Hello community,
here is the log from the commit of package haproxy for openSUSE:Factory checked
in at 2019-07-11 13:17:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/haproxy (Old)
and /work/SRC/openSUSE:Factory/.haproxy.new.4615 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy"
Thu Jul 11 13:17:17 2019 rev:71 rq:714254 version:2.0.1+git27.5db881ff
Changes:
--------
--- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2019-05-06
21:17:19.793084989 +0200
+++ /work/SRC/openSUSE:Factory/.haproxy.new.4615/haproxy.changes
2019-07-11 13:17:19.838787481 +0200
@@ -1,0 +2,175 @@
+Tue Jul 09 11:48:41 UTC 2019 - kgronl...@suse.com
+
+- Update to version 2.0.1+git27.5db881ff:
+ * BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2
+ * BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse
it.
+ * BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite
si
+ * MINOR: stream-int: Factorize processing done after sending data in
si_cs_send()
+ * BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred
+ * BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are
formatted
+ * BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock
+ * BUG/MEDIUM: http/applet: Finish request processing when a service is
registered
+ * MINOR: action: Add the return code ACT_RET_DONE for actions
+ * BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks
+ * MINOR: server: Add "no-tfo" option.
+ * BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions.
+ * BUG/MEDIUM: servers: Authorize tfo in default-server.
+ * BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the
mux.
+ * BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are
sent
+ * BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent
+ * BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit()
+ * BUG/MINOR: hlua: Don't use channel_htx_recv_max()
+ * BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max()
+ * BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is
closed.
+ * BUG/MEDIUM: connections: Always call shutdown, with no linger.
+ * BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses
+ * BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages
+ * BUG/MEDIUM: checks: unblock signals in external checks
+ * BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was
reported
+ * BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL.
+ * BUG/MINOR: mworker/cli: don't output a \n before the response
+ * BUG/MINOR: mux-h1: Make format errors during output formatting fatal
+ * BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large
messages
+ * BUG/MEDIUM: proto_htx: Don't add EOM on 1xx informational messages
+ * BUG/MINOR: log: Detect missing sampling ranges in config
+ * BUG/MINOR: memory: Set objects size for pools in the per-thread cache
+ * BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing message is
formatted
+ * BUG/MINOR: htx: Save hdrs_bytes when the HTX start-line is replaced
+ * BUG/MEDIUM: ssl: Don't do anything in ssl_subscribe if we have no ctx.
+ * BUG/MEDIUM: connections: Always add the xprt handshake if needed.
+ * BUG/MEDIUM: stream_interface: Don't add SI_FL_ERR the state is < SI_ST_CON.
+ * BUG/MINOR: spoe: Fix memory leak if failing to allocate memory
+ * BUG/MEDIUM: mworker/cli: command pipelining doesn't work anymore
+ * BUG/MEDIUM: mworker: don't call the thread and fdtab deinit
+ * BUG/MINOR: mworker-prog: Fix segmentation fault during cfgparse
+ * BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL
condition.
+ * BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock
+ * BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is
checked
+ * BUG/MEDIUM: mux-h2: Reset padlen when several frames are demux
+
+-------------------------------------------------------------------
+Sun Jun 30 10:24:18 UTC 2019 - Jan Engelhardt <jeng...@inai.de>
+
+- Correct version line, which should be 2.0.0+git6.
