untrusted comment: verify with openbsd-71-base.pub

untrusted comment: verify with openbsd-71-base.pub
RWR2eHwZTOEiTS8/oycrv3/a2O3J/+mxg8QpViqEDhjTodCxJRd7F7yh9fMkRaTZM5aq2gLehr0GwuNWguU0Pt8cZSc2eY/D9wQ=

OpenBSD 7.1 errata 014, November 26, 2022:

A crafted TCP query from localhost could crash the unwind(8) daemon.

Apply by doing:
signify -Vep /etc/signify/openbsd-71-base.pub -x 014_unwind.patch.sig \
-m - | (cd /usr/src && patch -p0)

And then rebuild and install unwind:
cd /usr/src/sbin/unwind
make obj
make
make install

Index: sbin/unwind/frontend.c
===================================================================
RCS file: /cvs/src/sbin/unwind/frontend.c,v
diff -u -p -r1.73 frontend.c
--- sbin/unwind/frontend.c 13 Mar 2022 15:14:01 -0000 1.73
+++ sbin/unwind/frontend.c 23 Nov 2022 18:08:53 -0000
@@ -63,6 +63,7 @@
#include "control.h"
#include "dns64_synth.h"

+#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
#define ROUTE_SOCKET_BUF_SIZE 16384

/*
@@ -1699,6 +1700,7 @@ tcp_request(int fd, short events, void *

if (sldns_buffer_position(pq->qbuf) >= 2 && !pq->abuf) {
struct sldns_buffer *tmp;
+ size_t rem;
uint16_t len;

sldns_buffer_flip(pq->qbuf);
@@ -1709,8 +1711,9 @@ tcp_request(int fd, short events, void *
if (!tmp || !pq->abuf)
goto fail;

+ rem = sldns_buffer_remaining(pq->qbuf);
sldns_buffer_write(tmp, sldns_buffer_current(pq->qbuf),
- sldns_buffer_remaining(pq->qbuf));
+ MINIMUM(len, rem));
sldns_buffer_free(pq->qbuf);
pq->qbuf = tmp;
}