1817 lines
100 KiB
XML
1817 lines
100 KiB
XML
<?xml version="1.0" encoding="utf-8"?>
|
|
|
|
|
|
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="fr">
|
|
<title type="text">OpenBSD Pour Tous 🐡</title>
|
|
<subtitle type="html">OBSD4* : Site de la communauté francophone autour d'OpenBSD.</subtitle>
|
|
<updated>2021-05-02T14:32:49+02:00</updated>
|
|
<id>https://openbsd.fr.eu.org/</id>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/" />
|
|
<link rel="self" type="application/atom+xml" href="https://openbsd.fr.eu.org/atom.xml" />
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights>
|
|
<generator uri="https://gohugo.io/" version="0.80.0">Hugo</generator>
|
|
<entry>
|
|
<title type="text">OpenBSD 6.9</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/05/01/openbsd-6.9/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/05/01/openbsd-6.9/</id>
|
|
<updated>2021-05-02T14:30:04+02:00</updated>
|
|
<published>2021-05-01T00:00:00+02:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Sortie d'OpenBSD 6.9 (20210501)</summary>
|
|
|
|
<content type="html"><h2 id="description">Description</h2>
|
|
<p>L&rsquo;équipe OpenBSD sort la version <strong>6.9</strong> d'<strong>OpenBSD</strong>.</p>
|
|
<p>C&rsquo;est la 50<sup>ème</sup> mouture du système d&rsquo;exploitation.</p>
|
|
<p>L&rsquo;équipe est fière d&rsquo;annoncer que cela fait plus de 20 ans qu&rsquo;elle n&rsquo;a eu
|
|
que deux failles de sécurités à distance dans l&rsquo;installation de base.</p>
|
|
<p><img src="https://openbsd.fr.eu.org/images/puffy69.png" alt="Bandeau OpenBSD 6.9"></p>
|
|
<h2 id="changelog">Changelog</h2>
|
|
<p>⇒ De nombreux changements, améliorations sont apportés :</p>
|
|
<ul>
|
|
<li>début de la prise en charge du SOC M1 Apple</li>
|
|
<li>amélioration du support des plateformes arm64, PowerPC64</li>
|
|
<li>des améliorations autour du noyau, dont parmi les plus notables :
|
|
<ul>
|
|
<li>RAID1C: prise en charge du chiffrement pour le Raid1</li>
|
|
<li>video(4): introduction du paramètre sysctl kern.video.record désactivé
|
|
par défaut, dans le contexte de politique de confidentialité ;
|
|
et la possibilité d&rsquo;activer plusieurs dispositifs en même temps.</li>
|
|
</ul>
|
|
</li>
|
|
<li>des améliorations pour le SMP (<em>processeurs multiples</em>)</li>
|
|
<li>des améliorations pour la virtualisation VMD/VMM, dont principalement :
|
|
<ul>
|
|
<li>ajout du dispositif veb(4) en tant que bridge supporté par vmd(8).</li>
|
|
<li>ajout de la capacité de démarrer sur les ramdisk compressés</li>
|
|
</ul>
|
|
</li>
|
|
<li>de nouvelles fonctionnalités en &ldquo;espace utilisateur&rdquo; :
|
|
<ul>
|
|
<li>doas.conf: ajout de l&rsquo;option &ldquo;nolog&rdquo; afin de ne pas avoir d&rsquo;enregistrement
|
|
dans syslog(3).</li>
|
|
<li>sndio(7) et sndiod(8): autovolume désactivé par défaut, et volume par
|
|
défaut sur 127</li>
|
|
<li>logger(1) pour rcctl(8), rc.subr(8) et rc.d(8)</li>
|
|
<li>wscontl(8): une meilleure gestion des mouvements et autres touchés
|
|
des touchpads</li>
|
|
<li>apm(4) actif pour l&rsquo;architecture arm64.</li>
|
|
</ul>
|
|
</li>
|
|
<li>de nombreuses améliorations et autres ajouts de différents matériels,
|
|
de dispositifs réseaux dont wifi</li>
|
|
<li>des changements notables dans PF, IPSec, httpd, d&rsquo;outils tels rpki-client,
|
|
dig, dhclient, dont :
|
|
<ul>
|
|
<li>deux nouveaux démons dhcpleased(8) et resolvd(8) ont été ajoutés,
|
|
désactivés par défaut, gérables par le contrôleur rcctl afin de fournir
|
|
une configuration simple et cohérente des interfaces réseaux et de
|
|
la résolution DNS.</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<p>et, bien sûr bien d&rsquo;autres changements, correctifs et ajouts, lisibles
|
|
en anglais dans l'<a href="https://ftp.fr.openbsd.org/pub/OpenBSD/6.9/ANNOUNCEMENT">annonce</a> officielle.</p>
|
|
<p>⇒ Parmi les nouvelles versions de logiciels internes à OpenBSD 6.9, retrouvons :</p>
|
|
<ul>
|
|
<li>LibreSSL 3.3.2</li>
|
|
<li>OpenSSH 8.5</li>
|
|
<li>OpenSMTPD 6.9.0</li>
|
|
</ul>
|
|
<h2 id="guide-de-migration">Guide de Migration</h2>
|
|
<p>Retrouvez le <strong>Guide de Migration 6.8 → 6.9</strong> qui explique :</p>
|
|
<ol>
|
|
<li>ce qu&rsquo;il faut faire <strong>avant d&rsquo;utiliser la méthode de mise à niveau</strong></li>
|
|
<li>de choisir sa <strong>méthode de mise à niveau</strong>, dont la <strong>méthode de mise sans surveillance</strong>
|
|
par le biais de sysupgrade(8).</li>
|
|
<li>ce qu&rsquo;il est nécessaire de faire <strong>après la mise à niveau</strong></li>
|
|
<li>sans oublier ensuite de gérer les <strong>changements de configuration et de syntaxe</strong>,
|
|
les <strong>fichiers à supprimer</strong>, et de vérifier certains <strong>paquets spécifiques</strong>.</li>
|
|
</ol>
|
|
<ul>
|
|
<li>la version officielle EN du guide : <a href="https://www.openbsd.org/faq/upgrade69.html">https://www.openbsd.org/faq/upgrade69.html</a></li>
|
|
