Hello community,
here is the log from the commit of package haproxy for openSUSE:Factory checked
in at 2015-11-12 19:41:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/haproxy (Old)
and /work/SRC/openSUSE:Factory/.haproxy.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy"
Changes:
--------
--- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2015-09-27
08:39:44.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy.changes 2015-11-12
19:41:15.000000000 +0100
@@ -1,0 +2,120 @@
+Tue Nov 10 14:50:26 UTC 2015 - mrueck...@suse.de
+
+- fix link to tarball
+
+-------------------------------------------------------------------
+Tue Nov 3 12:02:19 UTC 2015 - mrueck...@suse.de
+
+- update to 1.6.2
+ - BUILD: ssl: fix build error introduced in commit 7969a3 with
+ OpenSSL < 1.0.0
+ - DOC: fix a typo for a "deviceatlas" keyword
+ - FIX: small typo in an example using the "Referer" header
+ - BUG/MEDIUM: config: count memory limits on 64 bits, not 32
+ - BUG/MAJOR: dns: first DNS response packet not matching queried
+ hostname may lead to a loop
+ - BUG/MINOR: dns: unable to parse CNAMEs response
+ - BUG/MINOR: examples/haproxy.init: missing brace in
+ quiet_check()
+ - DOC: deviceatlas: more example use cases.
+ - BUG/BUILD: replace haproxy-systemd-wrapper with $(EXTRA) in
+ install-bin.
+ - BUG/MAJOR: http: don't requeue an idle connection that is
+ already queued
+ - DOC: typo on capture.res.hdr and capture.req.hdr
+ - BUG/MINOR: dns: check for duplicate nameserver id in a
+ resolvers section was missing
+ - CLEANUP: use direction names in place of numeric values
+ - BUG/MEDIUM: lua: sample fetches based on response doesn't work
+- drop haproxy-1.6.0-ssl-098.patch: included upstream
+
+-------------------------------------------------------------------
+Thu Oct 22 10:21:00 UTC 2015 - mrueck...@suse.de
+
+- update to 1.6.1
+ - DOC: specify that stats socket doc (section 9.2) is in
+ management
+ - BUILD: install only relevant and existing documentation
+ - CLEANUP: don't ignore debian/ directory if present
+ - BUG/MINOR: dns: parsing error of some DNS response
+ - BUG/MEDIUM: namespaces: don't fail if no namespace is used
+ - BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is
+ disabled
+ - MEDIUM: dns: Don't use the ANY query type
+- drop haproxy-1.6.0-ssl.crash.patch included in update
+
+-------------------------------------------------------------------
+Mon Oct 19 16:15:57 UTC 2015 - mrueck...@suse.de
+
+- add haproxy-1.6.0-ssl-098.patch:
+ fix building on openssl 0.9.8
+
+-------------------------------------------------------------------
+Fri Oct 16 17:16:40 UTC 2015 - mrueck...@suse.de
+
+- added haproxy-1.6.0-ssl.crash.patch: fix SNI related crash
+
+-------------------------------------------------------------------
+Thu Oct 15 23:19:33 UTC 2015 - mrueck...@suse.de
+
+- only use network namespace support on distros newer than 13.2
+
+-------------------------------------------------------------------
+Tue Oct 13 19:39:12 UTC 2015 - mrueck...@suse.de
+
+- update to 1.6.0
+ The most user-visible changes, we can cite the simpler handling
+ of multiple configuration files, the support for quotes and
+ environment variables in the configuration, a significant
+ reduction of the memory usage thanks to a new dynamic buffer
+ allocator, notifications over e-mail, server state keeping across
+ reloads, dynamic DNS-based server address resolution, new
+ scripting capabilities thanks to the embedded Lua interpreter,
+ use of variables in the configuration to manipulate samples,
+ request body buffering and analysis, support for two third-party
+ device identification products (DeviceAtlas and 51Degrees), a lot
+ of new sample converters including arithmetic operators and table
+ lookups, TLS ticket secret sharing between nodes, TLS SNI to the
+ server, full tables replication between peers, ability to
+ instruct the kernel to quickly kill dead connections, support for
+ Linux namespaces, and a number of other less visible goodies. The
+ performance has also been improved a lot with support for server
+ connection multiplexing, much faster and cheaper HTTP compression
+ via libslz, and the addition of a pattern cache to speed up
+ certain expensive ACLs. The great flexibility offered by this
+ version will allow many users to significantly simplify their
+ configurations. Some users will notice a huge performance boost
+ after they enable the features designed for them.
+
+ for all the details see /usr/share/doc/packages/haproxy/CHANGELOG
+- drop patches we pulled from upstream git:
+ 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
+ 0002-DOC-usesrc-root-privileges-requirements.patch
+ 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
+ 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
+ 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
+ 0006-DOC-typo-in-redirect-302-code-meaning.patch
+ 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
+ 0008-CLEANUP-.gitignore-ignore-more-test-files.patch
+ 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
+ 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
+ 0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
+ 0012-DOC-ssl-missing-LF.patch
+ 0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
+ 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
+ 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
+- refresh/redo patches to apply cleanly again:
+ old: haproxy-1.2.16_config_haproxy_user.patch
+ new: haproxy-1.6.0_config_haproxy_user.patch
+ old: haproxy-makefile_lib.patch
+ new: haproxy-1.6.0-makefile_lib.patch
+ old: sec-options.patch
+ new: haproxy-1.6.0-sec-options.patch
+- added new haproxy.cfg to have a minimal config we can actually
+ launch!
+- drop patch haproxy-1.5.8-fix-bashisms.patch: patched files no
+ longer exist
+- drop haproxy.vim: we will use the copy which ships with the
+ upstream tarball now.
+
+-------------------------------------------------------------------
Old:
----
0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
0002-DOC-usesrc-root-privileges-requirements.patch
0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
0006-DOC-typo-in-redirect-302-code-meaning.patch
0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
0008-CLEANUP-.gitignore-ignore-more-test-files.patch
0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
0012-DOC-ssl-missing-LF.patch
0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
haproxy-1.2.16_config_haproxy_user.patch
haproxy-1.5.14.tar.gz
haproxy-1.5.8-fix-bashisms.patch
haproxy-makefile_lib.patch
haproxy.vim
sec-options.patch
New:
----
haproxy-1.6.0-makefile_lib.patch
haproxy-1.6.0-sec-options.patch
haproxy-1.6.0_config_haproxy_user.patch
haproxy-1.6.2.tar.gz
haproxy.cfg
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ haproxy.spec ++++++
--- /var/tmp/diff_new_pack.MRhLU9/_old 2015-11-12 19:41:16.000000000 +0100
+++ /var/tmp/diff_new_pack.MRhLU9/_new 2015-11-12 19:41:16.000000000 +0100
@@ -19,6 +19,14 @@
%bcond_with tcp_fast_open
%endif
+%if 0%{?suse_version} > 1320
+%bcond_without lua
+%bcond_without network_namespace
+%else
+%bcond_with lua
+%bcond_with network_namespace
+%endif
+
%if 0%{?suse_version} >= 1310
%bcond_without systemd
%else
@@ -33,12 +41,15 @@
%bcond_without apparmor
Name: haproxy
-Version: 1.5.14
+Version: 1.6.2
Release: 0
#
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: libgcrypt-devel
+%if %{with lua}
+BuildRequires: lua-devel >= 5.3
+%endif
BuildRequires: pcre-devel
BuildRequires: zlib-devel
BuildRequires: openssl-devel
@@ -52,46 +63,14 @@
%define pkg_home /var/lib/%{pkg_name}
#
Url: http://www.haproxy.org/
-Source:
http://www.haproxy.org/download/1.5/src/haproxy-%{version}.tar.gz
+Source:
http://www.haproxy.org/download/1.6/src/haproxy-%{version}.tar.gz
Source1: %{pkg_name}.init
-Source2: http://www.haproxy.org/download/contrib/haproxy.vim
-Source3: usr.sbin.haproxy.apparmor
-Source4: local.usr.sbin.haproxy.apparmor
-Patch1: haproxy-1.2.16_config_haproxy_user.patch
-Patch2: haproxy-makefile_lib.patch
-Patch3: sec-options.patch
-Patch4: haproxy-1.5.8-fix-bashisms.patch
-# BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
-Patch5: 0001-BUG-MINOR-log-missing-some-ARGC_-entries-in-fmt_dire.patch
-# DOC: usesrc root privileges requirements
-Patch6: 0002-DOC-usesrc-root-privileges-requirements.patch
-# BUILD: ssl: Allow building against libssl without SSLv3.
