CVS: cvs.openbsd.org: src

2023-02-07 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/02/08 00:59:24

Modified files:
usr.bin/openssl: pkcs7.c 

Log message:
openssl(1) pkcs7 avoid crash on malformed files

When printing certificates or CRLs, check signed and signedAndEnveloped
before dereferencing them. Prevents crash on inspecting malformed PKCS7
files.

ok jsing

CVS: cvs.openbsd.org: www

2023-02-07 Thread T . J . Townsend 
CVSROOT:/cvs
Module name:www
Changes by: t...@cvs.openbsd.org2023/02/07 18:53:24

Modified files:
libressl   : index.html releases.html 

Log message:
missed version bump and spelling fix

CVS: cvs.openbsd.org: www

2023-02-07 Thread Brent Cook 
CVSROOT:/cvs
Module name:www
Changes by: bc...@cvs.openbsd.org   2023/02/07 18:03:58

Modified files:
libressl   : index.html releases.html 

Log message:
LibreSSL 3.6.2, 3.5.4

CVS: cvs.openbsd.org: src

2023-02-07 Thread Alexandr Nedvedicky 
CVSROOT:/cvs
Module name:src
Changes by: sas...@cvs.openbsd.org  2023/02/07 10:58:43

Modified files:
sbin/pfctl : parse.y 
sys/net: pfvar.h 

Log message:
internal representation of icmp type/code in pfctl(8)/pf(4) does not
fit into u_int8_t. Issue has been noticed and kindly reported by
amalinin _at_ bh0.amt.ru via bugs@.

OK bluhm@

CVS: cvs.openbsd.org: src

2023-02-07 Thread Florian Obser 
CVSROOT:/cvs
Module name:src
Changes by: flor...@cvs.openbsd.org 2023/02/07 10:44:02

Modified files:
sbin/unwind: resolver.c 

Log message:
home.arpa is a special-use domain, internally answered by libunbound.

Let it through to forwarders like we do with AS112 domains because
home.arpa might be useful in the local network.
Issue reported by Ryan Kavanagh (rak at rak.ac), thanks!
Input & OK tb

CVS: cvs.openbsd.org: src

2023-02-07 Thread Theo de Raadt 
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2023/02/07 10:34:10

Modified files:
lib/libc/arch/sparc64: Makefile.inc 

Log message:
remove seatbelt

CVS: cvs.openbsd.org: src

2023-02-07 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2023/02/07 09:14:55

Modified files:
sys/netinet: if_ether.h 

Log message:
Remove needless #ifdef INET6 from struct ether_extracted field in
public header file.  Makes debugging with special kernels easier.

CVS: cvs.openbsd.org: www

2023-02-07 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:www
Changes by: bl...@cvs.openbsd.org   2023/02/07 09:09:04

Modified files:
.  : errata71.html errata72.html 

Log message:
Release x509, xserver, smtpd errata.

CVS: cvs.openbsd.org: src

2023-02-07 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2023/02/07 08:59:30

Modified files:
lib/libcrypto/x509: Tag: OPENBSD_7_1 x509_genn.c 

Log message:
Fix arbitrary memory read in GENERAL_NAME_cmp()

The ASN.1 template for GENERAL_NAME and its corresponding C structure
disagree on the type of the x400Address member. This results in an ASN.1
string to be considered as an ASN.1 type, which allows an attacker to read
(essentially) arbitrary memory. Fix this by forcing comparison as strings.

While the underlying type confusion has been present since time immemorial,
this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig).

Reported by David Benjamin, fix suggested by jsing.

Release date for this was set to be January 31. Unilaterally pushed back to
February 7 by OpenSSL by way of announcement of many completely unrelated
embargoed issues, some of which they had been sitting on since July 2020.

from tb@; OK beck@ jsing@

this is errata/7.1/022_x509.patch.sig

CVS: cvs.openbsd.org: src

2023-02-07 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2023/02/07 08:59:13

Modified files:
lib/libcrypto/x509: Tag: OPENBSD_7_2 x509_genn.c 

Log message:
Fix arbitrary memory read in GENERAL_NAME_cmp()

The ASN.1 template for GENERAL_NAME and its corresponding C structure
disagree on the type of the x400Address member. This results in an ASN.1
string to be considered as an ASN.1 type, which allows an attacker to read
(essentially) arbitrary memory. Fix this by forcing comparison as strings.

While the underlying type confusion has been present since time immemorial,
this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig).

Reported by David Benjamin, fix suggested by jsing.