<li>la traduction EN → FR officieuse par nos soins : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/faq/upgrade69">https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/faq/upgrade69</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="art">Art</h2>
|
|
<p>⇒ Voici le poster :</p>
|
|
<p><a href="https://www.openbsd.org/images/nice.png"><img src="https://openbsd.fr.eu.org/images/OpenBSD-6.9-Poster.png" alt="Poster OpenBSD 6.9"></a></p>
|
|
<p>⇒ Retrouvez la nouvelle chanson nommée &ldquo;Vetera Novis&rdquo;.</p>
|
|
<ul>
|
|
<li><a href="https://www.OpenBSD.org/lyrics.html#69">https://www.OpenBSD.org/lyrics.html#69</a></li>
|
|
</ul>
|
|
<h2 id="vente">Vente</h2>
|
|
<p>⇒ Et voici la vente officielle de vêtements estampillés <strong>OpenBSD 6.9</strong> :</p>
|
|
<ul>
|
|
<li><a href="https://openbsd.creator-spring.com/search?searchterm=6.9">https://openbsd.creator-spring.com/search?searchterm=6.9</a></li>
|
|
</ul>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/openbsd/" term="OpenBSD" label="OpenBSD" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/openbsd/" term="OpenBSD" label="OpenBSD" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.9/" term="6.9" label="6.9" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : XInput (2021/04/13)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/04/13/syspatch-xi-6.7-6.8/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/04/13/syspatch-xi-6.7-6.8/</id>
|
|
<updated>2021-04-26T12:41:28+02:00</updated>
|
|
<published>2021-04-13T17:23:58+02:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: Serveur X</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-sécurité-xinput">Correctif de sécurité XInput</h2>
|
|
<p><strong>Des échecs de validations d&rsquo;entrées dans les extensions XInput du serveur X peuvent permettre une élévation des privilèges pour des clients autorisés.</strong></p>
|
|
<p>Il vaut mieux <strong>redémarrer le service X</strong> après l&rsquo;application du correctif !
|
|
<br><em>(ou les clients X utilisés)</em></p>
|
|
<p>Pour toutes les architectures supportées :</p>
|
|
<ul>
|
|
<li>amd64, arm64, i386 par <code>syspatch</code></li>
|
|
<li>armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par <a href="https://openbsd.fr.eu.org/posts/2021/04/13/syspatch-xi-6.7-6.8/#recompilation">recompilation</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="syspatch">Syspatch</h2>
|
|
<p>Cette étape ne concerne que les architectures amd64, arm64, i386 !</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># syspatch</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2021/04/13/syspatch-xi-6.7-6.8/#restart">redémarrez</a> le service !</p>
|
|
<h2 id="recompilation">Recompilation</h2>
|
|
<p>Pour toute autre architecture prise en charge par le projet OpenBSD, voici
|
|
les étapes de recompilation nécessaires :</p>
|
|
<p>⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :</p>
|
|
<ul>
|
|
<li>Pour 6.8 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/018_xi.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-68-base.pub -x 018_xi.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><ul>
|
|
<li>Pour 6.7 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.7/common/038_xi.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-67-base.pub -x 038_xi.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>⇒ La phase de recompilation :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh">$ <span class="nb">cd</span> /usr/xenocara/xserver
|
|
<span class="c1"># make -f Makefile.bsd-wrapper obj</span>
|
|
<span class="c1"># make -f Makefile.bsd-wrapper build</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Pour finir, <a href="https://openbsd.fr.eu.org/posts/2021/04/13/syspatch-xi-6.7-6.8/#restart">redémarrez</a> le service !</p>
|
|
<h2 id="restart">Restart</h2>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># rcctl restart xenodm</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68.html">6.8</a> et <a href="https://openbsd.org/errata67.html">6.7</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a> et <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata67">6.7 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/xinput/" term="XInput" label="XInput" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.7/" term="6.7" label="6.7" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">LibreSSL : 3.2.5</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/03/17/libressl-3.2.5/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/03/17/libressl-3.2.5/</id>
|
|
<updated>2021-03-17T08:48:56+01:00</updated>
|
|
<published>2021-03-17T08:45:49+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Sortie de LibreSSL: 3.2.5 (2021/03/17)</summary>
|
|
|
|
<content type="html"><h2 id="description">Description</h2>
|
|
<p>Suite au correctif <a href="https://openbsd.fr.eu.org/posts/2021/03/15/syspatch-libssl-6.8/">libressl</a>, l&rsquo;équipe OpenBSD délivre une nouvelle version de LibreSSL.</p>
|
|
<p>Elle inclut le correctif suivant :</p>
|
|
<pre><code>* A TLS client using session resumption may cause a use-after-free.
