===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.143
retrieving revision 1.144
diff -c -r1.143 -r1.144
*** www/errata.html 1998/09/15 16:18:55 1.143
--- www/errata.html 1998/11/10 19:12:16 1.144
***************
*** 14,29 ****
! This is the OpenBSD 2.3 release errata & patch list:
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
--- 14,30 ----
! This is the OpenBSD 2.4 release errata & patch list:
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
+ For 2.3 errata, please refer here.
!
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
***************
*** 33,335 ****
All architectures
!
! - HARDWARE SUPPORT
! Some ATAPI cdroms which do not support the full mandatory command set,
! (e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver.
! A patch is
!
! available here.
!
!
!
- SECURITY FIX
! Chpass(1) has a file descriptor leak which allows an
! attacker to modify /etc/master.passwd.
!
! A source code patch exists which remedies this problem.
!
!
!
- RELIABILITY FIX
! Calling readv(2) with iov_len < 0 or > INT_MAX would result in a
! kernel panic. This is the third revision of this patch.
!
! A source code patch exists which remedies this problem.
!
!
!
- SECURITY FIX
! Inetd had a file descriptor leak. A patch is
!
! available here.
!
!
!
- BUG FIX
! As shipped, unionfs had some serious problems.
!
! A patch is available to solve this.
!
!
!
- SECURITY FIX
! Some non-allocated file descriptors have implied uses according to
! system libraries, and hence setuid and setgid processes should not
! be executed with these descriptors unallocated. A patch which forces
! setuid and setgid processes to have some descriptors in fd slots
! 0, 1, and 2 is
!
! available here.
!
!
!
- SECURITY FIX
! Vulnerabilities have been found in the X11, Xt, Xaw and Xmu
! libraries. These affect xterm and all other setuid-root programs that
! use these libraries. The problems are associated with buffer overflows
! in code that processes user-supplied data. The Xt library problems
! include those fixed in TOG's recent public patch 3 for X11R6.3. All
! releases of XFree86 up to and including 3.3.2 patch 1 and the version
! distributed with OpenBSD are vulnerable to some or all of these
! problems.
! These problems are fixed in XFree86 patch 2.
!
! The 2nd source patch for these problems, specifically adapted to the
! OpenBSD 2.3 X11 tree, is available now.
!
!
!
- SECURITY FIX
! The kill(2) system call previously would permit a large set of signals to
! be delivered to setuid or setgid processes. If such processes were using
! those signals in dubious ways, this could have resulted in security
! problems of various kinds.
!
! The fourth revision of a source code patch which solves the problem is
! available.
!
!
!
- SECURITY FIX
! A possible new security problem exists if you rely on securelevels and
! immutable or append-only files or character devices. The fix does not
! permit mmap'ing of immutable or append-only files which are otherwise
! writeable, as the VM system will bypass the meaning of the file flags
! when writes happen to the file.
!
! A source code patch exists which remedies this problem.
!
!
!
- SECURITY FIX
! If IPSEC communication is attempted by starting photurisd(8) (which is
! disabled by default), a system crash may be evoked from remote if
! an attacker uses some classes of invalid packets.
!
! A source code patch exists which remedies this problem.
!
!
!
- SECURITY FIX
! As stated in CERT advisory VB-98.04, there are buffer
! overrun problems in xterm related to the input-Method,
! preeditType, and *Keymap resources. Additional buffer overruns exist in
! the Xaw library related to the inputMethod and
! preeditType resources. The xterm(1) problem represents a security
! vulnerability for any platform where xterm is installed setuid-root
! (as is the case for all OpenBSD platforms). The Xaw problem represents
! a security vulnerability for any setuid-root program that uses the Xaw
! library (including xterm). Patch1 from XFree86 3.3.2 corrects
! these problems.
!
! We provide a version of this patch file specifically for the OpenBSD 2.3 tree.
! We also provide tar files which replace the xterm(1) binary and the libXaw
! libraries on your system. These are expected to be extracted in
! /usr/X11R6 using the command
! "tar xvfpz Xawfix.tgz".
! The files are...
! i386,
! alpha,
! mac68k,
!
