Your message dated Sat, 09 Jul 2022 11:47:43 +0100
with message-id
<2280fe8c78e64b02a6c1d04c6dde5a32e342ba81.ca...@adam-barratt.org.uk>
and subject line Closing requests for updates included in 11.4
has caused the Debian Bug report #1007762,
regarding bullseye-pu: package nginx/1.18.0-6.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1007762: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007762
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bullseye
User: [email protected]
Usertags: pu
Current version of nginx currently shipped in Debian 11
segfaults when libnginx-mod-http-lua is loaded and init_worker_by_lua* is used.
[ Reason ]
There is a bug in the libnginx-mod-http-lua module.
In the C code is 'conf. file variable' which is copied to the unalocated memory
space which cause segmentation fault.
[ Impact ]
Nginx crash.
[ Tests ]
/etc/nginx/nginx/conf:
~~~
user www-data;
load_module modules/ndk_http_module.so;
load_module modules/ngx_http_lua_module.so;
events {
worker_connections 768;
}
http {
init_worker_by_lua_block {
}
server {
listen 80;
location / {
return 200;
}
}
}
~~~
curl -D- http://127.0.0.1/
[ Risks ]
Minimal, the patch is trivial.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
debdiff:
diff -Nru nginx-1.18.0/debian/changelog nginx-1.18.0/debian/changelog
--- nginx-1.18.0/debian/changelog 2021-05-29 16:21:37.000000000 +0200
+++ nginx-1.18.0/debian/changelog 2022-03-15 21:36:18.000000000 +0100
@@ -1,3 +1,11 @@
+nginx (1.18.0-6.1+deb11u1) bullseye; urgency=medium
+
+ * Backport upstream bugfix for segfault in nginx core >= 1.15.0 when
+ libnginx-mod-http-lua is loaded and init_worker_by_lua* is used.
+ (Closes: #994178)
+
+ -- Jan Mojžíš <[email protected]> Tue, 15 Mar 2022 21:36:18 +0100
+
nginx (1.18.0-6.1) unstable; urgency=high
* Non-maintainer upload.
diff -Nru
nginx-1.18.0/debian/modules/patches/http-lua/bug-994178-segfault.patch
nginx-1.18.0/debian/modules/patches/http-lua/bug-994178-segfault.patch
--- nginx-1.18.0/debian/modules/patches/http-lua/bug-994178-segfault.patch
1970-01-01 01:00:00.000000000 +0100
+++ nginx-1.18.0/debian/modules/patches/http-lua/bug-994178-segfault.patch
2022-03-15 21:36:18.000000000 +0100
@@ -0,0 +1,31 @@
+From: Datong Sun <[email protected]>
+Date: Wed Jul 18 16:21:09 2018 -0700
+Origin:
https://github.com/openresty/lua-nginx-module/commit/e94f2e5d64daa45ff396e262d8dab8e56f5f10e0
+Subject: fixed segfault in NGINX core >= 1.15.0 when init_worker_by_lua* is
+ used.
+
+Signed-off-by: Yichun Zhang (agentzh) <[email protected]>
+
+diff --git a/src/ngx_http_lua_initworkerby.c b/src/ngx_http_lua_initworkerby.c
+index 4a722a06..2a82fcb9 100644
+--- a/src/ngx_http_lua_initworkerby.c
++++ b/src/ngx_http_lua_initworkerby.c
+@@ -25,6 +25,7 @@ ngx_http_lua_init_worker(ngx_cycle_t *cycle)
+ void *cur, *prev;
+ ngx_uint_t i;
+ ngx_conf_t conf;
++ ngx_conf_file_t cf_file;
+ ngx_cycle_t *fake_cycle;
+ ngx_module_t **modules;
+ ngx_open_file_t *file, *ofile;
+@@ -166,6 +167,10 @@ ngx_http_lua_init_worker(ngx_cycle_t *cycle)
+ conf.pool = fake_cycle->pool;
+ conf.log = cycle->log;
+
++ ngx_memzero(&cf_file, sizeof(cf_file));
++ cf_file.file.name = cycle->conf_file;
++ conf.conf_file = &cf_file;
++
+ http_ctx.loc_conf = ngx_pcalloc(conf.pool,
+ sizeof(void *) * ngx_http_max_module);
+ if (http_ctx.loc_conf == NULL) {
diff -Nru nginx-1.18.0/debian/modules/patches/http-lua/series
nginx-1.18.0/debian/modules/patches/http-lua/series
--- nginx-1.18.0/debian/modules/patches/http-lua/series 2021-05-29
16:21:37.000000000 +0200
+++ nginx-1.18.0/debian/modules/patches/http-lua/series 2022-03-15
21:36:18.000000000 +0100
@@ -1,2 +1,3 @@
discover-luajit-2.1.patch
CVE-2020-11724.patch
+bug-994178-segfault.patch
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 11.4
(re-sending with fixed bug numbers)
Hi,
The updates discussed in these bugs were included in today's bullseye
point release.
Regards,
Adam
--- End Message ---
