=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.143 retrieving revision 1.144 diff -c -r1.143 -r1.144 *** www/errata.html 1998/09/15 16:18:55 1.143 --- www/errata.html 1998/11/10 19:12:16 1.144 *************** *** 14,29 ****

! This is the OpenBSD 2.3 release errata & patch list:

For 2.1 errata, please refer here.
For 2.2 errata, please refer here.

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. --- 14,30 ----

! This is the OpenBSD 2.4 release errata & patch list:

For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
+ For 2.3 errata, please refer here.

! You can also fetch a tar.gz file containing all the following patches. This file is updated once a day. *************** *** 33,335 ****

All architectures

HARDWARE SUPPORT
! Some ATAPI cdroms which do not support the full mandatory command set, ! (e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver. ! A patch is ! ! available here. !
! !
SECURITY FIX
! Chpass(1) has a file descriptor leak which allows an ! attacker to modify /etc/master.passwd. ! ! A source code patch exists which remedies this problem. !
! !
RELIABILITY FIX
! Calling readv(2) with iov_len < 0 or > INT_MAX would result in a ! kernel panic. This is the third revision of this patch. ! ! A source code patch exists which remedies this problem. !
! !
SECURITY FIX
! Inetd had a file descriptor leak. A patch is ! ! available here. !
! !
BUG FIX
! As shipped, unionfs had some serious problems. ! ! A patch is available to solve this. !
! !
SECURITY FIX
! Some non-allocated file descriptors have implied uses according to ! system libraries, and hence setuid and setgid processes should not ! be executed with these descriptors unallocated. A patch which forces ! setuid and setgid processes to have some descriptors in fd slots ! 0, 1, and 2 is ! ! available here. !
! !
SECURITY FIX
! Vulnerabilities have been found in the X11, Xt, Xaw and Xmu ! libraries. These affect xterm and all other setuid-root programs that ! use these libraries. The problems are associated with buffer overflows ! in code that processes user-supplied data. The Xt library problems ! include those fixed in TOG's recent public patch 3 for X11R6.3. All ! releases of XFree86 up to and including 3.3.2 patch 1 and the version ! distributed with OpenBSD are vulnerable to some or all of these ! problems. ! These problems are fixed in XFree86 patch 2. ! ! The 2nd source patch for these problems, specifically adapted to the ! OpenBSD 2.3 X11 tree, is available now. !
! !
SECURITY FIX
! The kill(2) system call previously would permit a large set of signals to ! be delivered to setuid or setgid processes. If such processes were using ! those signals in dubious ways, this could have resulted in security ! problems of various kinds. ! ! The fourth revision of a source code patch which solves the problem is ! available. !
! !
SECURITY FIX
! A possible new security problem exists if you rely on securelevels and ! immutable or append-only files or character devices. The fix does not ! permit mmap'ing of immutable or append-only files which are otherwise ! writeable, as the VM system will bypass the meaning of the file flags ! when writes happen to the file. ! ! A source code patch exists which remedies this problem. !
! !
SECURITY FIX
! If IPSEC communication is attempted by starting photurisd(8) (which is ! disabled by default), a system crash may be evoked from remote if ! an attacker uses some classes of invalid packets. ! ! A source code patch exists which remedies this problem. !
! !
SECURITY FIX
! As stated in CERT advisory VB-98.04, there are buffer ! overrun problems in xterm related to the input-Method, ! preeditType, and *Keymap resources. Additional buffer overruns exist in ! the Xaw library related to the inputMethod and ! preeditType resources. The xterm(1) problem represents a security ! vulnerability for any platform where xterm is installed setuid-root ! (as is the case for all OpenBSD platforms). The Xaw problem represents ! a security vulnerability for any setuid-root program that uses the Xaw ! library (including xterm). Patch1 from XFree86 3.3.2 corrects ! these problems. ! ! We provide a version of this patch file specifically for the OpenBSD 2.3 tree. ! We also provide tar files which replace the xterm(1) binary and the libXaw ! libraries on your system. These are expected to be extracted in ! /usr/X11R6 using the command ! "tar xvfpz Xawfix.tgz". ! The files are... ! i386, ! alpha, ! mac68k, ! ! mvme68k, ! hp300, ! sparc, ! pmax, ! and ! arc. !

