Description of problem: Haproxy is in version 2.8.11 in mageia version while 2.8.12 version is available with one major, few medium and few minor security updates for 2.8 branch. Changelog there: http://www.haproxy.org/download/2.8/src/CHANGELOG Last version of 2.8 branch has a lot of fixed minor, medium and major bugs, we should update. Fixed bug changelog: 2024/11/08 : 2.8.12 - CLEANUP: connection: properly name the CO_ER_SSL_FATAL enum entry - DOC: config: Explicitly list relaxing rules for accept-invalid-http-* options - DOC: config: fix rfc7239 forwarded typo in desc - MAJOR: ocsp: Separate refcount per instance and per store - MEDIUM: cli: Deadlock when setting frontend maxconn - MEDIUM: connection/http-reuse: fix address collision on unhandled address families - MEDIUM: h1: Accept invalid T-E values with accept-invalid-http-response option - MEDIUM: hlua: make hlua_ctx_renew() safe - MEDIUM: hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() - MEDIUM: mux-pt: Never fully close the connection on shutdown - MEDIUM: mux-quic: ensure timeout server is active for short requests - MEDIUM: server: fix race on servers_list during server deletion - MEDIUM: server: server stuck in maintenance after FQDN change - MEDIUM: ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing - MEDIUM: stconn: Report blocked send if sends are blocked by an error - MINOR: activity/memprofile: always return "other" bin on NULL return address - MINOR: cfgparse-global: fix allowed args number for setenv - MINOR: cli: remove non-printable characters from 'debug dev fd' - MINOR: http-ana: Don't report a server abort if response payload is invalid - MINOR: http-ana: Fix wrong client abort reports during responses forwarding - MINOR: http-ana: Report internal error if an action yields on a final eval - MINOR: httpclient: return NULL when no proxy available during httpclient_new() - MINOR: mux-quic: do not close STREAM with empty FIN if no data sent - MINOR: mworker: fix mworker-max-reloads parser - MINOR: pools: export the pools variable - MINOR: server: fix dynamic server leak with check on failed init - MINOR: server: make sure the HMAINT state is part of MAINT - MINOR: ssl/cli: 'set ssl cert' does not check the transaction name correctly - MINOR: stream: Save last evaluated rule on invalid yield - REGTESTS: Never reuse server connection in http-messaging/truncated.vtc Version-Release number of selected component (if applicable): 2.8.11 How reproducible: Always Steps to Reproduce: 1. Check haproxy changelog & see version
type: bugfix subject: Updated haproxy package fixes some bugs src: 9: core: - haproxy-2.8.12-1.1.mga9 description: | Haproxy has one major, few medium and few minor bugs fixed in last upstream version 2.8.12 of branch 2.8 Fixed major bug list: - ocsp: Separate refcount per instance and per store Fixed medium bug list: - cli: Deadlock when setting frontend maxconn - connection/http-reuse: fix address collision on unhandled address families - h1: Accept invalid T-E values with accept-invalid-http-response option - hlua: make hlua_ctx_renew() safe - hlua: properly handle sample func errors in hlua_run_sample_{fetch,conv}() - mux-pt: Never fully close the connection on shutdown - mux-quic: ensure timeout server is active for short requests - server: fix race on servers_list during server deletion - server: server stuck in maintenance after FQDN change - ssl: Fix crash when calling "update ssl ocsp-response" when an update is ongoing - stconn: Report blocked send if sends are blocked by an error references: - https://bugs.mageia.org/show_bug.cgi?id=33820 - https://www.haproxy.org/download/2.8/src/CHANGELOG
Keywords: (none) => advisory
