diff --git a/CVE-2021-40346.patch b/CVE-2021-40346.patch deleted file mode 100644 index 5f035bfff07c575fa5d2bcbbf4879f114f918b8f..0000000000000000000000000000000000000000 --- a/CVE-2021-40346.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 86f4f281efb933900ebcc4fdaef95f566382d907 Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Thu, 26 Aug 2021 16:23:37 +0200 -Subject: BUG/MAJOR: htx: fix missing header name length check in - htx_add_header/trailer - -Shachar Menashe for JFrog Security reported that htx_add_header() and -htx_add_trailer() were missing a length check on the header name. While -this does not allow to overwrite any memory area, it results in bits of -the header name length to slip into the header value length and may -result in forging certain header names on the input. The sad thing here -is that a FIXME comment was present suggesting to add the required length -checks :-( - -The injected headers are visible to the HTTP internals and to the config -rules, so haproxy will generally stay synchronized with the server. But -there is one exception which is the content-length header field, because -it is already deduplicated on the input, but before being indexed. As -such, injecting a content-length header after the deduplication stage -may be abused to present a different, shorter one on the other side and -help build a request smuggling attack, or even maybe a response splitting -attack. - -As a mitigation measure, it is sufficient to verify that no more than -one such header is present in any message, which is normally the case -thanks to the duplicate checks: - - http-request deny if { req.hdr_cnt(content-length) gt 1 } - http-response deny if { res.hdr_cnt(content-length) gt 1 } - -This must be backported to all HTX-enabled versions, hence as far as 2.0. -In 2.3 and earlier, the functions are in src/htx.c instead. - -Many thanks to Shachar for his work and his responsible report! - -[wt: code is in src/htx.c in 2.3 and older] -Signed-off-by: Willy Tarreau ---- - src/htx.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - ---- a/src/htx.c -+++ b/src/htx.c -@@ -859,7 +859,9 @@ struct htx_blk *htx_add_header(struct ht - { - struct htx_blk *blk; - -- /* FIXME: check name.len (< 256B) and value.len (< 1MB) */ -+ if (name.len > 255 || value.len > 1048575) -+ return NULL; -+ - blk = htx_add_blk(htx, HTX_BLK_HDR, name.len + value.len); - if (!blk) - return NULL; -@@ -878,7 +880,9 @@ struct htx_blk *htx_add_trailer(struct h - { - struct htx_blk *blk; - -- /* FIXME: check name.len (< 256B) and value.len (< 1MB) */ -+ if (name.len > 255 || value.len > 1048575) -+ return NULL; -+ - blk = htx_add_blk(htx, HTX_BLK_TLR, name.len + value.len); - if (!blk) - return NULL; diff --git a/haproxy-2.2.16.tar.gz b/haproxy-2.2.16.tar.gz deleted file mode 100644 index c74ad3fc3ffbfc3caf465b4b2ebc84fe0e841165..0000000000000000000000000000000000000000 Binary files a/haproxy-2.2.16.tar.gz and /dev/null differ diff --git a/haproxy-2.4.8.tar.gz b/haproxy-2.4.8.