www/errata.html - diff

Return to errata.html CVS log

Up to [local] / www

Diff for /www/errata.html between version 1.231 and 1.232

-version 1.231, 2000/05/16 20:28:59
+version 1.232, 2000/05/19 20:04:52
 Line 1
 Line 1
 Line 1
  <!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
  <html>
  <head>
- <title>OpenBSD release errata</title>
+ <title>OpenBSD 2.7 errata</title>
  <link rev=made href=mailto:www@openbsd.org>
  <meta name="resource-type" content="document">
  <meta name="description" content="the OpenBSD CD errata page">
 Line 14
 Line 14
 Line 14
  <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
  <h2><font color=#0000e0>
- This is the OpenBSD 2.6 release errata &amp; patch list:
+ This is the OpenBSD 2.7 release errata &amp; patch list:
  </font></h2>
 Line 24
 Line 24
 Line 24
  <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
  <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
  <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
+ <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
  <hr>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6.tar.gz>
+ <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7.tar.gz>
  You can also fetch a tar.gz file containing all the following patches</a>.
  This file is updated once a day.
-Line 36
+Line 37
 Line 36
 Line 37
  <a name=all></a>
  <li><h3><font color=#e00000>All architectures</font></h3>
  <ul>
- <a name=rzsz></a>
+ <li>No problems identified yet.
- <li><font color=#009000><strong>021: RZSZ SNOOPING: Jan 31, 2000</strong></font><br>
- The rzsz port was removed from the ports collection, as it collects and
- sends user information to a designated email address, effectively spying on
- you.  <em>It is recommended that you remove this package if you installed
- it</em>.
- <p>
- <a name=syslog></a>
- <li><font color=#009000><strong>020: LIBRARY IMPROVEMENT: Jan 26, 2000</strong></font><br>
- syslog(3) would not try to reopen the socket, thus, nightly newsyslog(8)
- would cause syslogd(8) to not see new messages.
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/020_syslog.patch>
- A source code patch exists, which remedies this problem.</a>
- <p>
- <a name=nsphy></a>
- <li><font color=#009000><strong>019: DRIVER IMPROVEMENT: Jan 20, 2000</strong></font><br>
- Intel fxp cards with National Semiconductor PHYs (nsphy) have trouble
- negotiating and maintaining 100Mb link integrity.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/019_nsphy.patch>
- A source code patch exists, which remedies this problem.</a>
- <p>
- <a name=procfs></a>
- <li><font color=#009000><strong>018: SECURITY FIX: Jan 20, 2000</strong></font><br>
- Systems running with procfs enabled and mounted are vulnerable
- to having the stderr output of setuid processes directed onto
- a pre-seeked descriptor onto the stack in their own procfs memory.<br>
- Note that procfs is not mounted by default in OpenBSD.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/018_procfs.patch>
- A source code patch exists, which remedies this problem.</a>
- <p>
- <a name=aty2k></a>
- <li><font color=#009000><strong>015: Y2K FIX: Jan 9, 2000</strong></font><br>
- The at(1) command was unable to parse some kinds of dates.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/015_aty2k.patch>
- A source code patch exists, which remedies this problem.</a>
- <p>
- <a name=addusery2k></a>
- <li><font color=#009000><strong>013: Y2K FIX: Jan 3, 2000</strong></font><br>
- A minor problem in the logging support for the adduser(8) command.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/013_addusery2k.patch>
- A source code patch exists, which remedies this problem.</a>
- <p>
- <a name=3c900b></a>
- <li><font color=#009000><strong>012: DRIVER IMPROVEMENT: Jan 3, 2000</strong></font><br>
- The 3C900B-TPO fails to select the correct media type (it never sees or
- sends packets).<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/012_3c900b.patch>
- A source code patch exists, which remedies this problem.</a>
- <p>
- <a name=poll></a>
- <li><font color=#009000><strong>011: SECURITY FIX: Dec 4, 1999</strong></font><br>
- Various bugs in poll(2) may cause a kernel crash.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/011_poll.patch>
- A source code patch exists, which remedies this problem.</a>
- <p>
- <a name=sendmail></a>
- <li><font color=#009000><strong>010: SECURITY FIX: Dec 4, 1999</strong></font><br>
- Sendmail had a race in aliases file handling, which this patch fixes.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/010_sendmail.patch>
- A source code patch exists, which remedies this problem.</a>
- <p>
- <a name=atapijumbo></a>
- <li><font color=#009000><strong>009: DRIVER IMPROVEMENTS: Dec 4, 1999</strong></font><br>
- Various improvements have been made to the IDE/ATAPI subsystem since
- the 2.6 release shipped.<br>
- Some of these improvements make some recalcitrant devices work much better.
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/009_atapi.patch><br>
- Revision 1 of this jumbo source code patch exists.</a><br>
- <p>
- <a name=sslUSA></a>
- <li><font color=#009000><strong>016: SECURITY FIX: Dec 2, 1999</strong></font><br>
- A buffer overflow in the RSAREF code included in the
- USA version of the libssl package (called <strong>sslUSA</strong>, is
- possibly exploitable in isakmpd if SSL/RSA features
- are enabled or used.<br>
- <a href=http://www.openssh.com>OpenSSH</a> and httpd (with -DSSL) are not
- vulnerable.<br>
- <strong>NOTE: International users using the ssl26 package are not affected.</strong>
- <p>
- To check what package you are using, use
- <pre>
- <b>#</b> pkg_info sslUSA26
- </pre>
- The patched library says:<br>
- "ssl26.1 USA-only non-commercial crypto libs incl. SSL &amp; RSA"
- <p>
- Non-commercial USA users who installed the ssl package before December 3
