### Changes between 3.0.8 and 3.0.9 [30 May 2023]
* Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier. ([CVE-2023-2650])
To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
IDENTIFIER to canonical numeric text form if the size of that OBJECT
IDENTIFIER is 586 bytes or less, and fail otherwise.
The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
most 128 sub-identifiers, and that the maximum value that each sub-
identifier may have is 2^32-1 (4294967295 decimal).
For each byte of every sub-identifier, only the 7 lower bits are part of
the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
these restrictions may occupy is 32 * 128 / 7, which is approximately 586
bytes.
Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
*Richard Levitte*
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
trigger a crash of an application using AES-XTS decryption if the memory
just after the buffer being decrypted is not mapped.
Thanks to Anton Romanov (Amazon) for discovering the issue.
([CVE-2023-1255])
*Nevine Ebeid*
* Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]).
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
compared to 3.0.7. The new fix uses existing constant time
code paths, and restores the previous performance level while
fully eliminating all existing timing side channels.
The fix was developed by Bernd Edlinger with testing support
by Hubert Kario.
*Bernd Edlinger*
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
that it does not enable policy checking. Thanks to David Benjamin for
discovering this issue.
([CVE-2023-0466])
*Tomáš Mráz*
* Fixed an issue where invalid certificate policies in leaf certificates are
silently ignored by OpenSSL and other certificate policy checks are skipped
for that certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on the
certificate altogether.
([CVE-2023-0465])
*Matt Caswell*
* Limited the number of nodes created in a policy tree to mitigate
against CVE-2023-0464. The default limit is set to 1000 nodes, which
should be sufficient for most installations. If required, the limit
can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
time define to a desired maximum number of nodes or zero to allow
unlimited growth.
([CVE-2023-0464])
*Paul Dale*
The markup was the same (modulo Li vs Cm for the dot before the
seconds), but use the same source markup grouping/layout in both to
make this fact more obvious.
Building LLVM with a host gcc 13 fails and suggests including <cstdint>
in external/apache2/llvm/dist/llvm/include/llvm/Support/Signals.h .
Instead of this, joerg@ suggested not modifying the llvm vendor branch
but instead working around this in our LLVM build infrastructure.
Determine if the host CC supports flags to disable various
warnings similar to <bsd.own.mk> GCC_*, CLANG_*, and CC_*,
and override the <bsd.own.mk> equivalents in defs.mk.
Silences "warning: unknown warning option '...'" from our source.
External source (e.g., binutils and gcc) need their own fixes
to enhance their detection of supported clang compiler flags.
Define NB_CC_FLAG(FLAG) to use AX_CHECK_COMPILE_FLAG
to determine if the host compiler supports FLAG
and define and AC_SUBST CC_FLAG if so.
Use workarounds to force clang to hard-fail on unknown -Wwarning,
and gcc to use -WWARN to check unknown -Wno-WARN because the
latter doesn't cause an error in gcc.
In the future we could use NB_CC_FLAG([-fcommon]) for
older NetBSD release branches compiled with host gcc 10+.
Rework Darwin -no-cpp-precomp check to use NB_CC_FLAG().
Note: this flag probably hasn't been required on macOS (Darwin)
for a long time, but serves as a good example on how to use this.
Display varaibles at the end of configure to show what was detected.
It's expressed as an integer, and is also returned as an integer type
should one retrieve it via sysctl(3) (as this man page already
correctly documents in the table above its description).
Use "NB_" prefix not "AC_" for our macros ("AC_" is for autoconf).
Fail is NB_ macro isn't defined.
Use AC_DEFUN() instead of define().
Consistently use () in zero argument macro calls.
Original commit message from Roy Marples:
"Derive our primary interface and address by trying to connect to an
address in the TEST-NET-2 network as noted in RFC5737 instead of using
the 1.1.1.1 address. Also, use port 7 (echo) for better style.
Fixes PR bin/46758 thanks to Lloyd Parkes."
pullups needed for netbsd-9, netbsd-10.
Add "CC_" prefix to NO_ADDR_OF_PACKED_MEMBER.
We now have the following convention:
GCC_NO_*: Disable specific warnings from GCC.
CLANG_NO_*: Disable specific warnings from Clang.
CC_NO_*: Disable specific warnings from both Clang and GCC.
This reserves "NO_*" Makefile variables to disable other features.
Some space->tab fixes.
List the NO variables in order, leaving enough room to add more entries,
not splitting the next letter after "NO" across a line.
No functional change; just prettier and easier to review.
This does real harm iff all of the following conditions are satisfied:
(1) On ILP32 architectures.
(2) Both LIBSA_PRINTF_LONGLONG_SUPPORT and LIBSA_PRINTF_WIDTH_SUPPORT
compile-time options are enabled.
(3) Width field is used with 'l' modifier.
This is an implicit-fallthrough bug, but unfortunately, GCC 10.4 cannot
find this out somehow...
XXX
Pull up to netbsd-10 and netbsd-9. netbsd-8 is not affected.
Add more error handling to pax -r -w so that any failure
during the copy to the temporary file (including a failed flush)
prevents any existing destination file from being replaced
with the partial (including possibly empty) temporary file.
The partial temporary file is removed. pax still exists non-zero.
Thanks to Michael van Elst (mlelstv@) for the analysis
of the problem in the PR.
Should fix PR misc/33753.
If copying a list of files from stdin, exit zero instead of non-zero
if there are no files supplied.
AFAICT, POSIX doesn't require a non-zero an error in this situation,
since there are no files to not match.
Fix from PR bin/41736 by Lloyd Parkes.
Remove the leftover remnants of deprecated USE_COMBINE and NOCOMBINE,
as gcc -combine has been EOL for many years.
Completes the work done by maya@ on 2019-05-10 in bsd.kmodule.mk rev 1.61.
more fine grained pacing of audio data. But this broke bta2dpd which
relied on full buffers returned (like reading from a file).
Replace the single read() in bta2dpd with a loop that fetches a full
buffer. This restores the old behaviour but loops in userland instead
of the kernel at the cost of a few extra system calls.
this commit doesn't reapply "dumping of the unicast server list
to the DumpStateLog debugging output" enhancement.
It doesn't build anymore, no idea how to rewrite.
Should fix PR 57442. Needs pull-ups for netbsd-9, netbsd-10.
christos