-Patch7: 0003-BUILD-ssl-Allow-building-against-libssl-without-SSLv.patch
-# DOC/MINOR: fix OpenBSD versions where haproxy works
-Patch8: 0004-DOC-MINOR-fix-OpenBSD-versions-where-haproxy-works.patch
-# BUG/MINOR: http/sample: gmtime/localtime can fail
-Patch9: 0005-BUG-MINOR-http-sample-gmtime-localtime-can-fail.patch
-# DOC: typo in 'redirect', 302 code meaning
-Patch10: 0006-DOC-typo-in-redirect-302-code-meaning.patch
-# DOC: mention that %ms is left-padded with zeroes.
-Patch11: 0007-DOC-mention-that-ms-is-left-padded-with-zeroes.patch
-# CLEANUP: .gitignore: ignore more test files
-Patch12: 0008-CLEANUP-.gitignore-ignore-more-test-files.patch
-# CLEANUP: .gitignore: finally ignore everything but what is known.
-Patch13: 0009-CLEANUP-.gitignore-finally-ignore-everything-but-wha.patch
-# MEDIUM: config: emit a warning on a frontend without listener
-Patch14: 0010-MEDIUM-config-emit-a-warning-on-a-frontend-without-l.patch
-# BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry
-Patch15: 0011-BUG-MEDIUM-counters-ensure-that-src_-inc-clr-_gpc0-c.patch
-# DOC: ssl: missing LF
-Patch16: 0012-DOC-ssl-missing-LF.patch
-# DOC: fix example of http-request using ssl_fc_session_id
-Patch17: 0013-DOC-fix-example-of-http-request-using-ssl_fc_session.patch
-# BUG/MINOR: http: remove stupid HTTP_METH_NONE entry
-Patch18: 0014-BUG-MINOR-http-remove-stupid-HTTP_METH_NONE-entry.patch
-# BUG/MAJOR: http: don't call http_send_name_header() after an error
-Patch19: 0015-BUG-MAJOR-http-don-t-call-http_send_name_header-afte.patch
-
+Source2: usr.sbin.haproxy.apparmor
+Source3: local.usr.sbin.haproxy.apparmor
+Source4: haproxy.cfg
+Patch1: haproxy-1.6.0_config_haproxy_user.patch
+Patch2: haproxy-1.6.0-makefile_lib.patch
+Patch3: haproxy-1.6.0-sec-options.patch
#
Source99: haproxy-rpmlintrc
#
@@ -122,25 +101,9 @@
%prep
%setup -q
-%patch1
+%patch1 -p1
%patch2
%patch3
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
-%patch17 -p1
-%patch18 -p1
-%patch19 -p1
%build
%{__make} \
@@ -157,6 +120,10 @@
%ifarch %ix86
USE_REGPARM=1 \
%endif
+ USE_PTHREAD_PSHARED=1 \
+ %if %{with lua}
+ USE_LUA=1 \
+ %endif
USE_TPROXY=1 \
USE_LINUX_TPROXY=1 \
USE_LINUX_SPLICE=1 \
@@ -167,9 +134,12 @@
USE_PIE=1 \
USE_STACKPROTECTOR=1 \
USE_RELRO_NOW=1 \
-%if %{with tcp_fast_open}
+ %if %{with tcp_fast_open}
USE_TFO=1 \
-%endif
+ %endif
+ %if %{with network_namespace}
+ USE_NS=1 \
+ %endif
LIB="%{_lib}" \
PREFIX="%{_prefix}" \
DEBUG_CFLAGS="%{optflags}"
@@ -178,28 +148,30 @@
DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"
%install
-%{__install} -D -m 0755 %{pkg_name}
%{buildroot}%{_sbindir}/%{pkg_name}
-%{__install} -D -m 0644 examples/%{pkg_name}.cfg
%{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
+install -D -m 0755 %{pkg_name} %{buildroot}%{_sbindir}/%{pkg_name}
