Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2019-07-11 13:17:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new.4615 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy" Thu Jul 11 13:17:17 2019 rev:71 rq:714254 version:2.0.1+git27.5db881ff Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2019-05-06 21:17:19.793084989 +0200 +++ /work/SRC/openSUSE:Factory/.haproxy.new.4615/haproxy.changes 2019-07-11 13:17:19.838787481 +0200 @@ -1,0 +2,175 @@ +Tue Jul 09 11:48:41 UTC 2019 - kgronl...@suse.com + +- Update to version 2.0.1+git27.5db881ff: + * BUG/MINOR: ssl: revert empty handshake detection in OpenSSL <= 1.0.2 + * BUG/MEDIUM: servers: Don't forget to set srv_cs to NULL if we can't reuse it. + * BUG/MEDIUM: stream-int: Don't rely on CF_WRITE_PARTIAL to unblock opposite si + * MINOR: stream-int: Factorize processing done after sending data in si_cs_send() + * BUG/MINOR: mux-h1: Don't process input or ouput if an error occurred + * BUG/MEDIUM: mux-h1: Handle TUNNEL state when outgoing messages are formatted + * BUG/MEDIUM: lb_fas: Don't test the server's lb_tree from outside the lock + * BUG/MEDIUM: http/applet: Finish request processing when a service is registered + * MINOR: action: Add the return code ACT_RET_DONE for actions + * BUG/MINOR: contrib/prometheus-exporter: Don't try to add empty data blocks + * MINOR: server: Add "no-tfo" option. + * BUG/MEDIUM: sessions: Don't keep an extra idle connection in sessions. + * BUG/MEDIUM: servers: Authorize tfo in default-server. + * BUG/MEDIUM: connections: Make sure we're unsubscribe before upgrading the mux. + * BUG/MINOR: contrib/prometheus-exporter: Respect the reserve when data are sent + * BUG/MINOR: hlua/htx: Respect the reserve when HTX data are sent + * BUG/MEDIUM: channel/htx: Use the total HTX size in channel_htx_recv_limit() + * BUG/MINOR: hlua: Don't use channel_htx_recv_max() + * BUG/MINOR: contrib/prometheus-exporter: Don't use channel_htx_recv_max() + * BUG/MEDIUM: checks: Make sure the tasklet won't run if the connection is closed. + * BUG/MEDIUM: connections: Always call shutdown, with no linger. + * BUG/MINOR: mux-h1: Don't return the empty chunk on HEAD responses + * BUG/MINOR: mux-h1: Skip trailers for non-chunked outgoing messages + * BUG/MEDIUM: checks: unblock signals in external checks + * BUG/MEDIUM: mux-h1: Always release H1C if a shutdown for writes was reported + * BUG/MEDIUM: ssl: Don't attempt to set alpn if we're not using SSL. + * BUG/MINOR: mworker/cli: don't output a \n before the response + * BUG/MINOR: mux-h1: Make format errors during output formatting fatal + * BUG/MEDIUM: mux-h1: Use buf_room_for_htx_data() to detect too large messages + * BUG/MEDIUM: proto_htx: Don't add EOM on 1xx informational messages + * BUG/MINOR: log: Detect missing sampling ranges in config + * BUG/MINOR: memory: Set objects size for pools in the per-thread cache + * BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing message is formatted + * BUG/MINOR: htx: Save hdrs_bytes when the HTX start-line is replaced + * BUG/MEDIUM: ssl: Don't do anything in ssl_subscribe if we have no ctx. + * BUG/MEDIUM: connections: Always add the xprt handshake if needed. + * BUG/MEDIUM: stream_interface: Don't add SI_FL_ERR the state is < SI_ST_CON. + * BUG/MINOR: spoe: Fix memory leak if failing to allocate memory + * BUG/MEDIUM: mworker/cli: command pipelining doesn't work anymore + * BUG/MEDIUM: mworker: don't call the thread and fdtab deinit + * BUG/MINOR: mworker-prog: Fix segmentation fault during cfgparse + * BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL condition. + * BUG/MEDIUM: lb_fwlc: Don't test the server's lb_tree from outside the lock + * BUG/MEDIUM: mux-h2: Remove the padding length when a DATA frame size is checked + * BUG/MEDIUM: mux-h2: Reset padlen when several frames are demux + +------------------------------------------------------------------- +Sun Jun 30 10:24:18 UTC 2019 - Jan Engelhardt <jeng...