sync with OpenBSD -current
This commit is contained in:
parent
d47112308d
commit
69f13bbae9
GPG key ID:
F42C07F07E2E35B7
40 changed files with 422 additions and 153 deletions
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: localtime.c,v 1.65 2022/10/03 15:34:39 millert Exp $ */
|
||||
/* $OpenBSD: localtime.c,v 1.66 2024/04/04 02:20:01 millert Exp $ */
|
||||
/*
|
||||
** This file is in the public domain, so clarified as of
|
||||
** 1996-06-05 by Arthur David Olson.
|
||||
|
|
@ -189,7 +189,6 @@ static struct state * gmtptr;
|
|||
#define TZ_STRLEN_MAX 255
|
||||
#endif /* !defined TZ_STRLEN_MAX */
|
||||
|
||||
static char lcl_TZname[TZ_STRLEN_MAX + 1];
|
||||
static int lcl_is_set;
|
||||
static int gmt_is_set;
|
||||
_THREAD_PRIVATE_MUTEX(lcl);
|
||||
|
|
@ -1147,9 +1146,11 @@ tzsetwall(void)
|
|||
static void
|
||||
tzset_basic(void)
|
||||
{
|
||||
static char lcl_TZname[TZ_STRLEN_MAX + 1];
|
||||
const char * name;
|
||||
|
||||
if (issetugid() || (name = getenv("TZ")) == NULL) {
|
||||
name = getenv("TZ");
|
||||
if (name == NULL) {
|
||||
tzsetwall_basic();
|
||||
return;
|
||||
}
|
||||
|
|
@ -1160,6 +1161,10 @@ tzset_basic(void)
|
|||
if (lcl_is_set)
|
||||
strlcpy(lcl_TZname, name, sizeof lcl_TZname);
|
||||
|
||||
/* Ignore TZ for setuid/setgid processes. */
|
||||
if (issetugid())
|
||||
name = TZDEFAULT;
|
||||
|
||||
if (lclptr == NULL) {
|
||||
lclptr = calloc(1, sizeof *lclptr);
|
||||
if (lclptr == NULL) {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $OpenBSD: ssl_tlsext.c,v 1.147 2024/04/02 22:50:54 sthen Exp $ */
|
||||
/* $OpenBSD: ssl_tlsext.c,v 1.148 2024/04/04 08:02:21 tb Exp $ */
|
||||
/*
|
||||
* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
|
||||
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
|
||||
|
|
@ -325,14 +325,17 @@ tlsext_supportedgroups_client_process(SSL *s, uint16_t msg_type, CBS *cbs,
|
|||
int *alert)
|
||||
{
|
||||
/*
|
||||
* Servers should not send this extension per the RFC.
|
||||
*
|
||||
* However, certain F5 BIG-IP systems incorrectly send it. This bug is
|
||||
* from at least 2014 but as of 2017, there are still large sites with
|
||||
* this unpatched in production. As a result, we need to currently skip
|
||||
* over the extension and ignore its content:
|
||||
*
|
||||
* https://support.f5.com/csp/article/K37345003
|
||||
* This extension is only allowed in TLSv1.3 encrypted extensions.
|
||||
* It is not permitted in a ServerHello in any version of TLS.
|
||||
*/
|
||||
if (msg_type != SSL_TLSEXT_MSG_EE)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
* RFC 8446, section 4.2.7: TLSv1.3 servers can send this extension but
|
||||
* clients must not act on it during the handshake. This allows servers
|
||||
* to advertise their preferences for subsequent handshakes. We ignore
|
||||
* this complication.
|
||||
*/
|
||||
if (!CBS_skip(cbs, CBS_len(cbs))) {
|
||||
*alert = SSL_AD_INTERNAL_ERROR;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue