Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
ibuf_add_nXY() and ibuf_add_hXY() pass values as uint64_t so the sign
extension of a negative 32bit value will cause an overflow check to trigger.
The relative metric field can be negative and so this will trigger this
error. Use ibuf_add() instead, which is more what this should use anyway.
Found the hard way by sthen@ who also debugged it.
OK tb@ sthen@
Two new diffs to upstream in sys/:
1. Remove the new '#warning zlib not thread-safe': amd64 boot blocks
are compiled with -Werror and this warning breaks the build. Since
there are no threads in the boot blocks this warning (for ZLB-01-004)
is irrelevant to OpenBSD.
2. In the kernel, compress.c is compiled without NULL in scope which
breaks due to newly added NULL checks in compress2_z(), so I
added an #include <sys/_null.h> under the existing #ifdef _KERNEL
in zutil.h. Not sure if sys/param.h or something else is preferred.
This is a minor library bump since it adds six *_z functions that take
size_t instead of uLong (this only really matters for Windows).
The non-blocking device support added quite a bit of churn and so did
the deck chair shuffling for ZLB-01-004, in particular moving the
BUILDFIXED tables around.
See the additions to the ChangeLog for more details.
ok bluhm deraadt
to backout (as I had to do and ran into this). discussed with tb@ deraadt@
If you move from 7.8 to -current and run into problems and need to go
back to 7.8, you'll still have a libc.so.102.2 using syscalls that
weren't available in a 7.8 kernel. If it's the same major and higher
minor it'll be used in preference by the 7.8 binaries so anything
using __pledge_open will fail, bad system call, until you figure it
out, boot single-user, remove the newer libc and reboot/ldconfig.
If libc is bumped, users that were on 7.8 or a snap before pledge
changes before they updated, who then need to backout, won't have that
problem.
sending of bgpd_config.
struct bgpd_config includes various pointers and those should not be passed.
Instead use an zeroed stack object and copy_config() to ensure that all
pointers are NULL before passing the struct.
Also implement imsg_recv_config() which does the reverse.
Reported by Shibo, Shawn, Hugo, Systopia Team
OK tb@
Add support for benchmarking ML-KEM key encapsulation mechanisms to
openssl speed. The following operations are measured:
- key generation
- encapsulation
- decapsulation
Two parameter sets are supported:
mlkem768
mlkem1024
The benchmark can be invoked using the following options:
mlkem run all ML-KEM benchmarks
mlkem768 run ML-KEM-768 benchmarks
mlkem1024 run ML-KEM-1024 benchmarks
Results are reported similarly to other public key algorithms, showing
time per operation and operations per second. Machine-readable output
(-mr) support is also added for ML-KEM.
ok tb
- remove CommScope CA (they requested it themselves;
https://bugzilla.mozilla.org/show_bug.cgi?id=1994866)
- add new cert:
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno TLS Root CA 2023
