Mike Myers
03/23/2021, 6:16 PMseph
Mike Myers
03/24/2021, 5:42 PMseph
An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates.
In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose.
seph
4.7.0
? We haven’t in our test bed. @zwass anything in yours?Mike Myers
03/31/2021, 1:42 AMseph
alessandrogario
manu
04/07/2021, 9:56 AMtheopolis
SECURITY.md
file.seph
Jean M
04/09/2021, 12:53 PMjgamblin
04/11/2021, 4:26 PMalessandrogario
theopolis
Mike Myers
04/22/2021, 5:49 PMseph
Willi
04/26/2021, 3:01 PMtheopolis
theopolis
seph
[ 87%] Building CXX object osquery/events/CMakeFiles/osquery_events.dir/darwin/openbsm.cpp.o
/Users/seph/checkouts/osquery/osquery/osquery/events/darwin/endpointsecurity.cpp:179:35: error: no member named 'global_seq_num' in 'es_message_t'
ec->global_seq_num = message->global_seq_num;
~~~~~~~ ^
/Users/seph/checkouts/osquery/osquery/osquery/events/darwin/endpointsecurity.cpp:213:57: error: no member named 'cwd' in 'es_event_exec_t'
ec->cwd = getStringFromToken(&message->event.exec.cwd->path);
~~~~~~~~~~~~~~~~~~~ ^
2 errors generated.
allister
05/21/2021, 7:00 AMNico
06/04/2021, 6:07 AMNico
06/07/2021, 12:16 PMStefano Bonicatti
06/07/2021, 12:48 PMpuffycid
06/10/2021, 4:55 AMalessandrogario
theopolis
Do you want to get 7158 in?I kind of feel like we should merge the changelog then call 4.9.0. We can then merge the open/approved PRs as we get ready for 5.0.0.
theopolis
theopolis