14:31:05 Hello all! Since I couldn't find any existing one on Threema, I have just created the group "illumos @ FOSDEM 2025" there. If you are coming to FOSDEM, feel free to send me your Threema ID hereo or privately via PM. I will also mail to discuss⊙lio later today. I will add everyone who request it, no questions asked. 18:08:39 [illumos-gate] 17114 ndmpstat: impossible condition -- Toomas Soome 18:51:22 [illumos-gate] 17125 xge: replace divide condition -- Toomas Soome 20:40:25 it's unclear from the writeup linked from https://www.cve.org/CVERecord?id=CVE-2024-26317 if they ever reported this to you 20:41:30 but also, if you've not kept up with the upstream CVE's from Mozilla/NSS, there's probably more lurking in the crypto code from NSS copied into the gate 20:43:14 danmcd: one for you 20:59:16 danmcd: (not even cos you're a security contact, which I forgot, but because you're not scared of the math) 21:08:44 or I suspect alex (if he has the bw)... 21:23:15 I've not seen that @alanc 21:23:17 Pls hold. 21:24:22 (Dammit, iPhone is rebooting with iOS update which means no 2fa at the moment which means no VINCE...) 21:29:38 Okay... have not heard about this AFAICT. 21:30:01 our common/crypto/ecc has number of "unsigned is never less than zero" issues as well. 21:47:20 tsoome: These are like compiler hiccups though, not "incorrect algorithm" things, right? 21:48:25 these are the code checking whether unsigned foo < 0 21:48:34 so something, somewhere, has gone wrong thinking 21:51:07 I think this goes back to: 21:51:09 http://blog.intothesymmetry.com/2017/08/cve-2017-7781cve-2017-10176-issue-with.html 21:53:43 https://rashidkhanpathan.github.io/posts/CVE-2024-26317-Elliptic-curve-point-addition-error/ 21:53:52 is the summary for illumos-gate. 21:57:26 I have the code-patch in place, but I have to go offline. I'm building -gate in the background right now with the suggested fix. We problably should update usr/src/test/crypto too if possible.