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 (#11131 by kevinpollet)
      * Add support for Gateway API BackendTLSPolicies (#11009 by rtribotte)
      * Support NativeLB option in GatewayAPI provider (#11147 by rtribotte)
      * Support ResponseHeaderModifier filter (#10987 by kevinpollet)
      * Support GRPC routes (#10975 by kevinpollet)
      * Bump sigs.k8s.io/gateway-api to v1.2.0 (#11167 by rtribotte)
      * Ensuring Gateway API reflected Traefik resource name unicity (#11222 by rtribotte)
      * Preserve GRPCRoute filters order (#11199 by kevinpollet)
      * Support http and https appProtocol for Kubernetes Service (#11176 by WillDaSilva)
      * Avoid updating Accepted status for routes matching no Gateways (#11170 by rtribotte)
      * Do not update gateway status when not selected by a gateway class (#11169 by kevinpollet)
      * Document nativeLBByDefault annotation on Kubernetes Gateway provider (#11209 by mloiseleur)
  - k8s/crd, k8s
      * Detail CRD update with v3.2 in the migration guide (#11164 by mloiseleur)
  - k8s/gatewayapi
      * Add missing RBAC in the migration guide (#11189 by mloiseleur)
  - k8s
      * Fix instructions for downloading CRDs of Gateway API v1.2 (#11191 by mloiseleur)
  - metrics, otel
      * Allow setting service.name for OTLP metrics (#10917 by cmartell-at-ocp)
  - middleware
      * Record trace id and EntryPoint span id into access log (#10921 by weijiany)
      * Support LogUserHeader with forwardAuth middleware (#10833 by GaleHuang)
      * Add encodings option to the compression middleware (#10943 by wollomatic)
      * Add support for ipv6 subnet in ipStrategy (#9747 by michal-kralik)
  - nomad
      * Support for watching instead of polling Nomad (#10997 by deverton-godaddy)
  - server
      * Introduce a fast proxy mode to improve HTTP/1.1 performances with backends (#11122 by kevinpollet)
      * Configurable max request header size (#10995 by lucasrod16)
  - service
      * Add mirrorBody option to HTTP mirroring (#11032 by MatteoPaier)
      * Add an option to preserve server path (#11192 by mmatur)
      * Detect and drop broken conns in the fastproxy pool (#11212 by kevinpollet)
  - Merge branch v3.1 into v3.2 (#11219 by kevinpollet)
  - Merge branch v3.1 into master (#11153 by kevinpollet)
- Version 3.1.7 changes
  - k8s
    * Preserve HTTPRoute filters order (#11198 by kevinpollet)
  - Merge branch v2.11 into v3.1

OBS-URL: https://build.opensuse.org/request/show/1219806
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/traefik?expand=0&rev=24

90-traefik.conf

@@ -0,0 +1,9 @@
+#
+# Increase the maximum UDP Buffer size to prevent dropping
+# incoming packaets by the kernel
+#
+# https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
+#
+
+net.core.rmem_max=7500000
+net.core.wmem_max=7500000

traefik-v3.1.2.src.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d8cada1d42e2fad4cbe15b75e8db21647b520ffd49dd09814cc1131c3fe02d00
-size 11491439

traefik-v3.2.0.src.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2c9a788a6207350999a49cc086e456f1287233df3000a25e1147d7b935dc99f2
+size 11548319

traefik.changes

@@ -1,3 +1,118 @@
+-------------------------------------------------------------------
+Thu Oct 31 01:26:24 UTC 2024 - Eric Torres <eric.torres@its-et.me>
+
+- Update from 3.1.6 to 3.2.0
+
+- Important: please read the migration guide when migrating to version 3.2.0
+
+- Version 3.2.0 changes
+  - acme
+      * Remove same email requirement for certresolvers (#11019 by Emrio)
+      * Add support for custom CA certificates by certificate resolver (#10816 by ldez)
+      * Add 30 day certificatesDuration step (#10970 by luker983)
+  - docker
+      * Support HTTP BasicAuth for docker and swarm endpoint (#10776 by 985492783)
+  - k8s, k8s/gatewayapi
+      * Add supported features to the Gateway API GatewayClass status (#11056 by rtribotte)
+      * Update sigs.k8s.io/gateway-api to v1.2.0-rc1 (#11124 by rtribotte)
+      * Add support for backend protocol selection in HTTP and GRPC routes (#11051 by rtribotte)
+      * Improve Kubernetes GatewayAPI TCPRoute and TLSRoute support (#11042 by rtribotte)
+      * Support HTTPRoute destination port matching (#11134 by kevinpollet)
+      * Bump sigs.k8s.io/gateway-api to v1.2.0-rc2 (#11131 by kevinpollet)
+      * Add support for Gateway API BackendTLSPolicies (#11009 by rtribotte)
+      * Support NativeLB option in GatewayAPI provider (#11147 by rtribotte)
+      * Support ResponseHeaderModifier filter (#10987 by kevinpollet)
+      * Support GRPC routes (#10975 by kevinpollet)
+      * Bump sigs.k8s.io/gateway-api to v1.2.0 (#11167 by rtribotte)
+      * Ensuring Gateway API reflected Traefik resource name unicity (#11222 by rtribotte)
+      * Preserve GRPCRoute filters order (#11199 by kevinpollet)
+      * Support http and https appProtocol for Kubernetes Service (#11176 by WillDaSilva)
+      * Avoid updating Accepted status for routes matching no Gateways (#11170 by rtribotte)
+      * Do not update gateway status when not selected by a gateway class (#11169 by kevinpollet)
+      * Document nativeLBByDefault annotation on Kubernetes Gateway provider (#11209 by mloiseleur)
+  - k8s/crd, k8s
+      * Detail CRD update with v3.2 in the migration guide (#11164 by mloiseleur)
+  - k8s/gatewayapi
+      * Add missing RBAC in the migration guide (#11189 by mloiseleur)
+  - k8s
+      * Fix instructions for downloading CRDs of Gateway API v1.2 (#11191 by mloiseleur)
+  - metrics, otel
+      * Allow setting service.name for OTLP metrics (#10917 by cmartell-at-ocp)
+  - middleware
+      * Record trace id and EntryPoint span id into access log (#10921 by weijiany)
+      * Support LogUserHeader with forwardAuth middleware (#10833 by GaleHuang)
+      * Add encodings option to the compression middleware (#10943 by wollomatic)
+      * Add support for ipv6 subnet in ipStrategy (#9747 by michal-kralik)
+  - nomad
+      * Support for watching instead of polling Nomad (#10997 by deverton-godaddy)
+  - server
+      * Introduce a fast proxy mode to improve HTTP/1.1 performances with backends (#11122 by kevinpollet)
+      * Configurable max request header size (#10995 by lucasrod16)
+  - service
+      * Add mirrorBody option to HTTP mirroring (#11032 by MatteoPaier)
+      * Add an option to preserve server path (#11192 by mmatur)
+      * Detect and drop broken conns in the fastproxy pool (#11212 by kevinpollet)
+  - Merge branch v3.1 into v3.2 (#11219 by kevinpollet)
+  - Merge branch v3.1 into master (#11153 by kevinpollet)
+
+- Version 3.1.7 changes
+  - k8s
+    * Preserve HTTPRoute filters order (#11198 by kevinpollet)
+  - Merge branch v2.11 into v3.1
+
+-------------------------------------------------------------------
+Wed Oct 16 03:46:25 UTC 2024 - Eric Torres <eric.torres@its-et.me>
+
+- Update from 3.1.4 to 3.1.6
+
+- Version 3.1.6 changes
+  - middleware
+    * Reuse compression writers (#11168 by michelheusschen)
+    * Use correct default weight in Accept-Encoding (#11084 by michelheusschen)
+  - plugins
+    * Close wasm middleware to prevent memory leak (#11151 by ttys3)
+
+- Version 3.1.5 changes
+  - k8s, ingress
+    * Disable IngressClass lookup when disableClusterScopeResources is enabled (#11111 by jnoordsij)
+  - server
+    * Rework condition to not log on timeout (#11132 by rtribotte)
+  - Merge branch v2.11 into v3.1
+
+-------------------------------------------------------------------
+Tue Sep 24 00:25:39 UTC 2024 - Eric Torres <eric.torres@its-et.me>
+
+- Update to version 3.1.4
+  - Fixes CVE-2024-45410, boo#1230842
+  - k8s, ingress, rules, crd
+    * Allow configuring rule syntax with Kubernetes Ingress annotation
+    * Re-allow empty configuration for Kubernetes Ingress provider
+    * Remove mentions about APIVersion traefik.io/v1
+    * Update quick-start-with-kubernetes.md to include required permissions
+  - middlewares, metrics
+    * Wrap capture for services used by pieces of middleware
+    * Mention missing metrics removal in the migration guide
+    * Guess Datadog socket type when prefix is unix
+  - plugins
+    * Removes goexport dependency and adds _initialize
+  - tracing
+    * Fix tracing documentation
+    * OTLP doc + potential panic
+
+- Update ldflags to point to correct traefik version (v3 instead of v2)
+
+-------------------------------------------------------------------
+Thu Sep 12 14:50:28 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
+
+- Moved /etc/traefik/acme.json to /var/lib/traefik/acme.json to allow traefik
+  running with "ProtectSystem=full" write access to the certificate store.
+
+  The acme.json file will be automatically moved and the configuration will be
+  updated accordingly.
+
+- Added /usr/lib/sysctl.d/90-itraefik.conf to increase UDP Buffer sizes as explained
+   at https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
+
 -------------------------------------------------------------------
 Wed Aug  7 08:03:10 UTC 2024 - Johannes Weberhofer <jweberhofer@weberhofer.at>
 

