Ubuntu
haproxy package

Merge ~paelzer/ubuntu/+source/haproxy:lp-1884149-avoid-crashes-BIONIC into ubuntu/+source/haproxy:ubuntu/bionic-devel

  1. Git
  2. lp:~paelzer/ubuntu/+source/haproxy
  3. lp-1884149-avoid-crashes-BIONIC
  4. Merge into ubuntu/bionic-devel
Proposed by Christian Ehrhardt 
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 50dd5a5db3da27fd9a88ff3a4548ef5dd5cbd202
Merged at revision: 50dd5a5db3da27fd9a88ff3a4548ef5dd5cbd202
Proposed branch: ~paelzer/ubuntu/+source/haproxy:lp-1884149-avoid-crashes-BIONIC
Merge into: ubuntu/+source/haproxy:ubuntu/bionic-devel
Diff against target: 73 lines (+51/-0)
3 files modified
debian/changelog (+6/-0)
debian/patches/lp-1884149-BUG-MEDIUM-mux_pt-dereference-the-connection-with-ca.patch (+44/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Rafael David Tinoco (community) Approve
Canonical Server packageset reviewers Pending
Canonical Server Pending
git-ubuntu developers Pending
Review via email: mp+386162@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

PPA: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4108/+packages

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

# CHECKLIST
----------------------------
 [.] changelog entry correct:
 [.] targeted to correct codename
 [.] version number is correct
 [.] update-maintainer has been run before
 ----
 [-] changes forwarded upstream/debian (if appropriate)
 [.] patches match what was proposed upstream
 ----
 [.] patches correctly included in debian/patches/series?
 [.] patches have correct DEP3 metadata
 ----
 [.] relying on PPA only for build check ?
 [.] if relying on PPA, did it install correctly ?
 ----
 [-] building it locally ?
 [-] if building locally, was source build good ?
 [-] if building locally, was binary build good ?
 ----
 [.] was autopkgtest tested ?
 ----
 [.] is this a SRU ?
 [.] if a SRU, does the public bug have a template ?
 [-] is this a bundle of fixes ?
 [.] is this a single fix ?
 ----
 [.] if single fix, was testcase provided ?
 [-] if single fix, and testcase provided, could I reproduce it ?
 [-] if single fix, and testcase provided, did it work ?
 ----
 [-] is this a MERGE ?
 [-] if MERGE, is there a public bug referred ?
 [-] if MERGE, does it add/remove existing packages ?
 [-] if MERGE, does it bump library SONAME ?
----------------------------
 [.] = ok | [x] = not ok | [?] = question | [!] = note | [-] = n/a
----------------------------

# comments:

Did not try to reproduce as it is an intermittent issue and it has been
bisected in the public bug with the help of affected users.

# changelog:

haproxy (1.8.8-1ubuntu0.11) bionic; urgency=medium

  * Avoid crashes on idle connections between http requests (LP: #1884149)

 -- Christian Ehrhardt <email address hidden> Mon, 22 Jun 2020 10:41:43 +0200

# files touched:

 changelog
 patches/lp-1884149-BUG-MEDIUM-mux_pt-dereference-the-connection-with-ca.patch
 patches/series

# installation:

haproxy 1.8.8-1ubuntu0.11~ppa1 amd64

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/haproxy
 * [new tag] upload/1.8.8-1ubuntu0.11 -> upload/1.8.8-1ubuntu0.11

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading haproxy_1.8.8-1ubuntu0.11.dsc: done.
  Uploading haproxy_1.8.8-1ubuntu0.11.debian.tar.xz: done.
  Uploading haproxy_1.8.8-1ubuntu0.11_source.buildinfo: done.
  Uploading haproxy_1.8.8-1ubuntu0.11_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 53a249c..fb576a7 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,9 @@
6+haproxy (1.8.8-1ubuntu0.11) bionic; urgency=medium
7+
8+ * Avoid crashes on idle connections between http requests (LP: #1884149)
9+
10+ -- Christian Ehrhardt <christian.ehrhardt@canonical.com> Mon, 22 Jun 2020 10:41:43 +0200
11+
12 haproxy (1.8.8-1ubuntu0.10) bionic-security; urgency=medium
13
14 * SECURITY UPDATE: Arbitrary memory write
15diff --git a/debian/patches/lp-1884149-BUG-MEDIUM-mux_pt-dereference-the-connection-with-ca.patch b/debian/patches/lp-1884149-BUG-MEDIUM-mux_pt-dereference-the-connection-with-ca.patch
16new file mode 100644
17index 0000000..ed7d545
18--- /dev/null
19+++ b/debian/patches/lp-1884149-BUG-MEDIUM-mux_pt-dereference-the-connection-with-ca.patch
20@@ -0,0 +1,44 @@
21+From d9a130e1962c2a5352f33088c563f4248a102c48 Mon Sep 17 00:00:00 2001
22+From: Willy Tarreau <w@1wt.eu>
23+Date: Fri, 24 Aug 2018 15:48:59 +0200
24+Subject: [PATCH] BUG/MEDIUM: mux_pt: dereference the connection with care in
25+ mux_pt_wake()
26+
27+mux_pt_wake() calls data->wake() which can return -1 indicating that the
28+connection was just destroyed. We need to check for this condition and
29+immediately exit in this case otherwise we dereference a just freed
30+connection. Note that this mainly happens on idle connections between
31+two HTTP requests. It can have random implications between requests as
32+it may lead a wrong connection's polling to be re-enabled or disabled
33+for example, especially with threads.
34+
35+This patch must be backported to 1.8.
36+
37+(cherry picked from commit ad7f0ad1c3c9c541a4c315b24d4500405d1383ee)
38+Signed-off-by: Willy Tarreau <w@1wt.eu>
39+
40+Origin: upstream, https://github.com/haproxy/haproxy/commit/d9a130e1962c2a5352f33088c563f4248a102c48
41+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1884149
42+Last-Update: 2020-06-22
43+
44+---
45+ src/mux_pt.c | 3 +++
46+ 1 file changed, 3 insertions(+)
47+
48+diff --git a/src/mux_pt.c b/src/mux_pt.c
49+index a68b96215..c43e30f23 100644
50+--- a/src/mux_pt.c
51++++ b/src/mux_pt.c
52+@@ -51,6 +51,9 @@ static int mux_pt_wake(struct connection *conn)
53+
54+ ret = cs->data_cb->wake ? cs->data_cb->wake(cs) : 0;
55+
56++ if (ret < 0)
57++ return ret;
58++
59+ /* If we had early data, and we're done with the handshake
60+ * then whe know the data are safe, and we can remove the flag.
61+ */
62+--
63+2.27.0
64+
65diff --git a/debian/patches/series b/debian/patches/series
66index 09bc219..79ffd59 100644
67--- a/debian/patches/series
68+++ b/debian/patches/series
69@@ -18,3 +18,4 @@ lp-1848902-MINOR-systemd-consider-exit-status-143-as-successful.patch
70 CVE-2019-19330-1.patch
71 CVE-2019-19330-2.patch
72 CVE-2020-11100.patch
73+lp-1884149-BUG-MEDIUM-mux_pt-dereference-the-connection-with-ca.patch

Subscribers

People subscribed via source and target branches