Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2025-11-21 16:55:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new.2061 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Fri Nov 21 16:55:56 2025 rev:171 rq:1319056 version:3.2.9+git0.170436929 Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2025-11-17 12:22:54.084563052 +0100 +++ /work/SRC/openSUSE:Factory/.haproxy.new.2061/haproxy.changes 2025-11-21 16:56:51.034795753 +0100 @@ -1,0 +2,54 @@ +Fri Nov 21 10:27:18 UTC 2025 - Marcus Rueckert <[email protected]> + +- Update to version 3.2.9+git0.170436929: + * [RELEASE] Released version 3.2.9 + * DOC: http: document 413 response code + * ADMIN: dump-certs: let dry-run compare certificates + * ADMIN: dump-certs: use same error format as haproxy + * ADMIN: dump-certs: fix lack of / in -p + * ADMIN: dump-certs: create files in a tmpdir + * ADMIN: dump-certs: don't update the file if it's up to date + * ADMIN: haproxy-dump-certs: implement a certificate dumper + * BUG/MEDIUM: proxy: do not align proxy_per_tgroup beyond allocator's capabilities + * BUG/MEDIUM: config: Use the mux protocol ALPN by default for listeners if forced + * MINOR: config: Do proto detection for listeners before checks about ALPN + * MINOR: muxes: Support an optional ALPN string when defining mux protocols + * BUG/MEDIUM: queues: Don't forget to unlock the queue before exiting + * DOC: acme: configuring acme needs a crt file + * DOC: acme: explain how to dump the certificates + * DOC: acme: add details about the DNS-01 support + * BUG/MINOR: acme: alert when the map doesn't exist at startup + * BUG/MINOR: ssl: remove dead code in ssl_sock_from_buf() + * BUG/MINOR: mworker: wrong signals during startup + * BUG/MEDIUM: mworker: signals inconsistencies during startup and reload + * BUG/MINOR: quic-be: backend SSL session reuse fix (OpenSSL 3.5) + * BUG/MEDIUM: h1: prevent a crash on HTTP/2 upgrade + * MINOR: h1: h1_release() should return if it destroyed the connection + * BUG/MINOR: stick-tables: Fix return value for __stksess_kill() + * BUG/MEDIUM: stick-tables: Always return the good stksess from stktable_set_entry + * DOC: configuration: add missing openssl_version predicates + * DOC: configuration: add missing ssllib_name_startswith() + * BUG/MINOR: check: fix reuse-pool if MUX inherited from server + * BUG/MINOR: acme: can't override the default resolver + * BUG/MEDIUM: acme: move from mt_list to a rwlock + ebmbtree + * BUG/MINOR: acme: more explicit error when BIO_new_file() + * BUG/MINOR: quic: close connection on CID alloc failure + * BUG/MEDIUM: stick-tables: Make sure updates are seen as local + * BUG/MINOR: config: Limit "tune.maxpollevents" parameter to 1000000 + * BUG/MEDIUM: connection/ssl: also fix the ssl_sock_io_cb() regarding idle list + * BUG/MEDIUM: connection: do not reinsert a purgeable conn in idle list + * Revert "BUG/MEDIUM: connections: permit to permanently remove an idle conn" + * MINOR: ssl/sample: expose ssl_*c_curve for AWS-LC + +------------------------------------------------------------------- +Thu Nov 20 14:50:10 UTC 2025 - Marcus Rueckert <[email protected]> + +- refresh haproxy-1.6.0-makefile_lib.patch +- Readd USE_RELRO_NOW=1, USE_STACKPROTECTOR=1, USE_PIE=1 + all of them are still used. (boo#1251868) +- adapt haproxy-1.6.0-sec-options.patch so the build no longer + complains about unused options +- drop CPU="%{_target_cpu}" as it is unused +- migrate to DEBUG_CFLAGS to OPT_CFLAGS + +------------------------------------------------------------------- @@ -6 +60 @@ -- Remove deprecated ini file +- Remove deprecated init file Old: ---- haproxy-3.2.8+git0.9200f398d.tar.gz New: ---- haproxy-3.2.9+git0.170436929.