From nobody Mon Feb 13 16:12:04 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PFq9R3bg9z3rN8Z for ; Mon, 13 Feb 2023 16:12:11 +0000 (UTC) (envelope-from natalino.picone@nozominetworks.com) Received: from mx0a-00756801.pphosted.com (mx0a-00756801.pphosted.com [205.220.170.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "Thawte RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PFq9Q3kZpz3KWm for ; Mon, 13 Feb 2023 16:12:10 +0000 (UTC) (envelope-from natalino.picone@nozominetworks.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=nozominetworks.com header.s=selector2 header.b=hmX5dRiC; spf=pass (mx1.freebsd.org: domain of natalino.picone@nozominetworks.com designates 205.220.170.195 as permitted sender) smtp.mailfrom=natalino.picone@nozominetworks.com; dmarc=pass (policy=reject) header.from=nozominetworks.com; arc=pass ("microsoft.com:s=arcselector9901:i=1") Received: from pps.filterd (m0297686.ppops.net [127.0.0.1]) by mx0a-00756801.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31D8bEYV000748 for ; Mon, 13 Feb 2023 08:12:08 -0800 Received: from eur02-vi1-obe.outbound.protection.outlook.com (mail-vi1eur02lp2047.outbound.protection.outlook.com [104.47.11.47]) by mx0a-00756801.pphosted.com (PPS) with ESMTPS id 3npasj8wey-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 13 Feb 2023 08:12:07 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oaJmdRaAxrkASfVmfJ29q0q7F1uEJrbmZQkQRIOf0Zk3GRNxscfyZ9S9hntK3lzUxURLfJ+bwE/34TRMEVWaRqwhLSvj0l3vjIHReGc8Gto3j8zGoOZln7jHer3XwzggF2VbHPU4qpHRhqaFHUiuDZb7zJNNhfkslJrimWC6KEuEMhom6DcEnHlO4UqD7gUgkt1tUh+ycCkDqOgqg151WIx0wYF2NZiNenVJ+mRl3o+bxaiJApu//dVuW141ReGDONFOO/nIvSGQ43FVyx0imbED5JdZeNZ8GNYlkpO+ui5msvh2zU2UKa3j2ulGQ5F35M6ekCbx5v0a4Oma5RKcTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YA1G4vwZoFa1v+9IWaiJHScRpGCony3UaxGcQMDbVmY=; b=lC+xPzSZsExUsdjJN/RI6E8/zmmLeSxdy6u0oJStuBTOtg5CE56tm+usidRx6s/8bdVk+rGruUpgrWp3UfSFneG53HXRiRTZWzLkV8RA4wf34Wjv1Po1ko5T5+LaK0Ta8mt9nzroEceuzs/dQKBeVSRASIwDxrHxUj2SC1lfMgur6tBzXjYaMZB0eIR321lPygVwnnH/HpNuaayugJ7KGMMibzhtCDzs7jeJw6DpMY3FBYIEeuLrrt0Tit4JMJOo5MJ9wi315voTmkbn0V/EpiEdi47SxlW1DSG7z3e706qbq1SYWZg1w+mejYjnZiqJX7EUDVn3KOqsohHB6OmYng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nozominetworks.com; dmarc=pass action=none header.from=nozominetworks.com; dkim=pass header.d=nozominetworks.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nozominetworks.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YA1G4vwZoFa1v+9IWaiJHScRpGCony3UaxGcQMDbVmY=; b=hmX5dRiCUBLV2znrgmRc7kpln894IVlRi4Q947BQWXpW9JHYrYVrLMe6hBNYD8w6GIm+t5seWjE3tOUMAZTz3X6829seEFAl2puYlMzZN+UBGTZVCgyub2sguhNOYbPOvLVOaHln+psiYXfzXI03vI/gyTm6NGXUEUrBZvaaCFE= Received: from AM6PR07MB5816.eurprd07.prod.outlook.com (2603:10a6:20b:96::22) by PA4PR07MB8885.eurprd07.prod.outlook.com (2603:10a6:102:266::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.23; Mon, 13 Feb 2023 16:12:04 +0000 Received: from AM6PR07MB5816.eurprd07.prod.outlook.com ([fe80::9629:d3f:935f:4a37]) by AM6PR07MB5816.eurprd07.prod.outlook.com ([fe80::9629:d3f:935f:4a37%3]) with mapi id 15.20.6086.024; Mon, 13 Feb 2023 16:12:04 +0000 From: Natalino Picone To: "freebsd-security@freebsd.org" Subject: Re: [openssl@openssl.org: OpenSSL Security Advisory] Thread-Topic: [openssl@openssl.org: OpenSSL Security Advisory] Thread-Index: AQHZO49bcD0eMbUMdEyR7JxxPu92ba7FLwMOgAB2dqiAB2695g== Date: Mon, 13 Feb 2023 16:12:04 +0000 Message-ID: References: <1edf53ab-65d6-dcd9-00be-7d198daa7f40@ximalas.info> In-Reply-To: Accept-Language: en-US, it-IT Content-Language: en-GB X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AM6PR07MB5816:EE_|PA4PR07MB8885:EE_ x-ms-office365-filtering-correlation-id: 81673cfc-59f7-42c5-b7c3-08db0ddd0bda x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: mJbPAIp0BL2JKJzqJ1800bY8BYE/fXon0PgP7sFFT8qqrRnD2fl5vdH/IMqMB4G0t7vhHJs2wyjSj/0/9VQ3yHoOFRcbIyigBFwoZZxbNYRxG/2V9/BgON0BJtFxAE6XbHC57xVoLLQTCzNKzqYpeqyVvT06PIOQHcj+OrN2HwXtb3E6T0696hbK+fpG4IszABuTwoJ5tTNDrNm2iunxvFv/z0kWmaayAhZwHgCWJeLwbhinTqQL8bcuyP+d+tE1qsuPQ0XgEOD8wMTJtv0rdRESBsz/yKXSkRhXiduXQpjyfrCg4bmFIrNnEB4536rDUP9hwNVsrU/Ono+5ItaQ7n2ja+zWaiGGy68PAZOGw0vt8wiAg+Au0pgCQeYrDbkNJnVk8Q4MPmvLUzqixgzdXJUWJswEZC0Bpe10lKOJwra/BNSkKhC3+6qihTEsUtAxniWw69KdRpZz/KHXqKUoKIaHDen2u6c9wHTltWdbpHcR3mu3tVQEEdaKuTzJ7iViEN9GDbQU/vom84oZnTlx0Ib+8ioHMD1eQes8un2gBLzt/+OeK0aixTtEd3/nF/tiq8sGTLtp6s13w/zrlUMGj/A5trv2hCxngloYkBswvSq8qUv3K6x4t2cP5qWcgnZMRqheAvEBhki0T7i/OJMEEKSv7u9WcJnS0q3d3knuDaERPnZH8z2yy3z9ZNE6Bt/82husMUYP6YQZpVtwkd0rfSES9c3KuMP9JjCoDGgp/7re0WFnPegExHGdctEULo3hDOY/Dx5GCckWQK5wZxUAYu17O2w7DV8KbWm//h0EdDQ= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM6PR07MB5816.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(376002)(396003)(366004)(39850400004)(136003)(346002)(451199018)(8936002)(38100700002)(2906002)(166002)(15650500001)(44832011)(52536014)(33656002)(966005)(55016003)(7696005)(66556008)(66446008)(122000001)(66476007)(8676002)(99936003)(6916009)(66946007)(64756008)(41300700001)(76116006)(5660300002)(38070700005)(91956017)(86362001)(45080400002)(26005)(9686003)(6506007)(186003)(83380400001)(478600001)(71200400001)(316002)(53546011)(220923002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?iej5nOl/MGNgqNJvDgDrkiZ6h8g72pbKmEE3sFFIjigNTeFpwp1BjKuP?= =?Windows-1252?Q?PHaqq4lPrjkuioHuO/nxVpJC1GXZ6xxSAVEKnxnBFuHdO9Zp5sYaoyf8?= =?Windows-1252?Q?fYlUSpDyZzTKMDAMr418PK51vSeKdsWlX8e0F99Ie0dhdTJ/hq57GkBi?= =?Windows-1252?Q?xItnfyOVNTmj676CrgL3vrszQTHJA+zBftMUCxI1eIfouidGHwg7TXlm?= =?Windows-1252?Q?9+PlajrK685Kf0NkXN02kvwWEcEPWZJsqxMcEv54polKy5WHvQ+KLMkH?= =?Windows-1252?Q?YbM1Pv2q6F4rYOdz+V5C8NO5VYKY032xtVLne6uzzmAJ/tf+HTnqVjnW?= =?Windows-1252?Q?DLhsg2/OIOdytc1WdBngq7+kfM70yQr2xqrigBG5kPgIqfn3lEBF9DNw?= =?Windows-1252?Q?YQ6egrpcJG+F8wNFd/f//Ervlir4/QK4XYPlK4lauP4Kmc56OiRT0lrP?= =?Windows-1252?Q?6NU5FWrUPhSKSjkhxTFZyZA2etNGzlsnLqmwZimAzTdthmdiCQfb1jpW?= =?Windows-1252?Q?BAy2GhQbqP6lgI4DnH2XB0TNk7s6jP9F7/he61CAsm2lnuuFC0zvyLkq?= =?Windows-1252?Q?KUyMVRCDDyuyCO9Pp9jF6J53kJegOAVPVvuNOVIBZkKkVJfyYRLFJQk8?= =?Windows-1252?Q?Ccq1gJsni5PBTwmLNbyot6odSkgWc+gOjFVzg+HnacN4I+CwfR1M3zVR?= =?Windows-1252?Q?iP64OMeirOYyCsaDFJqSsPvpIakfCn9E/pDib/+qZ6KUXDsRMlLK5eGR?= =?Windows-1252?Q?BqCLXz/NS0Wnnupx6yT922HZ9Lh9EVKAScNezKxoE0Xi8/FaTEbXYqKZ?= =?Windows-1252?Q?oyHc5ZANLJ99pfXVXX2qlAMwJlU8DqiJqiaQD5JYFWh3Bws7AtyYRnG9?= =?Windows-1252?Q?avBtlqW5IDxS5PovJdtvk0OBuRbt/6goRI3hIQ7V0sdHJxskxuPLx7M2?= =?Windows-1252?Q?Kua1VDgmNdgsHn5WwrOZCyttxUl14f2Kmtp7+98ualijqnIRf/ftecK1?= =?Windows-1252?Q?H7bdrxwMqWfwxAu+BFyFsdbtQUvJHhLPdPtW7vsZ4195Mt5aWTjjeKKo?= =?Windows-1252?Q?I/fQM50eh/RXR8h9PYo4NeAbTnfBl9W/rvF2VZgDgfm+puBHjVX9pxYG?= =?Windows-1252?Q?A0WW2L8VyVRqdzN2wQHMr+shKKiMzHokTJslN+oPE4tZ4D2H0hQGnRmK?= =?Windows-1252?Q?N/SkWMiaAJdSuH+PUSDL+C/vtGcV9mcoj9lYkue3V5jlcArl2FwBr5Tq?= =?Windows-1252?Q?idG28aS2a568gHjok5g6mJBhUFjppCRfVEq/hwy67gNyVRcrhmTL4CuB?= =?Windows-1252?Q?L1z1NWuNDtgxBrSAZssiUvoKJN21QtZ90zGe6tb7cOWcGIPUiXNi/kRG?= =?Windows-1252?Q?9RqLUQ452f1Yj2H/fyYDxrkHaA8IUmcZxmeaO4bIGsp4TPfz09AsafFa?= =?Windows-1252?Q?qt8qR6YAncqzPVusHdNzTIIBGwdmpznOGh2hNhV6QtzX3+dn9BqOWG2A?= =?Windows-1252?Q?Jx+3G9ay1BEY3BN6Ry+75wJ8W1wL2JJdHIfzmi2AyRh4jaq3DD69moXl?= =?Windows-1252?Q?7+bsxbmjvmEWEI3I02ulwuCuImQ4gtRxuWj3Pae/JwZk2Qi3PqQ2uKVu?= =?Windows-1252?Q?lE/jS8uw3cx4Q6YKXWPQKzAXssZFTg0R2rsqLY8PT5TWW7AgYk1MJbQB?= =?Windows-1252?Q?bL9hAg12g996h/q0AAyBJO1H67nwBzRB4QfuvtzlQL3VDdKFfE4fl5Fz?= =?Windows-1252?Q?TbpM21yKJNh+AGcsUj1aURRTswHT9EDKER4MyeDD?= Content-Type: multipart/related; boundary="_004_AM6PR07MB5816E7801BA34C69063A318586DD9AM6PR07MB5816eurp_"; type="multipart/alternative" List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 X-OriginatorOrg: nozominetworks.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB5816.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 81673cfc-59f7-42c5-b7c3-08db0ddd0bda X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2023 16:12:04.0873 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 6f04d14b-0796-4b81-b7fd-779778e05341 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: luTjDeIvqW/GDFFKj4v+uAl8lGPOGZ/ON0JKEXows9lxt/JaLmM6cmhUHvdO+0JVOEGhmDZCxSHGJuyvgPNNbYTr2ZrpmOyH63wAStXZzwTv120A/RC4BKe86nl1al3L X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB8885 X-Proofpoint-ORIG-GUID: H8nkTOkSNBZPfW2QIaNev6UL2UHr8S4Q X-Proofpoint-GUID: H8nkTOkSNBZPfW2QIaNev6UL2UHr8S4Q X-Spamd-Result: default: False [-0.86 / 15.00]; INTRODUCTION(2.00)[]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; HFILTER_URL_ONLY(0.87)[0.39464108501489]; DMARC_POLICY_ALLOW(-0.50)[nozominetworks.com,reject]; NEURAL_SPAM_LONG(0.27)[0.270]; R_SPF_ALLOW(-0.20)[+ip4:205.220.170.195]; R_DKIM_ALLOW(-0.20)[nozominetworks.com:s=selector2]; MIME_GOOD(-0.10)[multipart/related,multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:26211, ipnet:205.220.170.0/24, country:US]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; FROM_HAS_DN(0.00)[]; TO_DN_EQ_ADDR_ALL(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DKIM_TRACE(0.00)[nozominetworks.com:+]; RCPT_COUNT_ONE(0.00)[1]; RCVD_IN_DNSWL_NONE(0.00)[104.47.11.47:received] X-Rspamd-Queue-Id: 4PFq9Q3kZpz3KWm X-Spamd-Bar: / X-ThisMailContainsUnwantedMimeParts: N --_004_AM6PR07MB5816E7801BA34C69063A318586DD9AM6PR07MB5816eurp_ Content-Type: multipart/alternative; boundary="_000_AM6PR07MB5816E7801BA34C69063A318586DD9AM6PR07MB5816eurp_" --_000_AM6PR07MB5816E7801BA34C69063A318586DD9AM6PR07MB5816eurp_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi, Is there an ETA for this OpenSSL update to reach the base? Regards, Nat -- Natalino Picone Senior Product Security Engineer =95 Phone: +41 (0)91 647 04 06 =95 natalino.picone@nozominetworks.com Nozomi Networks | The Lea= der in OT & IoT Security Website | Blog | Twitter | Linkedin | YouTube | Podcast [G0Vs5lnGv874AAAAAElFTkSuQmCC] From: owner-freebsd-security@freebsd.org on behalf of The Doctor Date: Wednesday, 8 February 2023 at 23:40 To: Trond Endrest??l Cc: freebsd-security@freebsd.org Subject: Re: [openssl@openssl.org: OpenSSL Security Advisory] CAUTION: External email! On Wed, Feb 08, 2023 at 05:41:12PM +0100, Trond Endrest??l wrote: > On Wed, 8 Feb 2023 08:35-0700, The Doctor wrote: > > > On Wed, Feb 08, 2023 at 02:32:24PM -0000, Christian Weisgerber wrote: > > > On 2023-02-08, The Doctor wrote: > > > > > > > Any concerns vis-a-vis FreeBSD? > > > > > > Yes, OpenSSL in base needs to be updated to 1.1.1t... *checks git* > > > ... which has already happened in main, stable/13 and stable/12. > > > > > > I assume advisories will be forthcoming. > > > > I have been waiting since yesterday! > > Hopefully, this can be combined with OpenSSH 9.2p1 due next week. > Openssh 9.2 has been out for 2 weeks. > -- > ---------------------------------------------------------------------- > Trond Endrest??l | Trond.Endrestol@ximalas.info > Member of ACM, NAS, NUUG, USENIX | FreeBSD 13.2-P & Alpine 2.26 -- Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca Yahweh, King & country!Never Satan President Republic!Beware AntiChrist ris= ing! Look at Psalms 14 and 53 on Atheism https://eur03.safelinks.protection.outl= ook.com/?url=3Dhttps%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fwww.empi= re.kred%2FROOTNK%3Ft%3D94a1f39b__%3B!!AGppA_5pSY-ZV0s!NuBwrx6fHRfptH98u-AQP= -aVaI39shfg8Ens9_iraRTqi3Gv_PYxMGVPSAioU_hYqjMcl2BRjrywpFgLHIrDWeQpDHoSJRkr= yzg%24&data=3D05%7C01%7Cnatalino.picone%40nozominetworks.com%7Cb1c518011b1f= 48e214e508db0a256db7%7C6f04d14b07964b81b7fd779778e05341%7C0%7C0%7C638114928= 086494910%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBT= iI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3DOloxci7dGBKss8GvRBv6ZxzwQ= VhpPWKnEIks35Bj88o%3D&reserved=3D0 Sometimes what's billed as light is the darkness. -unknown Beware https://e= ur03.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Furldefense.com%2= Fv3%2F__https%3A%2F%2Fmindspring.com__%3B!!AGppA_5pSY-ZV0s!NuBwrx6fHRfptH98= u-AQP-aVaI39shfg8Ens9_iraRTqi3Gv_PYxMGVPSAioU_hYqjMcl2BRjrywpFgLHIrDWeQpDHo= SzaOecWI%24&data=3D05%7C01%7Cnatalino.picone%40nozominetworks.com%7Cb1c5180= 11b1f48e214e508db0a256db7%7C6f04d14b07964b81b7fd779778e05341%7C0%7C0%7C6381= 14928086494910%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIi= LCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3DofP9au%2BnIf5gD%2FFx= IKq3KTGpkye9I25aJ4nD79W18bY%3D&reserved=3D0 --_000_AM6PR07MB5816E7801BA34C69063A318586DD9AM6PR07MB5816eurp_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Hi,

