All architectures
-
!
- Building an object tree from a read-only source tree (such as off a CDROM) ! may fail under certain circumstances (e.g. when creating a symlink on sparc ! whose target name is exactly 33 characters). As a workaround you have to ! either provide the source tree read/write, or install a newer version of ! /usr/bin/readlink. You wish to use ! ! revision 1.13 of usr.bin/readlink/readlink.c.
- IMPORTANT A combination localhost+remote host security problem exists if a local user running a setuid binary causes a non-existant root .rhosts file to be created via a symbolic link with a specific kind of corefile, --- 21,39 ----
All architectures
-
!
!
- SECURITY FIX
! If the sysctl variable net.inet.ip.forwarding is ! enabled (value 1), but the variable net.inet.ip.sourceroute ! is disabled (value 0), the kernel will still accept source routing packets ! itself. Our fix changes the net.inet.ip.sourceroute ! variable to mean that all block all source routed packets should be ! blocked completely. ! ! A kernel patch is provided. - SECURITY FIX
A combination localhost+remote host security problem exists if a local user running a setuid binary causes a non-existant root .rhosts file to be created via a symbolic link with a specific kind of corefile, *************** *** 43,56 ****-
! (1) Adds a new sysctl option which permits the adminstrator to decide
! whether setuid corefiles should be written or not.
- (2) Replaces the ruserok() function in libc with a much more paranoid version which can detect these bogus looking .rhosts files better. If the previous patch is used to stop setuid coredumps, then this patch is not ! as important.
This problem is fixed much better in OpenBSD-current, where the kernel's --- 46,59 ----
-
! (1) A kernel patch which adds a new sysctl option which permits the
! administrator to decide whether setuid corefiles should be written or not.
- (2) Replaces the ruserok() function in libc with a much more paranoid version which can detect these bogus looking .rhosts files better. If the previous patch is used to stop setuid coredumps, then this patch is not ! as important.
This problem is fixed much better in OpenBSD-current, where the kernel's *************** *** 58,68 **** create a file on the other side of a symbolic link. Such a patch is not possible for the 4.4lite1 VFS layer in the OpenBSD 2.2 kernel.
-
! (1) Adds a new sysctl option which permits the adminstrator to decide
! whether setuid corefiles should be written or not.
- SECURITY FIX
i386
-
!
- The Intel P5 F00F bug was discovered after the CDR's had already been sent to the manufacturer. This problem permits any user who has an account to lock your machine up using a 4-line program. The problem only affects Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable, --- 61,92 ---- create a file on the other side of a symbolic link. Such a patch is not possible for the 4.4lite1 VFS layer in the OpenBSD 2.2 kernel.
- SECURITY FIX
+ If you rely on the system securelevels as described in init(8), you + will want this fix. A bug in the vm system permits a file descriptor + opened read-only on a device, to later on be mmap(2)'d read-write, and + then modified. This does not result in a security hole by itself, but + it does violate the safety semantics which securelevels are supposed to + provide. + + A kernel patch is available which corrects this behaviour. ++
- BUILD PROCESS FIX
+ Building an object tree from a read-only source tree (such as off a CDROM) + may fail under certain circumstances (e.g. when creating a symlink on sparc + whose target name is exactly 33 characters). As a workaround you have to + either provide the source tree read/write, or install a newer version of + /usr/bin/readlink. + + A replacement source file exists. +
i386
-
!
- RELIABILITY FIX
! The Intel P5 F00F bug was discovered after the CDR's had already been sent to the manufacturer. This problem permits any user who has an account to lock your machine up using a 4-line program. The problem only affects Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable, *************** *** 70,86 **** A kernel source-code patch is available.!
- Some Linux binaries will execute in SVR4 emulation mode, which is
definately a problem for people who need Linux emulation to work correctly.
To solve this mis-identification problem,
! a patch file is provided.
!
- APM can crash on machines without it.
A kernel source-code patch is available.
!
- A few people are running into this problem, particularily if they had some
other *BSD operating system on their machine before trying OpenBSD: if after
installation onto an IDE-based machine, the kernel fails to mount the root
partition because it thinks that it should be opening sd0 (0x400), this means
--- 94,113 ----
A kernel source-code patch is available.
!
- FUNCTIONALITY FIX
! Some Linux binaries will execute in SVR4 emulation mode, which is definately a problem for people who need Linux emulation to work correctly. To solve this mis-identification problem, ! a patch file is provided.!
- RELIABILITY FIX
! APM can crash on machines without it. A kernel source-code patch is available.!
- INSTALLATION PROCESS FLAW
! A few people are running into this problem, particularily if they had some other *BSD operating system on their machine before trying OpenBSD: if after installation onto an IDE-based machine, the kernel fails to mount the root partition because it thinks that it should be opening sd0 (0x400), this means *************** *** 93,108 **** mac68k
-
!
- Unfortunately, X11 binaries for the mac68k did not manage to make it onto the
CDROM. However, X11 for the mac68k is immediately available from
ftp://ftp.OpenBSD.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz. Please
be sure to read the README file also in that directory for instructions on installing
and setting up X.