+
+-------------------------------------------------------------------
+Tue Jun 18 12:09:15 UTC 2019 - Marcus Rueckert <mrueck...@suse.de>
+
+- allow the new master socket path in the apparmor profile
+
+-------------------------------------------------------------------
+Tue Jun 18 12:04:20 UTC 2019 - mrueck...@suse.de
+
+- Update to version 2.0.0~git6.41dc8432:
+ * BUG/MEDIUM: htx: Fully update HTX message when the block value is changed
+ * MINOR: htx: Add the function htx_change_blk_value_len()
+ * BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses
+ * BUG/MINOR: mux-h1: Add the header connection in lower case in outgoing
messages
+ * BUG/MINOR: lua/htx: Make txn.req_req_* and txn.res_rep_* HTX aware
+ * BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is
built
+
+-------------------------------------------------------------------
+Mon Jun 17 12:33:47 UTC 2019 - kgronl...@suse.com
+
+- Update to version 2.0.0~git0.ba23630a:
+ - new internal native HTTP representation called HTX, was already in 1.9
+ and is now enabled by default in 2.0 ;
+
+ - end-to-end HTTP/2 support including trailers and continuation frames,
+ as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using
+ the H2 preface;
+
+ - server connection pooling and more advanced reuse, with ALPN protocol
+ negotiation (already in 1.9) ;
+
+ - layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers
+ as well as on the frontend ;
+
+ - much more scalable multi-threading, which is even enabled by default on
+ platforms where it was successfully tested ; by default, as many threads
+ are started as the number of CPUs haproxy is allowed to run on. This
+ removes a lot of configuration burden in VMs and containers ;
+
+ - automatic maxconn setting for the process and the frontends, directly
+ based on the number of available FDs (easier configuration in containers
+ and with systemd) ;
+
+ - logging to stdout for use in containers and systemd (already in 1.9).
+ Logs can now provide micro-second resolution for some events ;
+
+ - peers now support SSL, declaration of multiple stick-tables directly in
+ the peers section, and synchronization of server names, not just IDs ;
+
+ - In master-worker mode, the master process now exposes its own CLI and
+ can communicate with all other processes (including the stopping ones),
+ even allowing to connect to their CLI and check their state. It is also
+ possible to start some sidecar programs and monitor them from the master,
+ and the master can automatically kill old processes that survived too
+ many reloads ;
+
+ - the incoming connections are load-balanced between all threads depending
+ on their load to minimize the processing time and maximize the capacity
+ (already in 1.9) ;
+
+ - the SPOE connection load-balancing was significantly improved in order
+ to reduce high percentiles of SPOA response time (already in 1.9) ;
+
+ - the "random" load balancing algorithm and a power-of-two-choices variant
+ were introduced ;
+
+ - statistics improvements with per-thread counters for certain things, and
+ a prometheus exporter for all our statistics;
+
+ - lots of debugging help, it's easier to produce a core dump, there are
+ new commands on the CLI to control various things, there is a watchdog
+ to fail cleanly when a thread deadlock or a spinning task are detected,
+ so overall it should provide a better experience in field and less
+ round trips between users and developers (hence less stress during an
+ incident).
+
+ - all 3 device detection engines are now compatible with multi-threading
+ and can be build-tested without any external dependencies ;
+
+ - "do-resolve" http-request action to perform a DNS resolution on any,
+ sample, and resolvers now support relying on /etc/resolv.conf to match
+ the local resolver ;
+
+ - log sampling and balancing : it's now possible to send 1 log every 10
+ to a server, or to spread the logging load over multiple log servers;
+
+ - a new SPOA agent (spoa_server) allows to interface haproxy with Python
+ and Lua programs ;
+
+ - support for Solaris' event ports (equivalent of kqueue or epoll) which
+ will significantly improve the performance there when dealing with
+ numerous connections ;
+
+ - some warnings are now reported for some deprecated options that will
+ be removed in 2.1. Since 2.0 is long term supported, there's no
+ emergency to convert them, however if you see these warnings, you
+ need to understand that you're among their extremely rare users and
+ just because of this you may be taking risks by keeping them ;
+
+ - A new SOCKS4 server-side layer was provided ; it allows outgoing
+ connections to be forwarded through a SOCKS4 proxy (such as ssh -D).
+
+ - priority- and latency- aware server queues : it is possible now to
+ assign priorities to certain requests and/or to give them a time
+ bonus or penalty to refine control of the traffic and be able to
+ engage on SLAs.
+
+ - internally the architecture was significantly redesigned to allow to
+ further improve performance and make it easier to implement protocols
+ that span over multiple layers (such as QUIC). This work started in
+ 1.9 and will continue with 2.1.