Is there an ETA for this OpenSSL update to reach the= base?

 

Regards,

Nat

 

--

Natalino Picone
Senior Product Security Engineer
=95 Phone: +41 (0)91 647 04 06<= span style=3D"font-size:9.0pt;font-family:"Arial",sans-serif;colo= r:#494957">
=95 natalino.picone@nozominetworks.com

Nozomi Networks | The Leader in OT &am= p; IoT Security=
Website | Blog | Twitter | Linkedin<= /b> | YouTube | Podcast  


3D"G0Vs5lnGv874AAAAAElFTkSuQ=

 

 

From: owner-freebsd-secur= ity@freebsd.org <owner-freebsd-security@freebsd.org> on behalf of The= Doctor <doctor@doctor.nl2k.ab.ca>
Date: Wednesday, 8 February 2023 at 23:40
To: Trond Endrest??l <trond.endrestol@ximalas.info>
Cc: freebsd-security@freebsd.org <freebsd-security@freebsd.org>= ;
Subject: Re: [openssl@openssl.org: OpenSSL Security Advisory]

CAUTION: External email!


On Wed, Feb 08, 2023 at 05:41:12PM +0100, Trond Endrest??l wrote:
> On Wed, 8 Feb 2023 08:35-0700, The Doctor wrote:
>
> > On Wed, Feb 08, 2023 at 02:32:24PM -0000, Christian Weisgerber wr= ote:
> > > On 2023-02-08, The Doctor <doctor@doctor.nl2k.ab.ca> w= rote:
> > >
> > > > Any concerns vis-a-vis FreeBSD?
> > >
> > > Yes, OpenSSL in base needs to be updated to 1.1.1t... *check= s git*
> > > ... which has already happened in main, stable/13 and stable= /12.
> > >
> > > I assume advisories will be forthcoming.
> >
> > I have been waiting since yesterday!
>
> Hopefully, this can be combined with OpenSSH 9.2p1 due next week.
>

Openssh 9.2 has been out for 2 weeks.
> --
> ----------------------------------------------------------------------=
> Trond Endrest??l         =           |   &= nbsp;   Trond.Endrestol@ximalas.info
> Member of ACM, NAS, NUUG, USENIX  |     =   FreeBSD 13.2-P & Alpine 2.26


--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist= rising!
Look at Psalms 14 and 53 on Atheism https://eur03.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Furldefe= nse.com%2Fv3%2F__https%3A%2F%2Fwww.empire.kred%2FROOTNK%3Ft%3D94a1f39b__%3B= !!AGppA_5pSY-ZV0s!NuBwrx6fHRfptH98u-AQP-aVaI39shfg8Ens9_iraRTqi3Gv_PYxMGVPS= AioU_hYqjMcl2BRjrywpFgLHIrDWeQpDHoSJRkryzg%24&data=3D05%7C01%7Cnatalino= .picone%40nozominetworks.com%7Cb1c518011b1f48e214e508db0a256db7%7C6f04d14b0= 7964b81b7fd779778e05341%7C0%7C0%7C638114928086494910%7CUnknown%7CTWFpbGZsb3= d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000= %7C%7C%7C&sdata=3DOloxci7dGBKss8GvRBv6ZxzwQVhpPWKnEIks35Bj88o%3D&re= served=3D0
Sometimes what's billed as light is the darkness. -unknown Beware https://eur03.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Furldefe= nse.com%2Fv3%2F__https%3A%2F%2Fmindspring.com__%3B!!AGppA_5pSY-ZV0s!NuBwrx6= fHRfptH98u-AQP-aVaI39shfg8Ens9_iraRTqi3Gv_PYxMGVPSAioU_hYqjMcl2BRjrywpFgLHI= rDWeQpDHoSzaOecWI%24&data=3D05%7C01%7Cnatalino.picone%40nozominetworks.= com%7Cb1c518011b1f48e214e508db0a256db7%7C6f04d14b07964b81b7fd779778e05341%7= C0%7C0%7C638114928086494910%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJ= QIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=3DofP= 9au%2BnIf5gD%2FFxIKq3KTGpkye9I25aJ4nD79W18bY%3D&reserved=3D0