!
- As shipped on the CDROM, both the generic kernel and the ! genericsbc kernel extract themselves into the wrong place in the filesystem. Both should extract a kernel named /bsd, but they extract the kernel into /usr/src/sys/arch/mac68k/compile instead.
mac68k
-
!
- NEW SOFTWARE
! Unfortunately, X11 binaries for the mac68k did not manage to make it onto the CDROM. However, X11 for the mac68k is immediately available from ftp://ftp.OpenBSD.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz. Please be sure to read the README file also in that directory for instructions on installing and setting up X.!
- INSTALLATION PROCESS FLAW
! As shipped on the CDROM, both the ! ! generic kernel ! and the ! genericsbc kernel ! extract themselves into the wrong place in the filesystem. Both should extract a kernel named /bsd, but they extract the kernel into /usr/src/sys/arch/mac68k/compile instead. sparc
-
!
- Older 4/xxx systems (particularily the 4/300's) cannot boot with the 2.2 kernel due to bugs in the scsi device driver. ! A kernel source patch is available. Replacement kernels are available for: bsd, bsd.scsi3, and a replacement for bsd.rd is coming soon.
- SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when
using a custom kernel configured for option sun4m only.
! A workaround (kernel source patch) is available. Apply the patch and
then re-build your kernel.
amiga
-
!
- Missing Xamiga manual page. Get
this package and execute, as root:
# pkg_add Xamiga-manual.tgz
The MD5 checksum of this package is:
MD5 (Xamiga-manual.tgz) = 2362a7857264b9d17f65cca258b42031!
- The Ariadne ethernet support was broken, there will be both binary and
source level fixes available shortly. If you are in a hurry mail
Niklas for a test kernel.
- Missing Xamiga manual page. Get
this package and execute, as root:
pmax
-
!
- There is a Year-1998 problem in the time-setting code (which causes the
date and time to be set incorrectly after a reboot in 1998).
! A source code patch file is available. plus replacement installation
kernels for the 2.2 release at
bsd.NFS,
bsd,
bsd.rz0.
!
- X11 support for the 3min and 3maxplus machines was broken
due to a kernel bug.
A source code patch is available.
!
- A bug in the shared library linker ld.so requires that
you replace it with a new binary.
! The replacement binary is here.
- There is a Year-1998 problem in the time-setting code (which causes the
date and time to be set incorrectly after a reboot in 1998).
! A source code patch file is available. plus replacement installation
kernels for the 2.2 release at
bsd.NFS,
bsd,
bsd.rz0.
arc
-
!
- A bug in the shared library linker ld.so requires that
! you replace it with a new binary.
! The replacement binary is here.
- A bug in the shared library linker ld.so requires that
! you replace it with a new binary.
! The replacement binary is here.
alpha
--- 154,227 ----sparc
-
!
- RELIABILITY FIX
! Older 4/xxx systems (particularily the 4/300's) cannot boot with the 2.2 kernel due to bugs in the scsi device driver. ! A kernel source patch is available. Replacement kernels are available for: bsd, bsd.scsi3, and a replacement for bsd.rd is coming soon. - RELIABILITY FIX
! SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when using a custom kernel configured for option sun4m only. ! A workaround (kernel source patch) is available. Apply the patch and then re-build your kernel.
- RELIABILITY FIX
amiga
-
!
- FUNCTIONALITY FIX
! Missing Xamiga manual pages. Get this package and execute, as root:
# pkg_add Xamiga-manual.tgz
The MD5 checksum of this package is:
MD5 (Xamiga-manual.tgz) = 2362a7857264b9d17f65cca258b42031!
- FUNCTIONALITY FIX
! The Ariadne ethernet support was broken, there will be both binary and source level fixes available shortly. If you are in a hurry mail Niklas for a test kernel.
- FUNCTIONALITY FIX
pmax
-
!
- FUNCTIONALITY FIX
! There is a Year-1998 problem in the time-setting code (which causes the date and time to be set incorrectly after a reboot in 1998). ! A source code patch file is available plus replacement installation kernels for the 2.2 release at bsd.NFS, bsd, bsd.rz0.!
- FUNCTIONALITY FIX
! X11 support for the 3min and 3maxplus machines was broken due to a kernel bug. A source code patch is available.!
- SECURITY FIX
! A security problem in the shared library linker ld.so requires that you replace it with a new binary. ! The replacement binary is here.
- FUNCTIONALITY FIX
arc
-
!
- SECURITY FIX
! A security problem in the shared library linker ld.so requires ! that you replace it with a new binary. ! The replacement binary is here.
- SECURITY FIX
alpha
*************** *** 381,387 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.71 1998/02/16 00:59:46 gene Exp $
- NEW SOFTWARE
- Unfortunately, X11 binaries for the mac68k did not manage to make it onto the
CDROM. However, X11 for the mac68k is immediately available from
ftp://ftp.OpenBSD.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz. Please
be sure to read the README file also in that directory for instructions on installing
and setting up X.
- RELIABILITY FIX