@inai.de> + +- Correct version line, which should be 2.0.0+git6. + +------------------------------------------------------------------- +Tue Jun 18 12:09:15 UTC 2019 - Marcus Rueckert <mrueck...@suse.de> + +- allow the new master socket path in the apparmor profile + +------------------------------------------------------------------- +Tue Jun 18 12:04:20 UTC 2019 - mrueck...@suse.de + +- Update to version 2.0.0~git6.41dc8432: + * BUG/MEDIUM: htx: Fully update HTX message when the block value is changed + * MINOR: htx: Add the function htx_change_blk_value_len() + * BUG/MEDIUM: compression: Set Vary: Accept-Encoding for compressed responses + * BUG/MINOR: mux-h1: Add the header connection in lower case in outgoing messages + * BUG/MINOR: lua/htx: Make txn.req_req_* and txn.res_rep_* HTX aware + * BUG/MEDIUM: h2/htx: Update data length of the HTX when the cookie list is built + +------------------------------------------------------------------- +Mon Jun 17 12:33:47 UTC 2019 - kgronl...@suse.com + +- Update to version 2.0.0~git0.ba23630a: + - new internal native HTTP representation called HTX, was already in 1.9 + and is now enabled by default in 2.0 ; + + - end-to-end HTTP/2 support including trailers and continuation frames, + as needed for gRPC ; HTTP/2 may also be upgraded from HTTP/1.1 using + the H2 preface; + + - server connection pooling and more advanced reuse, with ALPN protocol + negotiation (already in 1.9) ; + + - layer 7 retries, allowing to use 0-RTT and TCP Fast Open to the servers + as well as on the frontend ; + + - much more scalable multi-threading, which is even enabled by default on + platforms where it was successfully tested ; by default, as many threads + are started as the number of CPUs haproxy is allowed to run on. This + removes a lot of configuration burden in VMs and containers ; + + - automatic maxconn setting for the process and the frontends, directly + based on the number of available FDs (easier configuration in containers + and with systemd) ; + + - logging to stdout for use in containers and systemd (already in 1.9). + Logs can now provide micro-second resolution for some events ; + + - peers now support SSL, declaration of multiple stick-tables directly in + the peers section, and synchronization of server names, not just IDs ; + + - In master-worker mode, the master process now exposes its own CLI and + can communicate with all other processes (including the stopping ones), + even allowing to connect to their CLI and check their state. It is also + possible to start some sidecar programs and monitor them from the master, + and the master can automatically kill old processes that survived too + many reloads ; + + - the incoming connections are load-balanced between all threads depending + on their load to minimize the processing time and maximize the capacity + (already in 1.9) ; + + - the SPOE connection load-balancing was significantly improved in order + to reduce high percentiles of SPOA response time (already in 1.9) ; + + - the "random" load balancing algorithm and a power-of-two-choices variant + were introduced ; + + - statistics improvements with per-thread counters for certain things, and + a prometheus exporter for all our statistics; + + - lots of debugging help, it's easier to produce a core dump, there are + new commands on the CLI to control various things, there is a watchdog + to fail cleanly when a thread deadlock or a spinning task are detected, + so overall it should provide a better experience in field and less + round trips between users and developers (hence less stress during an + incident). + + - all 3 device detection engines are now compatible with multi-threading + and can be build-tested without any external dependencies ; + + - "do-resolve" http-request action to perform a DNS resolution on any, + sample, and resolvers now support relying on /etc/resolv.conf to match + the local resolver ; + + - log sampling and balancing : it's now possible to send 1 log every 10 + to a server, or to spread the logging load over multiple log servers; + + - a new SPOA agent (spoa_server) allows to interface haproxy with Python + and Lua programs ; + + - support for Solaris' event ports (equivalent of kqueue or epoll) which + will significantly improve the performance there when dealing with + numerous connections ; + + - some warnings are now reported for some deprecated options that will + be removed in 2.1. Since 2.0 is long term supported, there's no + emergency to convert them, however if you see these warnings, you + need to understand that you're among their extremely rare users and + just because of this you may be taking risks by keeping them ; + + - A new SOCKS4 server-side layer was provided ; it allows outgoing + connections to be forwarded through a SOCKS4 proxy (such as ssh -D). + + - priority- and latency- aware server queues : it is possible now to + assign priorities to certain requests and/or to give them a time + bonus or penalty to refine control of the traffic and be able to + engage on SLAs. + + - internally the architecture was significantly redesigned to allow to + further improve performance and make it easier to implement protocols + that span over multiple layers (such as QUIC). This work started in + 1.9 and will continue with 2.1. + + - the I/O, applets and tasks now share the same multi-threaded scheduler, + giving a much better responsiveness and fairness between all tasks as + is visible with the CLI which always responds instantly even under + extreme loads (started in 1.9) ; + + - the internal buffers were redesigned to ease zero-copy operations, so + that it is possible to sustain a high bandwidth even when forwarding + HTTP/1 to/from HTTP/2 (already in 1.9) ; + +------------------------------------------------------------------- Old: ---- haproxy-1.8.20~git0.6fb9fadc.tar.gz New: ---- haproxy-2.0.1+git27.5db881ff.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.830787168 +0200 +++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.834787167 +0200 @@ -47,7 +47,7 @@ %endif Name: haproxy -Version: 1.8.20~git0.6fb9fadc +Version: 2.0.1+git27.5db881ff Release: 0 # # @@ -122,12 +122,12 @@ %prep %setup -q %patch1 -p1 -%patch2 -%patch3 +%patch2 -p1 +%patch3 -p1 %build make \ - TARGET=linux2628 \ + TARGET=linux-glibc \ CPU="%{_target_cpu}" \ USE_PCRE=1 \ %if %{with pcre_jit} @@ -180,14 +180,14 @@ %endif install -d -m 0750 %{buildroot}%{pkg_home} -install -D -m 0644 examples/haproxy.vim %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim +install -D -m 0644 contrib/syntax-highlight/haproxy.vim %{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim install -D -m 0644 doc/%{pkg_name}.1 %{buildroot}%{_mandir}/man1/%{pkg_name}.1 %if %{with apparmor} install -D -m 0644 %{S:2} %{buildroot}/etc/apparmor.d/usr.sbin.haproxy install -D -m 0644 %{S:3} %{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy %endif -rm examples/haproxy.spec examples/*init* examples/haproxy.vim +rm examples/*init* %pre getent group %{pkg_name} >/dev/null || /usr/sbin/groupadd -r %{pkg_name} ++++++ _service ++++++ --- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.862787158 +0200 +++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.862787158 +0200 @@ -1,12 +1,12 @@ <services> <service name="tar_scm" mode="disabled"> - <param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param> + <param name="url">http://git.haproxy.org/git/haproxy-2.0.git</param> <param name="scm">git</param> <param name="filename">haproxy</param> - <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param> + <param name="versionformat">@PARENT_TAG@+git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> - <param name="revision">v1.8.20</param> + <param name="revision">master</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.882787151 +0200 +++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.882787151 +0200 @@ -1,8 +1,6 @@ <servicedata> -<service name="tar_scm"> - <param name="url">http://git.haproxy.org/git/haproxy-1.6.git</param> - <param name="changesrevision">864bf78c3b6898eb12ece5f0a44032090f26f57f</param></service><service name="tar_scm"> - <param name="url">http://git.haproxy.org/git/haproxy-1.7.git</param> - <param