--_000_AM6PR07MB5816E7801BA34C69063A318586DD9AM6PR07MB5816eurp_-- --_004_AM6PR07MB5816E7801BA34C69063A318586DD9AM6PR07MB5816eurp_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=5080; creation-date="Mon, 13 Feb 2023 16:10:49 GMT"; modification-date="Mon, 13 Feb 2023 16:10:49 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAGYAAAAeCAYAAADermvOAAAAAXNSR0IArs4c6QAAAJBlWElmTU0A KgAAAAgABgEGAAMAAAABAAIAAAESAAMAAAABAAEAAAEaAAUAAAABAAAAVgEbAAUAAAABAAAAXgEo AAMAAAABAAIAAIdpAAQAAAABAAAAZgAAAAAAAABIAAAAAQAAAEgAAAABAAOgAQADAAAAAQABAACg AgAEAAAAAQAAAGagAwAEAAAAAQAAAB4AAAAA879mzwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAm1p VFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0 YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDUuNC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRw Oi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNj cmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFk b2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9y aWVudGF0aW9uPgogICAgICAgICA8dGlmZjpYUmVzb2x1dGlvbj43MjwvdGlmZjpYUmVzb2x1dGlv bj4KICAgICAgICAgPHRpZmY6UGhvdG9tZXRyaWNJbnRlcnByZXRhdGlvbj4yPC90aWZmOlBob3Rv bWV0cmljSW50ZXJwcmV0YXRpb24+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3Rp ZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDx0aWZmOllSZXNvbHV0aW9uPjcyPC90aWZmOllS ZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpDb21wcmVzc2lvbj4xPC90aWZmOkNvbXByZXNzaW9u PgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KC/gx OQAAEGdJREFUaAXtWXt4VNW1/81k8k7Ii4SEhLx4BBD1grYIKKhgS0AKIrXVe61+Xiz0qqV4rSiC fNZCa/3u/dR7W63SCtWKVC1YQASE8BIxIUEJlLxD3u/3a5JJMv2tfebMnJkEkrT0r7LzzTn77L32 Wmuv994x2dkwoqaB22Hin51/JoAoTCa+r7WrJgHzyDFpCnA9RTnX2tWWgGWkCAtbevB1fRcy+Xv8 +tGICbDQW0aK5Rr8UBIYpsdoPpHT1I3ZHxSirMOGzForbvugAGXtvaQh89pv+P6j4RxxJB1kRyMN xu4oND7cxzy+FAFPOM9vjzXqU2D0nwywrz5FStK5fBumYkzKS761uxi1HT3w9zIjwGJCYYMV9+67 hOJWGylIxpHncJsjGHq4m8auJ9Oe3/1uRDxQOOY817gtMXyQD6dmBe8g64a/KQNe6cpCbbGThBpi fiaZKxnlsEKZtbcP6bVdqKKnmKkUaX2yB/YzajpxFxV27N5kxAZ6c3CQjckCjyYWU9jaA2tvP6aF +ztndfX29fcho64bCUHeiFF4nSDsmNHU3YcTVR2o7exFHGHmjQ2Ev8VoZybUdNpQ1GajaAaRLNkU 8BsifOHjJfPCt7Y+o7YD5xt74Gs2498i/TA1zNdIXPW7++w4y3A+jXNBPl4D5mWgmTzmNHfjJuIQ WkLhXH0nvElvapgfvwbhSxayDamYL6o7sPlMPVZMGKXrHv2kkBxCJdAMTKRY2NKNOQxxB5clYVII NyHmQGjtqegMeIhiX0yvxR++bsCee8fj7sRghU9PWF19ZszakY8tt8Xg2ZuiuF7D1kPiL2fV48WM avT39MOXxtFh64e/vwVbZo3BY9dHKCEI/R35LXg6rQL9ZoMAiKZPcJGB0ABvXHgwBWMdij9FRa8i /HkaYSDx9nN/XeQzdfwovH57LBKCKS47cXF/lTSIWTsKcEd8EI4sTzbsT+NT1t65q5i4OlG6ciqi mYt7yXvqnlIasAUZ9024glqGUMxn5W24b18pJo/2g7dhcx22Xrw4Mxr9ZPq1s/XEYkJJazdWfFKC T76TpCxYBKnpxyAUA/vSDRQz4u/BA6U4zM3NiDR4DpeZaYkieL1ZaaUPHizFh3kteG7mGCxLHoUI KqSy3YbtOU34yeEKVNBDfjEnGuIE35sQgm9EBWiGQnmJyMyMe29eaMT27Ab8kkrXlXKkvB2pHxdh dkwQ9t6TjJRQX4hXfFnTgQ2nqnHbnwpwiAaUEupDLCaIj4RR2GlFrXghvQabvjlGZ1O9//tkFc6W tSEq3Jc0XVPBPmYEerv25Jpx713WYw6WtuF7+0vRbO2Fn3J1faEJ/t4WrDlRiZVTw+FHwf4qo0Z5 TnadlfmmBxF+XlpYUZrR1w18d9OCJlHpssmVh8pw/LvjEeQ9eFgQYWy72IAPqYBtCxPx0JRQrhJR A0nB3pgTE6DC3gYK5N6JIZg5JkCFQM8w+HlVJ7ZTMZtmRWPVdRFqvY0Wdv/BMswdG4SdixIQ7qvz YMd1FOz00QGY92EBHj1SjuMG72CkQ2KUP16mYubHB+PWaBoB+TxQ2o7ffFWPaXFBNJoeRWOkDw/V abVCcVsP0wfVrGdVbf9O3HQQ1HX1Yj5d9YGUEDw8bTTszBXkCcE+JjxypBISAtWAc9XADg2S1mPC viWJuMiKb1VapQvIg2Yn8X9ET5lB4WlKEVAxRflp7fEbIxBLJW37a6M+5HhryMrpWYv+UoxFCcFY /w0Jj1rbyZBX29yDNTMiDUqROeLm0unMET+YFoHMsnacpfHJoBysuxgO/38uvY7etY4G0caQKrnv GRrtLbFB2HJLFLpsHhvRSA75dFOMENtV2IKb/5gPce0/L45HmJ8FPX2CRwg4iPBloeK6rDYs3VuC J26IwKZbosEgqnRZ0d6N+z4pZUndNSQDPdRO0igf/HZ+HN4734gNX9aoNZqJuDYlYaWQiXRBXOBl cfqQpxsZDjOV8NzBGiiwJVRKOEPJG/NjIbB6k8JmFMenUMADmgMslbmkk551iUYrCpNhsUUJS+9/ Ox7plZ14k/z/79k6FDFqbFsQp3KxawcDMF9xwC2UlTA+rz5SgUZWYb88Uwu+8BlddxOTtCSuAY2+ LGtu/6gA+5Ymk1+7YsaHeaGcQly89xJKHprMPOESwgAcjoEfTA5DdkMPNn9ehevD/VT+UInWMS/U 9d/gOGRW6JhUHjHCiADXHq/AOZb3X//7JIwLkjzhanZJ6IJdsanj0ee1b7MDt3EnElC6eu24PdYf 62dGYeOpKqIx4aW50crYzrBi1UogHdfw32YhK9aZVdeFNrpGq+xC0NGifsXY+XFxK3alxivrEI9y bxzhkLjwwt1FuJMxdfpof9gkRnF9PfOTuHYBbwukCS39qboej5fnjMHiSaH4cVq5KjMNeV/lufEh PjhcJiFSbxr3Cie7HeQ9m+XozDGuIkIgt15sxDvnm/Dh4kSW5lKm6k3jaHqkL1pZ4YniHNpxAGh+ Kx8HylpZrJggPAzWfnpTJJLocTNi/FVlKDB6JhgMfqgxsxxyfnehCQ8fLlcJW8U2Ctsu+qGb/uzz aqw9WQ3KfoBalAKFAjnopDJWfFKG0zVdjnOBDJuUsO5n1XWsst2x3lO5DhY1GakQEMXyVQoPyWX6 5uRAu5RJPauiA7/O1nOIjksDfO3repR39OHhKWEOpFCG9QSjwKbZ0biHVZx709Z/n3gjR/nif87U oVmL2w4wCVkmZPG88jaruLlJwbg+QhTrYNaALIhF0LvfHqf4l8rvH23mcw1dWE2l9NAlBaEiSWUF MuYKAyYm89fPybmhFv2D0POlZ0jVK2eaOuac1L9cYkii5UlhQ+1KFKthZXIHC4UKjwpF0Dn34MA9 mhXd23eNQxljucYTgaSRMamiFvA89cShUvz4RJWK5b1k6mKTFQ8cKMOLn1diIxPuDfRaWSD3eY+y 2pvC5H3P+BD8tdHq9pPDn40hOoAb2LFwHL6oasedHxXSO9oYovqVkraxClz45yKEMNdumz9OsUKu HW/Di/xJtJgg57iBenMCqj07vy7fscgJ9FEeyg5XtBOhAyOVtGhiEFJC/PCLjDoe0ORAJSdoD5YI L4r5IDUB/8WKSg6ayuIEjUmiMhWt+ia8dttYxHrEdrknMKv4bmTQhJtZgv6eyfPhT0sNezTRE4FD S5Pw+PFKbKWx/F9WnTpDgd4azMlXKLg1N7JCJDqJyG/SyjvoAYWNdkzfkWckovqRFHbm/RMRRw+d zzC8f1kyVh2txOKPitAnZw3ZHxU3L2kU3l0wDpE8M+lNIo0YHbevNf0tX46+vPyclqfJVsHrY0o2 2nLPp8lu77ez8sXbF5swLzYQN+/Mh5V54bsMB39itbHhdDU28weLlwpNJnrB67fH4VNa1a7cZvj5 mnGBCVUSqFhtejVDFpODKMRCBooeSuEhrRMraLHGJtE7jyVqO2P7TVSEq2kbkN1JWIwL9FIHVj2/ 6fuXvJVNb2/h+igKbAZxRIvghDCB5JVPmCqe0PU1LhravFyNyHWJqzgxoZ0xO4OndSmtvWlck8J9 MEN5oHE1YGWpLBe5U3nOCXOee9xh5EiRy2PATJ5vlJ7JiVSqcli/cbReAQ7GHbdAzStJyDOPFj/t j3noJXOimCW8JpnMhJZBZI99Vg4TGTCxZHQqJq8Z/hy78MBEVm51vDqJxHLeFORQYOraiTRbV01D sHA17KbYIfTgDA+NhionCs0oh8IhtHQYY39oKsOHEBMUGvLUacnqK9NzSkw2MoHniWdvjlLLJd80 WPtwC6/2JbTInZVFlcwEZFksaNWDHR+WzYfoQc+y1E1bnojr5NKOWN65K/6yShF7yM/LQ1UVvZGt tLRU/TRBaRuw2WxIT0/HyZMnceLECVy6dEnB6o/c3FwcO3YMp06dwtGjR9HQ0MApbp+823htlJWV BavVyr4N58+fV+/u7m589dVX6O2Vf1e4BNXW1q7opKWloaWlRSfhfDc1NeH48eOKj9zcHMd657Ra k5mZqQYqKysV3319cgB0qINyKikpwcGDB5HHffcPdvxwoXNcpzoGvLihn/EOat03o1TJK65sJ265 PZ7Og9uWOTHoZ/6Rati1JU0/cm3zMUPbD3kJ+O63xuHjJQn4jxS5Nhm89dPz3t+5EytX/icaGxtw 6NAh7Nu31w24tbUVW7ZsxpkzZ5CdnU0l8pxgaDk5Odi7dw+ef36j2rCmGA1AhPLWW2+ptTU1NXjk kUdQUVGBs2fPYuvWrdCEpsF2dHTgqaeewp49e5SCV69erYRoIIVz585h/fr1yMzMIr3nsX37duM0 xEg2b97MvfCQvGEDamtr4eWlX+1AfT/33HNUSi7eeecPEJ6u1Jweo4CUtO34Oe+RtsyKQhtPmJIv WiW0sXwVz3l3keNMo1zGiJqLWdLuyW9FS3c/FiVKaToAyLgAfn7+CAkJxpNPPgmxZItFygFXE8uX sebmZojFRkZGuibZW7JkCdas+QkSEhKwbt06TJw40Tnv5+eHefPm0cKPK6+yMEd+8cUppKUdxa23 3gpfXz3GA/v374cYwUsvvYQXXngBU6dOxYEDB5y4pCO8REVFYfnyexATE6Os3gjg7e1NZffiRz9a jdTUhbj77ruN0zAzqgiNwsIiLFhwl8LhBuDx4a4YNcmbUzKREuqnrqd9HReRkhTvYLUiiVauYMRr jG4jocmXZefupYmqiNDoGP3KgzI/rdYubuQxxMcn0AK3KeaNUIJTrG7s2LGIi4ujIo2HQ6YxblZg JCwInAjP2GbNmoXTp08rT3j66XXYtWs3PSgds2fPMYKptRLutPBmR09PDw3CVYEJsOAXjxVvysnJ xcaNG91wCG0RfGJiAml+ifZ2VrmGFh4ejldeeUUpfdOmTcpYDNMDuoMoRofhFTtD0WaGL5MeD6mk pXuKeUHZqZTnhKSS/Jngf8/zx1KWlsNtEk4kBzzzzDPcUOKAuC14RGASHurr61FQUKAU4YlflDNY E0+Kj4+nAk1YtmwZhWumkmM5pp9HtFWpqalK+WvXroUosKKCJfPixW4oe3ttSujvvfcewsJCVcgz AgifYWHh9LqXlTe+8cYbxmml1FdffRVdXV2Ijo5GYODl7/xkobMqc8OiPlwu8T5vdR/4tAR25hFe FeA3/KfRp7za3p3Pcpnnh6zvT1AXnUOVgEYaIszy8nIEBwcjNDQU1dXVyuLHjHH9X0MsWBKlWLA0 CSXiPcYmIVAKh+TkZGXVxjnpS16R9UlJSSguLlZC88QhcJ2dncjPz1e5Z/LkyQgIkCt8V2ttbaFw a5CSMkkJWQqElJQUp5eKh8h+ZG1bW5uiNWXKFEiIkyZGKHlFeI2NjVURwNPDXdSuqBgjGPBb3pw+ yYtAKw9ur98xFvtLqJi8JsTwKuPUivFIZEV3rV09CVwhlBmJ2LFqWjheo6dYmNCZbli19WOUrwW/ 43V9wij3pG1cea3/90ngCqHMgFBFNS207eVtczVP00crO/BD/gdzLm8LrrWrL4HhKcaDrlz89fEn /1a+1v45EhixYrQLBilLXcXBP4e1f22sIzZ5uWDQLmTczwz/2mK8+rv/G0Vs5lnGv874AAAAAElF TkSuQmCCAA== --_004_AM6PR07MB5816E7801BA34C69063A318586DD9AM6PR07MB5816eurp_-- From nobody Mon Feb 13 17:02:56 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PFrJ654wYz3rStm for ; Mon, 13 Feb 2023 17:03:02 +0000 (UTC) (envelope-from des@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PFrJ62fNvz3l48; Mon, 13 Feb 2023 17:03:02 +0000 (UTC) (envelope-from des@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676307782; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oKs1kw6bnqyPlkuwU3rnwPKxd7o2ghJU1KnShExHAag=; b=qgsLNdCehEFIjH1A3uR2IS/W3F3mWK+DSGByOVt+H0zKYalCj+qOwOzKyxNI6tKVjXmVh4 Tfe2k2JQPVjBlpgqRVqoyB76B5CB8rofyTswe6tI/sylMtPcFgnib57U8Lro59W41hH2JC Hpow9Tz7Bku64IWklE8owy9yUcOowOfqp+BPn/G79sFgv3hyWVuO3sfWf5plt2YWFjyoG1 cQC5dqLSKBK0PZQ6HfJ7Nxwa+lantpIGNbERCOOJv3v4f2ZcvJcFXf+VaviyXsWq4rocMG H2Vz2g0Unyql6SrvV5i2y3w1PzZsQaCukmATHvE6lmpt9nSYrXI4g3MD6R9x9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676307782; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=oKs1kw6bnqyPlkuwU3rnwPKxd7o2ghJU1KnShExHAag=; b=kE1d3KczidqDltTi0XkVNGQO82ZP3AFls2A9RmBBIOgy87DNPnE6V6ktMa2CDJMJDtYvQO voBkKCRekRs6usfuMkINzsuQfSidb2H1QMyWMxCkpT7O3OaNqZeaiOYLv/00Hz5slerzIc XVz4pb4XyZC0C/V3tKfuMO5cGOKMMqRTG217abt777c1d2za9uVgEU89IxAvh7MZZ6u+MA rXJwtN7xscpTz8YChgheO7oOzj6E7x7TI4FtZ9wstdYM3ytWt15iOH36JpHvv7r/n0oBFn f5Xi06K0wuaR3Qz91G2vR91eNG0SvW3G6bjn2bljtyhoFP/qjKVQHsxOxjWvrQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1676307782; a=rsa-sha256; cv=none; b=BVXY5EKzgQDXR6YmWRgZoo4Kf4EOBUQfLY2lMIB/pjn6R2V+TcGTGkxTxo3LZOLhs23wD+ 1cZY/EpSl5JcEAolWPZUFEWFpZZdaRPs79rqX9nk+CGZMmxbRgaOPjk3vxcIJOP2ofVNVj i0AQrUclUocxztBeMn6Xzl69AGZVeXG6IuoaJ5uMNifu0GKOiiCXs5KIsIRS8QscojmpAi oSX6O0PFhUxV3DIS6PCAu9c5AYT7IOGouOmw+SDH/35kf6+syBiGfNtHsjupRNNuYbK/yD M3sZyWYwwFv+JdTfS+aMN062FPl+Gc5xGeyw/c3P8yIhLqHz2XEV/z4fdqU2BA== Received: from ltc.des.no (unknown [84.210.219.