|
|
</code></pre><hr>
|
|
<p>Retrouvez la note de version :</p>
|
|
<ul>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.5-relnotes.txt">3.2.45</a></li>
|
|
</ul>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/libressl/" term="LibreSSL" label="LibreSSL" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/libressl/" term="LibreSSL" label="LibreSSL" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/3.2/" term="3.2" label="3.2" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : libssl (2021/03/15)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/03/15/syspatch-libssl-6.8/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/03/15/syspatch-libssl-6.8/</id>
|
|
<updated>2021-03-15T18:18:09+01:00</updated>
|
|
<published>2021-03-15T18:08:33+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: libssl</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-sécurité">Correctif de sécurité</h2>
|
|
<p><strong>Un client TLS utilisant la reprise de session peut provoquer une utilisation après libération <em>(use-after-free)</em>.</strong></p>
|
|
<p>Pour toutes les architectures supportées :</p>
|
|
<ul>
|
|
<li>amd64, arm64, i386 par <code>syspatch</code></li>
|
|
<li>armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par <a href="https://openbsd.fr.eu.org/posts/2021/03/15/syspatch-libssl-6.8/#recompilation">recompilation</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="syspatch">Syspatch</h2>
|
|
<p>Cette étape ne concerne que les architectures amd64, arm64, i386 !</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># syspatch</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2021/03/15/syspatch-libssl-6.8/#restart">redémarrez</a> le service <strong>unwind</strong> <em>si vous l&rsquo;utilisez</em> !</p>
|
|
<h2 id="recompilation">Recompilation</h2>
|
|
<p>Pour toute autre architecture prise en charge par le projet OpenBSD, voici
|
|
les étapes de recompilation nécessaires :</p>
|
|
<p>⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :</p>
|
|
<ul>
|
|
<li>Pour 6.8 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/017_libssl.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-68-base.pub -x 017_libssl.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>⇒ La phase de recompilation :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span><span class="lnt">4
|
|
</span><span class="lnt">5
|
|
</span><span class="lnt">6
|
|
</span><span class="lnt">7
|
|
</span><span class="lnt">8
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh">$ <span class="nb">cd</span> /usr/src/lib/libssl
|
|
<span class="c1"># make obj </span>
|
|
<span class="c1"># make</span>
|
|
<span class="c1"># make install</span>
|
|
$ <span class="nb">cd</span> /usr/src/sbin/unwind
|
|
<span class="c1"># make obj</span>
|
|
<span class="c1"># make</span>
|
|
<span class="c1"># make install</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2021/03/15/syspatch-libssl-6.8/#restart">redémarrez</a> le service <strong>unwind</strong> <em>si vous l&rsquo;utilisez</em> !</p>
|
|
<h2 id="restart">Restart</h2>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># rcctl restart unwind</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68.html">6.8</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/libssl/" term="libssl" label="libssl" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : npppd (2021/03/09)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/03/09/syspatch-npppd-6.7-6.8/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/03/09/syspatch-npppd-6.7-6.8/</id>
|
|
<updated>2021-03-09T12:19:45+01:00</updated>
|
|
<published>2021-03-09T12:14:49+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: npppd</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-sécurité-npppd">Correctif de sécurité npppd</h2>
|
|
<p><strong>Le gestionnaire de protocole PPTP peut provoquer une sur-lecture du tas, ce qui peut entraîner un crash.</strong></p>
|
|
<p>Il est nécessaire de <strong>redémarrer le service</strong> après l&rsquo;application du correctif !</p>
|
|
<p>Pour toutes les architectures supportées :</p>
|
|
<ul>
|
|
<li>amd64, arm64, i386 par <code>syspatch</code></li>
|
|
<li>armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par <a href="https://openbsd.fr.eu.org/posts/2021/03/09/syspatch-npppd-6.7-6.8/#recompilation">recompilation</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="syspatch">Syspatch</h2>
|
|
<p>Cette étape ne concerne que les architectures amd64, arm64, i386 !</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># syspatch</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2021/03/09/syspatch-npppd-6.7-6.8/#restart">redémarrez</a> le service, <em>si utilisé</em> !</p>
|
|
<h2 id="recompilation">Recompilation</h2>
|
|
<p>Pour toute autre architecture prise en charge par le projet OpenBSD, voici
|
|
les étapes de recompilation nécessaires :</p>
|
|
<p>⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :</p>
|
|
<ul>
|
|
<li>Pour 6.8 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/016_npppd.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-68-base.pub -x 016_npppd.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><ul>
|
|
<li>Pour 6.7 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.7/common/037_npppd.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-67-base.pub -x 037_npppd.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>⇒ La phase de recompilation :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span><span class="lnt">4
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh">$ <span class="nb">cd</span> /usr/src/usr.sbin/npppd
|
|
<span class="c1"># make obj</span>
|
|
<span class="c1"># make</span>
|
|
<span class="c1"># make install</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2021/03/09/syspatch-npppd-6.7-6.8/#restart">redémarrez</a> le service, <em>si utilisé</em> !</p>
|
|
<h2 id="restart">Restart</h2>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># rcctl restart npppd</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68.html">6.8</a> et <a href="https://openbsd.org/errata67.html">6.7</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a> et <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata67">6.7 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/npppd/" term="npppd" label="npppd" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.7/" term="6.7" label="6.7" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : ssh-agent (2021/03/03)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/03/03/syspatch-ssh-agent-6.7-6.8/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/03/03/syspatch-ssh-agent-6.7-6.8/</id>
|
|
<updated>2021-03-03T23:17:38+01:00</updated>
|
|
<published>2021-03-03T23:12:34+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: SSH</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-sécurité-ssh-agent">Correctif de sécurité ssh-agent</h2>
|
|
<p><strong>Double libération (de mémoire) dans ssh-agent(1)</strong></p>
|
|
<p>Pour toutes les architectures supportées :</p>
|
|
<ul>
|
|
<li>amd64, arm64, i386 par <code>syspatch</code></li>
|
|
<li>armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par <a href="https://openbsd.fr.eu.org/posts/2021/03/03/syspatch-ssh-agent-6.7-6.8/#recompilation">recompilation</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="syspatch">Syspatch</h2>
|
|
<p>Cette étape ne concerne que les architectures amd64, arm64, i386 !</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># syspatch</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite redémarrez votre client ssh-agent !</p>
|
|
<h2 id="recompilation">Recompilation</h2>
|
|
<p>Pour toute autre architecture prise en charge par le projet OpenBSD, voici
|
|
les étapes de recompilation nécessaires :</p>
|
|
<p>⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :</p>
|
|
<ul>
|
|
<li>Pour 6.8 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-68-base.pub -x 015_sshagent.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><ul>
|
|
<li>Pour 6.7 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.7/common/036_sshagent.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-67-base.pub -x 036_sshagent.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>⇒ La phase de recompilation :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span><span class="lnt">4
|
|
</span><span class="lnt">5
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh">$ <span class="nb">cd</span> /usr/src/usr.bin/ssh
|
|
<span class="c1"># make obj</span>
|
|
<span class="c1"># make clean</span>
|
|
<span class="c1"># make</span>
|
|
<span class="c1"># make install</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite redémarrez votre client ssh-agent !</p>
|
|
<hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68">6.8</a> et <a href="https://openbsd.org/errata67">6.7</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a> et <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata67">6.7 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/ssh/" term="ssh" label="ssh" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.7/" term="6.7" label="6.7" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : pffrag (2021/02/24)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/02/24/syspatch-pffrag-6.7-6.8/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/02/24/syspatch-pffrag-6.7-6.8/</id>
|
|
<updated>2021-03-09T12:08:56+01:00</updated>
|
|
<published>2021-02-24T18:52:52+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: PF</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-sécurité-pffrag">Correctif de sécurité pffrag</h2>
|
|
<p><strong>Une séquence de fragments IPv4 se chevauchant pourrait faire planter le
|
|
noyau en pf en raison d&rsquo;une assertion.</strong></p>
|
|
<p>Il est nécessaire de redémarrer le noyau !</p>
|
|
<p>Pour toutes les architectures supportées :</p>
|
|
<ul>
|
|
<li>amd64, arm64, i386 par <code>syspatch</code></li>
|
|
<li>armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par <a href="https://openbsd.fr.eu.org/posts/2021/02/24/syspatch-pffrag-6.7-6.8/#recompilation">recompilation</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="syspatch">Syspatch</h2>
|
|
<p>Cette étape ne concerne que les architectures amd64, arm64, i386 !</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># syspatch</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2021/02/24/syspatch-pffrag-6.7-6.8/#restart">redémarrez</a> la machine !</p>
|
|
<h2 id="recompilation">Recompilation</h2>
|
|
<p>Pour toute autre architecture prise en charge par le projet OpenBSD, voici
|
|
les étapes de recompilation nécessaires :</p>
|
|
<p>⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :</p>
|
|
<ul>
|
|
<li>Pour 6.8 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/014_pffrag.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-68-base.pub -x 014_pffrag.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><ul>
|
|
<li>Pour 6.7 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.7/common/035_pffrag.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-67-base.pub -x 035_pffrag.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>⇒ La phase de recompilation :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span><span class="lnt">4
|
|
</span><span class="lnt">5
|
|
</span><span class="lnt">6
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># KK=`sysctl -n kern.osversion | cut -d# -f1`</span>
|
|
<span class="c1"># cd /usr/src/sys/arch/`machine`/compile/$KK</span>
|
|
<span class="c1"># make obj</span>
|
|
<span class="c1"># make config</span>
|
|
<span class="c1"># make</span>
|
|
<span class="c1"># make install</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Pour finir, <a href="https://openbsd.fr.eu.org/posts/2021/02/24/syspatch-pffrag-6.7-6.8/#restart">redémarrez</a> la machine !</p>
|
|
<h2 id="restart">Restart</h2>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># reboot</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68.html">6.8</a> et <a href="https://openbsd.org/errata67.html">6.7</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a> et <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata67">6.7 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/pf/" term="PF" label="PF" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.7/" term="6.7" label="6.7" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">LibreSSL : 3.2.4</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/02/13/libressl-3.2.4/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/02/13/libressl-3.2.4/</id>
|
|
<updated>2021-03-17T08:49:10+01:00</updated>
|
|
<published>2021-02-13T06:32:39+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Sortie de LibreSSL: 3.2.4 (2021/02/12)</summary>
|
|
|
|
<content type="html"><h2 id="description">Description</h2>
|
|
<p>Suite au correctif <a href="https://openbsd.fr.eu.org/posts/2021/02/03/syspatch-libressl-6.8/">libressl</a>, l&rsquo;équipe OpenBSD délivre une nouvelle version de LibreSSL.</p>
|
|
<p>Elle inclut les correctifs des bogues et d&rsquo;interopérabilités suivants :</p>
|
|
<pre><code>* Switch back to certificate verification code from LibreSSL 3.1.x. The
|
|
new verifier is not bug compatible with the old verifier causing issues
|
|
with applications expecting behavior of the old verifier.
|
|
|
|
* Unbreak DTLS retransmissions for flights that include a CCS
|
|
|
|
* Only check BIO_should_read() on read and BIO_should_write() on write
|
|
|
|
* Implement autochain for the TLSv1.3 server
|
|
|
|
* Use the legacy verifier for autochain
|
|
|
|
* Implement exporter for TLSv1.3
|
|
|
|
* Free alert_data and phh_data in tls13_record_layer_free()
|
|
|
|
* Plug leak in x509_verify_chain_dup()
|
|
|
|
* Free the policy tree in x509_vfy_check_policy()
|
|
</code></pre><hr>
|
|
<p>Retrouvez la note de version :</p>
|
|
<ul>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.4-relnotes.txt">3.2.4</a></li>
|
|
</ul>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/libressl/" term="LibreSSL" label="LibreSSL" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/libressl/" term="LibreSSL" label="LibreSSL" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/3.2/" term="3.2" label="3.2" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : libressl (2021/02/02)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/02/03/syspatch-libressl-6.8/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/02/03/syspatch-libressl-6.8/</id>
|
|
<updated>2021-03-15T18:18:32+01:00</updated>
|
|
<published>2021-02-03T07:14:19+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: libressl</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-fiabilité-libressl">Correctif de fiabilité libressl</h2>
|
|
<p><strong>De nombreux problèmes d&rsquo;interopérabilité et failles mémoire ont été découvertes dans les bibliothèques libcrypto et libssl.</strong></p>
|
|
<p>Il peut-être nécessaire de redémarrer certains services, tels isakmpd, unwind.</p>
|
|
<p>Pour toutes les architectures supportées :</p>
|
|
<ul>
|
|
<li>amd64, arm64, i386 par <code>syspatch</code></li>
|
|
<li>armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par <a href="https://openbsd.fr.eu.org/posts/2021/02/03/syspatch-libressl-6.8/#recompilation">recompilation</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="syspatch">Syspatch</h2>
|
|
<p>Cette étape ne concerne que les architectures amd64, arm64, i386 !</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># syspatch</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2021/02/03/syspatch-libressl-6.8/#restart">redémarrez</a> les services utilisés, si c&rsquo;est le cas !</p>
|
|
<h2 id="recompilation">Recompilation</h2>
|
|
<p>Pour toute autre architecture prise en charge par le projet OpenBSD, voici
|
|
les étapes de recompilation nécessaires :</p>
|
|
<p>⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/013_libressl.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-68-base.pub -x 013_libressl.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>⇒ La phase de recompilation :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt"> 1
|
|
</span><span class="lnt"> 2
|
|
</span><span class="lnt"> 3
|
|
</span><span class="lnt"> 4
|
|
</span><span class="lnt"> 5
|
|
</span><span class="lnt"> 6
|
|
</span><span class="lnt"> 7
|
|
</span><span class="lnt"> 8
|
|
</span><span class="lnt"> 9
|
|
</span><span class="lnt">10
|
|
</span><span class="lnt">11
|
|
</span><span class="lnt">12
|
|
</span><span class="lnt">13
|
|
</span><span class="lnt">14
|
|
</span><span class="lnt">15
|
|
</span><span class="lnt">16
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="nb">cd</span> /usr/src/lib/libcrypto
|
|
make obj
|
|
make
|
|
make install
|
|
<span class="nb">cd</span> /usr/src/lib/libssl
|
|
make obj
|
|
make
|
|
make install
|
|
<span class="nb">cd</span> /usr/src/sbin/isakmpd
|
|
make obj
|
|
make
|
|
make install
|
|
<span class="nb">cd</span> /usr/src/sbin/unwind
|
|
make obj
|
|
make
|
|
make install
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Pour finir, <a href="https://openbsd.fr.eu.org/posts/2021/02/03/syspatch-libressl-6.8/#restart">redémarrez</a> les services, si utilisés.</p>
|
|
<h2 id="restart">Restart</h2>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># rcctl restart isakmpd unwind</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68.html">6.8</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/libressl/" term="LibreSSL" label="LibreSSL" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : carp (2021/01/13)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/01/13/syspatch-carp-bpf/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/01/13/syspatch-carp-bpf/</id>
|
|
<updated>2021-03-09T12:08:25+01:00</updated>
|
|
<published>2021-01-13T20:02:39+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: carp, bpf</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-fiabilité-carp">Correctif de fiabilité carp</h2>
|
|
<p><strong>L&rsquo;utilisation de bpf(4) sur une interface CARP pourrait entraîner une
|
|
utilisation après une erreur</strong>.</p>
|
|
<p>Il est nécessaire de <strong>redémarrer la machine</strong> car ce correctif affecte
|
|
le noyau.</p>
|
|
<p>Pour toutes les architectures supportées :</p>
|
|
<ul>
|
|
<li>amd64, arm64, i386 par <code>syspatch</code></li>
|
|
<li>armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par <a href="https://openbsd.fr.eu.org/posts/2021/01/13/syspatch-carp-bpf/#recompilation">recompilation</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="syspatch">Syspatch</h2>
|
|
<p>Cette étape ne concerne que les architectures amd64, arm64, i386 !</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># syspatch</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2021/01/13/syspatch-carp-bpf/#restart">redémarrez</a> la machine !</p>
|
|
<h2 id="recompilation">Recompilation</h2>
|
|
<p>Pour toute autre architecture prise en charge par le projet OpenBSD, voici
|
|
les étapes de recompilation nécessaires :</p>
|
|
<p>⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :</p>
|
|
<ul>
|
|
<li>Pour 6.8 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/012_carp.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-68-base.pub -x 012_carp.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>⇒ La phase de recompilation :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span><span class="lnt">4
|
|
</span><span class="lnt">5
|
|
</span><span class="lnt">6
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># KK=`sysctl -n kern.osversion | cut -d# -f1`</span>
|
|
<span class="c1"># cd /usr/src/sys/arch/`machine`/compile/$KK</span>
|
|
<span class="c1"># make obj</span>
|
|
<span class="c1"># make config</span>
|
|
<span class="c1"># make</span>
|
|
<span class="c1"># make install</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Pour finir, <a href="https://openbsd.fr.eu.org/posts/2021/01/13/syspatch-carp-bpf/#restart">redémarrez</a> la machine !</p>
|
|
<h2 id="restart">Restart</h2>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># reboot</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68.html">6.8</a> et <a href="https://openbsd.org/errata67.html">6.7</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a> et <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata67">6.7 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/carp/" term="carp" label="carp" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/bpf/" term="bpf" label="bpf" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : NDP - IPv6 (2021/01/11)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2021/01/11/syspatch-nd6/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2021/01/11/syspatch-nd6/</id>
|
|
<updated>2021-03-09T12:08:48+01:00</updated>
|
|
<published>2021-01-11T15:05:12+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: NDP</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-fiabilité--nd6">Correctif de fiabilité nd6</h2>
|
|
<p><strong>Quand une entrée NDP est invalide sur la couche de niveau 2, celle-ci
|
|
n&rsquo;est pas invalidée.</strong></p>
|
|
<p>Il est nécessaire de <strong>redémarrer la machine</strong> car ce correctif affecte
|
|
le noyau.</p>
|
|
<p>Pour toutes les architectures supportées :</p>
|
|
<ul>
|
|
<li>amd64, arm64, i386 par <code>syspatch</code></li>
|
|
<li>armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par <a href="https://openbsd.fr.eu.org/posts/2021/01/11/syspatch-nd6/#recompilation">recompilation</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="syspatch">Syspatch</h2>
|
|
<p>Cette étape ne concerne que les architectures amd64, arm64, i386 !</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># syspatch</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2021/01/11/syspatch-nd6/#restart">redémarrez</a> la machine !</p>
|
|
<h2 id="recompilation">Recompilation</h2>
|
|
<p>Pour toute autre architecture prise en charge par le projet OpenBSD, voici
|
|
les étapes de recompilation nécessaires :</p>
|
|
<p>⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :</p>
|
|
<ul>
|
|
<li>Pour 6.8 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/011_nd6.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-68-base.pub -x 011_nd6.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><ul>
|
|
<li>Pour 6.7 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># https://ftp.openbsd.org/pub/OpenBSD/patches/6.7/common/034_nd6.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-67-base.pub -x 034_nd6.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>⇒ La phase de recompilation :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span><span class="lnt">4
|
|
</span><span class="lnt">5
|
|
</span><span class="lnt">6
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># KK=`sysctl -n kern.osversion | cut -d# -f1`</span>
|
|
<span class="c1"># cd /usr/src/sys/arch/`machine`/compile/$KK</span>
|
|
<span class="c1"># make obj</span>
|
|
<span class="c1"># make config</span>
|
|
<span class="c1"># make</span>
|
|
<span class="c1"># make install</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Pour finir, <a href="https://openbsd.fr.eu.org/posts/2021/01/11/syspatch-nd6/#restart">redémarrez</a> la machine !</p>
|
|
<h2 id="restart">Restart</h2>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># reboot</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68.html">6.8</a> et <a href="https://openbsd.org/errata67.html">6.7</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a> et <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata67">6.7 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/ndp/" term="NDP" label="NDP" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/ipv6/" term="IPv6" label="IPv6" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.7/" term="6.7" label="6.7" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : smptd (2020/12/23)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2020/12/24/syspatch-smptd-6.7-6.8/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2020/12/24/syspatch-smptd-6.7-6.8/</id>
|
|
<updated>2021-03-09T12:09:06+01:00</updated>
|
|
<published>2020-12-24T15:05:12+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: smtpd</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-fiabilité-smtpd">Correctif de fiabilité smtpd</h2>
|
|
<p><strong>La machine à états de filtrage de smtpd peut libérer prématurément des
|
|
ressources conduisant à un plantage</strong>.</p>
|
|
<p>Il est nécessaire de <strong>redémarrer le service</strong> après l&rsquo;application du correctif !</p>
|
|
<p>Pour toutes les architectures supportées :</p>
|
|
<ul>
|
|
<li>amd64, arm64, i386 par <code>syspatch</code></li>
|
|
<li>armv7, hppa, landisk, loongson, luna88k, macppc, sparc64 par <a href="https://openbsd.fr.eu.org/posts/2020/12/24/syspatch-smptd-6.7-6.8/#recompilation">recompilation</a></li>
|
|
</ul>
|
|
<hr>
|
|
<h2 id="syspatch">Syspatch</h2>
|
|
<p>Cette étape ne concerne que les architectures amd64, arm64, i386 !</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># syspatch</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Ensuite <a href="https://openbsd.fr.eu.org/posts/2020/12/24/syspatch-smptd-6.7-6.8/#restart">redémarrez</a> le service !</p>
|
|
<h2 id="recompilation">Recompilation</h2>
|
|
<p>Pour toute autre architecture prise en charge par le projet OpenBSD, voici
|
|
les étapes de recompilation nécessaires :</p>
|
|
<p>⇒ Après avoir téléchargé le correctif, vérifiez-le, et appliquez-le :</p>
|
|
<ul>
|
|
<li>Pour 6.8 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/010_smtpd.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-68-base.pub -x 010_smtpd.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><ul>
|
|
<li>Pour 6.7 :</li>
|
|
</ul>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># wget https://ftp.openbsd.org/pub/OpenBSD/patches/6.7/common/033_smtpd.patch.sig</span>
|
|
<span class="c1"># signify -Vep /etc/signify/openbsd-67-base.pub -x 033_smtpd.patch.sig \</span>
|
|
-m - <span class="p">|</span> <span class="o">(</span><span class="nb">cd</span> /usr/src <span class="o">&amp;&amp;</span> patch -p0<span class="o">)</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>⇒ La phase de recompilation :</p>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span><span class="lnt">2
|
|
</span><span class="lnt">3
|
|
</span><span class="lnt">4
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># cd /usr/src/usr.sbin/smtpd</span>
|
|
<span class="c1"># make obj</span>
|
|
<span class="c1"># make</span>
|
|
<span class="c1"># make install</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><p>Pour finir, <a href="https://openbsd.fr.eu.org/posts/2020/12/24/syspatch-smptd-6.7-6.8/#restart">redémarrez</a> le service !</p>
|
|
<h2 id="restart">Restart</h2>
|
|
<div class="highlight"><div class="chroma">
|
|
<table class="lntable"><tr><td class="lntd">
|
|
<pre class="chroma"><code><span class="lnt">1
|
|
</span></code></pre></td>
|
|
<td class="lntd">
|
|
<pre class="chroma"><code class="language-ksh" data-lang="ksh"><span class="c1"># rcctl restart smtpd</span>
|
|
</code></pre></td></tr></table>
|
|
</div>
|
|
</div><hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68.html">6.8</a> et <a href="https://openbsd.org/errata67.html">6.7</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a> et <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata67">6.7 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/smtpd/" term="smtpd" label="smtpd" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.7/" term="6.7" label="6.7" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">LibreSSL : 3.3.1, 3.2.3, 3.1.5</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2020/12/09/libressl-3.3.1-3.2.3-3.1.5/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2020/12/09/libressl-3.3.1-3.2.3-3.1.5/</id>
|
|
<updated>2021-03-17T08:49:19+01:00</updated>
|
|
<published>2020-12-09T13:23:17+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Sortie de trois versions de LibreSSL: 3.3.1, 3.2.3, 3.1.5 (2020/12/09)</summary>
|
|
|
|
<content type="html"><h2 id="description">Description</h2>
|
|
<p>Suite au <a href="https://openbsd.fr.eu.org/posts/2020/12/09/syspatch-asn1-exit/#correctif-de-s%C3%A9curit%C3%A9-asn1">correctif de sécurité à-propos d&rsquo;asn.1</a>, l&rsquo;équipe OpenBSD
|
|
délivre trois nouvelles versions de LibreSSL.</p>
|
|
<p>Retrouvez les notes respectives de ces trois versions :</p>
|
|
<ul>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.1-relnotes.txt">3.3.1</a></li>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.3-relnotes.txt">3.2.3</a></li>
|
|
<li><a href="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.5-relnotes.txt">3.1.5</a></li>
|
|
</ul>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/libressl/" term="LibreSSL" label="LibreSSL" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/libressl/" term="LibreSSL" label="LibreSSL" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/3.3/" term="3.3" label="3.3" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/3.2/" term="3.2" label="3.2" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/3.1/" term="3.1" label="3.1" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">OpenNTPD 6.8p1</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2020/12/09/openntpd-6.8p1/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2020/12/09/openntpd-6.8p1/</id>
|
|
<updated>2020-12-09T13:39:22+01:00</updated>
|
|
<published>2020-12-09T13:13:58+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Sortie d'OpenNTPD 6.8p1 (20201209)</summary>
|
|
|
|
<content type="html"><h2 id="description">Description</h2>
|
|
<p>L&rsquo;équipe OpenBSD sort une nouvelle version d&rsquo;OpenNTDP, la <strong>6.8p1</strong>.</p>
|
|
<p><em>cela fait quelques années qu&rsquo;il n&rsquo;y avait pas eu de sortie majeure, depuis la 6.2p3</em></p>
|
|
<h2 id="changelog">Changelog</h2>
|
|
<ul>
|
|
<li>
|
|
<p>The ntpd daemon now gets and sets the clock in a secure way when booting
|
|
even when a battery-backed clock is absent.</p>
|
|
</li>
|
|
<li>
|
|
<p>Improvements in DNS resolving and constraints checking, especially during
|
|
startup. Unreliable NTP peers are removed from the pool and DNS resolving
|
|
is repeated to add replacements.</p>
|
|
</li>
|
|
<li>
|
|
<p>Improved reliability and security of TLS constraint checking.</p>
|
|
</li>
|
|
<li>
|
|
<p>Improved logging of failure cases.</p>
|
|
</li>
|
|
<li>
|
|
<p>Prevent the case of multiple ntpds running at once by checking presence
|
|
of the local control socket.</p>
|
|
</li>
|
|
<li>
|
|
<p>TLS certificates are now searched in TLS_CA_CERT_FILE.</p>
|
|
</li>
|
|
<li>
|
|
<p>The default ntpd.conf configuration file now uses 9.9.9.9 and
|
|
2620:fe::fe, in addition to google.com, when performing time constraint
|
|
validation.</p>
|
|
</li>
|
|
<li>
|
|
<p>Improved handling unsynched mode when there is no replies from an NTP
|
|
server, such as when there are network connectivity issues.</p>
|
|
</li>
|
|
<li>
|
|
<p>To build OpenNTPD with time constraint support, libtls from LibreSSL
|
|
3.2.2 or later is recommended.</p>
|
|
</li>
|
|
</ul>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/openntpd/" term="OpenNTPD" label="OpenNTPD" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/openntpd/" term="OpenNTPD" label="OpenNTPD" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
<entry>
|
|
<title type="text">Syspatch : asn.1, exit (2020/12/08)</title>
|
|
<link rel="alternate" type="text/html" href="https://openbsd.fr.eu.org/posts/2020/12/09/syspatch-asn1-exit/" />
|
|
<id>https://openbsd.fr.eu.org/posts/2020/12/09/syspatch-asn1-exit/</id>
|
|
<updated>2021-03-09T12:29:47+01:00</updated>
|
|
<published>2020-12-09T12:51:50+01:00</published>
|
|
<author>
|
|
<name>OBSD4a</name>
|
|
<uri>https://openbsd.fr.eu.org/</uri>
|
|
<email>puffy@openbsd.fr.eu.org</email>
|
|
</author>
|
|
<rights>[CC 0](https://creativecommons.org/publicdomain/zero/1.0/deed.fr)</rights><summary type="html">Correctif OpenBSD: asn.1 & exit</summary>
|
|
|
|
<content type="html"><h2 id="correctif-de-sécurité-asn1">Correctif de Sécurité asn.1</h2>
|
|
<p>Concernant LibreSSL, <strong>une notation ASN.1 mal formée dans une liste de
|
|
révocation de certificat ou une réponse de timestamp peut amener vers un
|
|
pointeur de déréférencement NULL</strong></p>
|
|
<ul>
|
|
<li>le correctif affecte le noyau OpenBSD 6.7 et 6.8 et nécessite le redémarrage
|
|
de la machine</li>
|
|
</ul>
|
|
<h2 id="correctif-de-fiabilité-exit">Correctif de fiabilité exit</h2>
|
|
<p><strong>Lors d&rsquo;un processus de sortie, dans des programmes multithread un faux
|
|
code de sortie peut être reporté</strong>.</p>
|
|
<hr>
|
|
<p>Plus d&rsquo;informations sur les pages d&rsquo;Errata <a href="https://openbsd.org/errata68.html">6.8</a> et <a href="https://openbsd.org/errata67.html">6.7</a>… <br>
|
|
<em>et leurs versions FR respectives : <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata68">6.8 FR</a> et <a href="https://wiki.openbsd.fr.eu.org/doku.php/openbsd.org/errata67">6.7 FR</a>.</em></p>
|
|
<hr>
|
|
</content>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/categories/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/syspatch/" term="Syspatch" label="Syspatch" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/asn.1/" term="asn.1" label="asn.1" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/exit/" term="exit" label="exit" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.7/" term="6.7" label="6.7" />
|
|
|
|
|
|
|
|
|
|
|
|
<category scheme="https://openbsd.fr.eu.org/tags/6.8/" term="6.8" label="6.8" />
|
|
|
|
|
|
|
|
|
|
|
|
</entry>
|
|
|
|
</feed>
|