=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.92 retrieving revision 1.93 diff -c -r1.92 -r1.93 *** www/errata.html 1998/04/22 14:55:30 1.92 --- www/errata.html 1998/04/23 14:28:13 1.93 *************** *** 14,299 **** [OpenBSD]

! This is the OpenBSD 2.2 release errata & patch list:

All architectures
- SECURITY FIX
  ! An exploitable buffer mismanagement exists in a subroutine used by ! lprm and lpd. The problem is exploitable by users on a particular ! machine if there is an entry in /etc/printcap which ! points at a remote printer. ! ! A patch is available which corrects this behaviour.
  - -
- SECURITY FIX
  - A DNS-based vulnerability exists when uucpd is used. By default uucpd - is not enabled in the OpenBSD releases, but some sites may have enabled it. - - A patch is available which corrects this behaviour. -
  - -
- SECURITY FIX
  - A vulnerability exists when (and only when) /etc/named.conf has the - fake-iquery option enabled. - - A patch is available which corrects this behaviour. -
  - -
- SECURITY FIX
  - A vulnerability exists in ping(8); if the -R option is used to record - routes, an attacker can spoof a reply packet that will overflow inside - ping. Preliminary investigation makes it look the worst attack - possible is to make ping crash, but one never knows... - - A patch is available which corrects this behaviour. -
  - -
- SECURITY FIX
  - If the sysctl variable net.inet.ip.forwarding is - enabled (value 1), but the variable net.inet.ip.sourceroute - is disabled (value 0), the kernel will block source routed packets from - going through, but will still accept source routing packets destined for - itself. Our fix changes the net.inet.ip.sourceroute - variable semantics to mean that all source routed packets should - be blocked completely. - - A kernel patch is provided. -
  - -
- SECURITY FIX
  - A combination localhost+remote host security problem exists if a - local user running a setuid binary causes a non-existant root .rhosts - file to be created via a symbolic link with a specific kind of corefile, - and then subsequently uses rsh/rlogin to enter the machine from remote. - A similar exploit might also be possible using sshd which lacks any code - for checking for deviations from the expected format in the .rhosts or - .shosts files, but we have not confirmed this yet. The following two - fixes are recommended: -
  -
  - - - (1) A kernel patch which adds a new sysctl option which permits the - administrator to decide whether setuid corefiles should be written or not. -
    -
  - - (2) Replaces the libc ruserok() function with a more paranoid - version which detects bogus looking .rhosts files better.
  -
  - If the - first patch is used to stop setuid coredumps, then the second patch is - not as important. - This problem is fixed much better in OpenBSD-current, where the kernel's - symbolic link handling has been improved such that coredumping will not - create a file on the other side of a symbolic link. Such a patch is not - possible for the 4.4lite1 VFS layer in the OpenBSD 2.2 kernel.
  - The problem with the ruserok() function appears to also exist in - ssh 1.2.21 and previous (the ssh people have been alerted). -
  - -
- SECURITY FIX
  - A bug in the vm system permits a file descriptor opened read-only on a - device, to later on be mmap(2)'d read-write, and then modified. This - does not result in a security hole by itself, but it does violate the - safety semantics which securelevels are supposed to provide. If a user - manages to gain kmem group permissions, using this problem they can then - gain root trivially and/or turn securelevels off. - - A kernel patch is available which corrects this behaviour (this is - revision 3 of this patch). -
  -
- BUILD PROCESS FIX
  - Building an object tree from a read-only source tree (such as off a CDROM) - may fail under certain circumstances (e.g. when creating a symlink on sparc - whose target name is exactly 33 characters). As a workaround you have to - either provide the source tree read/write, or install a newer version of - /usr/bin/readlink. - - A replacement source file exists. -
  - -
- SECURITY FIX
  - If a line in /etc/exports which contains hostnames results in an empty - list because none of the supplied hostnames is known, mountd(8) will - accidentally export the filesystem to the world. - - A patch is available which corrects this behaviour. -
  -
- RELIABILITY FIX
  - Setting the MSG_EOR flag on a tcp packet in the send(2) family of - system calls could cause a kernel panic. - - A patch to return EINVAL in this case is available. -
  -
i386
- RELIABILITY FIX
  ! The Intel P5 F00F bug was discovered after the CDR's had already been ! sent to the manufacturer. This problem permits any user who has an account ! to lock your machine up using a 4-line program. The problem only affects ! Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable, ! nor are processors by other manufacturers). ! ! A kernel source-code patch is available.
  -
- FUNCTIONALITY FIX
  - Some Linux binaries will execute in SVR4 emulation mode, which is - definately a problem for people who need Linux emulation to work correctly. - To solve this mis-identification problem, - - a patch file is provided. -
  -
- RELIABILITY FIX