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.wHBD0U/_old 2025-11-21 16:56:52.198844805 +0100 +++ /var/tmp/diff_new_pack.wHBD0U/_new 2025-11-21 16:56:52.198844805 +0100 @@ -47,7 +47,7 @@ %endif Name: haproxy -Version: 3.2.8+git0.9200f398d +Version: 3.2.9+git0.170436929 Release: 0 # Summary: The Reliable, High Performance TCP/HTTP Load Balancer @@ -118,7 +118,9 @@ %build %make_build \ TARGET=linux-glibc \ - CPU="%{_target_cpu}" \ + USE_RELRO_NOW=1 \ + USE_STACKPROTECTOR=1 \ + USE_PIE=1 \ USE_PCRE2=1 \ %if %{with pcre2_jit} USE_PCRE2_JIT=1 \ @@ -151,7 +153,7 @@ %if %{with memory_profiling} USE_MEMORY_PROFILING=1 \ %endif - DEBUG_CFLAGS="%{optflags}" V=1 + OPT_CFLAGS="%{optflags}" V=1 %make_build -C admin/systemd PREFIX="%{_prefix}" %sysusers_generate_pre %{SOURCE5} haproxy haproxy-user.conf %make_build admin/halog/halog DEBUG_CFLAGS="%{optflags}" ++++++ _service ++++++ --- /var/tmp/diff_new_pack.wHBD0U/_old 2025-11-21 16:56:52.302849189 +0100 +++ /var/tmp/diff_new_pack.wHBD0U/_new 2025-11-21 16:56:52.306849357 +0100 @@ -6,7 +6,7 @@ <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> - <param name="revision">v3.2.8</param> + <param name="revision">v3.2.9</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.wHBD0U/_old 2025-11-21 16:56:52.338850705 +0100 +++ /var/tmp/diff_new_pack.wHBD0U/_new 2025-11-21 16:56:52.342850874 +0100 @@ -1,7 +1,7 @@ <servicedata> <service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-3.2.git/</param> - <param name="changesrevision">9200f398d5098293ca9bc7454cf27cd1f6965f56</param> + <param name="changesrevision">170436929ac78cfc4d1a43b3340535e1ac4d00d8</param> </service> </servicedata> (No newline at EOF) ++++++ haproxy-1.6.0-makefile_lib.patch ++++++ --- /var/tmp/diff_new_pack.wHBD0U/_old 2025-11-21 16:56:52.362851716 +0100 +++ /var/tmp/diff_new_pack.wHBD0U/_new 2025-11-21 16:56:52.370852054 +0100 @@ -1,8 +1,8 @@ -Index: haproxy-3.0/Makefile +Index: haproxy-3.2/Makefile =================================================================== ---- haproxy-3.0.orig/Makefile -+++ haproxy-3.0/Makefile -@@ -784,7 +784,7 @@ ifneq ($(USE_PCRE:0=)$(USE_STATIC_PCRE:0 +--- haproxy-3.2.orig/Makefile ++++ haproxy-3.2/Makefile +@@ -794,7 +794,7 @@ ifneq ($(USE_PCRE:0=)$(USE_STATIC_PCRE:0 PCREDIR := $(shell $(PCRE_CONFIG) --prefix 2>/dev/null || echo /usr/local) ifneq ($(PCREDIR),) PCRE_INC := $(PCREDIR)/include @@ -11,7 +11,7 @@ endif PCRE_CFLAGS := $(if $(PCRE_INC),-I$(PCRE_INC)) -@@ -802,7 +802,7 @@ ifneq ($(USE_PCRE2:0=)$(USE_STATIC_PCRE2 +@@ -812,7 +812,7 @@ ifneq ($(USE_PCRE2:0=)$(USE_STATIC_PCRE2 PCRE2DIR := $(shell $(PCRE2_CONFIG) --prefix 2>/dev/null || echo /usr/local) ifneq ($(PCRE2DIR),) PCRE2_INC := $(PCRE2DIR)/include ++++++ haproxy-1.6.0-sec-options.patch ++++++ --- /var/tmp/diff_new_pack.wHBD0U/_old 2025-11-21 16:56:52.398853234 +0100 +++ /var/tmp/diff_new_pack.wHBD0U/_new 2025-11-21 16:56:52.406853571 +0100 @@ -4,11 +4,21 @@ SUSE: Makefile sec options -Index: haproxy-3.0/Makefile +Index: haproxy-3.2/Makefile =================================================================== ---- haproxy-3.0.orig/Makefile -+++ haproxy-3.0/Makefile -@@ -887,6 +887,35 @@ ifneq ($(TRACE),) +--- haproxy-3.2.orig/Makefile ++++ haproxy-3.2/Makefile +@@ -346,7 +346,8 @@ use_opts = USE_EPOLL USE_KQUEUE USE_NETF + USE_THREAD_DUMP USE_EVPORTS USE_OT USE_QUIC USE_PROMEX \ + USE_MEMORY_PROFILING \ + USE_STATIC_PCRE USE_STATIC_PCRE2 \ +- USE_PCRE USE_PCRE_JIT USE_PCRE2 USE_PCRE2_JIT USE_QUIC_OPENSSL_COMPAT ++ USE_PCRE USE_PCRE_JIT USE_PCRE2 USE_PCRE2_JIT USE_QUIC_OPENSSL_COMPAT \ ++ USE_PIE USE_STACKPROTECTOR USE_RELRO_NOW + + # preset all variables for all supported build options among use_opts + $(reset_opts_vars) +@@ -897,6 +898,35 @@ ifneq ($(TRACE),) COPTS += -finstrument-functions endif ++++++ haproxy-3.2.8+git0.9200f398d.tar.gz -> haproxy-3.2.9+git0.170436929.tar.gz ++++++ ++++ 1723 lines of diff (skipped)
