Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2020-11-10 13:39:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new.11331 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Tue Nov 10 13:39:10 2020 rev:94 rq:846512 version:2.3.0+git4.689d98154 Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2020-11-03 15:15:57.344004825 +0100 +++ /work/SRC/openSUSE:Factory/.haproxy.new.11331/haproxy.changes 2020-11-10 13:40:10.888386702 +0100 @@ -1,0 +2,103 @@ +Fri Nov 06 16:14:26 UTC 2020 - mrueck...@suse.de + +- Update to version 2.3.0+git4.689d98154: + * BUG/MEDIUM: ssl/crt-list: correctly insert crt-list line if crt already loaded + +------------------------------------------------------------------- +Fri Nov 06 13:10:28 UTC 2020 - mrueck...@suse.de + +- Update to version 2.3.0+git3.7a50763d1: + * DOC: config: Fix a typo on ssl_c_chain_der + * MINOR: http-htx: Add understandable errors for the errorfiles parsing + * BUG/MINOR: ssl: don't report 1024 bits DH param load error when it's higher + +------------------------------------------------------------------- +Thu Nov 5 18:56:00 UTC 2020 - Marcus Rueckert <mrueck...@suse.de> + +- apparmor: do not limit to tcp sockets. haproxy can do udp as + well. + +------------------------------------------------------------------- +Thu Nov 05 16:43:01 UTC 2020 - mrueck...@suse.de + +- Update to version 2.3.0+git0.1c0a722a8: + https://www.haproxy.com/blog/announcing-haproxy-2-3/ + + for all the details see + /usr/share/doc/packages/haproxy/CHANGELOG + +------------------------------------------------------------------- +Thu Nov 05 14:49:02 UTC 2020 - mrueck...@suse.de + +- Update to version 2.2.5+git0.34b2b1066: + * [RELEASE] Released version 2.2.5 + * BUG/MEDIUM: server: make it possible to kill last idle connections + * CLEANUP: mux-h2: Remove the h1 parser state from the h2 stream + * BUG/MEDIUM: stick-table: limit the time spent purging old entries + * BUG/MINOR: filters: Skip disabled proxies during startup only + * BUG/MEDIUM: mux-pt: Release the tasklet during an HTTP upgrade + * MINOR: server: Copy configuration file and line for server templates + * BUG/MINOR: server: Set server without addr but with dns in RMAINT on startup + * BUG/MINOR: checks: Report a socket error before any connection attempt + * BUG/MINOR: proxy/server: Skip per-proxy/server post-check for disabled proxies + * BUG/MEDIUM: filters: Don't try to init filters for disabled proxies + * BUG/MINOR: cache: Inverted variables in http_calc_maxage function + * BUG/MINOR: cache: Manage multiple values in cache-control header value + * MINOR: ist: Add a case insensitive istmatch function + * BUG/MINOR: lua: initialize sample before using it + * BUG/MINOR: server: fix down_time report for stats + * BUG/MINOR: server: fix srv downtime calcul on starting + * BUG/MINOR: log: fix risk of null deref on error path + * BUG/MINOR: log: fix memory leak on logsrv parse error + * BUG/MINOR: extcheck: add missing checks on extchk_setenv() + * BUG/MEDIUM: ssl: OCSP must work with BoringSSL + * Revert "MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension" + * BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer possible + * BUG/MINOR: http-ana: Don't send payload for internal responses to HEAD requests + * BUG/MEDIUM: server: support changing the slowstart value from state-file + * BUG/MINOR: queue: properly report redistributed connections + * MINOR: ssl: 'ssl-load-extra-del-ext' removes the certificate extension + * BUILD: ssl: make BoringSSL use its own version numbers + * BUG/MINOR: disable dynamic OCSP load with BoringSSL + * BUG/MINOR: peers: Possible unexpected peer seesion reset after collisions. + * DOC: fix typo in MAX_SESS_STKCTR + * BUG/MEDIUM: lb: Always lock the server when calling server_{take,drop}_conn + * BUG/MEDIUM: mux-h1: Get the session from the H1S when capturing bad messages + * BUG/MEDIUM: spoe: Unset variable instead of set it if no data provided + * BUG/MEDIUM: task: bound the number of tasks picked from the wait queue at once + * BUG/MINOR: connection: fix loop iter on connection takeover + * MINOR: fd: report an error message when failing initial allocations + * BUG/MINOR: mux-h2: do not stop