From nobody Thu Mar 28 07:50:25 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V4wgj1gKfz5GQCJ for ; Thu, 28 Mar 2024 07:50:25 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V4wgj17xZz4kbF; Thu, 28 Mar 2024 07:50:25 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612225; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=U9qMmLmU6KDI7PCSKrT+rrf5kTGw90yYScFYFGJDAIM=; b=nt4r5QU6GxJKl3Vj1ehfjBUKMWY+dYUEKNckQmH6Zz1KGp/HvN+p6Cbn7WwNmL3DggC5+Y RrVFKDCpr2O5oNcgJY+SlUidO7E9ixdBXECL5AHJwBHGSs5G623Khp5IEozqRYHeLv4ydG y3GI6PmdxIGR/6idx21pfxYECU9rkzYP47U77BJYyVCAUHfWeULSnFp2/hfhPjSq7C5f/I KUC7+R3ulQOolpeULE/HAD1hcHOBECtJe/ewvhMfgWvTTUNsvyaA1ERn01a27DkFY3E6Bb 0OW5YMz0KPap7myoJWhaQ+E9f/sFXrCwV2hw3CvK3W+yA6JgZsA/GsdTaH1LnQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711612225; a=rsa-sha256; cv=none; b=SlplCrvOnHjTG/qBZMll7xdndM7+2dqW3Dz/eLwIblPGYDZRCfj0Ef82GbFTAvQGueMHrL KlN/hwrsjORAZS7tV4t8gE4gB8puZge0gs5fvyTv+6G9ebj7t/4JWbd5UadNxjEo0dkJO4 +8Vg5Mvz3EcQ+fjDpjZkA0CWTzwIGZRCpx9hZZsJxk1XiQFMPUfK2YfLGuajVVdbcyEyvy MvLEtsP6O4rSDTDCXVRODcOMSyXAuEFponX7SlpRmCyIxbftRsFwO/boktAef4NQH+JiBH KlpaQ9qS5QM455RG/xw10D/e0XJGndv6RrlRb10xU1DU7SOs9jV+IQWz4AM9eg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612225; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=U9qMmLmU6KDI7PCSKrT+rrf5kTGw90yYScFYFGJDAIM=; b=DgOa9IU2gbFgI9V39m9Qjfai7MR/M+hLz9G0rby3r6RNbUeWr1KlLqNXUAhShwb1olc6s4 cnjKmhMhObCuv+iW2+0J+rbApvB+R17zxvEp/GFlkPJ5nTCHofMF++Ac3taSTE2F3Wbf43 ZePhdUgfW5/UCroEMWmMigF7AnJD4Yud/5F/mVe+rKXgCrphNH4HD5hwYBhRkurOpmWkvR UaY2qsAeA9g6gHR846oh5TJtngBfMt6L9Rjohe7hAd5E4aJNMxCcqYCnpztWz+QaTq5k/J K2ZtY24EOVm1pqnegYjo0uyqXeCcxQ7j7T7ui1DHgsjJAnfBWeXztdzb7LT0/g== Received: by freefall.freebsd.org (Postfix, from userid 945) id 0E4F232BF; Thu, 28 Mar 2024 07:50:25 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-24:05.tty Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20240328075025.0E4F232BF@freefall.freebsd.org> Date: Thu, 28 Mar 2024 07:50:25 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-24:05.tty Erratum Notice The FreeBSD Project Topic: TTY Kernel Panic Category: core Module: kernel Announced: 2024-03-28 Affects: FreeBSD 13.2 and FreeBSD 14.0 Corrected: 2024-02-29 00:29:13 UTC (stable/14, 14.0-STABLE) 2024-03-28 05:06:21 UTC (releng/14.0, 14.0-RELEASE-p6) 2024-02-29 00:30:12 UTC (stable/13, 13.2-STABLE) 2024-03-28 05:07:53 UTC (releng/13.2, 13.2-RELEASE-p11) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background tty(4) is the general terminal device. The kern.ttys sysctl provides tty information for tools such as `pstat -t`. FreeBSD-SA-24:02.tty addressed an information leak about outside processes from within a jail. II. Problem Description A missing check resulted in a null pointer dereference if a tty had a session associated, but no session leader. III. Impact Under certain conditions an unprivileged user could provoke a kernel panic. