===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.143
retrieving revision 1.144
diff -u -r1.143 -r1.144
--- www/errata.html 1998/09/15 16:18:55 1.143
+++ www/errata.html 1998/11/10 19:12:16 1.144
@@ -14,16 +14,17 @@
![[OpenBSD]](images/smalltitle.gif)
-This is the OpenBSD 2.3 release errata & patch list:
+This is the OpenBSD 2.4 release errata & patch list:
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
+For 2.3 errata, please refer here.
-
+
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
@@ -33,303 +34,73 @@
All architectures
-
-- HARDWARE SUPPORT
-Some ATAPI cdroms which do not support the full mandatory command set,
-(e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver.
-A patch is
-
-available here.
-
-
-
- SECURITY FIX
-Chpass(1) has a file descriptor leak which allows an
-attacker to modify /etc/master.passwd.
-
-A source code patch exists which remedies this problem.
-
-
-
- RELIABILITY FIX
-Calling readv(2) with iov_len < 0 or > INT_MAX would result in a
-kernel panic. This is the third revision of this patch.
-
-A source code patch exists which remedies this problem.
-
-
-
- SECURITY FIX
-Inetd had a file descriptor leak. A patch is
-
-available here.
-
-
-
- BUG FIX
-As shipped, unionfs had some serious problems.
-
-A patch is available to solve this.
-
-
-
- SECURITY FIX
-Some non-allocated file descriptors have implied uses according to
-system libraries, and hence setuid and setgid processes should not
-be executed with these descriptors unallocated. A patch which forces
-setuid and setgid processes to have some descriptors in fd slots
-0, 1, and 2 is
-
-available here.
-
-
-
- SECURITY FIX
-Vulnerabilities have been found in the X11, Xt, Xaw and Xmu
-libraries. These affect xterm and all other setuid-root programs that
-use these libraries. The problems are associated with buffer overflows
-in code that processes user-supplied data. The Xt library problems
-include those fixed in TOG's recent public patch 3 for X11R6.3. All
-releases of XFree86 up to and including 3.3.2 patch 1 and the version
-distributed with OpenBSD are vulnerable to some or all of these
-problems.
-These problems are fixed in XFree86 patch 2.
-
-The 2nd source patch for these problems, specifically adapted to the
-OpenBSD 2.3 X11 tree, is available now.
-
-
-
- SECURITY FIX
-The kill(2) system call previously would permit a large set of signals to
-be delivered to setuid or setgid processes. If such processes were using
-those signals in dubious ways, this could have resulted in security
-problems of various kinds.
-
-The fourth revision of a source code patch which solves the problem is
-available.
-
-
-
- SECURITY FIX
-A possible new security problem exists if you rely on securelevels and
-immutable or append-only files or character devices. The fix does not
-permit mmap'ing of immutable or append-only files which are otherwise
-writeable, as the VM system will bypass the meaning of the file flags
-when writes happen to the file.
-
-A source code patch exists which remedies this problem.
-
-
-
- SECURITY FIX
-If IPSEC communication is attempted by starting photurisd(8) (which is
-disabled by default), a system crash may be evoked from remote if
-an attacker uses some classes of invalid packets.
-
-A source code patch exists which remedies this problem.
-
-
-
- SECURITY FIX
-As stated in CERT advisory VB-98.04, there are buffer
-overrun problems in xterm related to the input-Method,
-preeditType, and *Keymap resources. Additional buffer overruns exist in
-the Xaw library related to the inputMethod and
-preeditType resources. The xterm(1) problem represents a security
-vulnerability for any platform where xterm is installed setuid-root
-(as is the case for all OpenBSD platforms). The Xaw problem represents
-a security vulnerability for any setuid-root program that uses the Xaw
-library (including xterm). Patch1 from XFree86 3.3.2 corrects
-these problems.
-
-We provide a version of this patch file specifically for the OpenBSD 2.3 tree.
-We also provide tar files which replace the xterm(1) binary and the libXaw
-libraries on your system. These are expected to be extracted in
-/usr/X11R6 using the command
-"tar xvfpz Xawfix.tgz".
-The files are...
-i386,
-alpha,
-mac68k,
-
- mvme68k,
-hp300,
-sparc,
-pmax,
-and
-arc.
-
+
- No problems identified yet.
i386
-
-- RELIABILITY FIX
-The pctr(4) driver has bugs that permit any user to crash the machine,
-if the CPU is not an Intel CPU. This problem has been properly fixed
-since, but fixes are hard to apply to the 2.2 or 2.3 releases. To avoid
-the problem, recompile your kernel without the pctr(4) device driver.
-
-
- CORRUPTED FILE
-The CD version of the precompiled ghostscript package is corrupted and
-not installable. The correct file can be retrieved by FTP from:
-
-ftp://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz.
-Its checksums (obtained with cksum(1), md5(1) and
-sha1(1) respectively) are:
-
-- 725752890 3639338 ghostscript-5.10.tgz
-
- MD5 (ghostscript-5.10.tgz) = 3144ca814ad1965d671be2b7be3d3050
-
- SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c
+
- No problems identified yet.
-
-
-
- RELIABILITY FIX
-The pcvt(4) console driver has a bug that can cause some keyboard
-controllers to lock up when a key is pressed that toggles the status
-of a keyboard LED (scroll lock, caps lock, etc). The problem is
-generally intermittent and the keyboard can be "unlocked" by unplugging
-and plugging it back in.
-
-A source code patch exists which remedies this problem.
-
-
mac68k
- No problems identified yet.
-
sparc
amiga
-- MINOR INCOMPATIBILITY
-The AmigaOS patch
-PoolMem
-improves AmigaOS memory handling tremendously, but confuses loadbsd, which
-grabs less memory from the system than is available. To work around the
-problem, be sure to execute
-
- PoolMem remove
-
-right before running loadbsd. The next release of loadbsd will probably be
-PoolMem-aware.
-
+
- No problems identified yet.
pmax
-- RELEASE WARNING
-The XFree86 binary set shipped on the CD and FTP site are not the
-exact final set that we shipped for the other releases. A few minor
-changes, mostly in xdm(1) configuration, were made
-after those binaries were made. Patches for this might come out later.
-
-
- X11 RELEASE ERROR
-The XFree86 binary set was linked with an older version of the C
-library. To work around the problem, do the following as root.
-
-
-cd /usr/lib/
-
-ln -s libc.so.18.0 libc.so.17
+- No problems identified yet.
-
-
- X11 RELEASE ERROR
-The X11R5 server used in this port does not understand the default
-authorization types used by the X11R6 clients, which results in no
-clients being able to connect to the server. To fix this
-problem add the line below to /usr/X11R6/lib/X11/xdm/xdm-config.
-
-
-DisplayManager._0.authName: MIT-MAGIC-COOKIE-1
-
-
-
- INSTALLATION PROCESS FLAW
-The pmax install does not correctly install the boot block.
-To work around the problem, after the install program has finished, do
-the following (assuming scsi id 0):
-
-
-disklabel rz0 > /tmp/label
-
-disklabel -R -B rz0 /tmp/label
-
-
-
arc
-- RELEASE WARNING
-The XFree86 binary set shipped on the CD and FTP site are not the
-exact final set that we shipped for the other releases. A few minor
-changes, mostly in xdm(1) configuration, were made
-after those binaries were made. Patches for this might come out later.
-
-
- X11 RELEASE ERROR
-The XFree86 binary set was linked with an older version of the C
-library. To work around the problem, do the following as root.
-
-
-cd /usr/lib/
-
-ln -s libc.so.18.0 libc.so.17
+- No problems identified yet.
-
-
alpha
-- RELEASE WARNING
-When you start the install an upgrade option is advertised but
-there really is no such option.
-
+
- No problems identified yet.
hp300
-- RELEASE WARNING
-When you start the install an upgrade option is advertised but
-there really is no such option.
-
-
- RELEASE WARNING
-Unlabelled disks with weird geometries can panic the kernel.
-A fix will be made available when 2.3 is out.
-
+
- No problems identified yet.
mvme68k
- No problems identified yet.
-
powerpc
-- SECURITY FIX
-The powerpc release shipped on the OpenBSD 2.3 CD does not contain
-two late fixes applied late in the release cycle. The
-rmjob and
-uucpd patches should be applied to
-the system if those subsystems are used.
+ - No problems identified yet.
+
+
+
+
-
For 2.1 errata, please refer here.
For 2.2 errata, please refer here.
+For 2.3 errata, please refer here.
www@openbsd.org
-
$OpenBSD: errata.html,v 1.143 1998/09/15 16:18:55 deraadt Exp $
+
$OpenBSD: errata.html,v 1.144 1998/11/10 19:12:16 deraadt Exp $