traefik.spec

@@ -23,7 +23,7 @@
 %define buildmode pie
 %endif
 Name:           traefik
-Version:        3.1.2
+Version:        3.2.0
 Release:        0
 Summary:        The Cloud Native Application Proxy
 License:        MIT
@@ -36,6 +36,7 @@ Source1:        vendor.tar.gz
 Source2:        %{name}.service
 Source3:        %{name}.yml
 Source4:        %{name}-user.conf
+Source5:        90-%{name}.conf
 BuildRequires:  go-bindata
 BuildRequires:  golang-packaging
 BuildRequires:  systemd-rpm-macros
@@ -72,9 +73,9 @@ build_date=$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%%s)} +"%%Y%%m%%d")
 CGO_ENABLED=1 GOGC=off go build \
   -buildmode=%{buildmode} \
   -mod=vendor \
-  -ldflags "-X github.com/traefik/traefik/v2/pkg/version.Version=%{version} \
+  -ldflags "-X github.com/traefik/traefik/v3/pkg/version.Version=%{version} \
-            -X github.com/traefik/traefik/v2/pkg/version.Codename='' \
+            -X github.com/traefik/traefik/v3/pkg/version.Codename='' \
-            -X github.com/traefik/traefik/v2/pkg/version.BuildDate=${build_date}" \
+            -X github.com/traefik/traefik/v3/pkg/version.BuildDate=${build_date}" \
   -installsuffix nocgo \
   -o traefik \
   ./cmd/traefik
@@ -94,6 +95,13 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
 install -D -p -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{name}/%{name}.yml
 mkdir -p %{buildroot}%{_sysconfdir}/%{name}/conf.d
 
+# install configuration to increase UDP buffer sizes
+install -D -p -m 0644 %{SOURCE5} %{buildroot}%{_prefix}/lib/sysctl.d/90-%{name}.conf
+
+# acme storage
+install -d -m 0700 %{buildroot}%{_localstatedir}/lib/%{name}
+touch  %{buildroot}%{_localstatedir}/lib/%{name}/acme.json
+
 # logging
 mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
 
@@ -106,6 +114,30 @@ mkdir -p %{buildroot}%{_localstatedir}/log/%{name}
 # fix ownership for config and logging directory
 chown -R traefik: %{_sysconfdir}/%{name} %{_localstatedir}/log/%{name}
 
+# try to move acme.json file from old directory to new
+if [ -e "%{_sysconfdir}/%{name}/acme.json" ] ; then
+	if [ -s "%{_sysconfdir}/%{name}/acme.json" ] ; then
+		if [ -s "%{_localstatedir}/lib/%{name}/acme.json" ] ; then
+			# if not-empty acme.json files exists on old and new location, write warning
+			echo "A non-empty acme.json file exists in:" 1>&2
+			echo "%{_sysconfdir}/%{name} and %{_localstatedir}/lib/%{name}" 1>&2
+			echo "Please clean up this situation and place the correct file in %{_localstatedir}/lib/%{name}" 1>&2
+		else
+			# if not-empty acme.json exists on old location and no file or empty file exists on new location
+			# move it to the new location
+			mv "%{_sysconfdir}/%{name}/acme.json" "%{_localstatedir}/lib/%{name}/acme.json"
+			sed -i -e 's|%{_sysconfdir}/traefik/acme.json|%{_localstatedir}/lib/traefik/acme.json|' %{_sysconfdir}/%{name}/%{name}.yml
+		fi
+	else
+		# remove empty acme.json file from old location
+		rm "%{_sysconfdir}/%{name}/acme.json"
+		sed -i -e 's|%{_sysconfdir}/traefik/acme.json|%{_localstatedir}/lib/traefik/acme.json|' %{_sysconfdir}/%{name}/%{name}.yml
+	fi
+fi
+
+# fix ownership for acme file
+chown -R traefik: %{_localstatedir}/lib/%{name}/*
+
 %preun
 %service_del_preun %{name}.service
 
@@ -121,11 +153,15 @@ chown -R traefik: %{_sysconfdir}/%{name} %{_localstatedir}/log/%{name}
 
 %{_unitdir}/%{name}.service
 %{_sbindir}/rc%{name}
+%{_prefix}/lib/sysctl.d/90-%{name}.conf
 
-%defattr(0660, traefik, traefik, 0750)
+%defattr(0600, traefik, traefik, 0700)
 %dir %{_sysconfdir}/%{name}
 %dir %{_sysconfdir}/%{name}/conf.d
 
+%dir %{_localstatedir}/lib/%{name}
+%config(noreplace) %{_localstatedir}/lib/%{name}/acme.json
+
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.yml
 %dir %{_localstatedir}/log/%{name}
 

traefik.yml

@@ -147,7 +147,7 @@ providers:
 #  letsencryptResolver:
 #    acme:
 #      email: your@email
-#      storage: /etc/traefik/acme.json
+#      storage: /var/lib/traefik/acme.json
 #      httpChallenge:
 #        entryPoint: web
 

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3e0427bab18e00c659433a0650bb27731acc18f54308005fb8fb2d8181230d41
+oid sha256:3a9271d3f426621abe70a24e3f849eb41c061d2dbb5ac9dee0191f1f2132ab87
-size 23188316
+size 25222816