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-24:05/tty.patch # fetch https://security.FreeBSD.org/patches/EN-24:05/tty.patch.asc # gpg --verify tty.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 8d22744f5be1 stable/14-n266915 releng/14.0/ a3ec3054762f releng/14.0-n265411 stable/13/ a60220bbb551 stable/13-n257543 releng/13.2/ f3195cc08ccc releng/13.2-n254662 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGaEACgkQbljekB8A Gu8NTw//Rqyq8heDUZZyz0TKMs/ObZY9h7VbL3Pces9mpnE6mgZx9g1kalo1xml3 x0kRIJ0L606oBxhrJYqam3DrcJsPWs/8LOmmUa9u4/M2sAPuw03pyPEYNnokhf05 NvC6mjNCpuJY4jzoa1hYdjvUHJe6u66reEoWuARPxoT6ZGPLiVhYPmoYIJFtoEAy tLEIH4GRjfRuOEgSDY7sIy5MoxjObBqPQl4VtbCSZDN/PN4z6WuxC/f2N0vpN1uq IyDGWCvEOa6g+7kDEiBJo4LRp30mQtMJalfQUlLm653Do2Jh6L5tUuQ+T0qIOlqc gTlKnnaa0m/hMUD9t4lJHQbLfGFaYpXbyJpblO8hPoM7Trk2vsoGubksMYZSRHIy /9IiZafdnNoHxa5+ZTRSqxYw9e38gwTlWsNjQpCezhtaZo0FWkhcgC7zUG+yMUXz zYhYXCQkZXpEvIg+BJs3ZdigGK7wRjC9qsC8jfnhOU+q452qqnKjg8bxJdGxBbZ0 HKFfAVgtqAEgU3PzPN7Nmu4QJ+VOu9L/e1mOhrqcmHtYDYLfdelCT8DjHj85oggn C5iDPG6AxnLczTlTxVsHTiQcmTy6awfeTf1N1JCbfZPovrO/CTaOLnMy/PNeZIml UnarxLtQNeK6BDKd0E/rEym9wL0YJ1Xj/3XE1qPAjz52YufRHHM= =w167 -----END PGP SIGNATURE----- From nobody Thu Mar 28 07:50:35 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V4wgw0gt1z5GQRL for ; Thu, 28 Mar 2024 07:50:36 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V4wgv3dN6z4lZv; Thu, 28 Mar 2024 07:50:35 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612235; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=35mIzDvWTh1sWiKUcCHfU95AbDOVHPwWLv3mfn1EEvU=; b=mQNYnrTnnKUzd/5XLDiy8p5HrTUMqE8hXM6I51a+xpvNJe2qgqGa66KA9uxqkAiMIqT/Fq zZYzMAoh6mS6v+24V/3iiqVF0K6Hmw4ttEQwSkGzSh6b3B8V1r10pBhfBZzcOONHZ6Kox7 obWpGpW1Sk7WU/qVcUWL+oZE/6HomdDtChUqLdxKBonio8zYiicUKM/v2zZVrpoYvop7KE fU7sFzFU6i6J7NYDflUHFnGvXo/R7PqwmQAjJ1wya6YqGpSOMAigOFIq5GPrynvIoql/6Z IZhPnkIwN432sGfNNUG18Ohw0zajTxvx53+jXy4uKvdBr/IyJpZwOLDzyz1QVw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711612235; a=rsa-sha256; cv=none; b=WhNT/v3/xeVCMJWTe2Lz0vYS4yNW4RFTqIHk96r9HwKVBu2PwpH4Y1c+VUFSaJFkSwqUgR DnUyS/JYZcy3e8r+Vhh9nlmYQViXD3nJYMV0SRstgE8zmDWVN1EYNyx+jQxBVv0VbWgr/B 7rgANbXf91ejtusRBV9pETgZLFdfd4/JSgeyrDLQzde1CcGjl5Uw+Xt3IM8kFfig9AtIyv OOjHeX7NYiPEr8LgXjK2LnPBZlT8q1BJ8Doks7zSD7HmOdfXAlToBnLT0AmTzoyLV9T2b8 yo4VVeb0H33xPJt4EeSFiWR4RQQt8zJo4SiDhh4p3sYj0PsqUmB3h/vIAXcaqg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612235; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=35mIzDvWTh1sWiKUcCHfU95AbDOVHPwWLv3mfn1EEvU=; b=Wz4cX7SzneAcFOgXvs5aEtxHb7lGwLWt3BSFmOZmxPxuzp66z6G+BSxJB5CsqWOyxM3Mgy KYHk2sNxbo2ZFDrGqdZ0UXG5kBB1YAMibD7S6iSMyUVdMCGz1kH1rKAktlKDFkkjKu7oKo