+
+ - the I/O, applets and tasks now share the same multi-threaded scheduler,
+ giving a much better responsiveness and fairness between all tasks as
+ is visible with the CLI which always responds instantly even under
+ extreme loads (started in 1.9) ;
+
+ - the internal buffers were redesigned to ease zero-copy operations, so
+ that it is possible to sustain a high bandwidth even when forwarding
+ HTTP/1 to/from HTTP/2 (already in 1.9) ;
+
+-------------------------------------------------------------------
Old:
----
haproxy-1.8.20~git0.6fb9fadc.tar.gz
New:
----
haproxy-2.0.1+git27.5db881ff.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ haproxy.spec ++++++
--- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.830787168 +0200
+++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.834787167 +0200
@@ -47,7 +47,7 @@
%endif
Name: haproxy
-Version: 1.8.20~git0.6fb9fadc
+Version: 2.0.1+git27.5db881ff
Release: 0
#
#
@@ -122,12 +122,12 @@
%prep
%setup -q
%patch1 -p1
-%patch2
-%patch3
+%patch2 -p1
+%patch3 -p1
%build
make \
- TARGET=linux2628 \
+ TARGET=linux-glibc \
CPU="%{_target_cpu}" \
USE_PCRE=1 \
%if %{with pcre_jit}
@@ -180,14 +180,14 @@
%endif
install -d -m 0750 %{buildroot}%{pkg_home}
-install -D -m 0644 examples/haproxy.vim
%{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
+install -D -m 0644 contrib/syntax-highlight/haproxy.vim
%{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
install -D -m 0644 doc/%{pkg_name}.1
%{buildroot}%{_mandir}/man1/%{pkg_name}.1
%if %{with apparmor}
install -D -m 0644 %{S:2}
%{buildroot}/etc/apparmor.d/usr.sbin.haproxy
install -D -m 0644 %{S:3}
%{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
%endif
-rm examples/haproxy.spec examples/*init* examples/haproxy.vim
+rm examples/*init*
%pre
getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name}
++++++ _service ++++++
--- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.862787158 +0200
+++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.862787158 +0200
@@ -1,12 +1,12 @@
<services>
<service name="tar_scm" mode="disabled">
- <param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param>
+ <param name="url">http://git.haproxy.org/git/haproxy-2.0.git</param>
<param name="scm">git</param>
<param name="filename">haproxy</param>
- <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
+ <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
- <param name="revision">v1.8.20</param>
+ <param name="revision">master</param>
<param name="changesgenerate">enable</param>
</service>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.882787151 +0200
+++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.882787151 +0200
@@ -1,8 +1,6 @@
<servicedata>
-<service name="tar_scm">
- <param
name="url">http://git.haproxy.org/git/haproxy-1.6.git</param>
- <param
name="changesrevision">864bf78c3b6898eb12ece5f0a44032090f26f57f</param></service><service
name="tar_scm">
- <param
name="url">http://git.haproxy.org/git/haproxy-1.7.git</param>
- <param
name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service
name="tar_scm">
- <param
name="url">http://git.haproxy.org/git/haproxy-1.8.git</param>
- <param
name="changesrevision">6fb9fadc5311cd00beb522a35596d3aa63f24fdb</param></service></servicedata>
\ No newline at end of file
+ <service name="tar_scm">
+ <param name="url">http://git.haproxy.org/git/haproxy-2.0.git</param>
+ <param
name="changesrevision">5db881ff0506bd5bb6caf9d80a06e79afa7473ca</param>
+ </service>
+</servicedata>
++++++ haproxy-1.6.0-makefile_lib.patch ++++++
--- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.890787149 +0200
+++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.890787149 +0200
@@ -1,9 +1,9 @@
-Index: Makefile
-===================================================================
---- Makefile.orig
-+++ Makefile
-@@ -647,7 +647,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US
- PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo
/usr/local)
+diff --git a/Makefile b/Makefile
+index d62fead7..33fa6338 100644
+--- a/Makefile
++++ b/Makefile
+@@ -619,7 +619,7 @@ PCRE_CONFIG := pcre-config
+ PCREDIR := $(shell $(PCRE_CONFIG) --prefix 2>/dev/null || echo
/usr/local)
ifneq ($(PCREDIR),)
PCRE_INC := $(PCREDIR)/include
-PCRE_LIB := $(PCREDIR)/lib
@@ -11,3 +11,12 @@
endif
ifeq ($(USE_STATIC_PCRE),)
+@@ -638,7 +638,7 @@ PCRE2_CONFIG := pcre2-config
+ PCRE2DIR := $(shell $(PCRE2_CONFIG) --prefix 2>/dev/null || echo
/usr/local)
+ ifneq ($(PCRE2DIR),)
+ PCRE2_INC := $(PCRE2DIR)/include
+-PCRE2_LIB := $(PCRE2DIR)/lib
++PCRE2_LIB := $(PCRE2DIR)/$(LIB)
+
+ ifeq ($(PCRE2_WIDTH),)
+ PCRE2_WIDTH = 8
++++++ haproxy-1.6.0-sec-options.patch ++++++
--- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.898787147 +0200
+++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.898787147 +0200
@@ -1,9 +1,15 @@
-Index: Makefile
-===================================================================
---- Makefile.orig
-+++ Makefile
-@@ -674,6 +674,35 @@ OPTIONS_CFLAGS += -DUSE_TFO
- BUILD_OPTIONS += $(call ignore_implicit,USE_TFO)
+commit 88413472b09e2ecd4ad2b4a00992184c14d5723c
+Author: Kristoffer Gronlund <kgronl...@suse.com>
+Date: Mon Jun 17 13:00:08 2019 +0000
+
+ SUSE: Makefile sec options
+
+diff --git a/Makefile b/Makefile
+index 33fa6338..3777ad6d 100644
+--- a/Makefile
++++ b/Makefile
+@@ -675,6 +675,35 @@ endif
+ endif
endif
+# PIE
++++++ haproxy-1.6.0_config_haproxy_user.patch ++++++
--- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.910787143 +0200
+++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.910787143 +0200
@@ -15,20 +15,6 @@
pidfile /var/run/haproxy.pid
daemon
quiet
-Index: haproxy-1.6.0/examples/auth.cfg
-===================================================================
---- haproxy-1.6.0.orig/examples/auth.cfg
-+++ haproxy-1.6.0/examples/auth.cfg
-@@ -1,7 +1,7 @@
- global
--# chroot /var/empty/
--# uid 451
--# gid 451
-+ user haproxy
-+ group haproxy
-+ chroot /var/lib/haproxy
- log 192.168.131.214:8514 local4 debug
- maxconn 8192
Index: haproxy-1.6.0/examples/content-sw-sample.cfg
===================================================================
@@ -64,20 +50,6 @@
nbproc 4
daemon
-Index: haproxy-1.6.0/examples/ssl.cfg
-===================================================================
---- haproxy-1.6.0.orig/examples/ssl.cfg
-+++ haproxy-1.6.0/examples/ssl.cfg
-@@ -4,6 +4,9 @@
-
- global
- maxconn 100
-+ chroot /var/lib/haproxy
-+ user haproxy
-+ group haproxy
-
- defaults
- mode http
Index: haproxy-1.6.0/examples/transparent_proxy.cfg
===================================================================
--- haproxy-1.6.0.orig/examples/transparent_proxy.cfg
++++++ usr.sbin.haproxy.apparmor ++++++
--- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.974787123 +0200
+++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.974787123 +0200
@@ -26,6 +26,7 @@
/var/lib/haproxy/stats.*.bak rwl,
/var/lib/haproxy/stats.*.tmp rwl,
/{,var/}run/haproxy.pid rw,
+ /{,var/}run/haproxy-master.sock* rwlk,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.haproxy>