i386

RELIABILITY FIX
! The pctr(4) driver has bugs that permit any user to crash the machine, ! if the CPU is not an Intel CPU. This problem has been properly fixed ! since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid ! the problem, recompile your kernel without the pctr(4) device driver. !
!
CORRUPTED FILE
! The CD version of the precompiled ghostscript package is corrupted and ! not installable. The correct file can be retrieved by FTP from: ! ! ftp://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz. ! Its checksums (obtained with cksum(1), md5(1) and ! sha1(1) respectively) are: !
- 725752890 3639338 ghostscript-5.10.tgz !
- MD5 (ghostscript-5.10.tgz) = 3144ca814ad1965d671be2b7be3d3050 !
- SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c
-
- -
RELIABILITY FIX
- The pcvt(4) console driver has a bug that can cause some keyboard - controllers to lock up when a key is pressed that toggles the status - of a keyboard LED (scroll lock, caps lock, etc). The problem is - generally intermittent and the keyboard can be "unlocked" by unplugging - and plugging it back in. - - A source code patch exists which remedies this problem. -
-

mac68k

No problems identified yet. -

sparc

RELIABILITY FIX
! The 2.3 release does not run reliably on the sun4m LX/LC machines ! (ie. Sparc Classic). ! ! A source code patch exists which remedies this problem. ! Two kernels which replace the ones in the release are also provided: ! bsd and ! bsd.scsi3. ! Other replacements for the 2.3 install tools are ! also available. !

amiga

MINOR INCOMPATIBILITY
! The AmigaOS patch ! PoolMem ! improves AmigaOS memory handling tremendously, but confuses loadbsd, which ! grabs less memory from the system than is available. To work around the ! problem, be sure to execute !
```
!     PoolMem remove
! 
```
! right before running loadbsd. The next release of loadbsd will probably be ! PoolMem-aware. !

pmax

RELEASE WARNING
! The XFree86 binary set shipped on the CD and FTP site are not the ! exact final set that we shipped for the other releases. A few minor ! changes, mostly in xdm(1) configuration, were made ! after those binaries were made. Patches for this might come out later. !
!
X11 RELEASE ERROR
! The XFree86 binary set was linked with an older version of the C ! library. To work around the problem, do the following as root. !
!
-
-
X11 RELEASE ERROR
- The X11R5 server used in this port does not understand the default - authorization types used by the X11R6 clients, which results in no - clients being able to connect to the server. To fix this - problem add the line below to /usr/X11R6/lib/X11/xdm/xdm-config. -
-
-
-
INSTALLATION PROCESS FLAW
- The pmax install does not correctly install the boot block. - To work around the problem, after the install program has finished, do - the following (assuming scsi id 0): -
-
-
-

arc

RELEASE WARNING
! The XFree86 binary set shipped on the CD and FTP site are not the ! exact final set that we shipped for the other releases. A few minor ! changes, mostly in xdm(1) configuration, were made ! after those binaries were made. Patches for this might come out later. !
!
X11 RELEASE ERROR
! The XFree86 binary set was linked with an older version of the C ! library. To work around the problem, do the following as root. !
!
-
-

alpha

RELEASE WARNING
! When you start the install an upgrade option is advertised but ! there really is no such option. !

hp300

RELEASE WARNING
! When you start the install an upgrade option is advertised but ! there really is no such option. !
!
RELEASE WARNING
! Unlabelled disks with weird geometries can panic the kernel. ! A fix will be made available when 2.3 is out. !

mvme68k

No problems identified yet. -

powerpc

SECURITY FIX
! The powerpc release shipped on the OpenBSD 2.3 CD does not contain ! two late fixes applied late in the release cycle. The ! rmjob and ! uucpd patches should be applied to ! the system if those subsystems are used.