+install -d -m 0750 %{buildroot}%{_sysconfdir}/%{pkg_name}/
+install -m 0640 %{S:4}
%{buildroot}%{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
+
+install -D -m 0755 contrib/halog/halog %{buildroot}%{_sbindir}/haproxy-halog
-%{__install} -D -m 0755 contrib/halog/halog
%{buildroot}%{_sbindir}/haproxy-halog
%if %{with systemd}
-%{__install} -D -m 0755 haproxy-systemd-wrapper
%{buildroot}%{_sbindir}/haproxy-systemd-wrapper
-%{__install} -D -m 0644 contrib/systemd/%{pkg_name}.service
%{buildroot}%{_unitdir}/%{pkg_name}.service
+install -D -m 0755 haproxy-systemd-wrapper
%{buildroot}%{_sbindir}/haproxy-systemd-wrapper
+install -D -m 0644 contrib/systemd/%{pkg_name}.service
%{buildroot}%{_unitdir}/%{pkg_name}.service
ln -sf /sbin/service %{buildroot}%{_sbindir}/rc%{pkg_name}
%else
-%{__install} -D -m 0755 %{S:1}
%{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
+install -D -m 0755 %{S:1}
%{buildroot}%{_sysconfdir}/init.d/%{pkg_name}
%{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_name}
%{buildroot}%{_sbindir}/rc%{pkg_name}
%endif
-%{__install} -d -m 0755 %{buildroot}%{pkg_home}
-%{__install} -D -m 0644 %{S:2}
%{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
-%{__install} -D -m 0644 doc/%{pkg_name}.1
%{buildroot}%{_mandir}/man1/%{pkg_name}.1
+install -d -m 0755 %{buildroot}%{pkg_home}
+install -D -m 0644 examples/haproxy.vim
%{buildroot}%{vim_data_dir}/syntax/%{pkg_name}.vim
+install -D -m 0644 doc/%{pkg_name}.1
%{buildroot}%{_mandir}/man1/%{pkg_name}.1
%if %{with apparmor}
-%{__install} -D -m 0644 %{S:3}
%{buildroot}/etc/apparmor.d/usr.sbin.haproxy
-%{__install} -D -m 0644 %{S:4}
%{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
+install -D -m 0644 %{S:2}
%{buildroot}/etc/apparmor.d/usr.sbin.haproxy
+install -D -m 0644 %{S:3}
%{buildroot}/etc/apparmor.d/local/usr.sbin.haproxy
%endif
-%{__rm} examples/haproxy.spec
+rm examples/haproxy.spec examples/*init* examples/haproxy.vim
%if 0%{?suse_version} < 1230
%clean
@@ -241,18 +213,14 @@
%doc CHANGELOG README LICENSE
%doc ROADMAP doc/* examples/
%doc contrib/netsnmp-perl/ contrib/selinux/
-%dir %{_sysconfdir}/%{pkg_name}
-%config(noreplace) %{_sysconfdir}/%{pkg_name}/%{pkg_name}.cfg
+%dir %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}
+%config(noreplace) %attr(-,root,haproxy) %{_sysconfdir}/%{pkg_name}/*
%if %{with systemd}
%{_unitdir}/%{pkg_name}.service
%{_sbindir}/haproxy-systemd-wrapper
-
%else
-
%config(noreplace) %{_sysconfdir}/init.d/%{pkg_name}
-
%endif
-
%{_sbindir}/haproxy
%{_sbindir}/haproxy-halog
%{_sbindir}/rchaproxy
++++++ haproxy-1.6.0-makefile_lib.patch ++++++
Index: Makefile
===================================================================
--- Makefile.orig
+++ Makefile
