untrusted comment: verify with openbsd-78-base.pub RWS3/nvFmk4SWXKYtGp3gBqnjxJdOYq0sMM1fNs3mgO+6ol9Pa4Th/RzEdRw6iP0Xm+QUAsJJdW0Gii0PCBZ6ErnUYBtH3GyjgE= OpenBSD 7.8 errata 030, April 14, 2026: A malicious RPKI Publication Server can cause an incorrect error exit. A malicious RRDP Publication Server can cause a NULL dereference. Apply by doing: signify -Vep /etc/signify/openbsd-78-base.pub -x 030_rpki.patch.sig \ -m - | (cd /usr/src && patch -p0) And then rebuild and install rpki-client: cd /usr/src/usr.sbin/rpki-client make obj make make install Index: usr.sbin/rpki-client/http.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v diff -u -p -r1.100 http.c --- usr.sbin/rpki-client/http.c 18 Sep 2025 15:40:22 -0000 1.100 +++ usr.sbin/rpki-client/http.c 12 Apr 2026 19:47:48 -0000 @@ -1380,9 +1380,14 @@ http_parse_header(struct http_connection cp = buf; /* empty line, end of header */ - if (*cp == '\0') + if (*cp == '\0') { + /* check consistency of header fields */ + if (http_isredirect(conn) && conn->redir_uri == NULL) { + warnx("%s: redirect with no location", conn->req->uri); + return -1; + } return 0; - else if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) { + } else if (strncasecmp(cp, CONTENTLEN, sizeof(CONTENTLEN) - 1) == 0) { cp += sizeof(CONTENTLEN) - 1; cp += strspn(cp, " \t"); conn->iosz = strtonum(cp, 0, MAX_CONTENTLEN, &errstr); Index: usr.sbin/rpki-client/x509.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/x509.c,v diff -u -p -r1.119 x509.c --- usr.sbin/rpki-client/x509.c 11 Sep 2025 08:21:00 -0000 1.119 +++ usr.sbin/rpki-client/x509.c 12 Apr 2026 19:48:05 -0000 @@ -308,8 +308,8 @@ x509_get_time(const ASN1_TIME *at, time_ return 0; if (!ASN1_TIME_to_tm(at, &tm)) return 0; - if ((*t = timegm(&tm)) == -1) - errx(1, "timegm failed"); + if ((*t = timegm(&tm)) < 0) + return 0; return 1; }