! mvme68k,
! hp300,
! sparc,
! pmax,
! and
! arc.
!
i386
!
! - RELIABILITY FIX
! The pctr(4) driver has bugs that permit any user to crash the machine,
! if the CPU is not an Intel CPU. This problem has been properly fixed
! since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid
! the problem, recompile your kernel without the pctr(4) device driver.
!
!
- CORRUPTED FILE
! The CD version of the precompiled ghostscript package is corrupted and
! not installable. The correct file can be retrieved by FTP from:
!
! ftp://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz.
! Its checksums (obtained with cksum(1), md5(1) and
! sha1(1) respectively) are:
!
! - 725752890 3639338 ghostscript-5.10.tgz
!
- MD5 (ghostscript-5.10.tgz) = 3144ca814ad1965d671be2b7be3d3050
!
- SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c
-
-
-
- RELIABILITY FIX
- The pcvt(4) console driver has a bug that can cause some keyboard
- controllers to lock up when a key is pressed that toggles the status
- of a keyboard LED (scroll lock, caps lock, etc). The problem is
- generally intermittent and the keyboard can be "unlocked" by unplugging
- and plugging it back in.
-
- A source code patch exists which remedies this problem.
-
-
mac68k
- No problems identified yet.
-
sparc
amiga
! - MINOR INCOMPATIBILITY
! The AmigaOS patch
! PoolMem
! improves AmigaOS memory handling tremendously, but confuses loadbsd, which
! grabs less memory from the system than is available. To work around the
! problem, be sure to execute
!
! PoolMem remove
!
! right before running loadbsd. The next release of loadbsd will probably be
! PoolMem-aware.
!
pmax
! - RELEASE WARNING
! The XFree86 binary set shipped on the CD and FTP site are not the
! exact final set that we shipped for the other releases. A few minor
! changes, mostly in xdm(1) configuration, were made
! after those binaries were made. Patches for this might come out later.
!
!
- X11 RELEASE ERROR
! The XFree86 binary set was linked with an older version of the C
! library. To work around the problem, do the following as root.
!
!
! cd /usr/lib/
!
! ln -s libc.so.18.0 libc.so.17
-
-
- X11 RELEASE ERROR
- The X11R5 server used in this port does not understand the default
- authorization types used by the X11R6 clients, which results in no
- clients being able to connect to the server. To fix this
- problem add the line below to /usr/X11R6/lib/X11/xdm/xdm-config.
-
-
- DisplayManager._0.authName: MIT-MAGIC-COOKIE-1
-
-
-
- INSTALLATION PROCESS FLAW
- The pmax install does not correctly install the boot block.
- To work around the problem, after the install program has finished, do
- the following (assuming scsi id 0):
-
-
- disklabel rz0 > /tmp/label
-
- disklabel -R -B rz0 /tmp/label
-
-
-
arc
! - RELEASE WARNING
! The XFree86 binary set shipped on the CD and FTP site are not the
! exact final set that we shipped for the other releases. A few minor
! changes, mostly in xdm(1) configuration, were made
! after those binaries were made. Patches for this might come out later.
!
!
- X11 RELEASE ERROR
! The XFree86 binary set was linked with an older version of the C
! library. To work around the problem, do the following as root.
!
!
! cd /usr/lib/
!
! ln -s libc.so.18.0 libc.so.17
-
-
alpha
! - RELEASE WARNING
! When you start the install an upgrade option is advertised but
! there really is no such option.
!
hp300
! - RELEASE WARNING
! When you start the install an upgrade option is advertised but
! there really is no such option.
!
!
- RELEASE WARNING
! Unlabelled disks with weird geometries can panic the kernel.
! A fix will be made available when 2.3 is out.
!
mvme68k
- No problems identified yet.
-
powerpc
! - SECURITY FIX
! The powerpc release shipped on the OpenBSD 2.3 CD does not contain
! two late fixes applied late in the release cycle. The
! rmjob and
! uucpd patches should be applied to
! the system if those subsystems are used.
-
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
www@openbsd.org
!
$OpenBSD: errata.html,v 1.143 1998/09/15 16:18:55 deraadt Exp $