Bug 210385 - net/haproxy: fix CVE-2016-5360
Summary: net/haproxy: fix CVE-2016-5360
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Dmitry Sivachenko
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-19 11:19 UTC by Piotr Kubaj
Modified: 2016-06-20 12:41 UTC (History)
1 user (show)

See Also:
demon: maintainer-feedback+
pkubaj: merge-quarterly?

Attachments
Poudriere log (44.08 KB, text/x-log)
2016-06-19 11:19 UTC, Piotr Kubaj 		no flags Details
Haproxy patch (5.35 KB, patch)
2016-06-19 11:20 UTC, Piotr Kubaj 		pkubaj: maintainer-approval?
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Piotr Kubaj freebsd_committer freebsd_triage 2016-06-19 11:19:35 UTC 
Created attachment 171568 [details]
Poudriere log

The patches are taken from OpenBSD, they fix CVE-2016-5360. Poudriere log is attached.
Comment 1 Piotr Kubaj freebsd_committer freebsd_triage 2016-06-19 11:20:24 UTC 
Created attachment 171569 [details]
Haproxy patch
Comment 2 Dmitry Sivachenko freebsd_committer freebsd_triage 2016-06-19 11:32:53 UTC 
Did you submit it to haproxy developers?
Comment 3 Piotr Kubaj freebsd_committer freebsd_triage 2016-06-19 11:36:04 UTC 
Upstream has already patched it:
http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
Comment 4 Dmitry Sivachenko freebsd_committer freebsd_triage 2016-06-20 12:36:26 UTC 
===>  Applying FreeBSD patches for haproxy-devel-1.7.d3_1
===>   Ignoring patchfile /place/WRK/ports/net/haproxy-devel/files/patch-include_types_proto_http.h.orig
1 out of 6 hunks failed--saving rejects to src/proto_http.c.rej
Comment 5 commit-hook freebsd_committer freebsd_triage 2016-06-20 12:40:44 UTC 
A commit references this bug:

Author: demon
Date: Mon Jun 20 12:40:11 UTC 2016
New revision: 417154
URL: https://svnweb.freebsd.org/changeset/ports/417154

Log:
  Fix possible crash when using reqdeny.

  PR:		210385
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>

Changes:
  head/net/haproxy/Makefile
  head/net/haproxy/files/patch-reqdeny-crash
Comment 6 Dmitry Sivachenko freebsd_committer freebsd_triage 2016-06-20 12:41:12 UTC 
Ah, sorry, this is for stable version... I committed your patch, thanks.