@@ -644,7 +644,7 @@ ifneq ($(USE_PCRE)$(USE_STATIC_PCRE)$(US
PCREDIR := $(shell pcre-config --prefix 2>/dev/null || echo
/usr/local)
ifneq ($(PCREDIR),)
PCRE_INC := $(PCREDIR)/include
-PCRE_LIB := $(PCREDIR)/lib
+PCRE_LIB := $(PCREDIR)/$(LIB)
endif
ifeq ($(USE_STATIC_PCRE),)
++++++ haproxy-1.6.0-sec-options.patch ++++++
Index: Makefile
===================================================================
--- Makefile.orig
+++ Makefile
@@ -671,6 +671,35 @@ OPTIONS_CFLAGS += -DUSE_TFO
BUILD_OPTIONS += $(call ignore_implicit,USE_TFO)
endif
+# PIE
+ifneq ($(USE_PIE),)
+OPTIONS_CFLAGS += -DUSE_PIE
+BUILD_OPTIONS += $(call ignore_implicit,USE_PIE)
+OPTIONS_LDFLAGS += -pie
+# still need to figure out how to express this conditional in the makefile
+# %ifarch s390 s390x %sparc
+# PIEFLAGS="-fPIE"
+# %else
+# PIEFLAGS="-fpie"
+# %endif
+# PIE_FLAGS.s390 = -fPIE
+# PIE_FLAGS.i386 = -fpie
+# SEC_FLAGS += $(PIE_FLAGS.$(ARCH))
+OPTIONS_CFLAGS += -fpie
+endif
+
+ifneq ($(USE_STACKPROTECTOR),)
+OPTIONS_CFLAGS += -DUSE_STACKPROTECTOR
+BUILD_OPTIONS += $(call ignore_implicit,USE_STACKPROTECTOR)
+OPTIONS_CFLAGS += -fstack-protector
+endif
+
+ifneq ($(USE_RELRO_NOW),)
+OPTIONS_CFLAGS += -DUSE_RELRO_NOW
+BUILD_OPTIONS += $(call ignore_implicit,USE_RELRO_NOW)
+OPTIONS_LDFLAGS += -Wl,-z,relro,-z,now
+endif
+
# This one can be changed to look for ebtree files in an external directory
EBTREE_DIR := ebtree
++++++ haproxy-1.2.16_config_haproxy_user.patch ->
haproxy-1.6.0_config_haproxy_user.patch ++++++
--- /work/SRC/openSUSE:Factory/haproxy/haproxy-1.2.16_config_haproxy_user.patch
2014-06-25 15:24:39.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.haproxy.new/haproxy-1.6.0_config_haproxy_user.patch
2015-11-12 19:41:14.000000000 +0100
@@ -1,32 +1,95 @@
-Index: examples/examples.cfg
+Index: haproxy-1.6.0/examples/acl-content-sw.cfg
===================================================================
---- examples/examples.cfg.orig
-+++ examples/examples.cfg
-@@ -3,8 +3,8 @@
- # log 127.0.0.1 local1
- maxconn 4000
- ulimit-n 8000
-- uid 0
-- gid 0
+--- haproxy-1.6.0.orig/examples/acl-content-sw.cfg
++++ haproxy-1.6.0/examples/acl-content-sw.cfg
+@@ -5,9 +5,9 @@ global
+ log loghost local0
+ log localhost local0 err
+ maxconn 250
+- uid 71
+- gid 71
+- chroot /var/empty
+ user haproxy
+ group haproxy
- # chroot /tmp
- # nbproc 2
- # daemon
-Index: examples/haproxy.cfg
-===================================================================
---- examples/haproxy.cfg.orig
-+++ examples/haproxy.cfg
-@@ -5,9 +5,9 @@
- log 127.0.0.1 local1 notice
- #log loghost local0 info
- maxconn 4096
-- chroot /usr/share/haproxy
-- uid 99
-- gid 99
++ chroot /var/lib/haproxy
+ pidfile /var/run/haproxy.pid
+ daemon
+ quiet
+Index: haproxy-1.6.0/examples/auth.cfg
