Hello community,
here is the log from the commit of package haproxy for openSUSE:Factory checked in at 2018-09-28 08:53:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/haproxy (Old)
and /work/SRC/openSUSE:Factory/.haproxy.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "haproxy"
Fri Sep 28 08:53:14 2018 rev:66 rq:638409 version:1.8.14~git0.52e4d43b
Changes:
--------
--- /work/SRC/openSUSE:Factory/haproxy/haproxy.changes 2018-08-22 14:22:35.294669268 +0200
+++ /work/SRC/openSUSE:Factory/.haproxy.new/haproxy.changes 2018-09-28 08:53:17.437738610 +0200
@@ -1,0 +2,68 @@
+Thu Sep 20 13:03:31 UTC 2018 - Marcus Rueckert
+
+- also fix the systemd case for the apparmor_reload change
+
+-------------------------------------------------------------------
+Thu Sep 20 12:50:35 UTC 2018 - Marcus Rueckert
+
+- only reload the apparmor profile on newer distros, seems older
+ distros do not have apparmor-rpm-macros yet
+
+-------------------------------------------------------------------
+Thu Sep 20 12:45:57 UTC 2018 - Marcus Rueckert
+
+- only use network namespaces on 12.x and newer, failed to build on
+ sle11
+
+-------------------------------------------------------------------
+Thu Sep 20 12:39:42 UTC 2018 - Marcus Rueckert
+
+- guard all parts referring to systemd to fix build on sle 11
+
+-------------------------------------------------------------------
+Thu Sep 20 12:34:47 UTC 2018 - mrueckert@suse.de
+
+- Update to version 1.8.14~git0.52e4d43b: (bsc#1108683) (CVE-2018-14645)
+ * [RELEASE] Released version 1.8.14
+ * BUG/CRITICAL: hpack: fix improper sign check on the header index value
+ * BUG/MINOR: cli: make sure the "getsock" command is only called on connections
+ * BUG/MINOR: tools: fix set_net_port() / set_host_port() on IPv4
+ * BUG/MEDIUM: patterns: fix possible double free when reloading a pattern list
+ * DOC: Fix typos in lua documentation
+ * BUG/MINOR: server: Crash when setting FQDN via CLI.
+ * BUG/MAJOR: kqueue: Don't reset the changes number by accident.
+ * BUG/MEDIUM: snapshot: take the proxy's lock while dumping errors
+ * BUG/MINOR: http/threads: atomically increment the error snapshot ID
+ * BUG/MINOR: dns: check and link servers' resolvers right after config parsing
+ * BUG/MEDIUM: h2: fix risk of memory leak on malformated wrapped frames
+ * BUG/MEDIUM: session: fix reporting of handshake processing time in the logs
+ * BUG/MINOR: stream: use atomic increments for the request counter
+ * MINOR: thread: implement HA_ATOMIC_XADD()
+ * BUG/MEDIUM: ECC cert should work with TLS < v1.2 and openssl >= 1.1.1
+ * BUG/MEDIUM: dns/server: fix incomatibility between SRV resolution and server state file
+ * BUG/MEDIUM: hlua: Don't call RESET_SAFE_LJMP if SET_SAFE_LJMP returns 0.
+ * BUG/MAJOR: thread: lua: Wrong SSL context initialization.
+ * BUG/MEDIUM: hlua: Make sure we drain the output buffer when done.
+ * BUG/MEDIUM: lua: reset lua transaction between http requests
+ * BUG/MEDIUM: mux_pt: dereference the connection with care in mux_pt_wake()
+ * BUG/MINOR: lua: Bad HTTP client request duration.
+ * BUG/MEDIUM: unix: provide a ->drain() function
+ * DOC: Fix spelling error in configuration doc
+ * BUG/MEDIUM: cli/threads: protect some server commands against concurrent operations
+ * BUG/MEDIUM: cli/threads: protect all "proxy" commands against concurrent updates
+ * BUG/MEDIUM: lua: socket timeouts are not applied
+ * DOC: ssl: Use consistent naming for TLS protocols
+ * DOC: dns: explain set server ... fqdn requires resolver
+ * BUG/MINOR: map: fix map_regm with backref
+ * BUG/MEDIUM: ssl: loading dh param from certifile causes unpredictable error.
+ * BUG/MEDIUM: ssl: fix missing error loading a keytype cert from a bundle.
+ * BUG/MINOR: ssl: empty connections reported as errors.
+ * BUG/MEDIUM: cli: make "show fd" thread-safe
+ * MEDIUM: hathreads: implement a more flexible rendez-vous point
+ * BUG/MEDIUM: threads: fix the no-thread case after the change to the sync point
+ * MINOR: threads: add more consistency between certain variables in no-thread case
+ * BUG/MEDIUM: threads: fix the double CAS implementation for ARMv7
+ * MINOR: threads: Introduce double-width CAS on x86_64 and arm.