b6rmHrINiqmBeS+yPiMmcu94XEuID/eLQaZ2pvyOH/72RMnVWlWfW2zfEPEyJ1R7/QLizO RxRkSnUlgMB1RIZV+oB+othLpPuKqUdms4C9sAPcYH5vG0ZWOnBo8bJvxIG07NW6T/iZCD UODQwHDhNI6WVz5jZM2QrZUo8Gk5XSVZU8mKsEP3OnHqT3KfJKF4uVco40sE0A== Received: by freefall.freebsd.org (Postfix, from userid 945) id 6C03031EF; Thu, 28 Mar 2024 07:50:35 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-24:06.wireguard Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20240328075035.6C03031EF@freefall.freebsd.org> Date: Thu, 28 Mar 2024 07:50:35 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-24:06.wireguard Errata Notice The FreeBSD Project Topic: Insufficient barriers in WireGuard if_wg(4) Category: core Module: if_wg Announced: 2024-03-28 Affects: All supported versions of FreeBSD. Corrected: 2024-03-22 15:21:39 UTC (stable/14, 14.0-STABLE) 2024-03-28 05:06:22 UTC (releng/14.0, 14.0-RELEASE-p6) 2024-03-22 15:21:42 UTC (stable/13, 13.3-STABLE) 2024-03-28 07:14:19 UTC (releng/13.3, 13.3-RELEASE-p1) 2024-03-28 05:07:54 UTC (releng/13.2, 13.2-RELEASE-p11) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background if_wg is the kernel module that implements WireGuard tunnels between two endpoints. When packets arrive from the tunnel or are sent over the tunnel, they are decrypted or encrypted in a separate thread from the one that delivers the packet to its final destination. II. Problem Description Insufficient barriers between the encrypt/decrypt threads and the delivery threads may result in the wrong part of an mbuf chain being read and sent along through the network stack on architectures with a weaker memory model, e.g., aarch64, under certain workloads. III. Impact The part of the mbuf chain being sent along may contain some invalid state that causes a later fault and panic. IV. Workaround No workaround is available, but X86 platforms (that is, i386 and amd64) are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot or reload the if_wg kernel module. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD arm64 platform can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install After the updates have installed, you will need to reboot the system or reload the if_wg kernel module. 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-24:06/wireguard.patch # fetch https://security.FreeBSD.org/patches/EN-24:06/wireguard.patch.asc # gpg --verify wireguard.