From b5bfef4e3ad8a258fca40be21c301a4520aa1d01 Mon Sep 17 00:00:00 2001 From: Christian Lachner Date: Fri, 3 Apr 2020 08:02:50 +0200 Subject: [PATCH] haproxy: Update HAProxy to v2.1.4 - Update haproxy download URL and hash - Add new patches (see https://www.haproxy.org/bugs/bugs-2.1.4.html) - This fixes CVE-2020-11100 (http://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543) Signed-off-by: Christian Lachner --- net/haproxy/Makefile | 4 +- net/haproxy/get-latest-patches.sh | 2 +- ...otocol_buffer-Wrong-maximum-shifting.patch | 56 +++++++++++++++++++ ...h => 001-OPENWRT-add-uclibc-support.patch} | 2 +- 4 files changed, 60 insertions(+), 4 deletions(-) create mode 100644 net/haproxy/patches/000-BUG-MINOR-protocol_buffer-Wrong-maximum-shifting.patch rename net/haproxy/patches/{000-OPENWRT-add-uclibc-support.patch => 001-OPENWRT-add-uclibc-support.patch} (92%) diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 36001edaa..9724dfff1 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -10,12 +10,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy -PKG_VERSION:=2.1.3 +PKG_VERSION:=2.1.4 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://www.haproxy.org/download/2.1/src -PKG_HASH:=bb678e550374d0d9d9312885fb9d270b501dae9e3b336f0a4379c667dae00b59 +PKG_HASH:=51030ff696d7067162b4d24d354044293aecfbb36d7acc2f840c8d928bfe91cd PKG_MAINTAINER:=Thomas Heil , \ Christian Lachner diff --git a/net/haproxy/get-latest-patches.sh b/net/haproxy/get-latest-patches.sh index 9fb537893..2edb44e3b 100755 --- a/net/haproxy/get-latest-patches.sh +++ b/net/haproxy/get-latest-patches.sh @@ -1,7 +1,7 @@ #!/bin/sh CLONEURL=https://git.haproxy.org/git/haproxy-2.1.git -BASE_TAG=v2.1.3 +BASE_TAG=v2.1.4 TMP_REPODIR=tmprepo PATCHESDIR=patches diff --git a/net/haproxy/patches/000-BUG-MINOR-protocol_buffer-Wrong-maximum-shifting.patch b/net/haproxy/patches/000-BUG-MINOR-protocol_buffer-Wrong-maximum-shifting.patch new file mode 100644 index 000000000..71b6277b7 --- /dev/null +++ b/net/haproxy/patches/000-BUG-MINOR-protocol_buffer-Wrong-maximum-shifting.patch @@ -0,0 +1,56 @@ +commit c7a203a6c75e4efff5f3d5d675d925f11b47dba1 +Author: Frédéric Lécaille +Date: Thu Apr 2 14:24:31 2020 +0200 + + BUG/MINOR: protocol_buffer: Wrong maximum shifting. + + This patch fixes a bad stop condition when decoding a protocol buffer variable integer + whose maximum lenghts are 10, shifting a uint64_t value by more than 63. + + Thank you to Ilya for having reported this issue. + + Must be backported to 2.1 and 2.0. + + (cherry picked from commit 876ed55d9b8d0c298b6cac1003ec365a19bf7aad) + Signed-off-by: Willy Tarreau + +diff --git a/include/proto/protocol_buffers.h b/include/proto/protocol_buffers.h +index 69f0bdf81..0426d83d2 100644 +--- a/include/proto/protocol_buffers.h ++++ b/include/proto/protocol_buffers.h +@@ -158,7 +158,7 @@ protobuf_varint(uint64_t *val, unsigned char *pos, size_t len) + + shift += 7; + /* The maximum length in bytes of a 64-bit encoded value is 10. */ +- if (shift > 70) ++ if (shift > 63) + return 0; + } + +@@ -194,7 +194,7 @@ protobuf_decode_varint(uint64_t *val, unsigned char **pos, size_t *len) + + shift += 7; + /* The maximum length in bytes of a 64-bit encoded value is 10. */ +- if (shift > 70) ++ if (shift > 63) + return 0; + } + +@@ -227,7 +227,7 @@ protobuf_skip_varint(unsigned char **pos, size_t *len, size_t vlen) + + shift += 7; + /* The maximum length in bytes of a 64-bit encoded value is 10. */ +- if (shift > 70) ++ if (shift > 63) + return 0; + } + +@@ -263,7 +263,7 @@ protobuf_varint_getlen(unsigned char *pos, size_t len) + + shift += 7; + /* The maximum length in bytes of a 64-bit encoded value is 10. */ +- if (shift > 70) ++ if (shift > 63) + return -1; + } + diff --git a/net/haproxy/patches/000-OPENWRT-add-uclibc-support.patch b/net/haproxy/patches/001-OPENWRT-add-uclibc-support.patch similarity index 92% rename from net/haproxy/patches/000-OPENWRT-add-uclibc-support.patch rename to net/haproxy/patches/001-OPENWRT-add-uclibc-support.patch index 3a22ebb88..ddec13479 100644 --- a/net/haproxy/patches/000-OPENWRT-add-uclibc-support.patch +++ b/net/haproxy/patches/001-OPENWRT-add-uclibc-support.patch @@ -1,6 +1,6 @@ --- a/Makefile +++ b/Makefile -@@ -339,6 +339,15 @@ ifeq ($(TARGET),linux-glibc) +@@ -342,6 +342,15 @@ ifeq ($(TARGET),linux-glibc) USE_ACCEPT4 USE_LINUX_SPLICE USE_PRCTL USE_THREAD_DUMP USE_GETADDRINFO) endif