- should upgrade their <strong>sslUSA26</strong> package using:<br>
- <pre>
- <b>#</b> pkg_delete sslUSA26
- <b>#</b> pkg_add -v sslUSA26.tar.gz
- </pre>
- Using the new <strong>sslUSA26.tar.gz</strong> files which have been placed
- on the FTP mirrors.<br>
- <a href=advisories/sslUSA>For more information, see the advisory</a>.<br>
- <strong>NOTE: this problem turned out to not be unexploitable in OpenSSH.</strong>
- <p>
- <a name=fortran></a>
- <li><font color=#009000><strong>017: FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font><br>
- Fortran doesn't work right.  The file /usr/include/g2c.h is missing in the
- release.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/008_fortran.patch>
- A source code patch exists which remedies this problem.</a><br>
- The patch fixes the source tree and describes how to properly add
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/g2c.h>
- the include file</a> to your system.
- <p>
- <a name=sshjumbo></a>
- <li><font color=#009000><strong>005: FUNCTIONALITY ADDITION: Nov 11, 1999</strong></font><br>
- Various OpenSSH improvements have been made since the 2.6 release shipped.<br>
- To resolve the various (non-security related) features which users may want,
- we are making a jumbo patch available.  <strong>This is now at VERSION FOUR.</strong><br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/005_sshjumbo.patch>
- Revision 4 of this jumbo source code patch exists.</a><br>
- <strong>NOTE: /etc/sshd_config and /etc/ssh_config may need changes.</strong>
- <p>
- <a name=m4></a>
- <li><font color=#009000><strong>003: FUNCTIONALITY FIX: Nov 10, 1999</strong></font><br>
- m4 is quite broken in the 2.6 release.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/003_m4.patch>
- The 3rd version of the source code patch exists, which remedies this problem.</a>
- <p>
- <a name=ifmedia></a>
- <li><font color=#009000><strong>002: SECURITY FIX: Nov 9, 1999</strong></font><br>
- Any user can change interface media configurations.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/002_ifmedia.patch>
- A source code patch exists which remedies this problem.</a>
- <p>
- <a name=newsyslog></a>
- <li><font color=#009000><strong>001: RELIABILITY FIX: Nov 8, 1999</strong></font><br>
- A race condition in newsyslog(8) can cause errors in log file rotation.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/common/001_newsyslog.patch>
- A source code patch exists which remedies this problem.</a>
- <p>
  </ul>
  <p>
  <a name=i386></a>
-Line 181
+Line 49
 Line 181
 Line 49
  <a name=mac68k></a>
  <li><h3><font color=#e00000>mac68k</font></h3>
  <ul>
- <a name=m68k_locore></a>
+ <li>No problems identified yet.
- <a name=mac68k_locore></a>
- <li><font color=#009000><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- All m68k kernels can possibly be crashed by a user.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch>
- A source code patch exists which remedies this problem.</a>
- <p>
  </ul>
  <p>
  <a name=sparc></a>
  <li><h3><font color=#e00000>sparc</font></h3>
  <ul>
- <a name=eepromy2k></a>
+ <li>No problems identified yet.
- <li><font color=#009000><strong>014: Y2K FIX: Jan 3, 2000</strong></font><br>
- A minor problem; the sparc eeprom(8) command is not Y2K compliant.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/014_eepromy2k.patch>
- Revision 2 of the source code patch exists, which remedies this problem.</a>
- <p>
- <a name=sparc_locore></a>
- <li><font color=#009000><strong>004: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- The sparc kernel can be crashed by a user.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/sparc/004_locore.patch>
- A source code patch exists which remedies this problem.</a>
- <p>
  </ul>
  <p>
  <a name=amiga></a>
  <li><h3><font color=#e00000>amiga</font></h3>
  <ul>
- <a name=amiga_locore></a>
+ <li>No problems identified yet.
- <li><font color=#009000><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- All m68k kernels can possibly be crashed by a user.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch>
- A source code patch exists which remedies this problem.</a>
- <p>
  </ul>
  <p>
  <a name=pmax></a>
-Line 233
+Line 79
 Line 233
 Line 79
  <a name=alpha></a>
  <li><h3><font color=#e00000>alpha</font></h3>
  <ul>
- <a name=alpha_locore></a>
+ <li>No problems identified yet.
- <li><font color=#009000><strong>006: RELIABILITY FIX: Nov 13, 1999</strong></font><br>
- The alpha kernel can possibly be crashed by a user.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/alpha/006_locore.patch>
- A source code patch exists which remedies this problem.</a>
- <p>
  </ul>
  <p>
  <a name=hp300></a>
  <li><h3><font color=#e00000>hp300</font></h3>
  <ul>
- <a name=hp300_locore></a>
+ <li>No problems identified yet.
- <li><font color=#009000><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- All m68k kernels can possibly be crashed by a user.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch>
- A source code patch exists which remedies this problem.</a>
- <p>
  </ul>
  <p>
  <a name=mvme68k></a>
  <li><h3><font color=#e00000>mvme68k</font></h3>
  <ul>
- <a name=mvme68k_locore></a>
+ <li>No problems identified yet.
- <li><font color=#009000><strong>007: RELIABILITY FIX: Nov 12, 1999</strong></font><br>
- All m68k kernels can possibly be crashed by a user.<br>
- <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.6/m68k/007_locore.patch>
- A source code patch exists which remedies this problem.</a>
- <p>
  </ul>
  <p>
  <a name=powerpc></a>
-Line 278
+Line 109
 Line 278
 Line 109
  <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
  <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
  <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
+ <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
  <hr>
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>