CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/02/08 00:59:24 Modified files: usr.bin/openssl: pkcs7.c Log message: openssl(1) pkcs7 avoid crash on malformed files When printing certificates or CRLs, check signed and signedAndEnveloped before dereferencing them. Prevents crash on inspecting malformed PKCS7 files. ok jsing
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: t...@cvs.openbsd.org2023/02/07 18:53:24 Modified files: libressl : index.html releases.html Log message: missed version bump and spelling fix
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bc...@cvs.openbsd.org 2023/02/07 18:03:58 Modified files: libressl : index.html releases.html Log message: LibreSSL 3.6.2, 3.5.4
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: sas...@cvs.openbsd.org 2023/02/07 10:58:43 Modified files: sbin/pfctl : parse.y sys/net: pfvar.h Log message: internal representation of icmp type/code in pfctl(8)/pf(4) does not fit into u_int8_t. Issue has been noticed and kindly reported by amalinin _at_ bh0.amt.ru via bugs@. OK bluhm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: flor...@cvs.openbsd.org 2023/02/07 10:44:02 Modified files: sbin/unwind: resolver.c Log message: home.arpa is a special-use domain, internally answered by libunbound. Let it through to forwarders like we do with AS112 domains because home.arpa might be useful in the local network. Issue reported by Ryan Kavanagh (rak at rak.ac), thanks! Input & OK tb
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: dera...@cvs.openbsd.org 2023/02/07 10:34:10 Modified files: lib/libc/arch/sparc64: Makefile.inc Log message: remove seatbelt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/02/07 09:14:55 Modified files: sys/netinet: if_ether.h Log message: Remove needless #ifdef INET6 from struct ether_extracted field in public header file. Makes debugging with special kernels easier.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2023/02/07 09:09:04 Modified files: . : errata71.html errata72.html Log message: Release x509, xserver, smtpd errata.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/02/07 08:59:30 Modified files: lib/libcrypto/x509: Tag: OPENBSD_7_1 x509_genn.c Log message: Fix arbitrary memory read in GENERAL_NAME_cmp() The ASN.1 template for GENERAL_NAME and its corresponding C structure disagree on the type of the x400Address member. This results in an ASN.1 string to be considered as an ASN.1 type, which allows an attacker to read (essentially) arbitrary memory. Fix this by forcing comparison as strings. While the underlying type confusion has been present since time immemorial, this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig). Reported by David Benjamin, fix suggested by jsing. Release date for this was set to be January 31. Unilaterally pushed back to February 7 by OpenSSL by way of announcement of many completely unrelated embargoed issues, some of which they had been sitting on since July 2020. from tb@; OK beck@ jsing@ this is errata/7.1/022_x509.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/02/07 08:59:13 Modified files: lib/libcrypto/x509: Tag: OPENBSD_7_2 x509_genn.c Log message: Fix arbitrary memory read in GENERAL_NAME_cmp() The ASN.1 template for GENERAL_NAME and its corresponding C structure disagree on the type of the x400Address member. This results in an ASN.1 string to be considered as an ASN.1 type, which allows an attacker to read (essentially) arbitrary memory. Fix this by forcing comparison as strings. While the underlying type confusion has been present since time immemorial, this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig). Reported by David Benjamin, fix suggested by jsing. Release date for this was set to be January 31. Unilaterally pushed back to February 7 by OpenSSL by way of announcement of many completely unrelated embargoed issues, some of which they had been sitting on since July 2020. from tb@; OK beck@ jsing@ this is errata/7.2/018_x509.patch.sig
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: bl...@cvs.openbsd.org 2023/02/07 08:54:20 Modified files: xserver/Xi : Tag: OPENBSD_7_1 exevents.c Log message: Xi: fix use-after-free in DeepCopyPointerClasses CVE-2023-0494, ZDI-CAN-19596 from matthieu@ this is errata/7.1/023_xserver.patch.sig
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: bl...@cvs.openbsd.org 2023/02/07 08:54:03 Modified files: xserver/Xi : Tag: OPENBSD_7_2 exevents.c Log message: Xi: fix use-after-free in DeepCopyPointerClasses CVE-2023-0494, ZDI-CAN-19596 from matthieu@ this is errata/7.2/019_xserver.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/02/07 08:50:54 Modified files: usr.sbin/smtpd : Tag: OPENBSD_7_1 envelope.c Log message: smtpd(8) could abort due to a connection from a local, scoped ipv6 address. avoid using inet_pton(3) which doesn't support scoped ipv6 address, and use getaddrinfo(3) instead of. from semarie@; OK millert@ florian@ kn@ this is errata/7.1/024_smtpd.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2023/02/07 08:50:30 Modified files: usr.sbin/smtpd : Tag: OPENBSD_7_2 envelope.c Log message: smtpd(8) could abort due to a connection from a local, scoped ipv6 address. avoid using inet_pton(3) which doesn't support scoped ipv6 address, and use getaddrinfo(3) instead of. from semarie@; OK millert@ florian@ kn@ this is errata/7.2/020_smtpd.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/02/07 08:46:58 Modified files: lib/libcrypto/x509: x509_genn.c Log message: Fix arbitrary memory read in GENERAL_NAME_cmp() The ASN.1 template for GENERAL_NAME and its corresponding C structure disagree on the type of the x400Address member. This results in an ASN.1 string to be considered as an ASN.1 type, which allows an attacker to read (essentially) arbitrary memory. Fix this by forcing comparison as strings. While the underlying type confusion has been present since time immemorial, this particular bug came with the EdiPartyName fix (6.8/008_asn1.patch.sig). Reported by David Benjamin, fix suggested by jsing. Release date for this was set to be January 31. Unilaterally pushed back to February 7 by OpenSSL by way of announcement of many completely unrelated embargoed issues, some of which they had been sitting on since July 2020. ok beck jsing
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/02/07 08:33:22 Modified files: regress/sys/dev/softraid: Makefile Log message: switch to new simplified disklabel template format. ok kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/02/07 08:04:28 Modified files: regress/usr.sbin/installboot: Makefile Log message: switch to new simplified disklabel template format
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: k...@cvs.openbsd.org2023/02/07 07:30:49 Modified files: sbin/disklabel : disklabel.8 editor.c Log message: Extend template parsing to allow "[mount point] *" as the specification for putting the maximum available free space into a partition. Extend command line parsing to allow 'T-' as the specification to read the template file from stdin. Prompted by, feedback, testing and ok kn@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2023/02/07 05:06:53 Modified files: sys/arch/alpha/stand/bootxx: Makefile Log message: Since we override CFLAGS here, don't forget to put -Oz in there so as to compile with some form of optimization.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2023/02/07 03:56:04 Modified files: usr.bin/tmux : paste.c Log message: Remove old buffer when renaming rather than complaining, GitHub issue 3467 from Jean-Philippe Paradis.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: n...@cvs.openbsd.org2023/02/07 03:21:01 Modified files: usr.bin/tmux : format.c tmux.1 Log message: Add an L modifier like P, W, S to loop over clients. Also fix some long lines in tmux(1).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: t...@cvs.openbsd.org2023/02/07 02:00:48 Modified files: lib/libcrypto/ec: ec_lib.c Log message: libcrypto/ec: another missing point-on-curve check Unlike in the affine/compressed/... cases, when setting projective coordinates of an elliptic curve point, there is no check whether the point is actually on the curve. Pointed out by Guido Vranken ok beck miod