Hello community, here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2018-09-28 08:53:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/haproxy (Old) and /work/SRC/openSUSE:Factory/.haproxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "haproxy" Fri Sep 28 08:53:14 2018 rev:66 rq:638409 version:1.8.14~git0.52e4d43b Changes: -------- --- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2018-08-22 14:22:35.294669268 +0200 +++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy.changes 2018-09-28 08:53:17.437738610 +0200 @@ -1,0 +2,68 @@ +Thu Sep 20 13:03:31 UTC 2018 - Marcus Rueckert <mrueckert@suse.de> + +- also fix the systemd case for the apparmor_reload change + +------------------------------------------------------------------- +Thu Sep 20 12:50:35 UTC 2018 - Marcus Rueckert <mrueckert@suse.de> + +- only reload the apparmor profile on newer distros, seems older + distros do not have apparmor-rpm-macros yet + +------------------------------------------------------------------- +Thu Sep 20 12:45:57 UTC 2018 - Marcus Rueckert <mrueckert@suse.de> + +- only use network namespaces on 12.x and newer, failed to build on + sle11 + +------------------------------------------------------------------- +Thu Sep 20 12:39:42 UTC 2018 - Marcus Rueckert <mrueckert@suse.de> + +- guard all parts referring to systemd to fix build on sle 11 + +------------------------------------------------------------------- +Thu Sep 20 12:34:47 UTC 2018 - mrueckert@suse.de + +- Update to version 1.8.14~git0.52e4d43b: (bsc#1108683) (CVE-2018-14645) + * [RELEASE] Released version 1.8.14 + * BUG/CRITICAL: hpack: fix improper sign check on the header index value + * BUG/MINOR: cli: make sure the "getsock" command is only called on connections + * BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4 + * BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list + * DOC: Fix typos in lua documentation + * BUG/MINOR: server: Crash when setting FQDN via CLI. + * BUG/MAJOR: kqueue: Don't reset the changes number by accident. + * BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors + * BUG/MINOR: http/threads: atomically increment the error snapshot ID + * BUG/MINOR: dns: check and link servers' resolvers right after config parsing + * BUG/MEDIUM: h2: fix risk of memory leak on malformated wrapped frames + * BUG/MEDIUM: session: fix reporting of handshake processing time in the logs + * BUG/MINOR: stream: use atomic increments for the request counter + * MINOR: thread: implement HA_ATOMIC_XADD() + * BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1 + * BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file + * BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0. + * BUG/MAJOR: thread: lua: Wrong SSL context initialization. + * BUG/MEDIUM: hlua: Make sure we drain the output buffer when done. + * BUG/MEDIUM: lua: reset lua transaction between http requests + * BUG/MEDIUM: mux_pt: dereference the connection with care in mux_pt_wake() + * BUG/MINOR: lua: Bad HTTP client request duration. + * BUG/MEDIUM: unix: provide a ->drain() function + * DOC: Fix spelling error in configuration doc + * BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations + * BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates + * BUG/MEDIUM: lua: socket timeouts are not applied + * DOC: ssl: Use consistent naming for TLS protocols + * DOC: dns: explain set server ... fqdn requires resolver + * BUG/MINOR: map: fix map_regm with backref + * BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error. + * BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle. + * BUG/MINOR: ssl: empty connections reported as errors. + * BUG/MEDIUM: cli: make "show fd" thread-safe + * MEDIUM: hathreads: implement a more flexible rendez-vous point + * BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point + * MINOR: threads: add more consistency between certain variables in no-thread case + * BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7 + * MINOR: threads: Introduce double-width CAS on x86_64 and arm. + * BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers + +------------------------------------------------------------------- @@ -93 +161 @@ - * BUG/MEDIUM: cache: don't cache when an Authorization header is present (VUL-1) (bsc#1094846) + * BUG/MEDIUM: cache: don't cache when an Authorization header is present (VUL-1) (bsc#1094846) (CVE-2018-11469) Old: ---- haproxy-1.8.13~git4.c1bfcd00.tar.gz New: ---- haproxy-1.8.14~git0.52e4d43b.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ haproxy.spec ++++++ --- /var/tmp/diff_new_pack.YoemVn/_old 2018-09-28 08:53:17.973737835 +0200 +++ /var/tmp/diff_new_pack.YoemVn/_new 2018-09-28 08:53:17.973737835 +0200 @@ -15,11 +15,12 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ %if 0%{?suse_version} >= 1230 %bcond_without tcp_fast_open +%bcond_without network_namespace %else %bcond_with tcp_fast_open +%bcond_with network_namespace %endif -%bcond_without network_namespace %if 0%{?suse_version} > 1320 %bcond_without lua %else @@ -37,10 +38,16 @@ %else %bcond_with pcre_jit %endif + %bcond_without apparmor +%if 0%{?suse_version} > 1320 +%bcond_without apparmor_reload +%else +%bcond_with apparmor_reload +%endif Name: haproxy -Version: 1.8.13~git4.c1bfcd00 +Version: 1.8.14~git0.52e4d43b Release: 0 # # @@ -53,7 +60,7 @@ BuildRequires: apparmor-abstractions Requires: apparmor-abstractions %endif -%if 0%{?suse_version} >= 1315 +%if %{with apparmor_reload} BuildRequires: apparmor-rpm-macros %endif %endif @@ -142,14 +149,18 @@ %if %{with network_namespace} USE_NS=1 \ %endif +%if %{with systemd} USE_SYSTEMD=1 \ +%endif USE_PIE=1 \ USE_STACKPROTECTOR=1 \ USE_RELRO_NOW=1 \ LIB="%{_lib}" \ PREFIX="%{_prefix}" \ DEBUG_CFLAGS="%{optflags}" +%if %{with systemd} make -C contrib/systemd PREFIX="%{_prefix}" +%endif make -C contrib/halog PREFIX="%{_prefix}" \ DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now" @@ -188,7 +199,7 @@ %service_add_pre %{pkg_name}.service %post -%if %{with apparmor} && (0%{?suse_version} >= 1315) +%if %{with apparmor} && %{with apparmor_reload} %apparmor_reload /etc/apparmor.d/usr.sbin.haproxy %endif %service_add_post %{pkg_name}.service @@ -203,7 +214,7 @@ %post %fillup_and_insserv %{pkg_name} -%if %{with apparmor} && (0%{?suse_version} >= 1315) +%if %{with apparmor} && %{with apparmor_reload} %apparmor_reload /etc/apparmor.d/usr.sbin.haproxy %endif ++++++ _service ++++++ --- /var/tmp/diff_new_pack.YoemVn/_old 2018-09-28 08:53:18.005737788 +0200 +++ /var/tmp/diff_new_pack.YoemVn/_new 2018-09-28 08:53:18.009737783 +0200 @@ -6,7 +6,7 @@ <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="versionrewrite-replacement">\1</param> - <param name="revision">master</param> + <param name="revision">v1.8.14</param> <param name="changesgenerate">enable</param> </service> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.YoemVn/_old 2018-09-28 08:53:18.025737759 +0200 +++ /var/tmp/diff_new_pack.YoemVn/_new 2018-09-28 08:53:18.025737759 +0200 @@ -5,4 +5,4 @@ <param name="url">http://git.haproxy.org/git/haproxy-1.7.git</param> <param name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service name="tar_scm"> <param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param> - <param name="changesrevision">c1bfcd002f54d1d84a99282d13f875c2649f3d70</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">52e4d43ba395c950c9d2121ca55b105ed54a85a4</param></service></servicedata> \ No newline at end of file ++++++ haproxy-1.8.13~git4.c1bfcd00.tar.gz -> haproxy-1.8.14~git0.52e4d43b.tar.gz ++++++ ++++ 2976 lines of diff (skipped)