Previous update tickets: https://bugs.mageia.org/show_bug.cgi?id=33475 https://bugs.mageia.org/show_bug.cgi?id=33593 Packages built and uploaded, advisory available. QA should just have to double check, validate update or report if there is something wrong. Packages in 9/core/updates_testing i586: haproxy-2.8.12-1.1.mga9.i586.rpm haproxy-noquic-2.8.12-1.1.mga9.i586.rpm haproxy-quic-2.8.12-1.1.mga9.i586.rpm haproxy-utils-2.8.12-1.1.mga9.i586.rpm x86_64: haproxy-2.8.12-1.1.mga9.x86_64.rpm haproxy-noquic-2.8.12-1.1.mga9.x86_64.rpm haproxy-quic-2.8.12-1.1.mga9.x86_64.rpm haproxy-utils-2.8.12-1.1.mga9.x86_64.rpm From SRPMS: haproxy-2.8.12-1.1.mga9
Whiteboard: (none) => MGA9-64-OK
$ systemctl status haproxy.service ● haproxy.service - HAproxy Loadbalancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; enabled; preset: disabled) Active: active (running) since XXX 2024-XX-XX XX:XX:XX CET; XXmin ago Process: XXXXXX ExecStartPre=/usr/sbin/haproxy-check (code=exited, status=0/SUCCESS) Main PID: XXXXXX (haproxy) Status: "Ready." Tasks: 9 (limit: 65000) Memory: 23.8M CPU: Xmin X.Xs CGroup: /system.slice/haproxy.service ├─XXXXXX /usr/sbin/haproxy -f /etc/haproxy/haproxy.conf -Ws └─XXXXXX /usr/sbin/haproxy -f /etc/haproxy/haproxy.conf -Ws $ curl -I http://127.0.0.1:8000 HTTP/1.1 302 Found content-length: 0 location: https://127.0.0.1:8000/ cache-control: no-cache alt-svc: h3=":443"; ma=3600 $ curl -I -k https://127.0.0.1:8000 HTTP/2 200 date: Thu, 26 Sep 2024 23:03:34 GMT content-type: text/html; charset=UTF-8 alt-svc: h3=":443"; ma=3600 $ rpm -qa | grep haproxy haproxy-quic-2.8.12-1.1.mga9 haproxy-2.8.12-1.1.mga9
CC: (none) => andrewsfarm, mageia, mageiaAssignee: bugsquad => qa-bugs
RH mageia 9 x86_64 Test noquic LC_ALL=C urpmi haproxy haproxy-utils In order to satisfy the 'haproxy-server[== 2.8.12-1.1.mga9]' dependency, one of the following packages is needed: 1- haproxy-noquic-2.8.12-1.1.mga9.x86_64: Reliable High Performance TCP/HTTP Load Balancer (to install) 2- haproxy-quic-2.8.12-1.1.mga9.x86_64: Reliable High Performance TCP/HTTP Load Balancer (to install) What is your choice? (1-2) 1 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "QA Testing (64-bit)") haproxy 2.8.12 1.1.mga9 x86_64 haproxy-noquic 2.8.12 1.1.mga9 x86_64 haproxy-utils 2.8.12 1.1.mga9 x86_64 4.8MB of additional disk space will be used. 1.6MB of packages will be retrieved. Proceed with the installation of the 3 packages? (Y/n) y installing haproxy-2.8.12-1.1.mga9.x86_64.rpm haproxy-utils-2.8.12-1.1.mga9.x86_64.rpm haproxy-noquic-2.8.12-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/3: haproxy-noquic ################################################################################################## 2/3: haproxy ################################################################################################## 3/3: haproxy-utils ################################################################################################## 1/1: removing haproxy-utils-2.8.11-1.mga9.x86_64 ################################################################################################## ---------------------------------------------------------------------- More information on package haproxy-2.8.12-1.1.mga9.x86_64 Haproxy is now installed. Configuration file is /etc/haproxy/haproxy.conf The server listen on any:8000, 8080 and 8443 by default. Add to /etc/shorewall/rules.haproxy these shorewall rules for a transparent proxy: # Redirect tcp traffic from net on port 80 to 8000 REDIRECT net 8000 tcp 80 # Redirect tcp traffic from net on port 443 to 8000 REDIRECT net 8000 tcp 443 # Redirect udp traffic from net on port 443 to 8443 #REDIRECT net 8443 udp 443 Enable the service with: # systemctl enable haproxy.service Start the service with: # systemctl start haproxy.service ---------------------------------------------------------------------- systemctl start haproxy.service systemctl status haproxy.service ● haproxy.service - HAproxy Loadbalancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; preset: disabled) Active: active (running) since Sun 2024-12-01 10:03:03 CST; 9s ago Process: 18331 ExecStartPre=/usr/sbin/haproxy-check (code=exited, status=0/SUCCESS) Main PID: 18337 (haproxy) Status: "Ready." Tasks: 9 (limit: 65000) Memory: 16.1M CPU: 124ms