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system or reload the if_wg kernel module. VI. Correction details This issue is corrected as of the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ 590e02d3c088 stable/14-2576116 releng/14.0/ 56be7cd84447 releng/14.0-n265412 stable/13/ 806e51f81dba stable/13-n257611 releng/13.3/ f07351f90aa3 releng/13.3-n257429 releng/13.2/ 8f1f4e60ceb9 releng/13.2-n254663 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGagACgkQbljekB8A Gu/p2g//cupzJnkQB/sXm0EWroHjy/I6X6gbZlDpHZFbetGx8niyCH/xK3FMySuq q1XGKpXqQKBR3R+VmTNs+Tfd0DbFK8nwStPHXnewKZJ+Qddah27Y3zEuj9+vmmmq rzgJNDNv53eZj0c2ExIWVSfjn1faiE4ctVUOROtvxvxr9RtFpatGTzT5i/wgoNnj gyO/VoFIn3C4ya8F/7EMicnEdQuXW55Ds+3ub9MO4DcXDds3QLWnYIVYfnvnBNV4 YX7N+yynBxGOwD1Isbee6dCFTslsOgqV8WGkN4hMXvikPGvD+lXwCpDftfJCEFbR xDUzf+M/6eBDgTztMmg7bTQO53Dp1iv5nd6Sw71rqS6tCwJ4BoxHV8Cx31yBbPRq S2JsUjT0UsH5Cdvq8Ky5vMPSuSa/n8Ma/CeNtAQ0wvMw9WXkDGOZQSfBuEvJIItB WQyfpBgrWjUZ3fMX7URPc5hca04y/bLyBV+gRfRqVy2nc4T4AwplWYOvBb5f8EXs 2+Jq1Bh3PQTBM4ZdXJtGmBct7ciZn3tZSrAt8c2sNLV5tUfVhWgNTYmcj5ffpPGh r6D9m++Oq4ZORrFpydDfgv/0qXJQrp/9nFVxv8TdhwHBOkdYWP9mJpIUJxVxwfYp jlFBr6yZWp4bWsGGgdtQqQ5+gKo8B25aQ52IE22weZsFxxaYn24= =oKHT -----END PGP SIGNATURE----- From nobody Thu Mar 28 07:50:41 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V4wh14W87z5GQRX for ; Thu, 28 Mar 2024 07:50:41 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V4wh13h41z4lm7; Thu, 28 Mar 2024 07:50:41 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612241; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=9F4RGQNdQ0VPVtc4rHI4uxvfqMsWV9Aceei5yy+dmxA=; b=ZxUN98v69R4h3bZIud8fLPpleCmRmQlKNDYxf71OZ/qB1qvHFePzS0HLc+BAEaHCC1LwSu E8qrbsIXHKJ/NrePM5cBwyic7CHezDBG5ShyMBeugnbG4Qu7dLY8164Ew8KF5c2liRqbJH YeJ2wf4qMP6U3pCcL6I/fPKuCLFyjb0LlZc0T8uFmvLcJSxhL8MnZ7lUdgVej6VMBzq+gz 7d9HXo7aDm+8eg2vdt/rFAWnKpH2az4cMPAsRg/aYxWsj/2J9CYtWrOYECEaTd4JTOO8iC 1JiifDNFpg7kD31s/OrGfXWpmp8CrLFg0iI9Jv4vpLDP7w5ono2ZStk8YpUIJQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711612241; a=rsa-sha256; cv=none; b=gvUW4Tt8Khwb0FGMzZtmO9e0cJfs0oA+Zxjdr5bThBBMK02c1GwEOEc0LNeUGC2243lLrT /1CtXYjjml4XqoCr5Ul5lC+kLoWbsrjErTmWvGlw98W/fPTXynmzfzF0QzZ3mvgDK0sgCe 7Tk5lBf1EGUb3jjgtTC4M5XiQWd2iyVtVEVCyPuooiziLRgzbtxXAAJcKOiFbHGO6c+Mqx gj+9oSicV8il2motJYBU4olqVciNss9lagKb0CGIkV74D0C33q3kSe93d1uZURNn14NPvC FNN/1OxskYetaWj6Zt3p4AImiN42oeOWHY/FrD0qmPGwoXrshBDUfvAxz0uaxA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612241; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=9F4RGQNdQ0VPVtc4rHI4uxvfqMsWV9Aceei5yy+dmxA=; b=ALHKDimLkcgOr8kkA+LOvisHiB2rUD4996YH7RpvOyY6fSdC1GTV6PgWN6ICS6FynIwDyB flS9InuU5rHmPHaq8kXc5hVIOKf+x1mW2yqT37xvWVk86lmAODDdBbRba08kzxe/T/2J3p w22SaZnD7qh+BQ4VMUR3M3aLBPwT+vPBKC8ndTR3zPqSnOu2OqN10GwjYHwRmhIcWgGUso fyjaA0D+xN9nXiGD7yA9xEhTSC1GPdVrOtRdy105E0a0iTItFU7RuTlEKRgVEbGZ/2tPKa IkpVznXZ04TTsE7tdN4/opMTl9K6WSx8jxnEoTM7frdvk0pAKpHqUmMAQNldyw== Received: by freefall.freebsd.org (Postfix, from userid 945) id 6C0DC316F; Thu, 28 Mar 2024 07:50:41 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-24:07.clang Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20240328075041.6C0DC316F@freefall.freebsd.org> Date: Thu, 28 Mar 2024 07:50:41 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-24:07.clang Errata Notice The FreeBSD Project Topic: Clang crash when certain optimization is enabled Category: contrib Module: clang Announced: 2024-03-28 Affects: FreeBSD 14.0 and FreeBSD 13.3 Corrected: 2024-03-08 08:19:28 UTC (stable/14, 14.0-STABLE) 2024-03-28 05:06:23 UTC (releng/14.0, 14.0-RELEASE-p6) 2024-03-08 08:19:49 UTC (stable/13, 13.3-STABLE) 2024-03-28 07:14:20 UTC (releng/13.3, 13.3-RELEASE-p1) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes the Clang C/C++ compiler in the base system. FreeBSD 14.0 and FreeBSD 13.3 include Clang version 17. II. Problem Description Clang 17 has a bug that results in a crash under certain circumstances. III. Impact The compiler crashes instead of generating an object file. IV. Workaround Avoid use of -fzero-call-used-regs, or install a version of Clang other than 17 from ports or packages. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-24:07/clang.patch # fetch https://security.FreeBSD.org/patches/EN-24:07/clang.patch.asc # gpg --verify clang.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ fc31d474c40a stable/14-n266942 releng/14.0/ 711422d54795 releng/14.0-n265413 stable/13/ 961271f952fc stable/13-n257558 releng/13.3/ 26059a4f2c14 releng/13.3-n257430 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGaoACgkQbljekB8A Gu/y4RAAqXAE1WeZIk1tYMnlgqcw1SM5ojKvzK2iZegpPND0Yov7gzkwmNYNqCGY GLEKVJcVqS5hagCowAZkptq0dh8JtHusBVWq53IZdI5RB81xQOa2yYp+87GkVacn j8UnnbmAbb0rfMQyzVbMc5Kv3fkeAkZYZxiKmm+2iKt1cFHXv8yU4DIsTkxLAOUM AlextCl+SO6NLyZ6+64XkArc9ekcrrTs4QpKhZwHcBWNOogDzvFxCokObVGM98cb AN9pS09BTquuN5Yq5kXgFVzp8KLM0uruFKuEy+yNTCFJMMix1/9hj84yA2STm1iu AGd0lp8N7JXfnGKdktBZ4YeOL7GRTTgrInixJ3KbzjFbwmwrgQSzBC1neZqjPbAf iomKNIo23wsaMpjDh+RBBIOpDZnfPOO+imWh6A4ErdObMWyNw3+2MqUSHgMI9STO qqWIAHvQQwlB0lZAYvh6/iHntfLfIa3vdUH+g7kl8d5xzZlV18HkqsF6LtzbXbE5 tJ6QxtqlZjLa7eq/7qyg5bQFk7eJ0bhN7al+P5FOjezJo/tCFOIStWaFgTWntNep FkysAdgJUnkMreaccWT3YrIKKKyjBUVYvh1UWf6GudSdPs9ZPzsAR3X1RmixGO6H Y5EjL5hvuaNdqM3RiCF2/Vm/sVwF8KkEJs1rDbFFhM1HKCt9000= =lTOH -----END PGP SIGNATURE----- From nobody Thu Mar 28 07:50:45 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V4wh62KFcz5GQf5 for ; Thu, 28 Mar 2024 07:50:46 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V4wh60kJQz4m7p; Thu, 28 Mar 2024 07:50:46 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612246; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=gnlm07HW2oPeHEPvyf70JnDMuZM5OCT6cMHxpwygcp4=; b=rzkZ6yRo9Z+wDlAGL8xYHMxq+w06BS197YylQp541U/4iTEeE5vfwnBrLJe1CDu4x9uT09 ZfRon2FXQr8MTZEDDF7OWyt21AfUXagAFjpBPv4u/JNV3ywIcm1t8A9lijmix5gbGDuJV1 bpr1IGMSWnkEO3MbFNG6IxypimGJSF5dQjXAn62ylh3u6uacQjm15SkIwXRrVixoSux0Oz