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: des) by smtp.freebsd.org (Postfix) with ESMTPSA id 4PFrJ60kl8zHGy; Mon, 13 Feb 2023 17:03:02 +0000 (UTC) (envelope-from des@freebsd.org) Received: by ltc.des.no (Postfix, from userid 1001) id E9672100657; Mon, 13 Feb 2023 18:02:56 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Natalino Picone Cc: "freebsd-security@freebsd.org" Subject: Re: [openssl@openssl.org: OpenSSL Security Advisory] In-Reply-To: (Natalino Picone's message of "Mon, 13 Feb 2023 16:12:04 +0000") References: <1edf53ab-65d6-dcd9-00be-7d198daa7f40@ximalas.info> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (berkeley-unix) Date: Mon, 13 Feb 2023 18:02:56 +0100 Message-ID: <86h6vpv6pr.fsf@ltc.des.no> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ThisMailContainsUnwantedMimeParts: N Natalino Picone writes: > Is there an ETA for this OpenSSL update to reach the base? Last Tuesday. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@FreeBSD.org From nobody Mon Feb 13 21:31:19 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PFyFp07Ygz3qN18 for ; Mon, 13 Feb 2023 21:31:26 +0000 (UTC) (envelope-from koji@registro.br) Received: from clone.registro.br (clone.registro.br [IPv6:2001:12ff:0:2::4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PFyFm5VLzz4Ykw for ; Mon, 13 Feb 2023 21:31:24 +0000 (UTC) (envelope-from koji@registro.br) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=registro.br header.s=clone header.b=UkUEYu2r; spf=pass (mx1.freebsd.org: domain of koji@registro.br designates 2001:12ff:0:2::4 as permitted sender) smtp.mailfrom=koji@registro.br; dmarc=pass (policy=reject) header.from=registro.br; arc=pass ("registro.br:s=clone:i=1") Received: by clone.registro.br (Postfix, from userid 1002) id 1C07E51D3C; Mon, 13 Feb 2023 18:31:19 -0300 (-03) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=registro.br; s=clone; t=1676323879; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0bIAV/Ax4MDK/S9WYAWHiq1g/kqKT0ttQfyhm+bECjM=; b=UkUEYu2re5hnZRaN0uCZPA6W2MCnPg/+/YwrLOkdy94eku8+/DIwHYylZRUzAcm1HXCMla FGwNjsNPqpjVwmgzWnibvJ0Bzc7Y8I6x8VY5KoEUSY0VB1SI8YST7Jf/szwGNOTzxdwKhh dULkzH46zC+JLMyUwjQx8BfdUddLUIaOCGJfDyeh5nCoXty2nlWGO1OXbdWK9/+ha6Td4l jmNtb0i4HyJQzIZegvV5oUK48naSF0kT642PeqEnvc3oIOglSjQ+rtgjiOyPZBU89ecjjy f2+L9hWNp4v++UxahAen6CQ0loYFUJJL2MvY6JfHEaGd3gKT1Rb19z3vmgkp1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=registro.br; s=clone; t=1676323879; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0bIAV/Ax4MDK/S9WYAWHiq1g/kqKT0ttQfyhm+bECjM=; b=Kjew90g8CjXIAKRRbP4U74Lx7+u4HU2xLICsiSSOEIy8wNn5o7yLc4GXcNhFe7rV9GSC7o wY8dEahQdNhi1iST0r67yQNL7LwrRWRlOo8o0X46Rg+F81+0XZ8e/iokZ2oTvJ4q0GgymD DPz+Eu3FO0X+ODr9OxF0NFyFyo6+YP4C/aKRfKyAUXgsB7XIAL6Ghl6TLYdJCQz9r0i3ny lpttJY503ikWojBh1IOT6UT5/x6xIUzJGCmonI+ZOHQIoAeqlGmnT9Bvzp7p3BidYrG1kJ St92AFU+z5Kz3H/zXzJjYLyzijpxPTBqAYtSXTeRqjwF4kOuvNq5ht06wfeLsQ== ARC-Seal: i=1; s=clone; d=registro.br; t=1676323879; a=rsa-sha256; cv=none; b=N0zSsXIU1gKL9YfyR8oUkf7KdPgb4TiUcM8qGCCbmQKWwhJi77brhtzTY20sgs2/H2x5zW VdbhO+qQgdIELtakv2D+qi24+1hVZE3RpZ7OIRpn5X2boCTBY2Tscof+6fGku8xqGVPWea JxByM0K60FBrH1MY/0PyGzniwNL2XwbGoUfhqdwvf1JpoBvpsWltmwQ3ui1o4sALBSbMZl kjERQB/XvccaAUF9KNhZagMFJuyTDCb3Gvlra0fkXduIXQGqPKhBlB178eoLqRbTMXsSFL V7QxSQetmB9p0TtkO6pX2dq4od0uwOLBzE9592TIRq6DdWlWfQ0lk7NCWBZXiA== ARC-Authentication-Results: i=1; clone.registro.br; none Date: Mon, 13 Feb 2023 18:31:19 -0300 From: Hugo Koji Kobayashi To: "freebsd-security@freebsd.org" Subject: Re: [openssl@openssl.org: OpenSSL Security Advisory] Message-ID: References: <1edf53ab-65d6-dcd9-00be-7d198daa7f40@ximalas.info> <86h6vpv6pr.fsf@ltc.des.no> List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <86h6vpv6pr.fsf@ltc.des.no> X-Organization: Registro.br X-URL: http://registro.br/ X-Operating-System: FreeBSD X-Rspamd-Server: clone.registro.br X-Rspamd-Action: no action X-Spamd-Result: default: False [-6.69 / 15.00]; ARC_ALLOW(-1.00)[registro.br:s=clone:i=1]; DWL_DNSWL_LOW(-1.00)[registro.br:dkim]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.99)[-0.989]; DMARC_POLICY_ALLOW(-0.50)[registro.br,reject]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; RCVD_IN_DNSWL_MED(-0.20)[2001:12ff:0:2::4:from]; R_DKIM_ALLOW(-0.20)[registro.br:s=clone]; R_SPF_ALLOW(-0.20)[+a:fe.registro.br]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:22548, ipnet:2001:12ff::/32, country:BR]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_EQ_ADDR_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; DKIM_TRACE(0.00)[registro.br:+] X-Rspamd-Queue-Id: 4PFyFm5VLzz4Ykw X-Spamd-Bar: ------ X-ThisMailContainsUnwantedMimeParts: N On Mon, Feb 13, 2023 at 06:02:56PM +0100, Dag-Erling Smørgrav wrote: > Natalino Picone writes: > > Is there an ETA for this OpenSSL update to reach the base? > > Last Tuesday. Are there any plans of applying these patches to releng/12.3, releng/12.4 and releng/13.1 branches? Maybe I've missed something, but I've seen them applied only to stable/12, stable/13 and the upcoming releng/13.2 branches. Thanks, Hugo From nobody Tue Feb 14 08:11:40 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PGDSj4KZWz3rNQ7 for ; Tue, 14 Feb 2023 08:11:49 +0000 (UTC) (envelope-from fabian@wenks.ch) Received: from batman.home4u.ch (batman.home4u.ch [IPv6:2001:8a8:1005:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "home4u.ch", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PGDSg4BPkz3G8Y for ; Tue, 14 Feb 2023 08:11:47 +0000 (UTC) (envelope-from fabian@wenks.ch) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of fabian@wenks.ch designates 2001:8a8:1005:1::2 as permitted sender) smtp.mailfrom=fabian@wenks.ch; dmarc=none X-Virus-Scanned: amavisd-new at home4u.ch Received: from [0.0.0.0] (flashback.wenks.ch [IPv6:2001:8a8:1005:1:0:0:0:4]) (authenticated bits=0) by batman.home4u.ch (8.17.1/8.17.1) with ESMTPSA id 31E8BeoU020806 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Tue, 14 Feb 2023 09:11:42 +0100 (CET) (envelope-from fabian@wenks.ch) Message-ID: <067eb4e5-fa62-3129-12a5-f7108d2905fc@wenks.ch> Date: Tue, 14 Feb 2023 09:11:40 +0100 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.7.2 Subject: Re: [openssl@openssl.org: OpenSSL Security Advisory] Content-Language: de-CH, en-US To: freebsd-security@freebsd.org References: <1edf53ab-65d6-dcd9-00be-7d198daa7f40@ximalas.info> <86h6vpv6pr.fsf@ltc.des.no> From: Fabian Wenk In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spamd-Result: default: False [-3.50 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RCVD_IN_DNSWL_MED(-0.20)[2001:8a8:1005:1::2:from]; R_SPF_ALLOW(-0.20)[+ip6:2001:8a8:1005:1::2]; MIME_GOOD(-0.10)[text/plain]; ASN(0.00)[asn:15623, ipnet:2001:8a8::/32, country:CH]; R_DKIM_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[wenks.ch]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; TO_DN_NONE(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4PGDSg4BPkz3G8Y X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N Hello On 13.02.2023 22:31, Hugo Koji Kobayashi wrote: > On Mon, Feb 13, 2023 at 06:02:56PM +0100, Dag-Erling Smørgrav wrote: >> Natalino Picone writes: >> > Is there an ETA for this OpenSSL update to reach the base? >> >> Last Tuesday. > > Are there any plans of applying these patches to releng/12.3, > releng/12.4 and releng/13.1 branches? Maybe I've missed something, but > I've seen them applied only to stable/12, stable/13 and the upcoming > releng/13.2 branches. I guess this may be the push needed to also update/patch OpenSSH in releng/12.3, releng/12.4 and releng/13.1 and release an SA: https://www.openwall.com/lists/oss-security/2023/02/13/1 Best regards, Fabian From nobody Tue Feb 14 10:39:59 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PGHll6hGdz3rX4Y for ; Tue, 14 Feb 2023 10:40:03 +0000 (UTC) (envelope-from natalino.picone@nozominetworks.com) Received: from mx0b-00756801.pphosted.com (mx0b-00756801.pphosted.com [205.220.182.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.pphosted.com", Issuer "Thawte RSA CA 2018" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PGHll4ZwMz3kX8; Tue, 14 Feb 2023 10:40:03 +0000 (UTC) (envelope-from natalino.picone@nozominetworks.com) Authentication-Results: mx1.freebsd.org; none Received: from pps.filterd (m0297687.ppops.net [127.0.0.1]) by mx0a-00756801.