Bug 210385

Summary:

net/haproxy: fix CVE-2016-5360

Product:

Ports & Packages

Reporter:

Piotr Kubaj <pkubaj>

Component:

Individual Port(s)

Assignee:

Dmitry Sivachenko <demon>

Status:

Closed FIXED

Severity:

Affects Only Me

CC:

pkubaj

Priority:

---

Flags:

demon: maintainer-feedback+
pkubaj: merge-quarterly?

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Poudriere log	none
Haproxy patch	pkubaj: maintainer-approval?

Description Piotr Kubaj freebsd_committer

2016-06-19 11:19:35 UTC

Created attachment 171568 [details]
Poudriere log

The patches are taken from OpenBSD, they fix CVE-2016-5360. Poudriere log is attached.

Comment 1 Piotr Kubaj freebsd_committer

2016-06-19 11:20:24 UTC

Created attachment 171569 [details]
Haproxy patch

Comment 2 Dmitry Sivachenko freebsd_committer

2016-06-19 11:32:53 UTC

Did you submit it to haproxy developers?

Comment 3 Piotr Kubaj freebsd_committer

2016-06-19 11:36:04 UTC

Upstream has already patched it:
http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b

Comment 4 Dmitry Sivachenko freebsd_committer

2016-06-20 12:36:26 UTC

===>  Applying FreeBSD patches for haproxy-devel-1.7.d3_1
===>   Ignoring patchfile /place/WRK/ports/net/haproxy-devel/files/patch-include_types_proto_http.h.orig
1 out of 6 hunks failed--saving rejects to src/proto_http.c.rej

Comment 5 commit-hook freebsd_committer

2016-06-20 12:40:44 UTC

A commit references this bug:

Author: demon
Date: Mon Jun 20 12:40:11 UTC 2016
New revision: 417154
URL: https://svnweb.freebsd.org/changeset/ports/417154

Log:
  Fix possible crash when using reqdeny.

  PR:		210385
  Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>

Changes:
  head/net/haproxy/Makefile
  head/net/haproxy/files/patch-reqdeny-crash

Comment 6 Dmitry Sivachenko freebsd_committer

2016-06-20 12:41:12 UTC

Ah, sorry, this is for stable version... I committed your patch, thanks.