PiARiDlOgkWBgglmNUquf/JbPrD0yq24mXHDT2EghykElwZELveIHL/qUb0VLbb8th8Xxa pZJmLkk5WAkKwZ6IpY1nFkGrHzDdf73ba3zHN6lC1cmlOgJoepUid9kXpgkHng== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711612246; a=rsa-sha256; cv=none; b=Y+gGqgi1QAZfHgWffUwLvjounurBcrMM4MaCkt6pguyc3L8UaM/hH4h4h5OAslHJzkJfKL 4AVHw6lmdexSg94KWr2dSmwENK07QhGXSXE5MKM5Ztwwf2fPkN7Kl3YjskrjC4KAtZaCJA BfuS7Sp04wd8BFUSgLQUYMDDkrBbDb9vIBMf9HUH+nxgdgO3e+nzQpE0ycA7lbw80+wgoO 34z9KJJiylYXdxvTfJKB01cZzqLq6dhPpayYLDBEPmizZNZZtG/l9hYd5rCaP97e06vAID YtjJ3J/kHreHa1/a0V3Mj7hm7SAZiQiamfyBZHxAZ36/qKYOniT3h4C6cfmYjw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612246; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=gnlm07HW2oPeHEPvyf70JnDMuZM5OCT6cMHxpwygcp4=; b=lTigaIiyvxxFFxPAQW5WVOqXHOsE5DHquYdpHcHVzYBqMVItczNRKrdxDQtc0QDbwxqvWH 3f3OmxbjWgUYJBi199EReYQ5Ze7li9lh4+zKp267WYnG9cChXeIYr3olZCK8jm6ONasJMR YJXOnlyUPh+1Fr65j1xLkOrTMMtsyXzIVgSCUDYSxh4bCv+LqViWQ8xQJoWfOCOofYT19A hOfkdLBBEI0/PZ6Ed7OUhfx73R07+Ds1jP0dqQqHFTK/2M2YPXInJ1Ld1YXpupFKHC/6Zb O1Vpt92NZhz4MKegwl0Rgr3xDfiYWZXh/JN2KD71jwnmbpKimZ5cvMl4n/+pfg== Received: by freefall.freebsd.org (Postfix, from userid 945) id EFBA13437; Thu, 28 Mar 2024 07:50:45 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-24:08.kerberos Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20240328075045.EFBA13437@freefall.freebsd.org> Date: Thu, 28 Mar 2024 07:50:45 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-24:08.kerberos Errata Notice The FreeBSD Project Topic: Kerberos segfaults when using weak crypto Category: contrib Module: heimdal Announced: 2024-03-28 Affects: FreeBSD 14.0 Corrected: 2024-01-22 15:49:24 UTC (stable/14, 14.0-STABLE) 2024-03-28 05:06:25 UTC (releng/14.0, 14.0-RELEASE-p6) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes Heimdal, an implementation of ASN.1/DER, PKIX, and Kerberos. It uses OpenSSL to provide a number of cryptographic routines. II. Problem Description Weak crypto is provided by the openssl "legacy" provider which is not loaded by default. III. Impact Attempting to use weak crypto routines when the legacy provider is not loaded results in the application crashing. IV. Workaround Edit /etc/ssl/openssl.cnf to load the legacy provider unconditionally. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-24:08/kerberos.patch # fetch https://security.FreeBSD.org/patches/EN-24:08/kerberos.patch.asc # gpg --verify kerberos.