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..bb64ff4f46966400ca620f98bbac67ad300b6bed Binary files /dev/null and b/haproxy-2.4.8.tar.gz differ diff --git a/haproxy.spec b/haproxy.spec index 6ef220545c6087f1cf3fcf48af256a43a3b53a5a..8015e41487fb2932a28abfb4e523feb06953bb1d 100644 --- a/haproxy.spec +++ b/haproxy.spec @@ -4,25 +4,21 @@ %global _hardened_build 1 Name: haproxy -Version: 2.2.16 -Release: 2 +Version: 2.4.8 +Release: 1 Summary: The Reliable, High Performance TCP/HTTP Load Balancer License: GPLv2+ URL: https://www.haproxy.org/ -Source0: https://www.haproxy.org/download/2.2/src/%{name}-%{version}.tar.gz +Source0: https://www.haproxy.org/download/2.4/src/%{name}-%{version}.tar.gz Source1: %{name}.service Source2: %{name}.cfg Source3: %{name}.logrotate Source4: %{name}.sysconfig -Patch0001: CVE-2021-40346.patch - -BuildRequires: gcc lua-devel pcre-devel zlib-devel openssl-devel systemd-devel systemd-units libatomic +BuildRequires: gcc lua-devel pcre2-devel openssl-devel systemd-devel systemd libatomic Requires(pre): shadow-utils -Requires(post): systemd -Requires(preun): systemd -Requires(postun): systemd +%{?systemd_requires} %package_help %description @@ -38,16 +34,14 @@ use_regparm_opt= use_regparm_opt="USE_REGPARM=1" %endif -%make_build CPU="generic" TARGET="linux-glibc" USE_OPENSSL=1 USE_PCRE=1 USE_ZLIB=1 \ - USE_LUA=1 USE_CRYPT_H=1 USE_SYSTEMD=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 ${use_regparm_opt} \ - ADDINC="%{optflags}" ADDLIB="%{__global_ldflags}" EXTRA_OBJS="contrib/prometheus-exporter/service-prometheus.o" +%make_build CPU="generic" TARGET="linux-glibc" USE_OPENSSL=1 USE_PCRE2=1 USE_SLZ=1 \ + USE_LUA=1 USE_CRYPT_H=1 USE_SYSTEMD=1 USE_LINUX_TPROXY=1 USE_GETADDRINFO=1 USE_PROMEX=1 DEFINE=-DMAX_SESS_STKCTR=12 ${use_regparm_opt} \ + ADDINC="%{build_cflags}" ADDLIB="%{build_ldflags}" -pushd contrib/halog -%make_build ${halog} OPTIMIZE="%{optflags} %{build_ldflags}" -popd +%make_build admin/halog/halog ADDINC="%{build_cflags}" ADDLIB="%{build_ldflags}" -pushd contrib/iprange -%make_build iprange OPTIMIZE="%{optflags} %{build_ldflags}" +pushd admin/iprange +%make_build OPTIMIZE="%{build_cflags}" LDFLAGS="%{build_ldflags}" popd %install @@ -66,8 +60,9 @@ install -d -m 0755 .%{_localstatedir}/lib/haproxy install -d -m 0755 .%{_datadir}/haproxy popd -install -p -m 0755 ./contrib/halog/halog %{buildroot}%{_bindir}/halog -install -p -m 0755 ./contrib/iprange/iprange %{buildroot}%{_bindir}/iprange +install -p -m 0755 ./admin/halog/halog %{buildroot}%{_bindir}/halog +install -p -m 0755 ./admin/iprange/iprange %{buildroot}%{_bindir}/iprange +install -p -m 0755 ./admin/iprange/ip6range %{buildroot}%{_bindir}/ip6range install -p -m 0644 ./examples/errorfiles/* %{buildroot}%{_datadir}/haproxy for httpfile in $(find ./examples/errorfiles/ -type f) @@ -110,6 +105,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/sysconfig/%{name} %{_bindir}/halog %{_bindir}/iprange +%{_bindir}/ip6range %{_sbindir}/%{name} %{_unitdir}/%{name}.service %dir %{_localstatedir}/lib/haproxy @@ -122,16 +118,19 @@ exit 0 %{_mandir}/man1/* %changelog -* Sat Sep 18 yaoxin - 2.2.16-2 +* Tue Dec 07 2021 yanglu - 2.4.8-1 +- update haproxy to 2.4.8 + +* Sat Sep 18 2021 yaoxin - 2.2.16-2 - Fix CVE-2021-40346 -* Mon Aug 30 yaoxin - 2.2.16-1 +* Mon Aug 30 2021 yaoxin - 2.2.16-1 - Upgrade 2.2.16 to fix CVE-2021-39240 -* Thu Aug 26 liwu - 2.2.1-2 +* Thu Aug 26 2021 liwu - 2.2.1-2 - fix CVE-2021-39241,CVE-2021-39242 -* Thu July 1 huanghaitao - 2.2.1-1 +* Thu Jul 1 2021 huanghaitao - 2.2.1-1 - update to 2.2.1 * Tue Sep 15 2020 Ge Wang - 2.0.17-1