Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1643941
Summary: | haproxy basic auth broken when using nbthread | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Robin <robin.bjorklin> | ||||
Component: | haproxy | Assignee: | Ryan O'Hara <rohara> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 29 | CC: | bperkins, carl, jeremy, rbarlow, rohara | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2018-12-11 17:04:09 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Robin
2018-10-29 13:45:03 UTC
*** Bug 1643560 has been marked as a duplicate of this bug. *** I mentioned this to upstream and was told that they could not reproduce the problem using the scripts -- it works 10% of the time. You might want to start a discussion there. I saw the other BZ related to selinux. How are you disabling selinux? Is it disabled on the host and the docker image? Do you have any haproxy logs? (In reply to Ryan O'Hara from comment #2) > I mentioned this to upstream and was told that they could not reproduce the > problem using the scripts -- it works 10% of the time. You might want to > start a discussion there. Sorry, meant to say 100% of the the time. Big difference. :) To disable selinux I ran "setenforce 0" on the host system. I don't have any haproxy logs as nothing really useful is printed to journald. I can't reproduce this with the official haproxy image either, only under Fedora which makes me wonder if there are any patches applied in the build chain which are not used by upstream? (In reply to Robin from comment #4) > To disable selinux I ran "setenforce 0" on the host system. I don't have any > haproxy logs as nothing really useful is printed to journald. OK. > I can't reproduce this with the official haproxy image either, only under > Fedora which makes me wonder if there are any patches applied in the build > chain which are not used by upstream? No, haproxy in Fedora is unpatched. Same bits as upstream. I talked with upstream about this and Willy sent a possible patch. I do not know if this will fix the problem. Applying the patch and releasing an update in Fedora is easy enough, but I am unsure how/where/when the Fedora image is created. If you know and want to test the patch, please advise. I will attach the patch. Created attachment 1498983 [details]
BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
Potential patch to solve issue. Unsure if this will resolve problem.
I am going to commit this patch and would greatly appreciate any assistance testing. First order of business is to figure out how/when the docker images are being built. haproxy-1.8.14-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-7d14594565 haproxy-1.8.14-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-7d14594565 A Fedora update associated with this bug has been pushed to the stable repository. A Fedora update associated with this bug has been pushed to the stable repository. |