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31E6re02025857; Tue, 14 Feb 2023 02:40:02 -0800 Received: from eur02-db5-obe.outbound.protection.outlook.com (mail-db5eur02lp2105.outbound.protection.outlook.com [104.47.11.105]) by mx0a-00756801.pphosted.com (PPS) with ESMTPS id 3np8v59bdp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 14 Feb 2023 02:40:02 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UogZ2QPAPsuRW/DaCQ+CKY1XM/FTQSS58y4kYTPjBH3AEfzU0OI9Y7t4SMKd5kJ9kwjWbrc9aVrtqFWQRyXuIKugSXpE2pfWoqCaO/8IutlOVV1QEfO8l/kUWV/StF2w5TCPH4Q8sZ3MT2Nt0IbVu3CLlLdQrYkcvoUjZtIF8YDxsHeNYpqLy+Nq02wb1bU6YvVeeollswTbuFTgwYGdJLafG/dhtwB5/nvkIJrcDp/hjk9RHuo8D/kKl7ZTkSSGYYDf4k+2rbDPRPb6O94F8qUxbRmG/NJAND1ZJporK+VVjJjVQ1EdBtoQpnPiRPeINxbnNXQR5Jp2tMIuG+odAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FNLu2E4poHUvsI7cAnISSsg67jyji8LU1/UW0XBAv+o=; b=O9TJW+BMQip+nFsf43MC7vbrYpNDv7GRY/1exOO6TM4LrkK3EkkSnfYWwAq/rtUYQBR3pRS394YiVxtN4Hv2MlPJBNQYn+jsqRP04qKSRZMjG/QDWb3J4e6w4veBv/KpKw/082qdJhqxsbZsnMSal9ZjmMMfnfjCKlZSfkF17cXXz3P/4KyajUTEFW2ArJ2rVABRsZm1TDIyRcdv56xRYLvSa03IBL4+7fD8hVeFaNet0HLpEovp4iqX7a8dr5MK2myLXJ/nQf4SsBpO/brFX6FcT3504wVzExQVLT1NFs1CJO3Rw3mem+kS5sjOhNC6k0kWo7Be815OWbuUvBH2JQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nozominetworks.com; dmarc=pass action=none header.from=nozominetworks.com; dkim=pass header.d=nozominetworks.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nozominetworks.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FNLu2E4poHUvsI7cAnISSsg67jyji8LU1/UW0XBAv+o=; b=JhFT+3Z6UiGly0NcO98V/31SvLY54727rlZQW5ljgQ4AIqGhpjtWBP+uppPIsdHhVk1zyVKnOYDEQk+jD4MZ8XUwE5ZVe+nszl4PkLzComXXb4xIsrcU9MepVFPspPmsCtlsFfsoDGiiWMfnAFjtCYcKfICNStLev62ka3MUqwc= Received: from AM6PR07MB5816.eurprd07.prod.outlook.com (2603:10a6:20b:96::22) by AS8PR07MB7528.eurprd07.prod.outlook.com (2603:10a6:20b:2a2::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.24; Tue, 14 Feb 2023 10:39:59 +0000 Received: from AM6PR07MB5816.eurprd07.prod.outlook.com ([fe80::9629:d3f:935f:4a37]) by AM6PR07MB5816.eurprd07.prod.outlook.com ([fe80::9629:d3f:935f:4a37%3]) with mapi id 15.20.6086.024; Tue, 14 Feb 2023 10:39:59 +0000 From: Natalino Picone To: =?Windows-1252?Q?Dag-Erling_Sm=F8rgrav?= CC: "freebsd-security@freebsd.org" Subject: Re: [openssl@openssl.org: OpenSSL Security Advisory] Thread-Topic: [openssl@openssl.org: OpenSSL Security Advisory] Thread-Index: AQHZO49bcD0eMbUMdEyR7JxxPu92ba7FLwMOgAB2dqiAB2695oAADsIlgAEm70g= Date: Tue, 14 Feb 2023 10:39:59 +0000 Message-ID: References: <1edf53ab-65d6-dcd9-00be-7d198daa7f40@ximalas.info> <86h6vpv6pr.fsf@ltc.des.no> In-Reply-To: <86h6vpv6pr.fsf@ltc.des.no> Accept-Language: en-US, it-IT Content-Language: en-GB X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: AM6PR07MB5816:EE_|AS8PR07MB7528:EE_ x-ms-office365-filtering-correlation-id: 0931c62d-091b-4c74-c534-08db0e77d25c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: nLKeM8O431Mv3scqoUOfTH8MsWqcsjD1Bhqz07/6h5VZaAt6o6r0HyWFyDspJlaUHpECKBDNgfMuB9Kjt8cOsJ5CqGRKSgdxsn5W1mHr/DQ9vmlWsTMc1OngZuDo0De4zLN0j6Frq03iev9wSK5IBUt6ZCYLfxVYipHWMmn+sG70q9YZKq3PIvRibasvHLA/T9hzpaJJ1FAZAlzBLuyBvD/1joe2ALTyDZ6Ylz73OWODNrZw47aoAhVRa6botVWEfxt1TmyNEzuHIPI6K+wWF4B57BSglLCr1B89ly7MOYRmn+wU1pElAQ1C9qWdKo93sOaz6+s4cLHqJF8WkzopOukajJg/t4Dm9RdoK14Off6BxAeWyU8+1LXFiBUVeyfgzS/WE3aWGGfMFJ+H+JNtQSr+EHaJ+dhvfgLuxRzgdLK+jXRpP/oHs98RCr0UUf1g4xC0sUDb42lycFdA6gjK+r5hGpPKzdxEPsl+2dOYbv3TEtu3CLNM/gQQh/jHtWzUsrsBjn02WQ2FDW53+IcQtJ95nRIPQ5quusVc6B4CvaG8kq4HN/N9RvWp/RBq7it1WNc8LXkepTitkbRVP6YpJAA+LyuCLOWBQrfRyizbrfXhHxLIkOImU0dNnqxL6yP5E0GYa8goznQiyVNox18vXAlqHQ0YSSAA3AL6hDjlH305gid1M7V+3c34fmYvMG6QfREsBP47cW29m3g27bcjdXptPAum5lzenqil/JPy/NGKGpRm3nU/bV7UAEvtzyY8 x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AM6PR07MB5816.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230025)(4636009)(396003)(136003)(376002)(366004)(39850400004)(346002)(451199018)(4744005)(2906002)(71200400001)(86362001)(15650500001)(44832011)(122000001)(99936003)(38100700002)(7696005)(66574015)(186003)(6506007)(53546011)(45080400002)(26005)(33656002)(55016003)(9686003)(38070700005)(166002)(450100002)(91956017)(83380400001)(316002)(66946007)(76116006)(4326008)(8676002)(41300700001)(6916009)(478600001)(5660300002)(52536014)(66556008)(64756008)(66446008)(8936002)(66476007)(220923002);DIR:OUT;SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?sMSiC8lrygXh70wSItbxWeL/NrA8Bq5k8SNdAesq0fs/L5LQuz2YsAf1?= =?Windows-1252?Q?aJn+y5I2mpCz3xUzMfbubuVkdLPFCGXihajIqX0kvOCD8e9bcKUiMB0T?= =?Windows-1252?Q?HHeHOp8+IClQ7sfDACH+7HoSlZYMoWzwDblkiOlqq++3SIgSHegJir1W?= =?Windows-1252?Q?OKq6y9V8Y1n5GWkp6qr8msneaYpq1JE1jlm5Emkup2EKDy5kclgbQgp6?= =?Windows-1252?Q?LNlU2tJLfU5EqSVnS3BTh8CjZDsIwc7DQcoiDZgGYfriir3Yto+12P4T?= =?Windows-1252?Q?RPbm34wuClA1IcjZwTDEpXSrrNmd//vB1xqZzsMiTk++GNUaonC66MHN?= =?Windows-1252?Q?I5Zt1Xeu+pNmOa4YqiXCk1btFvMi1oUyJXaB+3MUm8OIV/rOhRKTOSIk?= =?Windows-1252?Q?YGG5ZnSh5shlA2agZjLBLMy9ieaQ7zS+ggvn+GhuxVBup5ZVLDsCAvQf?= =?Windows-1252?Q?RYxDa3oW+/gMqHNffVobq7LHyU6UfD9X8barDkbtzUudV9Ftb92ruwAK?= =?Windows-1252?Q?TDlIuwLBvVWnTrNQqxbTI4rOQu9J9vhNYMK6IK3AHYFkNQFB7IVk1lUX?= =?Windows-1252?Q?MOdBqlw8AvPNtOhW2uhGau+XCPA12gfr4TVQNMtCEj3L4ucQLAe5Xljr?= =?Windows-1252?Q?Mh8G16EODIrmVyH9Gmr9OHpX8GeHrTdau2vHq2KGvrLHciU/4A9BlX8T?= =?Windows-1252?Q?7sQYp7aq5WS+i5cVZl7m9AVkFwsTqA1GguVIoBcYGGfRoiZw/LqgZaNN?= =?Windows-1252?Q?1yZATrAUKeqxePF6gxh4nyG17FeIgL/Bo9M13nZhTs6/3tmu4QV9EdZg?= =?Windows-1252?Q?aWOErHqS1ZzOWop3RHN1/ZcMeHwlWf9y6RGbxdKS7NLZGgs7b535oDg/?= =?Windows-1252?Q?uAvSzCYHsP9yeLnBDRE9DDZPWA4dlJBdL5KbFid4FoM8JAj1zwfmo+9T?= =?Windows-1252?Q?dnzlaG1+IR2xeSJOUp4zRLR4yI32kqz4EFjdLEtCeHrquZ1b5n4nrfCU?= =?Windows-1252?Q?202nrcXD/rDR0cZcpguXg1fb83gJ3B2h512Wbdn8nXlNA/DwM5HXFJjL?= =?Windows-1252?Q?DUoHRn2y4OeID+FqAm1V5SROd4ncv7u0jLnfOdvZDjKvTGIr68Po+vaj?= =?Windows-1252?Q?RBCRmDJ99TmV/9bZvh1kztopeux6LbxCacJn61nKY+P45KxHKPwBhgFk?= =?Windows-1252?Q?/8ftAeOAQi08nvt0utZuRmX6NB+ZMPgikfG7i1nljPl3Cw8kvxeAH6ij?= =?Windows-1252?Q?fQXvVkJi2A2tFzLNJEzITmDjGivUsWECsVe+85hXPZFsAmu1cMQ1c7xV?= =?Windows-1252?Q?BiyFKSwFtanaUJm+cV7fz9C3ud26lKCDCfKII68bnxSJIbWl1BRIWV7J?= =?Windows-1252?Q?JGctbRXPCInj4LfYuec3OBpBO+4SwzNx12aIMFQVn2t0EaP9FJQm8Av+?= =?Windows-1252?Q?rVcTNF7p3VJBIliDMSQaryv0tSzjZXaAoSZ2efHt3POp8UWhRqnPvoR6?= =?Windows-1252?Q?LqDF14ME8q3zpxfOi95Gzg24sadmuneMp1M+psmFVA3L8brg4qzvpjnU?= =?Windows-1252?Q?hfp/GD8BXIhvnwU005b01nyWG0DSTIvYYTj2Z3CnbePf5V9c1S4YYT/d?= =?Windows-1252?Q?5eZyIPzPCIAZR7iMUQNrJzb/BFsQ5PPRBQW5Wi1ld1MX23nPOorsMTfM?= =?Windows-1252?Q?Rn4Wk6UlRUFV+srQrr2dVmxVbA4VZY5Z7IKID66XoEpKBtgevVIRqEjX?= =?Windows-1252?Q?5+eakhpsswdW2h5EPF3gyt+KGn9uve/fRR3ZWDeN?= Content-Type: multipart/related; boundary="_004_AM6PR07MB5816E1A55EB70BDB382D090D86A29AM6PR07MB5816eurp_"; type="multipart/alternative" List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 X-OriginatorOrg: nozominetworks.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: AM6PR07MB5816.eurprd07.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0931c62d-091b-4c74-c534-08db0e77d25c X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2023 10:39:59.5936 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 6f04d14b-0796-4b81-b7fd-779778e05341 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: GIApzKATNc1r3VF/ZBCm0jK0VrA7IqQeuzLAyENfm+XIG23c2ymEYc+aOdcaqqvZTFZXXur0n3eupf2GeIrNuiWizFEtY6Q/+JSkD/DGgqYjwPjfmK7a0O3cnyr3cjiI X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR07MB7528 X-Proofpoint-ORIG-GUID: VNZKUWA59TD3Jhck_ZepsF9roPTgkEPm X-Proofpoint-GUID: VNZKUWA59TD3Jhck_ZepsF9roPTgkEPm X-Rspamd-Queue-Id: 4PGHll4ZwMz3kX8 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:22843, ipnet:205.220.182.0/24, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --_004_AM6PR07MB5816E1A55EB70BDB382D090D86A29AM6PR07MB5816eurp_ Content-Type: multipart/alternative; boundary="_000_AM6PR07MB5816E1A55EB70BDB382D090D86A29AM6PR07MB5816eurp_" --_000_AM6PR07MB5816E1A55EB70BDB382D090D86A29AM6PR07MB5816eurp_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Hi, I was referring to releng releases, not to stable. Moreover, it looks like the SA is still missing. I don=92t think that the patch cycle is completed yet. Best Nat -- Natalino Picone Senior Product Security Engineer =95 Phone: +41 (0)91 647 04 06 =95 natalino.picone@nozominetworks.com Nozomi Networks | The Lea= der in OT & IoT Security Website | Blog | Twitter | Linkedin | YouTube | Podcast [G0Vs5lnGv874AAAAAElFTkSuQmCC] From: Dag-Erling Sm=F8rgrav Date: Monday, 13 February 2023 at 18:03 To: Natalino Picone Cc: freebsd-security@freebsd.org Subject: Re: [openssl@openssl.org: OpenSSL Security Advisory] CAUTION: External email! Natalino Picone writes: > Is there an ETA for this OpenSSL update to reach the base? Last Tuesday. DES -- Dag-Erling Sm=F8rgrav - des@FreeBSD.org --_000_AM6PR07MB5816E1A55EB70BDB382D090D86A29AM6PR07MB5816eurp_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable

Hi,

I was referring to releng releases, not to stable.

Moreover, it looks like the SA is still missing.

I don=92t think that the patch cycle is completed ye= t.

Best

Nat

 

 

--

Natalino Picone
Senior Product Security Engineer
=95 Phone: +41 (0)91 647 04 06<= span style=3D"font-size:9.0pt;font-family:"Arial",sans-serif;colo= r:#494957">
=95 natalino.picone@nozominetworks.com

Nozomi Networks | The Leader in OT &am= p; IoT Security=
Website | Blog | Twitter | Linkedin<= /b> | YouTube | Podcast  


3D"G0Vs5lnGv874AAAAAElFTkSuQ=

 

 

From: Dag-Erling Sm=F8rgr= av <des@FreeBSD.org>
Date: Monday, 13 February 2023 at 18:03
To: Natalino Picone <natalino.picone@nozominetworks.com>
Cc: freebsd-security@freebsd.org <freebsd-security@freebsd.org>= ;
Subject: Re: [openssl@openssl.org: OpenSSL Security Advisory]

CAUTION: External e= mail!


Natalino Picone <natalino.picone@nozominetworks.com> writes:
> Is there an ETA for this OpenSSL update to reach the base?

Last Tuesday.

DES
--
Dag-Erling Sm=F8rgrav - des@FreeBSD.org

--_000_AM6PR07MB5816E1A55EB70BDB382D090D86A29AM6PR07MB5816eurp_-- --_004_AM6PR07MB5816E1A55EB70BDB382D090D86A29AM6PR07MB5816eurp_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=5080; creation-date="Tue, 14 Feb 2023 10:39:15 GMT"; modification-date="Tue, 14 Feb 2023 10:39:15 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAGYAAAAeCAYAAADermvOAAAAAXNSR0IArs4c6QAAAJBlWElmTU0A KgAAAAgABgEGAAMAAAABAAIAAAESAAMAAAABAAEAAAEaAAUAAAABAAAAVgEbAAUAAAABAAAAXgEo AAMAAAABAAIAAIdpAAQAAAABAAAAZgAAAAAAAABIAAAAAQAAAEgAAAABAAOgAQADAAAAAQABAACg AgAEAAAAAQAAAGagAwAEAAAAAQAAAB4AAAAA879mzwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAm1p VFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0 YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDUuNC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRw Oi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNj cmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFk b2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9y aWVudGF0aW9uPgogICAgICAgICA8dGlmZjpYUmVzb2x1dGlvbj43MjwvdGlmZjpYUmVzb2x1dGlv bj4KICAgICAgICAgPHRpZmY6UGhvdG9tZXRyaWNJbnRlcnByZXRhdGlvbj4yPC90aWZmOlBob3Rv bWV0cmljSW50ZXJwcmV0YXRpb24+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3Rp ZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDx0aWZmOllSZXNvbHV0aW9uPjcyPC90aWZmOllS ZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpDb21wcmVzc2lvbj4xPC90aWZmOkNvbXByZXNzaW9u PgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KC/gx OQAAEGdJREFUaAXtWXt4VNW1/81k8k7Ii4SEhLx4BBD1grYIKKhgS0AKIrXVe61+Xiz0qqV4rSiC fNZCa/3u/dR7W63SCtWKVC1YQASE8BIxIUEJlLxD3u/3a5JJMv2tfebMnJkEkrT0r7LzzTn77L32 Wmuv994x2dkwoqaB22Hin51/JoAoTCa+r7WrJgHzyDFpCnA9RTnX2tWWgGWkCAtbevB1fRcy+Xv8 +tGICbDQW0aK5Rr8UBIYpsdoPpHT1I3ZHxSirMOGzForbvugAGXtvaQh89pv+P6j4RxxJB1kRyMN xu4oND7cxzy+FAFPOM9vjzXqU2D0nwywrz5FStK5fBumYkzKS761uxi1HT3w9zIjwGJCYYMV9+67 hOJWGylIxpHncJsjGHq4m8auJ9Oe3/1uRDxQOOY817gtMXyQD6dmBe8g64a/KQNe6cpCbbGThBpi fiaZKxnlsEKZtbcP6bVdqKKnmKkUaX2yB/YzajpxFxV27N5kxAZ6c3CQjckCjyYWU9jaA2tvP6aF +ztndfX29fcho64bCUHeiFF4nSDsmNHU3YcTVR2o7exFHGHmjQ2Ev8VoZybUdNpQ1GajaAaRLNkU 8BsifOHjJfPCt7Y+o7YD5xt74Gs2498i/TA1zNdIXPW7++w4y3A+jXNBPl4D5mWgmTzmNHfjJuIQ WkLhXH0nvElvapgfvwbhSxayDamYL6o7sPlMPVZMGKXrHv2kkBxCJdAMTKRY2NKNOQxxB5clYVII NyHmQGjtqegMeIhiX0yvxR++bsCee8fj7sRghU9PWF19ZszakY8tt8Xg2ZuiuF7D1kPiL2fV48WM avT39MOXxtFh64e/vwVbZo3BY9dHKCEI/R35LXg6rQL9ZoMAiKZPcJGB0ABvXHgwBWMdij9FRa8i /HkaYSDx9nN/XeQzdfwovH57LBKCKS47cXF/lTSIWTsKcEd8EI4sTzbsT+NT1t65q5i4OlG6ciqi mYt7yXvqnlIasAUZ9024glqGUMxn5W24b18pJo/2g7dhcx22Xrw4Mxr9ZPq1s/XEYkJJazdWfFKC T76TpCxYBKnpxyAUA/vSDRQz4u/BA6U4zM3NiDR4DpeZaYkieL1ZaaUPHizFh3kteG7mGCxLHoUI KqSy3YbtOU34yeEKVNBDfjEnGuIE35sQgm9EBWiGQnmJyMyMe29eaMT27Ab8kkrXlXKkvB2pHxdh dkwQ9t6TjJRQX4hXfFnTgQ2nqnHbnwpwiAaUEupDLCaIj4RR2GlFrXghvQabvjlGZ1O9//tkFc6W tSEq3Jc0XVPBPmYEerv25Jpx713WYw6WtuF7+0vRbO2Fn3J1faEJ/t4WrDlRiZVTw+FHwf4qo0Z5 TnadlfmmBxF+XlpYUZrR1w18d9OCJlHpssmVh8pw/LvjEeQ9eFgQYWy72IAPqYBtCxPx0JRQrhJR A0nB3pgTE6DC3gYK5N6JIZg5JkCFQM8w+HlVJ7ZTMZtmRWPVdRFqvY0Wdv/BMswdG4SdixIQ7qvz YMd1FOz00QGY92EBHj1SjuMG72CkQ2KUP16mYubHB+PWaBoB+TxQ2o7ffFWPaXFBNJoeRWOkDw/V abVCcVsP0wfVrGdVbf9O3HQQ1HX1Yj5d9YGUEDw8bTTszBXkCcE+JjxypBISAtWAc9XADg2S1mPC viWJuMiKb1VapQvIg2Yn8X9ET5lB4WlKEVAxRflp7fEbIxBLJW37a6M+5HhryMrpWYv+UoxFCcFY /w0Jj1rbyZBX29yDNTMiDUqROeLm0unMET+YFoHMsnacpfHJoBysuxgO/38uvY7etY4G0caQKrnv GRrtLbFB2HJLFLpsHhvRSA75dFOMENtV2IKb/5gPce0/L45HmJ8FPX2CRwg4iPBloeK6rDYs3VuC J26IwKZbosEgqnRZ0d6N+z4pZUndNSQDPdRO0igf/HZ+HN4734gNX9aoNZqJuDYlYaWQiXRBXOBl cfqQpxsZDjOV8NzBGiiwJVRKOEPJG/NjIbB6k8JmFMenUMADmgMslbmkk551iUYrCpNhsUUJS+9/ Ox7plZ14k/z/79k6FDFqbFsQp3KxawcDMF9xwC2UlTA+rz5SgUZWYb88Uwu+8BlddxOTtCSuAY2+ LGtu/6gA+5Ymk1+7YsaHeaGcQly89xJKHprMPOESwgAcjoEfTA5DdkMPNn9ehevD/VT+UInWMS/U 9d/gOGRW6JhUHjHCiADXHq/AOZb3X//7JIwLkjzhanZJ6IJdsanj0ee1b7MDt3EnElC6eu24PdYf 62dGYeOpKqIx4aW50crYzrBi1UogHdfw32YhK9aZVdeFNrpGq+xC0NGifsXY+XFxK3alxivrEI9y bxzhkLjwwt1FuJMxdfpof9gkRnF9PfOTuHYBbwukCS39qboej5fnjMHiSaH4cVq5KjMNeV/lufEh PjhcJiFSbxr3Cie7HeQ9m+XozDGuIkIgt15sxDvnm/Dh4kSW5lKm6k3jaHqkL1pZ4YniHNpxAGh+ Kx8HylpZrJggPAzWfnpTJJLocTNi/FVlKDB6JhgMfqgxsxxyfnehCQ8fLlcJW8U2Ctsu+qGb/uzz aqw9WQ3KfoBalAKFAjnopDJWfFKG0zVdjnOBDJuUsO5n1XWsst2x3lO5DhY1GakQEMXyVQoPyWX6 5uRAu5RJPauiA7/O1nOIjksDfO3repR39OHhKWEOpFCG9QSjwKbZ0biHVZx709Z/n3gjR/nif87U oVmL2w4wCVkmZPG88jaruLlJwbg+QhTrYNaALIhF0LvfHqf4l8rvH23mcw1dWE2l9NAlBaEiSWUF MuYKAyYm89fPybmhFv2D0POlZ0jVK2eaOuac1L9cYkii5UlhQ+1KFKthZXIHC4UKjwpF0Dn34MA9 mhXd23eNQxljucYTgaSRMamiFvA89cShUvz4RJWK5b1k6mKTFQ8cKMOLn1diIxPuDfRaWSD3eY+y 2pvC5H3P+BD8tdHq9pPDn40hOoAb2LFwHL6oasedHxXSO9oYovqVkraxClz45yKEMNdumz9OsUKu HW/Di/xJtJgg57iBenMCqj07vy7fscgJ9FEeyg5XtBOhAyOVtGhiEFJC/PCLjDoe0ORAJSdoD5YI L4r5IDUB/8WKSg6ayuIEjUmiMhWt+ia8dttYxHrEdrknMKv4bmTQhJtZgv6eyfPhT0sNezTRE4FD S5Pw+PFKbKWx/F9WnTpDgd4azMlXKLg1N7JCJDqJyG/SyjvoAYWNdkzfkWckovqRFHbm/RMRRw+d zzC8f1kyVh2txOKPitAnZw3ZHxU3L2kU3l0wDpE8M+lNIo0YHbevNf0tX46+vPyclqfJVsHrY0o2 2nLPp8lu77ez8sXbF5swLzYQN+/Mh5V54bsMB39itbHhdDU28weLlwpNJnrB67fH4VNa1a7cZvj5 mnGBCVUSqFhtejVDFpODKMRCBooeSuEhrRMraLHGJtE7jyVqO2P7TVSEq2kbkN1JWIwL9FIHVj2/ 6fuXvJVNb2/h+igKbAZxRIvghDCB5JVPmCqe0PU1LhravFyNyHWJqzgxoZ0xO4OndSmtvWlck8J9 MEN5oHE1YGWpLBe5U3nOCXOee9xh5EiRy2PATJ5vlJ7JiVSqcli/cbReAQ7GHbdAzStJyDOPFj/t j3noJXOimCW8JpnMhJZBZI99Vg4TGTCxZHQqJq8Z/hy78MBEVm51vDqJxHLeFORQYOraiTRbV01D sHA17KbYIfTgDA+NhionCs0oh8IhtHQYY39oKsOHEBMUGvLUacnqK9NzSkw2MoHniWdvjlLLJd80 WPtwC6/2JbTInZVFlcwEZFksaNWDHR+WzYfoQc+y1E1bnojr5NKOWN65K/6yShF7yM/LQ1UVvZGt tLRU/TRBaRuw2WxIT0/HyZMnceLECVy6dEnB6o/c3FwcO3YMp06dwtGjR9HQ0MApbp+823htlJWV BavVyr4N58+fV+/u7m589dVX6O2Vf1e4BNXW1q7opKWloaWlRSfhfDc1NeH48eOKj9zcHMd657Ra k5mZqQYqKysV3319cgB0qINyKikpwcGDB5HHffcPdvxwoXNcpzoGvLihn/EOat03o1TJK65sJ265 PZ7Og9uWOTHoZ/6Rati1JU0/cm3zMUPbD3kJ+O63xuHjJQn4jxS5Nhm89dPz3t+5EytX/icaGxtw 6NAh7Nu31w24tbUVW7ZsxpkzZ5CdnU0l8pxgaDk5Odi7dw+ef36j2rCmGA1AhPLWW2+ptTU1NXjk kUdQUVGBs2fPYuvWrdCEpsF2dHTgqaeewp49e5SCV69erYRoIIVz585h/fr1yMzMIr3nsX37duM0 xEg2b97MvfCQvGEDamtr4eWlX+1AfT/33HNUSi7eeecPEJ6u1Jweo4CUtO34Oe+RtsyKQhtPmJIv WiW0sXwVz3l3keNMo1zGiJqLWdLuyW9FS3c/FiVKaToAyLgAfn7+CAkJxpNPPgmxZItFygFXE8uX sebmZojFRkZGuibZW7JkCdas+QkSEhKwbt06TJw40Tnv5+eHefPm0cKPK6+yMEd+8cUppKUdxa23 3gpfXz3GA/v374cYwUsvvYQXXngBU6dOxYEDB5y4pCO8REVFYfnyexATE6Os3gjg7e1NZffiRz9a jdTUhbj77ruN0zAzqgiNwsIiLFhwl8LhBuDx4a4YNcmbUzKREuqnrqd9HReRkhTvYLUiiVauYMRr jG4jocmXZefupYmqiNDoGP3KgzI/rdYubuQxxMcn0AK3KeaNUIJTrG7s2LGIi4ujIo2HQ6YxblZg JCwInAjP2GbNmoXTp08rT3j66XXYtWs3PSgds2fPMYKptRLutPBmR09PDw3CVYEJsOAXjxVvysnJ xcaNG91wCG0RfGJiAml+ifZ2VrmGFh4ejldeeUUpfdOmTcpYDNMDuoMoRofhFTtD0WaGL5MeD6mk pXuKeUHZqZTnhKSS/Jngf8/zx1KWlsNtEk4kBzzzzDPcUOKAuC14RGASHurr61FQUKAU4YlflDNY E0+Kj4+nAk1YtmwZhWumkmM5pp9HtFWpqalK+WvXroUosKKCJfPixW4oe3ttSujvvfcewsJCVcgz AgifYWHh9LqXlTe+8cYbxmml1FdffRVdXV2Ijo5GYODl7/xkobMqc8OiPlwu8T5vdR/4tAR25hFe FeA3/KfRp7za3p3Pcpnnh6zvT1AXnUOVgEYaIszy8nIEBwcjNDQU1dXVyuLHjHH9X0MsWBKlWLA0 CSXiPcYmIVAKh+TkZGXVxjnpS16R9UlJSSguLlZC88QhcJ2dncjPz1e5Z/LkyQgIkCt8V2ttbaFw a5CSMkkJWQqElJQUp5eKh8h+ZG1bW5uiNWXKFEiIkyZGKHlFeI2NjVURwNPDXdSuqBgjGPBb3pw+ yYtAKw9ur98xFvtLqJi8JsTwKuPUivFIZEV3rV09CVwhlBmJ2LFqWjheo6dYmNCZbli19WOUrwW/ 43V9wij3pG1cea3/90ngCqHMgFBFNS207eVtczVP00crO/BD/gdzLm8LrrWrL4HhKcaDrlz89fEn /1a+1v45EhixYrQLBilLXcXBP4e1f22sIzZ5uWDQLmTczwz/2mK8+rv/G0Vs5lnGv874AAAAAElF TkSuQmCCAA== --_004_AM6PR07MB5816E1A55EB70BDB382D090D86A29AM6PR07MB5816eurp_-- From nobody Thu Feb 16 00:03:59 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PHFY61sMzz3rXBf for ; Thu, 16 Feb 2023 00:04:10 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from echo.brtsvcs.net (echo.brtsvcs.net [IPv6:2607:f740:c::4ae]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PHFY53NFzz3x1J; Thu, 16 Feb 2023 00:04:09 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of list_freebsd@bluerosetech.com designates 2607:f740:c::4ae as permitted sender) smtp.mailfrom=list_freebsd@bluerosetech.com; dmarc=none Received: from chombo.houseloki.net (65-100-43-2.dia.static.qwest.net [65.100.43.2]) by echo.brtsvcs.net (Postfix) with ESMTPS id B53DA38D00; Thu, 16 Feb 2023 00:04:01 +0000 (UTC) Received: from [10.26.25.100] (ivy.pas.ds.pilgrimaccounting.com [10.26.25.100]) by chombo.houseloki.net (Postfix) with ESMTPSA id 583A713864; Wed, 15 Feb 2023 16:04:01 -0800 (PST) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli To: Mariusz Zaborski Cc: freebsd-security@freebsd.org, FreeBSD Security Advisories References: <20230208190833.1DF6F8824@freefall.freebsd.org> From: Mel Pilgrim Message-ID: <86f2e6b1-aeef-2472-eeb2-42bee64ac812@bluerosetech.com> Date: Wed, 15 Feb 2023 16:03:59 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.28 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.984]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; RCVD_VIA_SMTP_AUTH(0.00)[]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:36236, ipnet:2607:f740:c::/48, country:US]; RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[bluerosetech.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4PHFY53NFzz3x1J X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N On 2023-02-10 3:25, Mariusz Zaborski wrote: > To test decryption in dry mode (can be used on the decrypted device): > echo -n | geli attach -C -p -k - dev > > If it succeeds you want to re-encrypt your devices. Does this count as a success or a failure? # echo -n | geli attach -C -p -k - gpt/zdata15 geli: Wrong key for gpt/zdata15. geli: There was an error with at least one provider. From nobody Thu Feb 16 18:23:55 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PHjy407hJz3rHcs for ; Thu, 16 Feb 2023 18:23:56 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PHjy36jRSz4NM6; Thu, 16 Feb 2023 18:23:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676571835; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=YJ0uDUnD7UJGia3Yxty6QouScwSMaRSrIvCQM6q3IZ8=; b=vLv103WBApoZSArMvHkNFhX3JDAbK35qkXTcuBXR655f2QJ8Tjv3h7fZubqHgnCG1I7meY /RlxvYGrIvuB1ebG0EVNhMaGSIQc5qQS7ZqnICbI76NoCIXw54RU9nb+Y7d8ovJ66LyG4d VPA0rOuoF2ZsmDxeS9wWLH5bNPFK+42zZOTKii1wmjcqS0etiwg/xV4Rok/ogYGXCtGmbm 24pQW140RQYFEwjwNXfTtMW9xNWkKb8ypNURCqzflUr09fQFBKTV+u5NNQecHgdhXKETz8 a02BsiQi9dbVnV6qyob+xfRNJQBGJTnlCLxJETl65BgeamUVBa15sFFhV6J7Mw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676571835; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=YJ0uDUnD7UJGia3Yxty6QouScwSMaRSrIvCQM6q3IZ8=; b=g+52x4NbUFBLV0TGYkkqnZ/cRMv9Embgap9o1Bb/4rqerFeQdywJnofeX0j8Iu7j5CJgE5 oY3mThRbsOvVOq2HG2rUv/PAcn2ULGVLMplw6Vs4/WeYnSXsZA1OrdlTc94ouFnY3/Ht2i EbdpqS2IFIFH4VfjSqqeI4iVUxoKa4m8zwjqpHEAOeVU0vNAa2II9tR8JLDLZq9bzIRpau QZNliiGGSm+wpyUpM3g4GQApv77LxM57eKKWhOCnA0aYskyYA48NJgodxeQRLVrqHIj40R RPDkv2XGqMxGxLCtR59oPQWfeppriHZwuolNynllwf7SEMEociuhTUwwlv9+Bg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1676571835; a=rsa-sha256; cv=none; b=s1uTEz6AfZ0i33wIvNDiSctaKvmBKFrOuP4oa8sZFvJGd9Q2uNGh5x4bL7hG+kWHmz63z/ ze9eotP9PmslOO6cpmpfz4fMJF+xfOp4O74RAbU/JEPMKo6p0tH/CdvElFL3HoiobA4tDo afGEcfclbqFEkCMBTRoP9U+CNwaqH+bgwWHzobeQac/NoWZ3rhICcFvEnp1fiN8Fdw128z Y0FSlYw1bY+hZwmUVTeYKQAbWxq6AopwwdT/wSGP1vnJDX7E3cRW8xvs4mLT0mQpMXDG5b /VSGI2e4AKBElfAXjbv5hN1nT4ziBZ/0F0WWr/DHI2f2Gk6HC1SMMajE4lQytg== Received: by freefall.freebsd.org (Postfix, from userid 945) id CC7834800; Thu, 16 Feb 2023 18:23:55 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-23:02.openssh Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20230216182355.CC7834800@freefall.freebsd.org> Date: Thu, 16 Feb 2023 18:23:55 +0000 (UTC) X-ThisMailContainsUnwantedMimeParts: N List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:02.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication double free Category: contrib Module: openssh Announced: 2023-02-16 Credits: Mantas Mikulenas Affects: FreeBSD 12.4 Corrected: 2023-02-08 21:06:22 UTC (stable/13, 13.2-STABLE) 2023-02-08 21:07:30 UTC (stable/12, 12.4-STABLE) 2023-02-16 18:04:07 UTC (releng/12.4, 12.4-RELEASE-p2) CVE Name: CVE-2023-25136 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. II. Problem Description A flaw in the backwards-compatibility key exchange route allows a pointer to be freed twice. III. Impact A remote, unauthenticated attacker may be able to cause a denial of service, or possibly remote code execution. Note that FreeBSD 12.3 and FreeBSD 13.1 include older versions of OpenSSH, and are not affected. FreeBSD 13.2-BETA1 and later include the fix. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.4] # fetch https://security.FreeBSD.org/patches/SA-23:02/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-23:02/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 296ec8eae0c8 stable/13-n260933 stable/12/ r372919 releng/12.4/ r372938 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPucY4ACgkQbljekB8A Gu+iNA/+OSEEsiNqkwsODt83JcagAx2MmEyDOjj0sz5IHXpjSWB0kfM4HU7spG1p F94ELys9aMzedPtvHtt0xZGTb6mMmdo+xJyit8NJaEsTqfsx6qjaEwyieakJleLs HMWBpvf8Gd7WVek8uxSmw146LpvuIXMPvASJ2aW0x8KDcPMagmZjHenFtX73F3c7 Hkqn3dgwoQCtwGLNVliQukq7v0Vdhq8s0WbmYcZxqXkg8l8Kf8NusT2koDcQUWR+ PH7OAAwA4DLxvOrPnmni2rxdfDgbXmcwpr8tBvHliN/Sgw3zH0fLUr2sL6gi/ORX iUKZB+RaI8Edw+FZhycKRSFJbl29TpzCr8ucgyspNamsbuPHVwai0mGCZ4UuKSuo mfnEup9DGkBYWZNPMeq4t7BF7oytDZTIKxmHS89XGZR22NZe7UNeRwIkxct61H8Z HBObWH/i2pCSOrFghVW8xnqgYbIr/evb95otL0Drkl605oR34pIlcH/4dvfrxadz Ugn83baGssvqYVL41Uc73ofL6ESveRjyYKKwP0EWSHDqOgjFcybFtf5y4mZqZr3f sjusHcHhzcQ5Cn1XL7cHVyM0/6ErGUD36Suy6LoAwUwXvXgM1B1QOQeopMiGE4EF 40AmlMBHMmWrMKauhOrs5n4J2MRZIeJg0uTmg7QS7I2+BE56NN8= =IJSD -----END PGP SIGNATURE----- From nobody Thu Feb 16 18:24:00 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PHjy81mv0z3rHG7 for ; Thu, 16 Feb 2023 18:24:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PHjy818BMz4NcH; Thu, 16 Feb 2023 18:24:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676571840; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=rXbgk+wXLveXQ8AnIU6JrETIi0kMK3H4hBLaJfmDr/Y=; b=rrHL3kzfdS1bmfx0dm+OGREGHn6/DWY3SdxIgFE40o9eaCSo9MBBIA1+hNjS1UngHOZEd1 bdFwlBHLMH4uchCzewIgUbCxURMn57LhH/Bwr1xNUViMnE43nM1c4lKsHseaE1P/o+p2s/ YESA9U8TlJLLlDQT1OG0PSoTxePOR+54YWAptT5NN9kqcvP2UStjDJW5+S7/FWb9196JKR gUCpToxnPE3TTVM25KYcPwVy6gfghWirKVFJ+Ci5ecm3Dfm212xDxA3cOrDBvAqRDNRa6S 0dbXkAylxyJz6+hbzrVgKcofc6JIcgiHnpSX8zdYjo/o/ptIP+adf4DAey4Few== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1676571840; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=rXbgk+wXLveXQ8AnIU6JrETIi0kMK3H4hBLaJfmDr/Y=; b=Z7oC8Vp/C7t0S9AtXvv5upjH+ePETlemg93TeuXBolUbTzkm5uCatonTzwNL/xosvdBvrU jXFUZDEGQCnkpALkbNX4YagG9OyIeH9wY4tl20KShzE2Un5K+G2ELzfpYAOTYM5IKiUV8U 4MAHtu+20lw5xFM/CHzSmL0zqla7Htb0VQGiZPMRFmd09Gglgb8G/vqKtGvpfJ//IthPrK 80NVq0BoC0B4DsdXkxDMVP9zIUp4VrTvBsLvEjujcoawlbk/zSrTBt0RiWK4/RKIdFWG12 wC+qexSC2vnRvKQnlRabM0XHDC8497/Q2Ts5I8J8Pe7OwO1klR4iEhYjY54jvg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1676571840; a=rsa-sha256; cv=none; b=Vux+8DIWUeQKZa+VRCM+jVQMR+Gy65LpvEiuOjJEIXgcyKJfmSw2BsKss+Tm4BINvFAFJU eQ13mPBi+1k6YuVOzm7PF2dCMG8J2lz91bACUlcRbqlie5/klLrK73Dsg4QOs3t6nfKNcE yf5vaSndOhW6tVFoDjqoJuky+ebyxiHsaZQs9QZ8i9KD/MEr876oSYztnNFk0uQfnUL59W I5Par6BeEcIMxTOtbGgcIwj5TsTWQiYXK48dnilz4opGyL6zSZ+ni0bP40rSMXtjBpLI65 9cMgeGvFm4f0JnkahgtXO2yQjXhYP3X4AW9khP7JS8EGAxltL/jpcYUjhF9bWQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id 126AB45C6; Thu, 16 Feb 2023 18:24:00 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-23:03.openssl Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20230216182400.126AB45C6@freefall.freebsd.org> Date: Thu, 16 Feb 2023 18:24:00 +0000 (UTC) X-ThisMailContainsUnwantedMimeParts: N List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:03.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2023-02-16 Credits: See referenced OpenSSL advisory. Affects: All supported versions of FreeBSD. Corrected: 2023-02-07 22:38:40 UTC (stable/13, 13.1-STABLE) 2023-02-16 17:58:13 UTC (releng/13.1, 13.1-RELEASE-p7) 2023-02-07 23:09:41 UTC (stable/12, 12.4-STABLE) 2023-02-16 18:04:12 UTC (releng/12.4, 12.4-RELEASE-p2) 2023-02-16 18:03:37 UTC (releng/12.3, 12.3-RELEASE-p12) CVE Name: CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol. It is also a general-purpose cryptography library. II. Problem Description * X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. * Timing Oracle in RSA Decryption (CVE-2022-4304) A timing based side channel exists in the OpenSSL RSA Decryption implementation. * Use-after-free following BIO_new_NDEF (CVE-2023-0215) The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. * Double free after calling PEM_read_bio_ex (CVE-2022-4450) The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. III. Impact * X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. * Timing Oracle in RSA Decryption (CVE-2022-4304) A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. * Use-after-free following BIO_new_NDEF (CVE-2023-0215) A use-after-free will occur under certain conditions. This will most likely result in a crash. * Double free after calling PEM_read_bio_ex (CVE-2022-4450) A double free may occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-23:03/openssl.patch # fetch https://security.FreeBSD.org/patches/SA-23:03/openssl.patch.asc # gpg --verify openssl.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 0904c29a0a11 stable/13-n254398 releng/13.1/ e237b128e080 releng/13.1-n250181 stable/12/ r372906 releng/12.4/ r372939 releng/12.3/ r372936 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPucZwACgkQbljekB8A Gu9HjQ//Re9YWzj2N2OaIbEljpogMIUxDzltPdCk+v6SODdiMh2ZesKojEHv9u3G 3pFkJxzvqPX1BID8S7arZHnHUTeDKGq+eJef+q6gVmSA7F92l9eAK9UhTgeV5CDT VzFijM225KzFWA6VeD5pUtnCxze+Cor1y/XHAFPU1Ld5O+Tiem+vpN3OQt/hRlxI 3YC2zOKbpZiXX0vAiSsJw4r31yLqbY97Lmu3ccEAnKSNagkuFzuXyCSHroOPrIuB zvNmFK6Brv6hnG+yucqdGi2g21oIW2i/UhObohCcxnUXBIa6xAbVVoiEy+fmutXx T0JAOR75GqMuBUv4B4OT32cVkhZZJqWzSmeDed28cr5J3fWov+z7iePTezcFVMKj gY3G5Awm41Qg6zjVqxZdj5n56yFSUgD63ZN0MKBPy8VDgSOv9vQzVR12/XyGOQrv LnMtwtiI1qAoLiHXBLhrUOqrYw/WABHGNJVIVer4dzZCXw3VUqqxluqsUw0r5h9A J9Ox1zcTV3N6wTHeVwUsScwjANg5dfQ2xnDZHWsPwPJuyCCiDXx8X7D13ACkHYVS 3MqvRC4+wZTNttp3jH1JINe0CE7Z/euLDtPUdM3/xD/+mtO9g9ADg+GHkF5Tief2 i+AAWY/igHC1jQiXvmdFHf3IddxLoyhJAL5MiPxyTwAErR/8Xwc= =G1z4 -----END PGP SIGNATURE----- From nobody Thu Feb 16 18:47:40 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PHkTj74kmz3rL2h for ; Thu, 16 Feb 2023 18:47:53 +0000 (UTC) (envelope-from trashcan@ellael.org) Received: from mx2.enfer-du-nord.net (mx2.enfer-du-nord.net [IPv6:2001:41d0:701:1000::1685]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PHkTj4zCyz3kx5; Thu, 16 Feb 2023 18:47:53 +0000 (UTC) (envelope-from trashcan@ellael.org) Authentication-Results: mx1.freebsd.org; none Received: from smtpclient.apple (p200300Fb4F006B0191357Bf4fe35e13a.dip0.t-ipconnect.de [IPv6:2003:fb:4f00:6b01:9135:7bf4:fe35:e13a]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.enfer-du-nord.net (Postfix) with ESMTPSA id 4PHkTX1G5Tz1Bm3; Thu, 16 Feb 2023 19:47:44 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ellael.org; s=dkim; t=1676573264; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5iDrT45i2dpfOWse62j5xIlQaBEH+NSVe1wbkF65vyU=; b=I6DIskdbpp2v0IoNziyieXVmAKPhlbXFLTOMXAfrWNtbNrQMFg9uURD8DviQy3VsE2OimM 4mUk8/W6A8ejC2LwUwIN3t+VvMVqyG74YhI8UlqEkfMyUC3rNMTGl9gpSB30AOFqgPIf68 51rWitQFn664+Ghc88Ea7WlknKewMPAxWPK1OxnEhFdIMBZTwh+wZ7N7vVnrQs1/MlS20s e9aTX3pD9h2heCgMbOhuvqfNukzAWG1DHSlsZ/x3xYaDlK3+jU0Tz84li00uZmNaixnLyO RP/ylgvvSnVSPoiuHaQXE9e+/h0k01QEwrD0lcoDBuM3Vnnaehaggpu78iMFEA== Content-Type: text/plain; charset=utf-8 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.2\)) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:02.openssh From: Michael Grimm In-Reply-To: <20230216182355.CC7834800@freefall.freebsd.org> Date: Thu, 16 Feb 2023 19:47:40 +0100 Cc: FreeBSD Security Advisories Content-Transfer-Encoding: quoted-printable Message-Id: References: <20230216182355.CC7834800@freefall.freebsd.org> To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.3696.120.41.1.2) X-Rspamd-Queue-Id: 4PHkTj4zCyz3kx5 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16276, ipnet:2001:41d0::/32, country:FR] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N > On 16. Feb 2023, at 19:23, FreeBSD Security Advisories = wrote: [=E2=80=A6] > Branch/path Hash = Revision > - = ------------------------------------------------------------------------- > stable/13/ 296ec8eae0c8 = stable/13-n260933 [=E2=80=A6] > # git rev-list --count --first-parent HEAD 254579 Typo or am I getting something wrong? Regards, Michael From nobody Fri Feb 17 01:27:26 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PHvLm5RJRz3rBVH for ; Fri, 17 Feb 2023 01:27:28 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PHvLl6mRNz4XlB for ; Fri, 17 Feb 2023 01:27:27 +0000 (UTC) (envelope-from grarpamp@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=mAKTMG2G; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::e2f as permitted sender) smtp.mailfrom=grarpamp@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-vs1-xe2f.google.com with SMTP id p14so4053218vsn.0 for ; Thu, 16 Feb 2023 17:27:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1676597247; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=ecOSt8t+kU5UxXcR2+jUVJhRvqqEU4x7swluZK2aksE=; b=mAKTMG2GHXj6GzoGxjq5IMNB3JOaxUHT2JELi+9mV6v9+mlCkzkn7WDtsikTs425pJ hAc7y2wIZVTxSoop81sTu7ck8y6T2TWZl4KchZAoZE6BSghb2t4i4J1AooIr8n/gKoz0 6VgrQ4EF+P00z6KmaO2PbxjK4DCDsrifkWmlQqBZ6kpNyX6qhUKqYdZ7ilzDBk9jfkC5 56tWKjw5/oQsM12uHzuN9Miz52KejH+ohSsk7zzhK7fULa84L5PlM82NoIMTybAuuD0Y Vu8RzSVW1bgAVjkGSl/2VO1WSDbVWGbbdNLIQG5xet3226ROj5EMEX/h2/sRb8WJ/WMm 8mlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1676597247; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ecOSt8t+kU5UxXcR2+jUVJhRvqqEU4x7swluZK2aksE=; b=oxD7kj39+nadhGOD13ojI1V+rr9lvpZ9kPXXwEOXUcG9+lCbGmZdrANBeKus47AsWe M6pPnZmuCakcfICODU/ob7w0hIwJ4wydYmWLdh6NglKEMsqRQ+yZzaG4WLYsTEkDzkSe cq0DzXobPckGFkX4h3EhJppNoErIPSmlVlkjJ7FSRsWJFaR4N2kvPYAflu2CHEiO7IVw NL+Wp+0iaQrID987fb/1QrSVreuIvcvwddTOxJFylwUGvBkqDAegH9v60AAiNkjepHCT myfboclaQAjULH5i07oDaD9m+Vt+7z1t2XFHMqYqCQKlpF0ppv5nncWp9QQi03plI6uO qcow== X-Gm-Message-State: AO0yUKXmJ20Cn/0ZDwP0L+11mf/CY0CmnUET1zLZpkg1YE447TlIJ+Y9 OKpMMZZN5nMpIlG+lWORkCfR6j6OzIfeMTqmgon5gSNhcB8erIfC X-Google-Smtp-Source: AK7set+g13gX5YznBku4hEb1l/JsYl6eb3ZlpW1nQnnlgR/gzVfcHgmwrKy0aDH4nMuDAKTZrUhVBI94vPWNvIikinM= X-Received: by 2002:a67:c09c:0:b0:3f0:89e1:7c80 with SMTP id x28-20020a67c09c000000b003f089e17c80mr1230818vsi.72.1676597247015; Thu, 16 Feb 2023 17:27:27 -0800 (PST) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Received: by 2002:a59:c32b:0:b0:399:45ad:34c4 with HTTP; Thu, 16 Feb 2023 17:27:26 -0800 (PST) In-Reply-To: <86f2e6b1-aeef-2472-eeb2-42bee64ac812@bluerosetech.com> References: <20230208190833.1DF6F8824@freefall.freebsd.org> <86f2e6b1-aeef-2472-eeb2-42bee64ac812@bluerosetech.com> From: grarpamp Date: Thu, 16 Feb 2023 20:27:26 -0500 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli To: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.995]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::e2f:from]; ARC_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FREEMAIL_ENVFROM(0.00)[gmail.com]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; FREEMAIL_FROM(0.00)[gmail.com]; FROM_HAS_DN(0.00)[]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-Rspamd-Queue-Id: 4PHvLl6mRNz4XlB X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N On 2/15/23, Mel Pilgrim wrote: > # echo -n | geli attach -C -p -k - gpt/zdata15 > geli: Wrong key for gpt/zdata15. > geli: There was an error with at least one provider. That test failed so the "empty" or "NULL" key (aka "echo -n") is not the key. These should not work either printf '' | geli printf '\000' printf '\n' printf ' ' printf 'notthekey' and only cat /path/to/your/keyfile | geli should work. From nobody Fri Feb 17 06:01:47 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PJ1RV4tDdz3rY3B for ; Fri, 17 Feb 2023 06:01:58 +0000 (UTC) (envelope-from copariuc@uaic.ro) Received: from smtpout.uaic.ro (smtpout.uaic.ro [85.122.16.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtpout.uaic.ro", Issuer "GEANT OV RSA CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PJ1RT4tbdz3PVr for ; Fri, 17 Feb 2023 06:01:57 +0000 (UTC) (envelope-from copariuc@uaic.ro) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of copariuc@uaic.ro designates 85.122.16.18 as permitted sender) smtp.mailfrom=copariuc@uaic.ro; dmarc=none Received: from mail.uaic.ro (mail.uaic.ro [85.122.16.16]) by smtpout.uaic.ro (Postfix) with ESMTPS id DBBF5D7720 for ; Fri, 17 Feb 2023 08:01:47 +0200 (EET) Received: from localhost (smtpcf.uaic.ro [85.122.16.17]) by mail.uaic.ro (Postfix) with ESMTP id CC8AD168FF4 for ; Fri, 17 Feb 2023 08:01:47 +0200 (EET) X-Virus-Scanned: Scanned by virgins with neutral pH Received: from mail.uaic.ro ([85.122.16.16]) by localhost (smtpcf.uaic.ro [85.122.16.17]) (amavisd-new, port 10024) with ESMTP id 0jUq96kq5v2r for ; Fri, 17 Feb 2023 08:01:47 +0200 (EET) Received: from [IPv6:::ffff:192.168.0.131] (unknown [5.14.28.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: copariuc) by mail.uaic.ro (Postfix) with ESMTPSA id 81985168FAC for ; Fri, 17 Feb 2023 08:01:47 +0200 (EET) List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 To: "freebsd-security@freebsd.org" From: Cristian Opariuc-Dan Subject: Unsubscribe Date: Fri, 17 Feb 2023 08:01:47 +0200 Importance: normal X-Priority: 3 Content-Type: multipart/alternative; boundary="_15653CE1-C724-4068-8DAE-5CE221FBA3AB_" X-Spamd-Result: default: False [-0.30 / 15.00]; MISSING_MID(2.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_PARTS_DIFFER(0.50)[100.0%]; R_SPF_ALLOW(-0.20)[+ip4:85.122.16.18]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:12675, ipnet:85.122.16.0/20, country:RO]; TO_DN_EQ_ADDR_ALL(0.00)[]; HAS_X_PRIO_THREE(0.00)[3]; ARC_NA(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; FROM_HAS_DN(0.00)[]; DMARC_NA(0.00)[uaic.ro]; RCVD_TLS_LAST(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_VIA_SMTP_AUTH(0.00)[] X-Rspamd-Queue-Id: 4PJ1RT4tbdz3PVr X-Spamd-Bar: / X-ThisMailContainsUnwantedMimeParts: N --_15653CE1-C724-4068-8DAE-5CE221FBA3AB_ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Unsubscribe --_15653CE1-C724-4068-8DAE-5CE221FBA3AB_ Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8"

