DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Installation and Upgrading

OpenBSD Installation and Upgrading Installing and upgrading OpenBSD.

Reply
 
Thread Tools Display Modes
Old 27th July 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 132
Default

Two patches:

- for iked, on 6.6, 6.7:
Quote:
In iked, incorrect use of EVP_PKEY_cmp allows an authentication bypass
Restart the service.

- for rpki-client on 6.7:
Quote:
In rpki-client, incorrect use of EVP_PKEY_cmp allows an authentication bypass.
Restart the client.
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
Old 31st July 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 132
Default

Two patches, on 6.6 and 6.7:

- on for the libX11:
Quote:
Malformed messages can cause heap corruption in the X Input Method
client implementation in libX11.
- the other for X server:
Quote:
Pixmaps inside the xserver were an info leak.
Prefere to restart the X server or your used x11 client.
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
Old 6th August 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 132
Default

New fix for libX11 on 6.6, 6.7:

Quote:
The recent security errata broke X11 input methods.
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
Old 11th August 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 132
Default

A new patch, this time for the libSSL, on 6.7:

Quote:
The TLSv1.3 client could hang, crash, leak memory or not interoperate
with some TLSv1.3 servers.
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
Old 17th August 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 132
Default

Again patch for LibSSL, on 6.7:

Quote:
The previous errata patch 019 broke bidirectional SSL_shutdown.
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
Old 8th October 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 132
Default

Excuse-me. I forgot to publish here!

----

two days ago a new patch has been released, about mmap, only 6.7.

Quote:
mmap can exhaust kernel memory for PROT_NONE MAP_SHARED mappings.
Reboot the machine, because affects the kernel ;-)
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
Old 3 Weeks Ago
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 278
Default

The first two patches for 6.8 have appeared on the mirrors. Something went wrong, it would seem, when the signature files SHA256 and SHA256.sig were created. The extra trailing newline character seems to confuse signify:
Code:
$ hexdump -c /var/www/htdocs/pub/OpenBSD/syspatch/6.8/amd64/SHA256
0000000   S   H   A   2   5   6       (   s   y   s   p   a   t   c   h
0000010   6   8   -   0   0   1   _   b   g   p   d   .   t   g   z   )
0000020       =       a   8   b   e   c   c   8   2   b   4   5   9   0
0000030   8   0   6   a   2   a   3   8   3   8   d   5   6   c   8   6
0000040   8   1   a   3   0   9   2   7   3   c   d   a   e   8   4   5
0000050   b   2   9   0   1   b   9   9   b   c   6   d   9   5   e   e
0000060   0   0   5  \n   S   H   A   2   5   6       (   s   y   s   p
0000070   a   t   c   h   6   8   -   0   0   2   _   i   c   m   p   6
0000080   .   t   g   z   )       =       3   a   8   d   c   5   9   5
0000090   5   3   3   0   1   d   6   5   a   8   b   1   a   d   c   b
00000a0   a   4   9   8   5   e   c   a   c   5   5   2   e   7   6   d
00000b0   1   8   9   e   e   2   4   b   b   f   c   5   d   7   c   7
00000c0   8   4   7   c   9   d   b   4  \n  \n                        
00000ca
Code:
hexdump -c /var/www/htdocs/pub/OpenBSD/syspatch/6.8/amd64/SHA256.sig
0000000   u   n   t   r   u   s   t   e   d       c   o   m   m   e   n
0000010   t   :       v   e   r   i   f   y       w   i   t   h       o
0000020   p   e   n   b   s   d   -   6   8   -   s   y   s   p   a   t
0000030   c   h   .   p   u   b  \n   R   W   R   W   u   H   k   S   V
0000040   0   U   8   P   d   X   P   i   /   m   +   2   +   T   X   s
0000050   7   W   k   J   M   x   h   +   /   J   w   6   I   j   k   g
0000060   J   O   4   u   z   i   z   y   U   h   h   I   c   r   T   0
0000070   7   G   X   l   R   V   B   E   x   4   X   Q   Q   l   F   P
0000080   H   /   e   U   c   T   J   k   N   8   t   i   M   4   p   9
0000090   D   b   h   e   C   6   j   O   g   E   =  \n   S   H   A   2
00000a0   5   6       (   s   y   s   p   a   t   c   h   6   8   -   0
00000b0   0   1   _   b   g   p   d   .   t   g   z   )       =       a
00000c0   8   b   e   c   c   8   2   b   4   5   9   0   8   0   6   a
00000d0   2   a   3   8   3   8   d   5   6   c   8   6   8   1   a   3
00000e0   0   9   2   7   3   c   d   a   e   8   4   5   b   2   9   0
00000f0   1   b   9   9   b   c   6   d   9   5   e   e   0   0   5  \n
0000100   S   H   A   2   5   6       (   s   y   s   p   a   t   c   h
0000110   6   8   -   0   0   2   _   i   c   m   p   6   .   t   g   z
0000120   )       =       3   a   8   d   c   5   9   5   5   3   3   0
0000130   1   d   6   5   a   8   b   1   a   d   c   b   a   4   9   8
0000140   5   e   c   a   c   5   5   2   e   7   6   d   1   8   9   e
0000150   e   2   4   b   b   f   c   5   d   7   c   7   8   4   7   c
0000160   9   d   b   4  \n  \n                                        
0000166
Code:
$ signify -C -p /etc/signify/openbsd-68-syspatch.pub -x SHA256.sig
Signature Verified
syspatch68-001_bgpd.tgz: OK
syspatch68-002_icmp6.tgz: OK
signify: unable to parse checksum line
Seems a bit sloppy tbh. Also the first patch appeared yesterday dated (tomorrow) two days into the future.
Reply With Quote
Old 3 Weeks Ago
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 132
Default

New fix for tmux on 6.7, 6.8:

Quote:
tmux has a stack overflow in CSI parsing.
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
Old 2 Weeks Ago
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 132
Default

New syspatch, on 6.8 for wg(4):

Quote:
wg(4) could panic the kernel by releasing the wrong lock
Restart the machine!
__________________
GPG:Fingerprint ed25519 : 072A 4DA2 8AFD 868D 74CF 9EA2 B85E 9ADA C377 5E8E
GPG:Fingerprint rsa4096 : 4E0D 4AF7 77F5 0FAE A35D 5B62 D0FF 7361 59BF 1733
Reply With Quote
Old 2 Weeks Ago
Prevet Prevet is offline
Package Pilot
 
Join Date: Oct 2017
Posts: 148
Default

More fixes:

Quote:
005: RELIABILITY FIX: November 10, 2020 All architectures
unwind fails to process large DNS replies.
A source code patch exists which remedies this problem.

006: RELIABILITY FIX: November 10, 2020 All architectures
rpki-client incorrectly checks the manifest validity interval.
A source code patch exists which remedies this problem.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Syspatch 1-2 available for OpenBSD 6.6 hitest OpenBSD Installation and Upgrading 23 16th May 2020 12:58 PM
HexChat broke after syspatch Freyja OpenBSD Packages and Ports 4 25th April 2020 02:30 PM
syspatch cron job bsdsource OpenBSD General 4 29th June 2018 04:05 PM
syspatch on only two architectures? pawkolor OpenBSD General 9 22nd October 2017 05:39 PM
syspatch appears to get stuck Prevet OpenBSD Installation and Upgrading 2 9th October 2017 07:56 PM


All times are GMT. The time now is 08:39 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick