obsd4a
/
www
Archived
3
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add article 'Syspatch: bgpd, relayd, libc'

This commit is contained in:
HUC Stéphane 2021-07-26 08:52:11 +02:00
parent ddc6947826
commit 8ffe762400
Signed by: hucste
GPG Key ID: C4ED64222D9B037F
14 changed files with 194 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
archetypes/default.md
View File

@ -1,6 +1,8 @@
---
title: "{{ replace .Name "-" " " | title }}"
categories: ['']
date: {{ .Date }}
description: ''
draft: true
tags: ['']
title: "{{ replace .Name "-" " " | title }}"
---

160
content/posts/syspatch-bgpd-relayd-libc-6.8-6.9.md Normal file
View File

@ -0,0 +1,160 @@
---
categories: ['Syspatch']
date: 2021-07-26T08:08:39+02:00
description: "Correctifs OpenBSD: bgpd, relayd (6.9 : toutes architectures) et libc (6.8, 6.9 : mips64)"
draft: false
tags: ['Syspatch','bgpd','libc','relayd','6.8','6.9']
title: "Syspatch : bgpd, relayd, libc (2021/07/25)"
---
## Correctif de fiabilité : bgpd
**Lors de rechargements de la configuration de bgpd, des préfixes de mauvaises
familles d'adresses pouvaient fuir vers des pairs, entraînant des réinitialisations
de sessions.**
- Architectures ciblées : toutes celles supportées par le projet OpenBSD 6.9
## Correctifs de sécurité
1/ relayd
**When using the http protocol strip filter directive or http protocol macro expansion, processes format strings.**
*(désolé, c'est incompréhensible)*
- Architectures ciblées : toutes celles supportées par le projet OpenBSD 6.9
2/ libc
**Les fonctions strchr/index/strrchr/rindex dans la libc géraient de manière incorrecte les caractères signés**.
- Architectures ciblées : mips64 pour OpenBSD 6.8 et 6.9
---
Pour toutes les architectures supportées :
- amd64, arm64, i386 par `syspatch`
- armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par [recompilation](#recompilation)
---
## Syspatch
Cette étape ne concerne que les architectures amd64, arm64, i386 !
```ksh
# syspatch
```
Ensuite, préférez [redémarrer](#restart) le service.
## Recompilation
Voici les étapes de recompilation nécessaires :
Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :
⇒ pour bgpd
```ksh
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/009_bgpd.patch.sig
# signify -Vep /etc/signify/openbsd-69-base.pub -x 009_bgpd.patch.sig \
-m - | (cd /usr/src && patch -p0)
```
⇒ La phase de recompilation :
```ksh
$ cd /usr/src/usr.sbin/bgpd
# make obj
# make
# make install
```
Ensuite, préférez [redémarrer](#restart) le service.
---
⇒ pour relayd
```ksh
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/010_relayd.patch.sig
# signify -Vep /etc/signify/openbsd-69-base.pub -x 010_relayd.patch.sig \
-m - | (cd /usr/src && patch -p0)
```
⇒ La phase de recompilation :
```ksh
$ cd /usr/src/usr.sbin/relayd
# make obj
# make
# make install
```
Ensuite, préférez [redémarrer](#restart) le service.
---
⇒ pour la libc :
- sur 6.8 :
```ksh
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/026_strchr.patch.sig
# signify -Vep /etc/signify/openbsd-68-base.pub -x 026_strchr.patch.sig \
-m - | (cd /usr/src && patch -p0)
```
- sur 6.9 :
```ksh
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/011_strchr.patch.sig
# signify -Vep /etc/signify/openbsd-69-base.pub -x 011_strchr.patch.sig \
-m - | (cd /usr/src && patch -p0)
```
⇒ La phase de recompilation :
```ksh
$ cd /usr/src/lib/libc
# make obj && make && make install
$ cd /usr/src/bin
# make obj && make && make install
$ cd /usr/src/sbin
# make obj && make && make install
$ cd /usr/src/usr.bin/kdump
# make obj && make && make install
$ cd /usr/src/usr.bin/ktrace
# make obj && make && make install
$ cd /usr/src/usr.sbin/chroot
# make obj && make && make install
$ cd /usr/src/usr.sbin/installboot
# make obj && make && make install
$ cd /usr/src/usr.sbin/watchdogd
# make obj && make && make install
```
Ensuite, préférez redémarrer la machine.
## Restart
```ksh
# rcctl restart bgpd
# rcctl restart relayd
```
---
Plus d'informations sur les pages d'Errata [6.9][1] et [6.8][2]… <br>
*et leurs versions FR respectives : [6.9 FR][3] et [6.8 FR][4].*
---
[1]: https://openbsd.org/errata69.html
[2]: https://openbsd.org/errata68.html
[3]: https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata69
[4]: https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68

