Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2020-02-19 12:41:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Wed Feb 19 12:41:00 2020 rev:82 rq:774671 version:2.1.3+git0.5c020bbdd Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2020-01-27 00:21:44.169470321 +0100 +++ /work/SRC/openSUSE:Factory/.haproxy.new.26092/haproxy.changes 2020-02-19 12:41:01.971681506 +0100 @@ -1,0 +2,132 @@ +Fri Feb 14 13:23:23 UTC 2020 - Thorsten Kukuk <[email protected]> + +- Remove unsupported options from example haproxy.cfg +- Make haproxy useable for containers + - Use sysusers.d to create users. + - Use systemd_ordering instead of requiring systemd. + - Own vim syntax directory instead of requiring vim. This also + solves the problem the directory got never removed if vim is + updated before haproxy. + +------------------------------------------------------------------- +Wed Feb 12 15:42:26 UTC 2020 - [email protected] + +- Update to version 2.1.3+git0.5c020bbdd: + * [RELEASE] Released version 2.1.3 + * BUG/MINOR: tcp: don't try to set defaultmss when value is negative + * BUG/MINOR: http-ana: Set HTX_FL_PROXY_RESP flag if a server perform a redirect + * BUG/MINOR: http-ana: Don't overwrite outgoing data when an error is reported + * MINOR: htx/channel: Add a function to copy an HTX message in a channel's buffer + * MINOR: htx: Add a function to append an HTX message to another one + * DOC: word converter ignores delimiters at the start or end of input string + * MINOR: build: add aix72-gcc build TARGET and power{8,9} CPUs + * BUG/MINOR: tcp: avoid closing fd when socket failed in tcp_bind_listener + * BUG/MINOR: listener: enforce all_threads_mask on bind_thread on init + * BUG/MEDIUM: listener: only consider running threads when resuming listeners + * BUG/MINOR: dns: allow 63 char in hostname + * BUG/MINOR: unix: better catch situations where the unix socket path length is close to the limit + * DOC: schematic of the SSL certificates architecture + * BUG/MEDIUM: ssl/cli: 'commit ssl cert' wrong SSL_CTX init + * SCRIPTS: announce-release: allow the user to force to overwrite old files + * SCRIPTS: announce-release: place the send command in the mail's header + * CONTRIB: debug: also support reading values from stdin + * MINOR: acl: Warn when an ACL is named 'or' + * CONTRIB: debug: support reporting multiple values at once + * CONTRIB: debug: add the possibility to decode the value as certain types only + * CONTRIB: debug: add missing flags SF_HTX and SF_MUX + * BUG/MINOR: ssl: clear the SSL errors on DH loading failure + * BUG/MINOR: ssl: we may only ignore the first 64 errors + * BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is empty. + * BUG/MEDIUM: memory: Add a rwlock before freeing memory. + * MINOR: memory: Only init the pool spinlock once. + * BUG/MEDIUM: memory_pool: Update the seq number in pool_flush(). + * BUG/MEDIUM: connections: Don't forget to unlock when killing a connection. + * BUG/MINOR: connection: fix ip6 dst_port copy in make_proxy_line_v2 + * BUG/MINOR: ssl: Possible memleak when allowing the 0RTT data buffer. + * BUG/MEDIUM: pipe: fix a use-after-free in case of pipe creation error + * BUG/MINOR: tcpchecks: fix the connect() flags regarding delayed ack + * BUG/MEDIUM: ssl: Don't forget to free ctx->ssl on failure. + * MINOR: lua: Add HLUA_PREPEND_C?PATH build option + * MINOR: lua: Add lua-prepend-path configuration option + * MINOR: lua: Add hlua_prepend_path function + * BUILD: cfgparse: silence a bogus gcc warning on 32-bit machines + * BUG/MEDIUM: mux-h2: make sure we don't emit TE headers with anything but "trailers" + * BUG/MINOR: stktable: report the current proxy name in error messages + * BUG/MEDIUM: 0rtt: Only consider the SSL handshake. + * BUG/MINOR: ssl/cli: ocsp_issuer must be set w/ "set ssl cert" + * BUG/MINOR: ssl: typo in previous patch + * BUG/MINOR: ssl: memory leak w/ the ocsp_issuer + * BUG/MINOR: ssl: increment issuer refcount if in chain + * CLEANUP: stats: shut up a wrong null-deref warning from gcc 9.2 + * BUG/MINOR: ssl/cli: free the previous ckch content once a PEM is loaded + * BUG/MINOR: ssl: ssl_sock_load_pem_into_ckch is not consistent + * BUG/MEDIUM: netscaler: Don't forget to allocate storage for conn->src/dst. + * BUG/MINOR: http_act: don't check capture id in backend + * MINOR: proxy/http-ana: Add support of extra attributes for the cookie directive + * BUG/MINOR: ssl: ssl_sock_load_sctl_from_file memory leak + * BUG/MINOR: ssl: ssl_sock_load_issuer_file_into_ckch memory leak + * BUG/MINOR: ssl: ssl_sock_load_ocsp_response_from_file memory leak + * BUG/MINOR: tcp-rules: Fix memory releases on error path during action parsing + * BUG/MINOR: stick-table: Use MAX_SESS_STKCTR as the max track ID during parsing + * BUG/MINOR: http-rules: Remove buggy deinit functions for HTTP rules + * BUG/MINOR: http-ana/filters: Wait end of the http_end callback for all filters + * BUILD: pattern: include errno.h + * BUG/MINOR: 51d: Fix bug when HTX is enabled + * BUG/MINOR: dns: Make dns_query_id_seed unsigned + * BUG/MINOR: cache: Fix leak of cache name in error path + * BUG/MINOR: pattern: handle errors from fgets when trying to load patterns + * BUG/MEDIUM: connection: add a mux flag to indicate splice usability + * BUG/MINOR: stream: don't mistake match rules for store-request rules + * BUG/MEDIUM: cli: _getsocks must send the peers sockets + * REGTEST: add sample_fetches/hashes.vtc to validate hashes + * BUG/MAJOR: hashes: fix the signedness of the hash inputs + * BUG/MEDIUM: mux_h1: Don't call h1_send if we subscribed(). + * BUG/MEDIUM: mworker: remain in mworker mode during reload + * REGTEST: mcli/mcli_start_progs: start 2 programs + * BUG/MINOR: cli/mworker: can't start haproxy with 2 programs + * BUG/MEDIUM: mux-h2: don't stop sending when crossing a buffer boundary + * BUG/MEDIUM: mux-h2: fix missing test on sending_list in previous patch + * BUG/MINOR: mux-h2: use a safe list_for_each_entry in h2_send() + * BUG/MEDIUM: tasks: Use the MT macros in tasklet_free(). + * BUG/MINOR: stream-int: Don't trigger L7 retry if max retries is already reached + * BUG/MEDIUM: session: do not report a failure when rejecting a session + * BUG/MINOR: channel: inject output data at the end of output + * BUG/MEDIUM: http-ana: Truncate the response when a redirect rule is applied + * BUG/MINOR: proxy: Fix input data copy when an error is captured + * BUG/MINOR: h1: Report the right error position when a header value is invalid + * MINOR: ssl: Remove unused variable "need_out". + * MINOR: config: disable busy polling on old processes + * BUG/MEDIUM: connections: Hold the lock when wanting to kill a connection. + * BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready. + * BUG/MINOR: checks: refine which errno values are really errors. + +------------------------------------------------------------------- +Fri Feb 07 12:48:02 UTC 2020 - [email protected] + +- Update to version 2.1.2+git0.d5b6759b5: + * [RELEASE] Released version 2.1.2 + * BUILD: ssl: improve SSL_CTX_set_ecdh_auto compatibility + * BUG/MEDIUM: stream: Be sure to never assign a TCP backend to an HTX stream + * BUG/MINOR: state-file: do not leak memory on parse errors + * BUG/MINOR: state-file: do not store duplicates in the global tree + * BUG/MEDIUM: state-file: do not allocate a full buffer for each server entry + * BUG/MINOR: ssl: openssl-compat: Fix getm_ defines + * BUG/MEDIUM: fd/threads: fix a concurrency issue between add and rm on the same fd + * MINOR: fd/threads: make _GET_NEXT()/_GET_PREV() use the volatile attribute + * BUG/MEDIUM: ssl: Revamp the way early data are handled. + * BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreing requeuing + * MINOR: task: only check TASK_WOKEN_ANY to decide to requeue a task + * MINOR: http: add a new "replace-path" action + * MINOR: debug: support logging to various sinks + * BUG/MEDIUM: ssl: Don't set the max early data we can receive too early. + * MINOR: sample: Validate the number of bits for the sha2 converter + * BUG/MINOR: sample: always check converters' arguments + * BUG/MINOR: sample: fix the closing bracket and LF in the debug converter + * DOC: clarify the fact that replace-uri works on a full URI + +------------------------------------------------------------------- +Fri Feb 7 12:46:02 UTC 2020 - Marcus Rueckert <[email protected]> + +- drop the udev buildrequires completely + +------------------------------------------------------------------- Old: ---- haproxy-2.1.1+git0.4ae521379.tar.gz New: ---- haproxy-2.1.3+git0.5c020bbdd.tar.gz haproxy-user.