outgoing connections on stopping + * BUG/MINOR: init: only keep rlim_fd_cur if max is unlimited + * BUILD: connection: fix build on clang after the VAR_ARRAY cleanup + * CLEANUP: tree-wide: use VAR_ARRAY instead of [0] in various definitions + * BUG/MINOR: http-htx: Expect no body for 204/304 internal HTTP responses + * BUG/MINOR: http: Fix content-length of the default 500 error + * DOC: Fix typos in configuration.txt + * BUG/MEDIUM: mux-h2: Don't handle pending read0 too early on streams + * BUG/MEDIUM: mux-fcgi: Don't handle pending read0 too early on streams + * DOC: Add missing stats fields in the management doc + * DOC: fix a confusing typo on a regsub example + * BUG/MINOR: mux-h1: Always set the session on frontend h1 stream + * BUG/MINOR: mux-h1: Be sure to only set CO_RFL_READ_ONCE for the first read + * BUG/MINOR: peers: Inconsistency when dumping peer status codes. + * MINOR: hlua: Display debug messages on stderr only in debug mode + * BUG/MINOR: stats: fix validity of the json schema + * MINOR: counters: fix a typo in comment + * MINOR: ssl: Add warning if a crt-list might be truncated + * BUG/MEDIUM: queue: make pendconn_cond_unlink() really thread-safe + * BUG/MINOR: tcpcheck: Set socks4 and send-proxy flags before the connect call + * DOC: tcp-rules: Refresh details about L7 matching for tcp-request content rules + * BUG/MINOR: Fix several leaks of 'log_tag' in init(). + * MINOR: ssl: Add error if a crt-list might be truncated + * BUILD: makefile: Fix building with closefrom() support enabled + * BUILD: ssl_crtlist: work around another bogus gcc-9.3 warning + +------------------------------------------------------------------- +Mon Nov 2 13:15:38 UTC 2020 - Marcus Rueckert <mrueck...@suse.de> + +- apparmor profile: + - we need net_admin capability for non local bind and setting + "source" for server entries. + +------------------------------------------------------------------- Old: ---- haproxy-2.2.4+git0.de456726d.tar.gz New: ---- haproxy-2.3.0+git4.689d98154.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.Pl6qVz/_old 2020-11-10 13:40:11.536385415 +0100 +++ /var/tmp/diff_new_pack.Pl6qVz/_new 2020-11-10 13:40:11.540385408 +0100 @@ -53,7 +53,7 @@ %endif Name: haproxy -Version: 2.2.4+git0.de456726d +Version: 2.3.0+git4.689d98154 Release: 0 # # ++++++ _service ++++++ --- /var/tmp/diff_new_pack.Pl6qVz/_old 2020-11-10 13:40:11.568385352 +0100 +++ /var/tmp/diff_new_pack.Pl6qVz/_new 2020-11-10 13:40:11.568385352 +0100 @@ -1,12 +1,12 @@ <services> <service name="tar_scm" mode="disabled"> - <param name="url">http://git.haproxy.org/git/haproxy-2.2.git</param> + <param name="url">http://git.haproxy.org/git/haproxy-2.3.git</param> <param name="scm">git</param> <param name="filename">haproxy</param> <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> - <param name="revision">v2.2.4</param> + <param name="revision">689d98154</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.Pl6qVz/_old 2020-11-10 13:40:11.588385312 +0100 +++ /var/tmp/diff_new_pack.Pl6qVz/_new 2020-11-10 13:40:11.588385312 +0100 @@ -5,4 +5,6 @@ </service> <service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-2.2.git</param> - <param name="changesrevision">de456726db6a9e71c1d917c6214b468d62fe8285</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">34b2b106689c8a017eb5726193b199ea96f2c9f7</param></service><service name="tar_scm"> + <param name="url">http://git.haproxy.org/git/haproxy-2.3.git</param> + <param name="changesrevision">689d981541a4805760acd6a2ba1433dc3d3534b1</param></service></servicedata> \ No newline at end of file ++++++ haproxy-2.2.4+git0.de456726d.tar.gz -> haproxy-2.3.0+git4.689d98154.tar.gz ++++++ ++++ 32878 lines of diff (skipped) ++++++ usr.sbin.haproxy.apparmor ++++++ --- /var/tmp/diff_new_pack.Pl6qVz/_old 2020-11-10 13:40:12.156384184 +0100 +++ /var/tmp/diff_new_pack.Pl6qVz/_new 2020-11-10 13:40:12.156384184 +0100 @@ -12,14 +12,15 @@ capability kill, capability sys_resource, capability sys_chroot, + capability net_admin, # those are needed for the stats socket creation capability chown, capability fowner, capability fsetid, - network inet tcp, - network inet6 tcp, + network inet, + network inet6, /etc/haproxy/* r,