name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service name="tar_scm"> - <param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param> - <param name="changesrevision">6fb9fadc5311cd00beb522a35596d3aa63f24fdb</param></service></servicedata> \ No newline at end of file + <service name="tar_scm"> + <param name="url">http://git.haproxy.org/git/haproxy-2.0.git</param> + <param name="changesrevision">5db881ff0506bd5bb6caf9d80a06e79afa7473ca</param> + </service> +</servicedata> ++++++ haproxy-1.6.0-makefile_lib.patch ++++++ --- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.890787149 +0200 +++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.890787149 +0200 @@ -1,9 +1,9 @@ -Index: Makefile -=================================================================== ---- Makefile.orig -+++ Makefile -@@ -647,7 +647,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US - PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo /usr/local) +diff --git a/Makefile b/Makefile +index d62fead7..33fa6338 100644 +--- a/Makefile ++++ b/Makefile +@@ -619,7 +619,7 @@ PCRE_CONFIG := pcre-config + PCREDIR := $(shell $(PCRE_CONFIG) --prefix 2>/dev/null || echo /usr/local) ifneq ($(PCREDIR),) PCRE_INC := $(PCREDIR)/include -PCRE_LIB := $(PCREDIR)/lib @@ -11,3 +11,12 @@ endif ifeq ($(USE_STATIC_PCRE),) +@@ -638,7 +638,7 @@ PCRE2_CONFIG := pcre2-config + PCRE2DIR := $(shell $(PCRE2_CONFIG) --prefix 2>/dev/null || echo /usr/local) + ifneq ($(PCRE2DIR),) + PCRE2_INC := $(PCRE2DIR)/include +-PCRE2_LIB := $(PCRE2DIR)/lib ++PCRE2_LIB := $(PCRE2DIR)/$(LIB) + + ifeq ($(PCRE2_WIDTH),) + PCRE2_WIDTH = 8 ++++++ haproxy-1.6.0-sec-options.patch ++++++ --- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.898787147 +0200 +++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.898787147 +0200 @@ -1,9 +1,15 @@ -Index: Makefile -=================================================================== ---- Makefile.orig -+++ Makefile -@@ -674,6 +674,35 @@ OPTIONS_CFLAGS += -DUSE_TFO - BUILD_OPTIONS += $(call ignore_implicit,USE_TFO) +commit 88413472b09e2ecd4ad2b4a00992184c14d5723c +Author: Kristoffer Gronlund <kgronl...@suse.com> +Date: Mon Jun 17 13:00:08 2019 +0000 + + SUSE: Makefile sec options + +diff --git a/Makefile b/Makefile +index 33fa6338..3777ad6d 100644 +--- a/Makefile ++++ b/Makefile +@@ -675,6 +675,35 @@ endif + endif endif +# PIE ++++++ haproxy-1.6.0_config_haproxy_user.patch ++++++ --- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.910787143 +0200 +++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.910787143 +0200 @@ -15,20 +15,6 @@ pidfile /var/run/haproxy.pid daemon quiet -Index: haproxy-1.6.0/examples/auth.cfg -=================================================================== ---- haproxy-1.6.0.orig/examples/auth.cfg -+++ haproxy-1.6.0/examples/auth.cfg -@@ -1,7 +1,7 @@ - global --# chroot /var/empty/ --# uid 451 --# gid 451 -+ user haproxy -+ group haproxy -+ chroot /var/lib/haproxy - log 192.168.131.214:8514 local4 debug - maxconn 8192 Index: haproxy-1.6.0/examples/content-sw-sample.cfg =================================================================== @@ -64,20 +50,6 @@ nbproc 4 daemon -Index: haproxy-1.6.0/examples/ssl.cfg -=================================================================== ---- haproxy-1.6.0.orig/examples/ssl.cfg -+++ haproxy-1.6.0/examples/ssl.cfg -@@ -4,6 +4,9 @@ - - global - maxconn 100 -+ chroot /var/lib/haproxy -+ user haproxy -+ group haproxy - - defaults - mode http Index: haproxy-1.6.0/examples/transparent_proxy.cfg =================================================================== --- haproxy-1.6.0.orig/examples/transparent_proxy.cfg ++++++ usr.sbin.haproxy.apparmor ++++++ --- /var/tmp/diff_new_pack.6AS7jL/_old 2019-07-11 13:17:20.974787123 +0200 +++ /var/tmp/diff_new_pack.6AS7jL/_new 2019-07-11 13:17:20.974787123 +0200 @@ -26,6 +26,7 @@ /var/lib/haproxy/stats.*.bak rwl, /var/lib/haproxy/stats.*.tmp rwl, /{,var/}run/haproxy.pid rw, + /{,var/}run/haproxy-master.sock* rwlk, # Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.haproxy>