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ c7db2e15e404 stable/14-n266467 releng/14.0/ c48fe39ad139 releng/14.0-n265415 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGawACgkQbljekB8A Gu9Euw/+LX8qcrGUvA11MNOVemD+SEH/Ol97L4gLHhzGlWSf3VMq5F1KtY0VRwGK ykM3VsSAk3PoYHLn+jbHPuAMjJVym+MLg27ZZWlqnx2Z7/wk2KuAb9RVCUl4FnPy eTXzBNt3tCSYa2ZCRWEH+uN6dZh4o8VP0DWfrNdaazH7R7ezRmTzirvcQ39MXTcE 8wI+zQedVZG4OSuqOSFY21d70nlzqgs6ThY3K6KrtcaQGfenYBSQgFmjMJlBqtrb Mr1Yvgc+wE66Ara/Hz+/2L11bwjyFwT1dpO57DKrcyTaGTnSYiDQiDscUIAW0gCh bUMCgWCHq+kk7pAyUIMlRbdrA/6N/wmvwP/iO6GGxYmN0lNX8udxeZWz3OPPnbif anM5OGnvKFkkTzCqnpHumljolvJL0/VeD7XCNBBgWa1I46gFmmNZ7R2esm7UEdU8 IR4Hk9EqGhfl+EwU7OW04/Hq3br667kXbVsq1TTVM4ht39K+WhVoxzirp7QzOGTJ WjRq6DK+44PyhQgnnAJgM/4gOGr5O/Y3ezRx4uj1S9L9faXTC5xlT8Vw78xU2wXq BjG7vXi5r9d4POjtRcNiaMVKXQPF/saGjHcPGrGnuBLC8AFG54bFycmvM5QzWqng AeRFOg+O8lkxLoQMDqJsNt8OMIk7vZHguwL7pt0tRtouuoaszU0= =UnED -----END PGP SIGNATURE----- From nobody Thu Mar 28 07:51:02 2024 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4V4whQ2nMHz5GQWY for ; Thu, 28 Mar 2024 07:51:02 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4V4whQ0kzqz4mPl; Thu, 28 Mar 2024 07:51:02 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612262; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=qVo+gXfJwrMZcPMk2LsBM5CxADMdJFGB7tgZ3q4SCX4=; b=KS7mQ8lwDRVApVO00PZbRUuDGMOdSQGQkJ+suv8P9IxHq7PS3FApj6NGfU5VSYk128oBk2 4pGmETxDNv5KBavUASX/FHlkydTe8i2TnBaulk97c4fQ3eykXkaUW0DIFUnIAcGvfcddsr PycTfv5pdoBfnEk9WE/ATWAxg6hzofZhyBHSfV33wapfOBeKdjJ4h+vU3dbwotpSHCkCoz xNh9Qy8Sgw9srrsHEzv65g05jniea9qpobHinghqxCzNNlzoo5c/VUzivghxBazc+Hrvqg HuxhgULC3vs4t8vSZBw517eyrYBXNIRGy/tDAGFyp318bOGLnoMRk942pvU+BA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1711612262; a=rsa-sha256; cv=none; b=HiX1pNXiYKLZkbQZO1PXVOJXEVJkfEM9P71RZYge9949FLc+s54lfG66ochaDr31gxJ9vI YuyFHs159d2lm64KVaS4c1T5mQd1iF6UmbOAm/SJJKQQulvrra4Uy7KSZuBAhT/HkRwiXi qJwoFD/vCZySl7vShEYsiNe1MljVdhYl/Unl2/nbkZT6F9o+5KhHSY1ndLN8lrrpSLHLfF XLMVHCyWrX1kFjw6p2SmBXjRQDpgX/0R98IwxipHvjXJqsc+KkGU3jKL7Lc1n+UTJ2e3lv 1Q8T6u8pcCezSbUFEmgTCN5ysbD9bItmtdnNd9iFsg1qMo2jEpSut4XKajhTsw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1711612262; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=qVo+gXfJwrMZcPMk2LsBM5CxADMdJFGB7tgZ3q4SCX4=; b=UvoGeZXqfrBaLGpLipdeNYbjGkuLVY3uPl27FbuYg7BmpXjbHY5Jqj7goayB1y7iCi13qs Pn3cNlNz6HQ0O+j/tvVl16UMz4e/6sJP460YqH5Ni/QfxvmazjSqDILq8UvHxxtY2EUqgS ABOfsF/nAlrN64eTLFFbc7FsCNwpEzuiQ6zvPL1MvnC7yhSLN5LGkQti1eQS/grBrcsoHh kpPVc0P1/tVrvPnie+38O4FlwunVJqTEjCfx9yqNjIyC4Km5WcLgnyC8O+qmSaYeUKHUKK KUP3DVx6HmpBTK2Z0ExVxIcWzuwQ+EecoO2QPGAOBGhN/ZUB7jPAz8RpQBsNAQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id 0A37532C6; Thu, 28 Mar 2024 07:51:02 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-24:03.unbound Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20240328075102.0A37532C6@freefall.freebsd.org> Date: Thu, 28 Mar 2024 07:51:02 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-24:03.unbound Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in unbound Category: contrib Module: unbound Announced: 2024-03-28 Affects: FreeBSD 13.2 and FreeBSD 14.0 Corrected: 2024-02-17 