Release date for this was set to be January 31. Unilaterally pushed back to
February 7 by OpenSSL by way of announcement of many completely unrelated
embargoed issues, some of which they had been sitting on since July 2020.

from tb@; OK beck@ jsing@

this is errata/7.2/018_x509.patch.sig

CVS: cvs.openbsd.org: xenocara

2023-02-07 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:xenocara
Changes by: bl...@cvs.openbsd.org   2023/02/07 08:54:20

Modified files:
xserver/Xi : Tag: OPENBSD_7_1 exevents.c 

Log message:
Xi: fix use-after-free in DeepCopyPointerClasses
CVE-2023-0494, ZDI-CAN-19596

from matthieu@

this is errata/7.1/023_xserver.patch.sig

CVS: cvs.openbsd.org: xenocara

2023-02-07 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:xenocara
Changes by: bl...@cvs.openbsd.org   2023/02/07 08:54:03

Modified files:
xserver/Xi : Tag: OPENBSD_7_2 exevents.c 

Log message:
Xi: fix use-after-free in DeepCopyPointerClasses
CVE-2023-0494, ZDI-CAN-19596

from matthieu@

this is errata/7.2/019_xserver.patch.sig

CVS: cvs.openbsd.org: src

2023-02-07 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2023/02/07 08:50:54

Modified files:
usr.sbin/smtpd : Tag: OPENBSD_7_1 envelope.c 

Log message:
smtpd(8) could abort due to a connection from a local, scoped ipv6 address.

avoid using inet_pton(3) which doesn't support scoped ipv6 address, and use
getaddrinfo(3) instead of.

from semarie@; OK millert@ florian@ kn@

this is errata/7.1/024_smtpd.patch.sig

CVS: cvs.openbsd.org: src

2023-02-07 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2023/02/07 08:50:30

Modified files:
usr.sbin/smtpd : Tag: OPENBSD_7_2 envelope.c 

Log message:
smtpd(8) could abort due to a connection from a local, scoped ipv6 address.

avoid using inet_pton(3) which doesn't support scoped ipv6 address, and use
getaddrinfo(3) instead of.

from semarie@; OK millert@ florian@ kn@

this is errata/7.2/020_smtpd.patch.sig

CVS: cvs.openbsd.org: src

2023-02-07 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/02/07 08:46:58

Modified files:
lib/libcrypto/x509: x509_genn.c 

Log message:
Fix arbitrary memory read in GENERAL_NAME_cmp()

The ASN.1 template for GENERAL_NAME and its corresponding C structure
disagree on the type of the x400Address member. This results in an ASN.1
string to be considered as an ASN.1 type, which allows an attacker to read
(essentially) arbitrary memory. Fix this by forcing comparison as strings.

While the underlying type confusion has been present since time immemorial,
this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig).

Reported by David Benjamin, fix suggested by jsing.

Release date for this was set to be January 31. Unilaterally pushed back to
February 7 by OpenSSL by way of announcement of many completely unrelated
embargoed issues, some of which they had been sitting on since July 2020.

ok beck jsing

CVS: cvs.openbsd.org: src

2023-02-07 Thread Kenneth R Westerback 
CVSROOT:/cvs
Module name:src
Changes by: k...@cvs.openbsd.org2023/02/07 08:33:22

Modified files:
regress/sys/dev/softraid: Makefile 

Log message:
switch to new simplified disklabel template format.

ok kn@

CVS: cvs.openbsd.org: src

2023-02-07 Thread Klemens Nanni 
CVSROOT:/cvs
Module name:src
Changes by: k...@cvs.openbsd.org2023/02/07 08:04:28

Modified files:
regress/usr.sbin/installboot: Makefile 

Log message:
switch to new simplified disklabel template format

CVS: cvs.openbsd.org: src

2023-02-07 Thread Kenneth R Westerback 
CVSROOT:/cvs
Module name:src
Changes by: k...@cvs.openbsd.org2023/02/07 07:30:49

Modified files:
sbin/disklabel : disklabel.8 editor.c 

Log message:
Extend template parsing to allow "[mount point] *" as the specification for
putting the maximum available free space into a partition.

Extend command line parsing to allow 'T-' as the specification to
read the template file from stdin.

Prompted by, feedback, testing and ok kn@

CVS: cvs.openbsd.org: src

2023-02-07 Thread Miod Vallat 
CVSROOT:/cvs
Module name:src
Changes by: m...@cvs.openbsd.org2023/02/07 05:06:53

Modified files:
sys/arch/alpha/stand/bootxx: Makefile 

Log message:
Since we override CFLAGS here, don't forget to put -Oz in there so as to compile
with some form of optimization.

CVS: cvs.openbsd.org: src

2023-02-07 Thread Nicholas Marriott 
CVSROOT:/cvs
Module name:src
Changes by: n...@cvs.openbsd.org2023/02/07 03:56:04

Modified files:
usr.bin/tmux   : paste.c 

Log message:
Remove old buffer when renaming rather than complaining, GitHub issue
3467 from Jean-Philippe Paradis.

CVS: cvs.openbsd.org: src

2023-02-07 Thread Nicholas Marriott 
CVSROOT:/cvs
Module name:src
Changes by: n...@cvs.openbsd.org2023/02/07 03:21:01

Modified files:
usr.bin/tmux   : format.c tmux.1 

Log message:
Add an L modifier like P, W, S to loop over clients. Also fix some long
lines in tmux(1).

CVS: cvs.openbsd.org: src

2023-02-07 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2023/02/07 02:00:48

Modified files:
lib/libcrypto/ec: ec_lib.c 

Log message:
libcrypto/ec: another missing point-on-curve check

Unlike in the affine/compressed/... cases, when setting projective
coordinates of an elliptic curve point, there is no check whether
the point is actually on the curve.

Pointed out by Guido Vranken

ok beck miod