  - APM can crash on machines without it. - - A kernel source-code patch is available. -
  -
- INSTALLATION PROCESS FLAW
  - A few people are running into this problem, particularily if they had some - other *BSD operating system on their machine before trying OpenBSD: if after - installation onto an IDE-based machine, the kernel fails to mount the root - partition because it thinks that it should be opening sd0 (0x400), this means - you have incorrectly setup your disklabel for the IDE drive -- the disklabel - is indicating that the drive is SCSI. - To repair this, use the floppy to run "disklabel -E wd0", then using the - "edit" command ensure the type field is set to "ST506". -
mac68k
- NEW SOFTWARE
  ! Unfortunately, X11 binaries for the mac68k did not manage to make it onto the ! CDROM. However, X11 for the mac68k is immediately available from ! ! ftp://ftp.OpenBSD.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz. Please ! be sure to read the README file also in that directory for instructions on installing ! and setting up X.
  -
- INSTALLATION PROCESS FLAW
  - As shipped on the CDROM, both the - - generic kernel - and the - - genericsbc kernel - extract themselves into the wrong place in the filesystem. - Both should extract a kernel named /bsd, but they extract - the kernel into /usr/src/sys/arch/mac68k/compile instead. -
  - This has been fixed on the ftp release of OpenBSD 2.2, and - fresh kernels are available from - ftp://ftp.OpenBSD.ORG/pub/OpenBSD/2.2/mac68k/. If at all possible, - installing these kernels is recommended. -
  - A number of possible workarounds exist if you don't have easy access to ftp - the updated kernels. The simplest of these is to use a - MacOS program to uncompress and untar the kernel aad use the Installer's - mini-shell to "cpin" the kernel. Alternately, you could install the kernel - with the Installer and use the mini-shell to move the binary from /usr/src/... to /bsd. -
sparc
- RELIABILITY FIX
  ! Older 4/xxx systems (particularily the 4/300's) cannot boot ! with the 2.2 kernel due to bugs in the scsi device driver. ! ! A kernel source patch is available. ! Replacement kernels are available for: ! bsd, ! bsd.scsi3, ! and a replacement for bsd.rd is coming soon.
  - -
- RELIABILITY FIX
  - SPARCstation 4 and 5 (Microsparc 2) users may see kernel panics when - using a custom kernel configured for option sun4m only. - - A workaround (kernel source patch) is available. Apply the patch and - then re-build your kernel. -
amiga
-
- FUNCTIONALITY FIX
  ! Missing Xamiga manual pages. Get ! ! this package and execute, as root:
  ! # pkg_add Xamiga-manual.tgz
  ! The MD5 checksum of this package is:
  ! MD5 (Xamiga-manual.tgz) = 2362a7857264b9d17f65cca258b42031
  !
- FUNCTIONALITY FIX
  ! The Ariadne ethernet support was broken, there will be both binary and ! source level fixes available shortly. If you are in a hurry mail ! Niklas for a test kernel.
pmax
- FUNCTIONALITY FIX
  ! There is a Year-1998 problem in the time-setting code (which causes the ! date and time to be set incorrectly after a reboot in 1998). ! ! A source code patch file is available plus replacement installation ! kernels for the 2.2 release at ! bsd.NFS, ! bsd, ! bsd.rz0.
  -
- FUNCTIONALITY FIX
  - X11 support for the 3min and 3maxplus machines was broken - due to a kernel bug. - - A source code patch is available. -
  - -
- SECURITY FIX
  - A security problem in the shared library linker ld.so - requires that you replace it with a new binary. The following binary - will work on both pmax and arc machines. - - The replacement binary is here. -
arc
- SECURITY FIX
  ! A security problem in the shared library linker ld.so requires ! that you replace it with a new binary. The following binary ! will work on both pmax and arc machines. ! ! The replacement binary is here.
alpha
-
- MISSING FUNCTIONALITY
  ! Network Address Translation and other parts of IP Filtering to not work ! on the alpha. This will be fixed in the 2.3 release, and perhaps earlier ! in a snapshot. There is no patch for 2.2.
hp300
- No problems identified yet.
mvme68k
- No problems identified yet. --- 14,79 ----
  ! This is the OpenBSD 2.3 release errata & patch list:
  - All architectures
    - No problems identified yet.
  - i386
    - No problems identified yet.
  - mac68k
    - No problems identified yet.
  - sparc
    - No problems identified yet.
    +
  - amiga
    - No problems identified yet. !
  - pmax
    - No problems identified yet.
  - arc
    - No problems identified yet.
    +
  - alpha
    - No problems identified yet.
    +
  - hp300
    - No problems identified yet.
    +
  - mvme68k
    - No problems identified yet. *************** *** 303,313 ****
      
      ! For 2.1 errata, please refer here.
      www@openbsd.org !
      $OpenBSD: errata.html,v 1.92 1998/04/22 14:55:30 deraadt Exp $ --- 83,94 ----
      
      ! For 2.1 errata, please refer here.
      ! For 2.2 errata, please refer here.
      
      www@openbsd.org !
      $OpenBSD: errata.html,v 1.93 1998/04/23 14:28:13 deraadt Exp $

! This is the OpenBSD 2.2 release errata & patch list:

All architectures

i386

mac68k

sparc

amiga

pmax

arc

alpha

hp300

mvme68k

! This is the OpenBSD 2.3 release errata & patch list: