FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F14.1 2025-02-21T02:45:28Z 2025-02-21T02:45:28Z Ed Maste emaste@FreeBSD.org 2025-02-19T14:00:42Z urn:sha1:fe49460873e0cc87f938922a0f6f22890929adc7 Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 62df41ae0a71e77ccb1e8fae06d82eec5dff441a) (cherry picked from commit 24ce323f020fb1ee1b463e524a7a6c15f47ec2a4) 2025-02-21T02:39:27Z Ed Maste emaste@FreeBSD.org 2025-02-19T03:03:26Z urn:sha1:3053f92a163c91b6dc5e2834b037463dc109fa40 Obtained from: OpenSSH 38df39ecf278 Security: CVE-2025-26465 Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 170059d6d33cf4e890067097f3c0beb3061cabbd) (cherry picked from commit 4ad8c195cf54411e3b3fa0bec227eb83ca078404) 2025-02-21T02:39:07Z Ed Maste emaste@FreeBSD.org 2025-02-19T03:00:45Z urn:sha1:8d0540600b1ea1a58d14dfe01b8196070900ebe2 Obtained from: OpenSSH 5e07dee272c3 Security: CVE-2025-26466 Security: FreeBSD-SA-25:05.openssh Approved by: so Sponsored by: The FreeBSD Foundation (cherry picked from commit 8a16d0831e70530b2fbd682e748bd051de35f192) (cherry picked from commit 34798cb576bbd2064ab8da372112482bf8e2a7e6) 2025-01-29T17:13:08Z Ed Maste emaste@FreeBSD.org 2024-07-01T13:14:15Z urn:sha1:88d5d81087113112fcafff109b14ae21d7e3a687 Cherry-pick fix: upstream: when sending ObscureKeystrokeTiming chaff packets, we can't rely on channel_did_enqueue to tell that there is data to send. This flag indicates that the channels code enqueued a packet on _this_ ppoll() iteration, not that data was enqueued in _any_ ppoll() iteration in the timeslice. ok markus@ OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 Approved by: so Security: FreeBSD-SA-25:01.openssh Obtained from: openssh-portable 146c420d29d0 Reviewed by: gordon Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D45823 (cherry picked from commit b81424adf7181d816c10b1345aaa3305ab0ec304) (cherry picked from commit bf9a275b24f6655616cc691555fe1a36ed5e4338) 2024-09-04T20:46:54Z Viktor Dukhovni viktor@openssl.org 2024-06-19T11:04:11Z urn:sha1:9a5a7c90d5e5971fe2b9c9265e9279a6f173a8f3 The incorrectly typed data is read only, used in a compare operation, so neither remote code execution, nor memory content disclosure were possible. However, applications performing certificate name checks were vulnerable to denial of service. The GENERAL_TYPE data type is a union, and we must take care to access the correct member, based on `gen->type`, not all the member fields have the same structure, and a segfault is possible if the wrong member field is read. The code in question was lightly refactored with the intent to make it more obviously correct. Security: CVE-2024-6119 Obtained from: OpenSSL Project (cherry picked from commit 1486960d6cdb052e4fc0109a56a0597b4e902ba1) (cherry picked from commit 5946b0c6cbc77e6c5f62f5f7e635c6036e14f4d0) Approved by: so 2024-08-07T13:32:25Z Ed Maste emaste@FreeBSD.org 2024-08-01T00:04:46Z urn:sha1:4504250892124d6282ca931dd5f612afb8b799f6 Under certain circumstances it may call log(3), which is not async- signal-safe. For now just remove the blacklist integration from this path, which means that blacklistd will not detect and firewall hosts that establish a connection but do nothing further. Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46203 (cherry picked from commit 2739a6845031e69be7c03461a9335d8bbb9f59bd) (cherry picked from commit 3d3bae9b95388169d396adc8007585699c5a23e0) Approved by: so Security: FreeBSD-SA-24:08.openssh Security: CVE-2024-7589 (cherry picked from commit 73466449a9bf1888147c53d622236cebc0aa591b) 2024-07-01T08:23:50Z Philip Paeps philip@FreeBSD.org 2024-07-01T08:20:01Z urn:sha1:8f80def8aa085385dc4fe4668f0e29d3a0dc8510 Reported by: Qualys Threat Research Unit (TRU) Approved by: so Security: FreeBSD-SA-24:04.openssh Security: CVE-2024-6387 (cherry picked from commit 2abea9df01655633aabbb9bf3204c90722001202) (cherry picked from commit 620a6a54bb7bb6e1c5607092b6ec49e353e0925f) 2024-04-29T12:50:19Z Cy Schubert cy@FreeBSD.org 2014-01-10T19:18:06Z urn:sha1:8640bd657d841d1307520eca792e959acdf2063f Fix build when WITH_OPENLDAP defined. PR: 278430 Obtained from: Upstream c1c7da7f79 (cherry picked from commit a0d7d68a2dd818ce84e37e1ff20c8849cda6d853) 2024-04-24T21:27:11Z Dimitry Andric dim@FreeBSD.org 2024-04-17T17:49:30Z urn:sha1:689dbdedd8bdaa0e6c7149a7a26dc77ba9db886e Import upstream 6747e1628: asn1: Use unsigned bitfields for named bitsets Signed 1-bit bitfields are undefined in C. This should fix the following warnings, which for unknown reasons are errors in CI: /usr/src/crypto/heimdal/lib/hx509/ca.c:1020:22: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1020 | ku.digitalSignature = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1021:21: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1021 | ku.keyEncipherment = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1028:17: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1028 | ku.keyCertSign = 1; | ^ ~ /usr/src/crypto/heimdal/lib/hx509/ca.c:1029:13: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion] 1029 | ku.cRLSign = 1; | ^ ~ PR: 276960 Fixes: 1b7487592987 MFC after: 1 week (cherry picked from commit 219b6e442308d5353b2af5f0771ce9b887b70754) 2024-04-24T21:26:52Z Dimitry Andric dim@FreeBSD.org 2024-04-16T18:56:37Z urn:sha1:164f125311a6cc0217ce9103aaefcfd31fb796bf Import upstream 19d378f44: ASN.1 INTEGERs will now compile to C int64_t or uint64_t, depending on whether the constraint ranges include numbers that cannot be represented in 32-bit ints and whether they include negative numbers. Template backend support included. check-template is now built with --template, so we know we're testing it. Tests included. Also adjusts the generated files: * asn1parse.c, asn1parse.h (not strictly necessary, but nice to have) * der-protos.h, which needs a bunch of new prototypes. I copied these from a der-protos.h generated by the upstream build system, which uses a perl script for this. * adjust printf format strings for int64_t. Upstream uses %lld for this, but that is not portable, and leads to lots of -Werror warnings. This should fix target-dependent differences between headers generated by asn1_compile. For example, when cross compiling world from amd64 to i386, the generated cms_asn1.h header has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..-1), iv OCTET STRING, } while a native build on i386 has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..2147483647), iv OCTET STRING, } These are _both_ wrong, since the source file, cms.asn1, has: CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..4294967295), iv OCTET STRING -- exactly 8 octets } PR: 276960 Reviewed by: cy, emaste MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D44814 Differential Revision: https://reviews.freebsd.org/D44815 (cherry picked from commit 1b7487592987c91020063a311a14dc15b6e58075)