&nb= sp;

 

Unsubscribe

 

= --_15653CE1-C724-4068-8DAE-5CE221FBA3AB_-- From nobody Fri Feb 17 13:28:20 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PJCLn0SZrz3qN3G for ; Fri, 17 Feb 2023 13:28:33 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Received: from enterprise.ximalas.info (enterprise.ximalas.info [IPv6:2001:700:1100:1::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ximalas.info", Issuer "Hostmaster ximalas.info" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PJCLl6fxvz4J2N for ; Fri, 17 Feb 2023 13:28:31 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ximalas.info header.s=default header.b=n7SoTRmI; spf=pass (mx1.freebsd.org: domain of trond.endrestol@ximalas.info designates 2001:700:1100:1::8 as permitted sender) smtp.mailfrom=trond.endrestol@ximalas.info; dmarc=pass (policy=reject) header.from=ximalas.info Received: from enterprise.ximalas.info (Ximalas@localhost [127.0.0.1]) by enterprise.ximalas.info (8.17.1/8.17.1) with ESMTPS id 31HDSKmS023172 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO) for ; Fri, 17 Feb 2023 14:28:20 +0100 (CET) (envelope-from trond.endrestol@ximalas.info) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ximalas.info; s=default; t=1676640500; bh=2cngiFR3w6R58fyRqrkxW+4cgsZun7/IhwSorwbln9o=; h=Date:From:To:Subject:In-Reply-To:References; b=n7SoTRmII1xcWVSA8CYrEBcYKvwR8FD0HFBN7EgLw2wlWfNC5Buah+83e2WHiU/7U E4o9MTAKAEsr69WNUN3FGn0hl2uKmBcfYZZNOXVeHX0R/Qj9wDmfTHNQVymCbhRxyc Bz6IEttoV6habuV5K2i1vXwa9CrMWnQdRtut9/8yTFku8+AI+in2aTAGh/zJoqJ1i8 g2zQS4skxsh+hyQLOL7jPOep0e6yVKl70/pRAxTYudndHKpzM7074QxspBkHYHeUdR locA3ByPuWnZqVqJKTdEllMsOmqk1dI1F3VSIjWQpJTDsrlPRvfAtPiyK19JZcQl9o DAfSOMFs5Fgpw== Received: from localhost (trond@localhost) by enterprise.ximalas.info (8.17.1/8.17.1/Submit) with ESMTP id 31HDSKxG023122 for ; Fri, 17 Feb 2023 14:28:20 +0100 (CET) (envelope-from trond.endrestol@ximalas.info) X-Authentication-Warning: enterprise.ximalas.info: trond owned process doing -bs Date: Fri, 17 Feb 2023 14:28:20 +0100 (CET) From: =?UTF-8?Q?Trond_Endrest=C3=B8l?= To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:02.openssh In-Reply-To: Message-ID: <869c674a-206c-9f63-d5c2-ac2a3bca721a@ximalas.info> References: <20230216182355.CC7834800@freefall.freebsd.org> OpenPGP: url=http://ximalas.info/about/tronds-openpgp-public-key List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="3591332809-455972253-1676640500=:7193" X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF autolearn=unavailable autolearn_force=no version=4.0.0 X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on enterprise.ximalas.info X-Spamd-Result: default: False [-3.00 / 15.00]; CTYPE_MIXED_BOGUS(1.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-0.999]; DMARC_POLICY_ALLOW(-0.50)[ximalas.info,reject]; R_DKIM_ALLOW(-0.20)[ximalas.info:s=default]; R_SPF_ALLOW(-0.20)[+a]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[ximalas.info:+]; RCVD_COUNT_THREE(0.00)[3]; ASN(0.00)[asn:224, ipnet:2001:700::/32, country:NO]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; HAS_XAW(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4PJCLl6fxvz4J2N X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --3591332809-455972253-1676640500=:7193 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT On Thu, 16 Feb 2023 19:47+0100, Michael Grimm wrote: > > On 16. Feb 2023, at 19:23, FreeBSD Security Advisories wrote: > > […] > > > Branch/path Hash Revision > > - ------------------------------------------------------------------------- > > stable/13/ 296ec8eae0c8 stable/13-n260933 > > […] > > > # git rev-list --count --first-parent HEAD > > 254579 > > Typo or am I getting something wrong? If you rebase your own local branch on the tip of the official branch, then each occurance of rebasing counts as only one commit. Searching for the commit hash is the better option. -- ---------------------------------------------------------------------- Trond Endrestøl | Trond.Endrestol@ximalas.info Member of ACM, NAS, NUUG, USENIX | FreeBSD 13.2-S & Alpine 2.26 --3591332809-455972253-1676640500=:7193-- From nobody Fri Feb 17 22:52:06 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PJRs42qMKz3rsjT for ; Fri, 17 Feb 2023 22:52:08 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Received: from echo.brtsvcs.net (echo.brtsvcs.net [208.111.40.118]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PJRs40hZyz4PDV for ; Fri, 17 Feb 2023 22:52:08 +0000 (UTC) (envelope-from list_freebsd@bluerosetech.com) Authentication-Results: mx1.freebsd.org; none Received: from chombo.houseloki.net (65-100-43-2.dia.static.qwest.net [65.100.43.2]) by echo.brtsvcs.net (Postfix) with ESMTPS id 5BC7D38D00; Fri, 17 Feb 2023 22:52:05 +0000 (UTC) Received: from [10.26.25.100] (ivy.pas.ds.pilgrimaccounting.com [10.26.25.100]) by chombo.houseloki.net (Postfix) with ESMTPSA id F320314211; Fri, 17 Feb 2023 14:52:04 -0800 (PST) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:01.geli To: grarpamp , freebsd-security@freebsd.org References: <20230208190833.1DF6F8824@freefall.freebsd.org> <86f2e6b1-aeef-2472-eeb2-42bee64ac812@bluerosetech.com> From: Mel Pilgrim Message-ID: <88b49b58-d6af-0ea1-dd74-b44c5842c2fc@bluerosetech.com> Date: Fri, 17 Feb 2023 14:52:06 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4PJRs40hZyz4PDV X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:36236, ipnet:208.111.40.0/24, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On 2023-02-16 17:27, grarpamp wrote: > On 2/15/23, Mel Pilgrim wrote: >> # echo -n | geli attach -C -p -k - gpt/zdata15 >> geli: Wrong key for gpt/zdata15. >> geli: There was an error with at least one provider. > > That test failed so the "empty" or "NULL" key (aka "echo -n") > is not the key. These should not work either > > printf '' | geli > printf '\000' > printf '\n' > printf ' ' > printf 'notthekey' > > and only > > cat /path/to/your/keyfile | geli > > should work. Thank you for the clarification. I tested all of my geli devices and indeed anything I try other than the correct keyfile for that device produces that error so I'm assuming that means I don't need to re-crypt things. From nobody Sat Feb 18 15:05:42 2023 X-Original-To: freebsd-security@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PJsSs3WYRz3scBj for ; Sat, 18 Feb 2023 15:06:05 +0000 (UTC) (envelope-from void@f-m.fm) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4PJsSr6CB5z3np5 for ; Sat, 18 Feb 2023 15:06:04 +0000 (UTC) (envelope-from void@f-m.fm) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=f-m.fm header.s=fm1 header.b="I oZKRkR"; dkim=pass header.d=messagingengine.com header.s=fm1 header.b=Oe6U9y7p; spf=pass (mx1.freebsd.org: domain of void@f-m.fm designates 66.111.4.28 as permitted sender) smtp.mailfrom=void@f-m.fm; dmarc=pass (policy=none) header.from=f-m.fm Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 6E18E5C00EB for ; Sat, 18 Feb 2023 10:06:04 -0500 (EST) Received: from imap46 ([10.202.2.96]) by compute6.internal (MEProxy); Sat, 18 Feb 2023 10:06:04 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=f-m.fm; h=cc :content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; t=1676732764; x= 1676819164; bh=eRiAjgizi2oxVC6EnBIRfEJEDw4J23lBQy7nnO0Di5c=; b=I oZKRkRo0c49pxVrEK5txkmr+o6rYAs8DZLJyZozPumXy94quret60jgASCB25jYp MO8OcGSaeHI2SgJPR92o91M3XjripdJ5yVPZUtgG5HK4OvhI/gm2T2qQOFPZoB6G /HPlIcen4ThBgSJrOjlBgQ1beQwshVqJEyqZXpoBm7WWRxKhLpo7cMzpCWdVUpDD Yk0+kfc60UjOelyv/vOCxFx479A/E5NGyMp0kqfCopSBjvpmB4vT2EMivGO31KUF TAB5AqdilrO/leIRjvRwwioj2pfyFoWHsgX7T/ROGbxM2YwYWYbnKZKMct9Hs5KX QY8+brDiUoVAWwQbh4Svw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1676732764; x=1676819164; bh=e RiAjgizi2oxVC6EnBIRfEJEDw4J23lBQy7nnO0Di5c=; b=Oe6U9y7p6skFJUUug p8ospRJGLfqLVqNpdSDTVzMDZfdJblqREVGWmZNU3CAxo7+tNYpENHxIzswvCxqV fQUDehezLvJ8r4RxpK/fJoGs0sV+13R5uo1hy4cbhlZQ8YL8vF8JjxzrMxnWqTuK Q4zeygTb7pQ/8FxNCHgTkM26R7jrhclml96yhOGRSXYvdF7/T4pBrlt3PPorJYV3 F9hDoaVQ4ZLAoY/H5R2UF8nGexpp7Xpj68CPb3kQlq6a4VwK5kKLmZ73X6OW5ZPT ooH116Thx4pCHypqKuxl+Cx7tel1Mv6m+kBaJ1uL1qZj43urxEppGkB/+UcqDTQI WMvbA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrudejuddgjedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfgjfhffhffvufgtgfesth hqredtreerjeenucfhrhhomhepvhhoihguuceovhhoihgusehfqdhmrdhfmheqnecuggft rfgrthhtvghrnhepgeeuieduueeluedugeeiuedvtdettedvgfffueektdefjeeiueehje fhhedvledtnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhho mhepvhhoihgusehfqdhmrdhfmh X-ME-Proxy: Feedback-ID: i2541463c:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 19AEF2A20080; Sat, 18 Feb 2023 10:06:03 -0500 (EST) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-156-g081acc5ed5-fm-20230206.001-g081acc5e List-Id: Security issues List-Archive: https://lists.freebsd.org/archives/freebsd-security List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org Mime-Version: 1.0 Message-Id: In-Reply-To: <869c674a-206c-9f63-d5c2-ac2a3bca721a@ximalas.info> References: <20230216182355.CC7834800@freefall.freebsd.org> <869c674a-206c-9f63-d5c2-ac2a3bca721a@ximalas.info> Date: Sat, 18 Feb 2023 15:05:42 +0000 From: void To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-23:02.openssh Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-2.72 / 15.00]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-0.996]; NEURAL_SPAM_SHORT(0.97)[0.969]; MV_CASE(0.50)[]; DMARC_POLICY_ALLOW(-0.50)[f-m.fm,none]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.28:c]; R_DKIM_ALLOW(-0.20)[f-m.fm:s=fm1,messagingengine.com:s=fm1]; MIME_GOOD(-0.10)[text/plain]; RCVD_IN_DNSWL_LOW(-0.10)[66.111.4.28:from]; RWL_MAILSPIKE_GOOD(-0.10)[66.111.4.28:from]; XM_UA_NO_VERSION(0.01)[]; RCPT_COUNT_ONE(0.00)[1]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:19151, ipnet:66.111.4.0/24, country:US]; RCVD_COUNT_THREE(0.00)[4]; TO_DN_NONE(0.00)[]; FREEMAIL_FROM(0.00)[f-m.fm]; ARC_NA(0.00)[]; DKIM_TRACE(0.00)[f-m.fm:+,messagingengine.com:+]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[f-m.fm]; MLMMJ_DEST(0.00)[freebsd-security@freebsd.org] X-Rspamd-Queue-Id: 4PJsSr6CB5z3np5 X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N Hi, On Fri, 17 Feb 2023, at 13:28, Trond Endrest=C3=B8l wrote: > On Thu, 16 Feb 2023 19:47+0100, Michael Grimm wrote: > >> > On 16. Feb 2023, at 19:23, FreeBSD Security Advisories wrote: >>=20 >> [=E2=80=A6] >>=20 >> > Branch/path Hash Re= vision >> > - -----------------------------------------------------------------= -------- >> > stable/13/ 296ec8eae0c8 stable/13-n= 260933 >>=20 >> [=E2=80=A6] >>=20 >> > # git rev-list --count --first-parent HEAD >>=20 >> 254579 >>=20 >> Typo or am I getting something wrong? I thought so too. > If you rebase your own local branch on the tip of the official branch,=20 > then each occurance of rebasing counts as only one commit. Not sure what you mean by this, or how it's relevant, or what it would i= mply. > Searching for the commit hash is the better option. Is the advice given in the security notice incorrect with respect to the= revision number? Or is the method of checking incorrect? Both? A fresh = clone of src a few minutes ago gives 254619 in response to 'git rev-list= --count --first-parent HEAD' # date Sat Feb 18 14:46:15 GMT 2023 # pwd /tmp # git clone -q ssh://anongit@git.freebsd.org/src.git src # cd src # git checkout stable/13 Updating files: 100% (29235/29235), done. branch 'stable/13' set up to track 'origin/stable/13'. Switched to a new branch 'stable/13' git rev-list --count --first-parent HEAD 254619 --=20