13:45:44 UTC (stable/14, 14.0-STABLE) 2024-03-28 05:06:26 UTC (releng/14.0, 14.0-RELEASE-p6) 2024-02-17 13:45:44 UTC (stable/13, 13.2-STABLE) 2024-03-28 05:07:55 UTC (releng/13.2, 13.2-RELEASE-p11) CVE Name: CVE-2023-50387, CVE-2023-50868 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Unbound is a validating, recursive, and caching DNS resolver. II. Problem Description The KeyTrap vulnerability (CVE-2023-50387) works by using a combination of Keys (also colliding Keys), Signatures and number of RRSETs on a malicious zone. Answers from that zone can force a DNSSEC validator down a very CPU intensive and time costly validation path. The NSEC3 vulnerability (CVE-2023-50868) uses specially crafted responses on a malicious zone with multiple NSEC3 RRSETs to force a DNSSEC validator down a very CPU intensive and time costly NSEC3 hash calculation path. III. Impact Both issues can force Unbound to spend an enormous time (comparative to regular traffic) validating a single specially crafted DNSSEC response while everything else is on hold for that thread. A trivially orchestrated attack could render all threads busy with such responses leading to denial of service. IV. Workaround No workaround is available. Systems not running Unbound are not affected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 14.0] # fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-14.patch # fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-14.patch.asc # gpg --verify unbound-14.patch.asc [FreeBSD 13.2] # fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-13.patch # fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-13.patch.asc # gpg --verify unbound-13.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch -p0 < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/14/ e2b44c401cc2 stable/14-n266696 releng/14.0/ c189b94f8a22 releng/14.0-n265416 stable/13/ abe4ced2b9de stable/13-n257436 releng/13.2/ d9d90e5e42f6 releng/13.2-n254664 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGa4ACgkQbljekB8A Gu8Oxw/9HrzGZVx0FsUb8dhvf6Hlcfy3B0RNjxcnvvBm+P/V0+WSEaFTod9YaonO GN331SXI1blvqfCpOz2TLiOvHjWDPCcb8bb9YqQXRId4axnpxCCzIY0HkxgXFNDu XgXwM4JYapmWis/pOxifRXnB087lwbkfVx/0iOTeA0XUFoRRIbooiL/6H76hOmq7 XR5moI8xYyAX5Xh+5/6yZgd+A+0n/KfQnOEpA7Ex9MWC17co+RGOP1JUZYIFHhAc W/vNuL23UWqR1TjMgVWTHEvVBTrUPEiDfp2Z1LiQexH9IaQ4cePu7qrWlzAo7rr6 6Cf3DybH9IxALQQSSKq1JWNqQFOWvpXCy5JKBua+Z7kcFHR5tmAgolqGLGJ629Ko GNwsSUTZ8SzwupJ93boMaD4jF2t+zOXvBvceYywZEEvd2gq2zkfMV6WJwtUUOvdm z7Z7AejUFONrQyYps4rcKCthnQOLHtzcPUQom68KpUACsdOr1hkA0VOCf5HRrEe6 DpwM9PX1T3eiHSq1eZj2MMkz+Cw/DJK+wegkULRxg2ZOmWKA2U8df+Qj1RYpX4QT JrPSHh4EqovfrB5H0uUgfLWBgAzGBLEeFKAMA+omlEaELyNzvG/4xv8eJVtjTG+D EEQCXVTJmws/ZFDC2vJhVR6vdAwMuPz8YkBtcQkqnNcF+zzbcEk= =PELN -----END PGP SIGNATURE-----