161 lines
3.7 KiB
Markdown
161 lines
3.7 KiB
Markdown
|
---
|
||
|
categories: ['Syspatch']
|
||
|
date: 2021-07-26T08:08:39+02:00
|
||
|
description: "Correctifs OpenBSD: bgpd, relayd (6.9 : toutes architectures) et libc (6.8, 6.9 : mips64)"
|
||
|
draft: false
|
||
|
tags: ['Syspatch','bgpd','libc','relayd','6.8','6.9']
|
||
|
title: "Syspatch : bgpd, relayd, libc (2021/07/25)"
|
||
|
---
|
||
|
|
||
|
## Correctif de fiabilité : bgpd
|
||
|
|
||
|
**Lors de rechargements de la configuration de bgpd, des préfixes de mauvaises
|
||
|
familles d'adresses pouvaient fuir vers des pairs, entraînant des réinitialisations
|
||
|
de sessions.**
|
||
|
|
||
|
- Architectures ciblées : toutes celles supportées par le projet OpenBSD 6.9
|
||
|
|
||
|
## Correctifs de sécurité
|
||
|
|
||
|
1/ relayd
|
||
|
|
||
|
**When using the http protocol strip filter directive or http protocol macro expansion, processes format strings.**
|
||
|
|
||
|
*(désolé, c'est incompréhensible)*
|
||
|
|
||
|
- Architectures ciblées : toutes celles supportées par le projet OpenBSD 6.9
|
||
|
|
||
|
|
||
|
2/ libc
|
||
|
|
||
|
**Les fonctions strchr/index/strrchr/rindex dans la libc géraient de manière incorrecte les caractères signés**.
|
||
|
|
||
|
- Architectures ciblées : mips64 pour OpenBSD 6.8 et 6.9
|
||
|
|
||
|
---
|
||
|
|
||
|
Pour toutes les architectures supportées :
|
||
|
- amd64, arm64, i386 par `syspatch`
|
||
|
- armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par [recompilation](#recompilation)
|
||
|
|
||
|
---
|
||
|
|
||
|
## Syspatch
|
||
|
|
||
|
Cette étape ne concerne que les architectures amd64, arm64, i386 !
|
||
|
|
||
|
```ksh
|
||
|
# syspatch
|
||
|
```
|
||
|
|
||
|
Ensuite, préférez [redémarrer](#restart) le service.
|
||
|
|
||
|
## Recompilation
|
||
|
|
||
|
Voici les étapes de recompilation nécessaires :
|
||
|
|
||
|
Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :
|
||
|
|
||
|
⇒ pour bgpd
|
||
|
|
||
|
```ksh
|
||
|
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/009_bgpd.patch.sig
|
||
|
# signify -Vep /etc/signify/openbsd-69-base.pub -x 009_bgpd.patch.sig \
|
||
|
-m - | (cd /usr/src && patch -p0)
|
||
|
```
|
||
|
|
||
|
⇒ La phase de recompilation :
|
||
|
|
||
|
```ksh
|
||
|
$ cd /usr/src/usr.sbin/bgpd
|
||
|
# make obj
|
||
|
# make
|
||
|
# make install
|
||
|
```
|
||
|
|
||
|
Ensuite, préférez [redémarrer](#restart) le service.
|
||
|
|
||
|
---
|
||
|
|
||
|
⇒ pour relayd
|
||
|
|
||
|
```ksh
|
||
|
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/010_relayd.patch.sig
|
||
|
# signify -Vep /etc/signify/openbsd-69-base.pub -x 010_relayd.patch.sig \
|
||
|
-m - | (cd /usr/src && patch -p0)
|
||
|
```
|
||
|
|
||
|
⇒ La phase de recompilation :
|
||
|
|
||
|
```ksh
|
||
|
$ cd /usr/src/usr.sbin/relayd
|
||
|
# make obj
|
||
|
# make
|
||
|
# make install
|
||
|
```
|
||
|
|
||
|
Ensuite, préférez [redémarrer](#restart) le service.
|
||
|
|
||
|
---
|
||
|
|
||
|
⇒ pour la libc :
|
||
|
|
||
|
- sur 6.8 :
|
||
|
|
||
|
```ksh
|
||
|
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/026_strchr.patch.sig
|
||
|
# signify -Vep /etc/signify/openbsd-68-base.pub -x 026_strchr.patch.sig \
|
||
|
-m - | (cd /usr/src && patch -p0)
|
||
|
```
|
||
|
|
||
|
- sur 6.9 :
|
||
|
|
||
|
```ksh
|
||
|
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/011_strchr.patch.sig
|
||
|
# signify -Vep /etc/signify/openbsd-69-base.pub -x 011_strchr.patch.sig \
|
||
|
-m - | (cd /usr/src && patch -p0)
|
||
|
```
|
||
|
|
||
|
⇒ La phase de recompilation :
|
||
|
|
||
|
```ksh
|
||
|
$ cd /usr/src/lib/libc
|
||
|
# make obj && make && make install
|
||
|
$ cd /usr/src/bin
|
||
|
# make obj && make && make install
|
||
|
$ cd /usr/src/sbin
|
||
|
# make obj && make && make install
|
||
|
$ cd /usr/src/usr.bin/kdump
|
||
|
# make obj && make && make install
|
||
|
$ cd /usr/src/usr.bin/ktrace
|
||
|
# make obj && make && make install
|
||
|
$ cd /usr/src/usr.sbin/chroot
|
||
|
# make obj && make && make install
|
||
|
$ cd /usr/src/usr.sbin/installboot
|
||
|
# make obj && make && make install
|
||
|
$ cd /usr/src/usr.sbin/watchdogd
|
||
|
# make obj && make && make install
|
||
|
```
|
||
|
|
||
|
Ensuite, préférez redémarrer la machine.
|
||
|
|
||
|
## Restart
|
||
|
|
||
|
```ksh
|
||
|
# rcctl restart bgpd
|
||
|
# rcctl restart relayd
|
||
|
```
|
||
|
|
||
|
---
|
||
|
|
||
|
Plus d'informations sur les pages d'Errata [6.9][1] et [6.8][2]… <br>
|
||
|
*et leurs versions FR respectives : [6.9 FR][3] et [6.8 FR][4].*
|
||
|
|
||
|
---
|
||
|
|
||
|
[1]: https://openbsd.org/errata69.html
|
||
|
[2]: https://openbsd.org/errata68.html
|
||
|
[3]: https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata69
|
||
|
[4]: https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68
|
||
|
|