CGroup: /system.slice/haproxy.service ├─18337 /usr/sbin/haproxy -f /etc/haproxy/haproxy.conf -Ws └─18339 /usr/sbin/haproxy -f /etc/haproxy/haproxy.conf -Ws dic 01 10:03:03 jgrey.phoenix systemd[1]: Starting haproxy.service... dic 01 10:03:03 jgrey.phoenix systemd[1]: Started haproxy.service. curl -I http://127.0.0.1:8000 HTTP/1.1 302 Found content-length: 0 location: https://127.0.0.1:8000/ cache-control: no-cache curl -I -k https://127.0.0.1:8000 HTTP/2 200 date: Sun, 01 Dec 2024 16:04:46 GMT server: Apache/2.4.62 (Mageia) OpenSSL/3.0.15 last-modified: Fri, 22 Dec 2023 20:41:41 GMT etag: "ab-60d1f3e5ca682" accept-ranges: bytes content-length: 171 content-type: text/html; charset=UTF-8 Test quic LC_ALL=C urpmi haproxy haproxy-utils In order to satisfy the 'haproxy-server[== 2.8.12-1.1.mga9]' dependency, one of the following packages is needed: 1- haproxy-noquic-2.8.12-1.1.mga9.x86_64: Reliable High Performance TCP/HTTP Load Balancer (to install) 2- haproxy-quic-2.8.12-1.1.mga9.x86_64: Reliable High Performance TCP/HTTP Load Balancer (to install) What is your choice? (1-2) 2 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "QA Testing (64-bit)") haproxy 2.8.12 1.1.mga9 x86_64 haproxy-quic 2.8.12 1.1.mga9 x86_64 haproxy-utils 2.8.12 1.1.mga9 x86_64 5.4MB of additional disk space will be used. 1.7MB of packages will be retrieved. Proceed with the installation of the 3 packages? (Y/n) y installing haproxy-utils-2.8.12-1.1.mga9.x86_64.rpm haproxy-quic-2.8.12-1.1.mga9.x86_64.rpm haproxy-2.8.12-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/3: haproxy ################################################################################################## 2/3: haproxy-quic ################################################################################################## 3/3: haproxy-utils ################################################################################################## ---------------------------------------------------------------------- More information on package haproxy-2.8.12-1.1.mga9.x86_64 Haproxy is now installed. Configuration file is /etc/haproxy/haproxy.conf The server listen on any:8000, 8080 and 8443 by default. Add to /etc/shorewall/rules.haproxy these shorewall rules for a transparent proxy: # Redirect tcp traffic from net on port 80 to 8000 REDIRECT net 8000 tcp 80 # Redirect tcp traffic from net on port 443 to 8000 REDIRECT net 8000 tcp 443 # Redirect udp traffic from net on port 443 to 8443 #REDIRECT net 8443 udp 443 Enable the service with: # systemctl enable haproxy.service Start the service with: # systemctl start haproxy.service ---------------------------------------------------------------------- systemctl start haproxy.service systemctl status haproxy.service ● haproxy.service - HAproxy Loadbalancer Loaded: loaded (/usr/lib/systemd/system/haproxy.service; disabled; preset: disabled) Active: active (running) since Sun 2024-12-01 10:07:53 CST; 6s ago Process: 44265 ExecStartPre=/usr/sbin/haproxy-check (code=exited, status=0/SUCCESS) Main PID: 44270 (haproxy) Status: "Ready." Tasks: 9 (limit: 65000) Memory: 21.4M CPU: 128ms CGroup: /system.slice/haproxy.service ├─44270 /usr/sbin/haproxy -f /etc/haproxy/haproxy.conf -Ws └─44275 /usr/sbin/haproxy -f /etc/haproxy/haproxy.conf -Ws dic 01 10:07:53 jgrey.phoenix systemd[1]: Starting haproxy.service... dic 01 10:07:53 jgrey.phoenix systemd[1]: Started haproxy.service. curl -I http://127.0.0.1:8000 HTTP/1.1 302 Found content-length: 0 location: https://127.0.0.1:8000/ cache-control: no-cache curl -I -k https://127.0.0.1:8000 HTTP/2 200 date: Sun, 01 Dec 2024 16:09:17 GMT server: Apache/2.4.62 (Mageia) OpenSSL/3.0.15 last-modified: Fri, 22 Dec 2023 20:41:41 GMT etag: "ab-60d1f3e5ca682" accept-ranges: bytes content-length: 171 content-type: text/html; charset=UTF-8 OK for me
Validating.
Oops. Forgot to change the Keywords field.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2024-0234.html
Status: NEW => RESOLVEDResolution: (none) => FIXED