+===================================================================
+--- haproxy-1.6.0.orig/examples/auth.cfg
++++ haproxy-1.6.0/examples/auth.cfg
+@@ -1,7 +1,7 @@
+ global
+-# chroot /var/empty/
+-# uid 451
+-# gid 451
++ user haproxy
++ group haproxy
++ chroot /var/lib/haproxy
+ log 192.168.131.214:8514 local4 debug
+ maxconn 8192
+
+Index: haproxy-1.6.0/examples/content-sw-sample.cfg
+===================================================================
+--- haproxy-1.6.0.orig/examples/content-sw-sample.cfg
++++ haproxy-1.6.0/examples/content-sw-sample.cfg
+@@ -11,9 +11,9 @@ global
+ maxconn 10000
+ stats socket /var/run/haproxy.stat mode 600 level admin
+ log 127.0.0.1 local0
+- uid 200
+- gid 200
+- chroot /var/empty
++ user haproxy
++ group haproxy
++ chroot /var/lib/haproxy
+ daemon
+
+ # The public 'www' address in the DMZ
+Index: haproxy-1.6.0/examples/option-http_proxy.cfg
+===================================================================
+--- haproxy-1.6.0.orig/examples/option-http_proxy.cfg
++++ haproxy-1.6.0/examples/option-http_proxy.cfg
+@@ -6,9 +6,9 @@ global
+ maxconn 20000
+ ulimit-n 16384
+ log 127.0.0.1 local0
+- uid 200
+- gid 200
+- chroot /var/empty
+ chroot /var/lib/haproxy
+ user haproxy
+ group haproxy
- daemon
- #debug
- #quiet
+ nbproc 4
+ daemon
+
+Index: haproxy-1.6.0/examples/ssl.cfg
+===================================================================
+--- haproxy-1.6.0.orig/examples/ssl.cfg
++++ haproxy-1.6.0/examples/ssl.cfg
+@@ -4,6 +4,9 @@
+
+ global
+ maxconn 100
++ chroot /var/lib/haproxy
++ user haproxy
++ group haproxy
+
+ defaults
+ mode http
+Index: haproxy-1.6.0/examples/transparent_proxy.cfg
+===================================================================
+--- haproxy-1.6.0.orig/examples/transparent_proxy.cfg
++++ haproxy-1.6.0/examples/transparent_proxy.cfg
+@@ -6,6 +6,10 @@
+ #
+
+ global
++ chroot /var/lib/haproxy
++ user haproxy
++ group haproxy
++
+ defaults
+ timeout client 30s
+ timeout server 30s
++++++ haproxy-1.5.14.tar.gz -> haproxy-1.6.2.tar.gz ++++++
++++ 95063 lines of diff (skipped)
++++++ haproxy.cfg ++++++
global
log /dev/log daemon
maxconn 32768
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats user haproxy group haproxy mode 0640
level operator
tune.bufsize 32768
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers
ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
defaults
log global
mode http
option log-health-checks
option log-separate-errors
option dontlog-normal
option dontlognull
option httplog
option socket-stats
retries 3
option redispatch
maxconn 10000
timeout connect 5s
timeout client 50s
timeout server 450s
listen stats
bind 0.0.0.0:80
bind :::80 v6only
stats enable
stats uri /
stats refresh 5s
rspadd Server:\ haproxy/1.6