+ * BUG/MEDIUM: lua: possible CLOSE-WAIT state with '\n' headers
+
+-------------------------------------------------------------------
@@ -93 +161 @@
- * BUG/MEDIUM: cache: don't cache when an Authorization header is present (VUL-1) (bsc#1094846)
+ * BUG/MEDIUM: cache: don't cache when an Authorization header is present (VUL-1) (bsc#1094846) (CVE-2018-11469)
Old:
----
haproxy-1.8.13~git4.c1bfcd00.tar.gz
New:
----
haproxy-1.8.14~git0.52e4d43b.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ haproxy.spec ++++++
--- /var/tmp/diff_new_pack.YoemVn/_old 2018-09-28 08:53:17.973737835 +0200
+++ /var/tmp/diff_new_pack.YoemVn/_new 2018-09-28 08:53:17.973737835 +0200
@@ -15,11 +15,12 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
%if 0%{?suse_version} >= 1230
%bcond_without tcp_fast_open
+%bcond_without network_namespace
%else
%bcond_with tcp_fast_open
+%bcond_with network_namespace
%endif
-%bcond_without network_namespace
%if 0%{?suse_version} > 1320
%bcond_without lua
%else
@@ -37,10 +38,16 @@
%else
%bcond_with pcre_jit
%endif
+
%bcond_without apparmor
+%if 0%{?suse_version} > 1320
+%bcond_without apparmor_reload
+%else
+%bcond_with apparmor_reload
+%endif
Name: haproxy
-Version: 1.8.13~git4.c1bfcd00
+Version: 1.8.14~git0.52e4d43b
Release: 0
#
#
@@ -53,7 +60,7 @@
BuildRequires: apparmor-abstractions
Requires: apparmor-abstractions
%endif
-%if 0%{?suse_version} >= 1315
+%if %{with apparmor_reload}
BuildRequires: apparmor-rpm-macros
%endif
%endif
@@ -142,14 +149,18 @@
%if %{with network_namespace}
USE_NS=1 \
%endif
+%if %{with systemd}
USE_SYSTEMD=1 \
+%endif
USE_PIE=1 \
USE_STACKPROTECTOR=1 \
USE_RELRO_NOW=1 \
LIB="%{_lib}" \
PREFIX="%{_prefix}" \
DEBUG_CFLAGS="%{optflags}"
+%if %{with systemd}
make -C contrib/systemd PREFIX="%{_prefix}"
+%endif
make -C contrib/halog PREFIX="%{_prefix}" \
DEFINE="%{optflags} -pie -fpie -fstack-protector -Wl,-z,relro,-z,now"
@@ -188,7 +199,7 @@
%service_add_pre %{pkg_name}.service
%post
-%if %{with apparmor} && (0%{?suse_version} >= 1315)
+%if %{with apparmor} && %{with apparmor_reload}
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
%endif
%service_add_post %{pkg_name}.service
@@ -203,7 +214,7 @@
%post
%fillup_and_insserv %{pkg_name}
-%if %{with apparmor} && (0%{?suse_version} >= 1315)
+%if %{with apparmor} && %{with apparmor_reload}
%apparmor_reload /etc/apparmor.d/usr.sbin.haproxy
%endif
++++++ _service ++++++
--- /var/tmp/diff_new_pack.YoemVn/_old 2018-09-28 08:53:18.005737788 +0200
+++ /var/tmp/diff_new_pack.YoemVn/_new 2018-09-28 08:53:18.009737783 +0200
@@ -6,7 +6,7 @@
<param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
- <param name="revision">master</param>
+ <param name="revision">v1.8.14</param>
<param name="changesgenerate">enable</param>
</service>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.YoemVn/_old 2018-09-28 08:53:18.025737759 +0200
+++ /var/tmp/diff_new_pack.YoemVn/_new 2018-09-28 08:53:18.025737759 +0200
@@ -5,4 +5,4 @@
<param name="url">http://git.haproxy.org/git/haproxy-1.7.git</param>
<param name="changesrevision">640d526f8cdad00f7f5043b51f6a34f3f6ebb49f</param></service><service name="tar_scm">
<param name="url">http://git.haproxy.org/git/haproxy-1.8.git</param>
- <param name="changesrevision">c1bfcd002f54d1d84a99282d13f875c2649f3d70</param></service></servicedata>
\ No newline at end of file
+ <param name="changesrevision">52e4d43ba395c950c9d2121ca55b105ed54a85a4</param></service></servicedata>
\ No newline at end of file
++++++ haproxy-1.8.13~git4.c1bfcd00.tar.gz -> haproxy-1.8.14~git0.52e4d43b.tar.gz ++++++
++++ 2976 lines of diff (skipped)