10
content/posts/syspatch-vmd-6.9.md
View File

@ -33,26 +33,26 @@ Voici les étapes de recompilation nécessaires :
⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :
```ksh
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/001_vmd.patch.sig
# signify -Vep /etc/signify/openbsd-69-base.pub -x 001_vmd.patch.sig \
# wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/010_relayd.patch.sig
# signify -Vep /etc/signify/openbsd-69-base.pub -x 010_relayd.patch.sig \
-m - | (cd /usr/src && patch -p0)
```
⇒ La phase de recompilation :
```ksh
$ cd /usr/src/usr.sbin/vmd
$ cd /usr/src/usr.sbin/relayd
# make obj
# make
# make install
```
Ensuite, préférez [redémarrer](#restart) le service et vos VM.
Ensuite, préférez [redémarrer](#restart) le service.
## Restart
```ksh
# rcctl restart vmd
# rcctl restart relayd
```
---

6
public/atom.xml
View File

@ -4,7 +4,7 @@
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="fr">
<title type="text">OpenBSD Pour Tous 🐡</title>
<subtitle type="html">OBSD4* : Site de la communauté francophone autour d&#39;OpenBSD.</subtitle>
<updated>2021-06-08T21:03:19&#43;02:00</updated>
<updated>2021-06-09T09:58:39&#43;02:00</updated>
<id>https://openbsd.fr.eu.org/</id>
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/" />
<link rel="self" type="application/atom&#43;xml" href="https://openbsd.fr.eu.org/atom.xml" />
@ -20,7 +20,7 @@
<title type="text">Syspatch : vmd (2021/06/08)</title>
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/06/08/syspatch-vmd-6.8-6.9/" />
<id>https://openbsd.fr.eu.org/posts/2021/06/08/syspatch-vmd-6.8-6.9/</id>
<updated>2021-06-08T21:01:29&#43;02:00</updated>
<updated>2021-06-09T09:56:58&#43;02:00</updated>
<published>2021-06-08T20:55:42&#43;02:00</published>
<author>
<name>OBSD4a</name>
@ -52,7 +52,7 @@ des requêtes dhcp malicieuses lors de l&amp;rsquo;utilisation des interfaces lo
&lt;pre class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-ksh&#34; data-lang=&#34;ksh&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# reboot&lt;/span&gt;
&lt;pre class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-ksh&#34; data-lang=&#34;ksh&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# rcctl restart vmd&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;hr&gt;

2
public/categories/index.html
View File

@ -54,7 +54,7 @@
"@context": "https://schema.org",
"@type": "WebPage",
"datePublished": "2016-09-01T01:01:01+00:00",
"dateModified": "2021-06-08T21:01:29+02:00",
"dateModified": "2021-06-09T09:56:58+02:00",
"url": "https://openbsd.fr.eu.org/categories/",
"name": "Categories",
"description": "OBSD4* : Site de la communauté francophone autour d'OpenBSD.",

2
public/categories/syspatch/index.html
View File

@ -54,7 +54,7 @@
"@context": "https://schema.org",
"@type": "WebPage",
"datePublished": "2016-09-01T01:01:01+00:00",
"dateModified": "2021-06-08T21:01:29+02:00",
"dateModified": "2021-06-09T09:56:58+02:00",
"url": "https://openbsd.fr.eu.org/categories/syspatch/",
"name": "Categories: Syspatch",
"description": "OBSD4* : Site de la communauté francophone autour d'OpenBSD.",