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.rNyjWx/_old 2020-02-19 12:41:02.915683323 +0100 +++ /var/tmp/diff_new_pack.rNyjWx/_new 2020-02-19 12:41:02.915683323 +0100 @@ -46,8 +46,14 @@ %bcond_with apparmor_reload %endif +%if 0%{?suse_version} >= 1500 +%bcond_without sysusers +%else +%bcond_with sysusers +%endif + Name: haproxy -Version: 2.1.1+git0.4ae521379 +Version: 2.1.3+git0.5c020bbdd Release: 0 # # @@ -72,10 +78,13 @@ BuildRequires: zlib-devel BuildRequires: openssl-devel BuildRequires: pkg-config -BuildRequires: pkgconfig(udev) %if %{with systemd} BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(libsystemd) +%if %{with sysusers} +BuildRequires: sysuser-shadow +BuildRequires: sysuser-tools +%endif %endif BuildRequires: vim %define pkg_name haproxy @@ -88,6 +97,7 @@ Source2: usr.sbin.haproxy.apparmor Source3: local.usr.sbin.haproxy.apparmor Source4: haproxy.cfg +Source5: haproxy-user.conf Patch1: haproxy-1.6.0_config_haproxy_user.patch Patch2: haproxy-1.6.0-makefile_lib.patch Patch3: haproxy-1.6.0-sec-options.patch @@ -101,10 +111,11 @@ Obsoletes: %{name}-doc < %{version} Provides: haproxy-1.5 = %{version} Obsoletes: haproxy-1.5 < %{version} -# this requires is not strictly needed. we only need it for the ownership of the vim data dir -Requires: vim %if %{with systemd} -%{?systemd_requires} +%{?systemd_ordering} +%if %{with sysusers} +%sysusers_requires +%endif %endif %{!?vim_data_dir:%global vim_data_dir /usr/share/vim/%(readlink /usr/share/vim/current)} @@ -161,6 +172,9 @@ DEBUG_CFLAGS="%{optflags}" V=1 %if %{with systemd} make -C contrib/systemd PREFIX="%{_prefix}" +%if %{with sysusers} +%sysusers_generate_pre %{SOURCE5} haproxy +%endif %endif make -C contrib/halog PREFIX="%{_prefix}" \ DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now" @@ -175,6 +189,9 @@ %if %{with systemd} install -D -m 0644 contrib/systemd/%{pkg_name}.service %{buildroot}%{_unitdir}/%{pkg_name}.service ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name} +%if %{with sysusers} +install -D -m 644 %{SOURCE5} %{buildroot}%{_sysusersdir}/haproxy-user.conf +%endif %else install -D -m 0755 %{S:1} %{buildroot}%{_sysconfdir}/init.d/%{pkg_name} ln -fs %{_sysconfdir}/init.d/%{pkg_name} %{buildroot}%{_sbindir}/rc%{pkg_name} @@ -190,13 +207,13 @@ rm examples/*init* -%pre -getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name} -getent passwd %{pkg_name} >/dev/null || \ - /usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \ - -c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name} %if %{with systemd} +%if %{with sysusers} +%pre -f haproxy.pre +%else +%pre +%endif %service_add_pre %{pkg_name}.service %post @@ -213,6 +230,12 @@ %else +%pre +getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name} +getent passwd %{pkg_name} >/dev/null || \ + /usr/sbin/useradd -g %{pkg_name} -s /bin/false -r \ + -c "user for %{pkg_name}" -d %{pkg_home} %{pkg_name} + %post %fillup_and_insserv %{pkg_name} %if %{with apparmor} && %{with apparmor_reload} @@ -238,6 +261,9 @@ %config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/* %if %{with systemd} %{_unitdir}/%{pkg_name}.service +%if %{with sysusers} +%{_sysusersdir}/haproxy-user.conf +%endif %else %config(noreplace) %{_sysconfdir}/init.d/%{pkg_name} %endif @@ -246,6 +272,9 @@ %{_sbindir}/rchaproxy %dir %attr(-,root,haproxy) %{pkg_home} %{_mandir}/man1/%{pkg_name}.1.gz +%dir %{_datadir}/vim +%dir %{vim_data_dir} +%dir %{vim_data_dir}/syntax %{vim_data_dir}/syntax/%{pkg_name}.vim %if %{with apparmor} %if 0%{?suse_version} == 1110 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.rNyjWx/_old 2020-02-19 12:41:02.947683385 +0100 +++ /var/tmp/diff_new_pack.rNyjWx/_new 2020-02-19 12:41:02.947683385 +0100 @@ -6,7 +6,7 @@ <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> - <param name="revision">v2.1.1</param> + <param name="revision">v2.1.3</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.rNyjWx/_old 2020-02-19 12:41:02.959683408 +0100 +++ /var/tmp/diff_new_pack.rNyjWx/_new 2020-02-19 12:41:02.959683408 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-2.1.git</param> - <param name="changesrevision">4ae521379e97fb23630fc60516e6f19c03a93b58</param> + <param name="changesrevision">5c020bbddc3d9573f02cde383abc983ad0781fc1</param> </service> </servicedata> \ No newline at end of file ++++++ haproxy-2.1.1+git0.4ae521379.tar.gz -> haproxy-2.1.3+git0.5c020bbdd.tar.gz ++++++ ++++ 3999 lines of diff (skipped) ++++++ haproxy-user.conf ++++++ # Type Name ID GECOS [HOME] u haproxy - "User for haproxy" /var/lib/haproxy ++++++ haproxy.cfg ++++++ --- /var/tmp/diff_new_pack.rNyjWx/_old 2020-02-19 12:41:03.379684216 +0100 +++ /var/tmp/diff_new_pack.rNyjWx/_new 2020-02-19 12:41:03.379684216 +0100 @@ -32,4 +32,3 @@ stats enable stats uri / stats refresh 5s - rspadd Server:\ haproxy/1.6