6
public/index.html
View File

@ -56,7 +56,7 @@
"@context": "https://schema.org",
"@type": "WebSite",
"datePublished": "2016-09-01T01:01:01+00:00",
"dateModified": "2021-06-08T21:01:29+02:00",
"dateModified": "2021-06-09T09:56:58+02:00",
"url": "https://openbsd.fr.eu.org/",
"description": "OBSD4* : Site de la communauté francophone autour d'OpenBSD.",
"image": "https://openbsd.fr.eu.org/Puffy.svg",
@ -230,7 +230,7 @@
<time datetime="2021-06-08T21:01:29&#43;02:00" class="post-meta-item modified dt-updated"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512" class="icon post-meta-icon"><path d="M400 64h-48V12c0-6.627-5.373-12-12-12h-40c-6.627 0-12 5.373-12 12v52H160V12c0-6.627-5.373-12-12-12h-40c-6.627 0-12 5.373-12 12v52H48C21.49 64 0 85.49 0 112v352c0 26.51 21.49 48 48 48h352c26.51 0 48-21.49 48-48V112c0-26.51-21.49-48-48-48zm-6 400H54a6 6 0 0 1-6-6V160h352v298a6 6 0 0 1-6 6zm-52.849-200.65L198.842 404.519c-4.705 4.667-12.303 4.637-16.971-.068l-75.091-75.699c-4.667-4.705-4.637-12.303.068-16.971l22.719-22.536c4.705-4.667 12.303-4.637 16.97.069l44.104 44.461 111.072-110.181c4.705-4.667 12.303-4.637 16.971.068l22.536 22.718c4.667 4.705 4.636 12.303-.069 16.97z"/></svg>&nbsp;2021.6.8</time>
<time datetime="2021-06-09T09:56:58&#43;02:00" class="post-meta-item modified dt-updated"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512" class="icon post-meta-icon"><path d="M400 64h-48V12c0-6.627-5.373-12-12-12h-40c-6.627 0-12 5.373-12 12v52H160V12c0-6.627-5.373-12-12-12h-40c-6.627 0-12 5.373-12 12v52H48C21.49 64 0 85.49 0 112v352c0 26.51 21.49 48 48 48h352c26.51 0 48-21.49 48-48V112c0-26.51-21.49-48-48-48zm-6 400H54a6 6 0 0 1-6-6V160h352v298a6 6 0 0 1-6 6zm-52.849-200.65L198.842 404.519c-4.705 4.667-12.303 4.637-16.971-.068l-75.091-75.699c-4.667-4.705-4.637-12.303.068-16.971l22.719-22.536c4.705-4.667 12.303-4.637 16.97.069l44.104 44.461 111.072-110.181c4.705-4.667 12.303-4.637 16.971.068l22.536 22.718c4.667 4.705 4.636 12.303-.069 16.97z"/></svg>&nbsp;2021.6.9</time>
@ -244,7 +244,7 @@
<span class="post-meta-item wordcount"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" class="icon post-meta-icon"><path d="M497.9 142.1l-46.1 46.1c-4.7 4.7-12.3 4.7-17 0l-111-111c-4.7-4.7-4.7-12.3 0-17l46.1-46.1c18.7-18.7 49.1-18.7 67.9 0l60.1 60.1c18.8 18.7 18.8 49.1 0 67.9zM284.2 99.8L21.6 362.4.4 483.9c-2.9 16.4 11.4 30.6 27.8 27.8l121.5-21.3 262.6-262.6c4.7-4.7 4.7-12.3 0-17l-111-111c-4.8-4.7-12.4-4.7-17.1 0zM124.1 339.9c-5.5-5.5-5.5-14.3 0-19.8l154-154c5.5-5.5 14.3-5.5 19.8 0s5.5 14.3 0 19.8l-154 154c-5.5 5.5-14.3 5.5-19.8 0zM88 424h48v36.3l-64.5 11.3-31.1-31.1L51.7 376H88v48z"/></svg>&nbsp;67</span>
<span class="post-meta-item wordcount"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" class="icon post-meta-icon"><path d="M497.9 142.1l-46.1 46.1c-4.7 4.7-12.3 4.7-17 0l-111-111c-4.7-4.7-4.7-12.3 0-17l46.1-46.1c18.7-18.7 49.1-18.7 67.9 0l60.1 60.1c18.8 18.7 18.8 49.1 0 67.9zM284.2 99.8L21.6 362.4.4 483.9c-2.9 16.4 11.4 30.6 27.8 27.8l121.5-21.3 262.6-262.6c4.7-4.7 4.7-12.3 0-17l-111-111c-4.8-4.7-12.4-4.7-17.1 0zM124.1 339.9c-5.5-5.5-5.5-14.3 0-19.8l154-154c5.5-5.5 14.3-5.5 19.8 0s5.5 14.3 0 19.8l-154 154c-5.5 5.5-14.3 5.5-19.8 0zM88 424h48v36.3l-64.5 11.3-31.1-31.1L51.7 376H88v48z"/></svg>&nbsp;69</span>

2
public/posts/index.html
View File

@ -54,7 +54,7 @@
"@context": "https://schema.org",
"@type": "WebPage",
"datePublished": "2016-09-01T01:01:01+00:00",
"dateModified": "2021-06-08T21:01:29+02:00",
"dateModified": "2021-06-09T09:56:58+02:00",
"url": "https://openbsd.fr.eu.org/posts/",
"name": "Posts",
"description": "OBSD4* : Site de la communauté francophone autour d'OpenBSD.",

4
public/rss.xml
View File

@ -23,7 +23,7 @@
<copyright>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</copyright>
<lastBuildDate>Tue, 08 Jun 2021 21:03:19 &#43;0200</lastBuildDate>
<lastBuildDate>Wed, 09 Jun 2021 09:58:39 &#43;0200</lastBuildDate>
<atom:link rel="self" type="application/rss&#43;xml" href="https://openbsd.fr.eu.org/rss.xml" />
@ -61,7 +61,7 @@ des requêtes dhcp malicieuses lors de l&amp;rsquo;utilisation des interfaces lo
&lt;pre class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-ksh&#34; data-lang=&#34;ksh&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# reboot&lt;/span&gt;
&lt;pre class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-ksh&#34; data-lang=&#34;ksh&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# rcctl restart vmd&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;hr&gt;

2
public/search.json
View File

File diff suppressed because one or more lines are too long

20
public/sitemap.xml
View File

@ -4,52 +4,52 @@
<url>
<loc>https://openbsd.fr.eu.org/tags/6.8/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>
<loc>https://openbsd.fr.eu.org/tags/6.9/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>
<loc>https://openbsd.fr.eu.org/categories/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>
<loc>https://openbsd.fr.eu.org/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>
<loc>https://openbsd.fr.eu.org/posts/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>
<loc>https://openbsd.fr.eu.org/tags/syspatch/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>
<loc>https://openbsd.fr.eu.org/categories/syspatch/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>
<loc>https://openbsd.fr.eu.org/posts/2021/06/08/syspatch-vmd-6.8-6.9/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>
<loc>https://openbsd.fr.eu.org/tags/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>
<loc>https://openbsd.fr.eu.org/tags/vmd/</loc>
<lastmod>2021-06-08T21:01:29+02:00</lastmod>
<lastmod>2021-06-09T09:56:58+02:00</lastmod>
</url>
<url>

2
public/tags/6.8/index.html
View File

@ -54,7 +54,7 @@
"@context": "https://schema.org",
"@type": "WebPage",
"datePublished": "2016-09-01T01:01:01+00:00",
"dateModified": "2021-06-08T21:01:29+02:00",
"dateModified": "2021-06-09T09:56:58+02:00",
"url": "https://openbsd.fr.eu.org/tags/6.8/",
"name": "Tags: 6.8",
"description": "OBSD4* : Site de la communauté francophone autour d'OpenBSD.",

2
public/tags/index.html
View File

@ -54,7 +54,7 @@
"@context": "https://schema.org",
"@type": "WebPage",
"datePublished": "2016-09-01T01:01:01+00:00",
"dateModified": "2021-06-08T21:01:29+02:00",
"dateModified": "2021-06-09T09:56:58+02:00",
"url": "https://openbsd.fr.eu.org/tags/",
"name": "Tags",
"description": "OBSD4* : Site de la communauté francophone autour d'OpenBSD.",

2
public/tags/syspatch/index.html
View File

@ -54,7 +54,7 @@
"@context": "https://schema.org",
"@type": "WebPage",
"datePublished": "2016-09-01T01:01:01+00:00",
"dateModified": "2021-06-08T21:01:29+02:00",
"dateModified": "2021-06-09T09:56:58+02:00",
"url": "https://openbsd.fr.eu.org/tags/syspatch/",
"name": "Tags: Syspatch",
"description": "OBSD4* : Site de la communauté francophone autour d'OpenBSD.",