Annotation of www/errata.html, Revision 1.305
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.281 deraadt 4: <title>OpenBSD 2.8 errata</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.107 deraadt 10: <meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.127 pauls 15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
1.68 deraadt 16: <h2><font color=#0000e0>
1.281 deraadt 17: This is the OpenBSD 2.8 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.94 deraadt 23: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
24: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
1.144 deraadt 25: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
1.176 deraadt 26: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.198 deraadt 27: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
1.232 deraadt 28: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
1.281 deraadt 29: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
1.94 deraadt 30: <hr>
31:
1.281 deraadt 32: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8.tar.gz>
1.142 deraadt 33: You can also fetch a tar.gz file containing all the following patches</a>.
34: This file is updated once a day.
35:
1.240 jason 36: <p> The patches below are available in CVS via the
1.281 deraadt 37: <code>OPENBSD_2_8</code> <a href="stable.html">patch branch</a>.
1.278 ericj 38:
39: <p>
40: For more detailed information on install patches to OpenBSD, please
41: consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.
1.142 deraadt 42: <hr>
43:
1.197 deraadt 44: <dl>
1.43 deraadt 45: <a name=all></a>
1.67 deraadt 46: <li><h3><font color=#e00000>All architectures</font></h3>
1.25 deraadt 47: <ul>
1.305 ! jason 48: <a name=named></a>
! 49: <li><font color=#009000><strong>018: SECURITY FIX: Jan 29, 2001</strong></font><br>
! 50: Merge <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named</a> with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities.<br>
! 51: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/018_named.patch">A source code patch exists which remedies the problem.</a><br>
! 52: <p>
1.303 jason 53: <a name=rnd></a>
1.302 jason 54: <li><font color=#009000><strong>017: SECURITY FIX: Jan 22, 2001</strong></font><br>
1.304 jason 55: The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=4">rnd(4)</a> device does not use all of its input when data is written to it.<br>
1.302 jason 56: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/017_rnd.patch">A source code patch exists which remedies the problem.</a><br>
57: <p>
1.300 jason 58: <a name=tl></a>
1.301 jason 59: <li><font color=#009000><strong>016: RELIABILITY FIX: Jan 4, 2001</strong></font><br>
1.300 jason 60: Allow ThunderLAN cards to share interrupts nicely.<br>
61: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">A source code patch exists which remedies the problem.</a>
62: <p>
1.299 ericj 63: <a name=xlock></a>
64: <li><font color=#009000><strong>014: SECURITY FIX: Dec 22, 2000</strong></font><br>
65: Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br>
66: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/014_xlock.patch">A source code patch exists which remedies the problem.</a>
67: <p>
68: In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at <i>/usr/X11R6/bin/xlock</i>
69: and <i>chmod 4755 /usr/X11R6/bin/xlock</i>.
70: <p>
71: <ul>
72: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/xlock">Xlock - i386</a>
73: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/xlock">Xlock - sparc</a>
74: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mac68k/xlock">Xlock - mac68k</a>
75: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/xlock">Xlock - powerpc</a>
76: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/amiga/xlock">Xlock - amiga</a>
77: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/hp300/xlock">Xlock - hp300</a>
78: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>
79: </ul>
80: <p>
1.296 ericj 81: <a name=procfs></a>
82: <li><font color=#009000><strong>013: SECURITY FIX: Dec 18, 2000</strong></font><br>
1.298 ericj 83: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_procfs&sektion=8">Procfs</a> contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD. <br>
84: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">A source code patch exists which remedies the problem.</a>
85: <p>
1.292 deraadt 86: <a name=hwcrypto></a>
87: <li><font color=#009000><strong>011: RELIABILITY FIX: Dec 13, 2000</strong></font><br>
1.294 jufi 88: The crypto subsystem could incorrectly fail to run certain software ciphers,
1.292 deraadt 89: if a hardware card existed in the machine.<br>
90: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/011_hwcrypto.patch">
91: A source code patch exists which remedies the problem.</a>
1.293 deraadt 92: <p>
1.292 deraadt 93: <a name=fastroute></a>
94: <li><font color=#009000><strong>010: RELIABILITY FIX: Dec 11, 2000</strong></font><br>
95: A crash could occur during fast routing, if IPSEC was enabled.<br>
96: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/010_fastroute.patch">
97: A source code patch exists which remedies the problem.</a>
1.293 deraadt 98: <p>
1.290 deraadt 99: <a name=kerberos2></a>
1.291 deraadt 100: <li><font color=#009000><strong>009: SECURITY FIX: Dec 10, 2000</strong></font><br>
1.295 aaron 101: Another problem exists in the Kerberos libraries.<br>
1.290 deraadt 102: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/009_kerberos2.patch">
103: A source code patch exists which remedies the problem.</a>
104: <p>
1.286 deraadt 105: <a name=kerberos></a>
1.288 deraadt 106: <li><font color=#009000><strong>008: SECURITY FIX: Dec 7, 2000</strong></font><br>
1.286 deraadt 107: Two problems have recently been discovered in the KerberosIV code.<p>
108: 1. A symlink problem was discovered in the KerberosIV password checking
109: routines /usr/bin/su and /usr/bin/login, which makes it possible for a
110: local user to overwrite any file on the local machine.<p>
1.287 jufi 111: 2. It is possible to specify environment variables in telnet
1.286 deraadt 112: which will be passed over the to the remote host. This makes it
113: possible to set environment variables on the remote side, including
114: ones that have special meaning on the server. It is not clear at this
115: time what the impact is, but we recommend everyone to upgrade their
1.289 jufi 116: machines immediately.<p>
1.288 deraadt 117: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
1.286 deraadt 118: A source code patch exists which remedies the problem.</a>
119: <p>
1.285 deraadt 120: <a name=ftpd></a>
121: <li><font color=#009000><strong>005: SECURITY FIX: Dec 4, 2000</strong></font><br>
122: OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
123: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
1.296 ericj 124: A source code patch exists which remedies the problem.</a><br>
1.298 ericj 125: You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
1.285 deraadt 126: <p>
1.284 jason 127: <a name=rijndael> </a>
128: <li><font color=#009000><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
1.292 deraadt 129: First off, AES (rijndael) encryption and decryption were broken for IPSec
130: and swap encryption.<br>
131: Secondly, the AES code did not work properly on big endian machines.<br>
1.284 jason 132: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
1.292 deraadt 133: A second revision source code patch exists which remedies the problem.</a>
1.284 jason 134: <p>
1.282 deraadt 135: <li><font color=#009000><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font><br>
136: In ssh(1), skey support for SSH1 protocol was broken. Some people might consider
137: that kind of important.<br>
138: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch>
139: A source code patch exists which remedies this problem.</a>
1.25 deraadt 140: </ul>
1.177 deraadt 141: <p>
1.42 deraadt 142: <a name=i386></a>
1.67 deraadt 143: <li><h3><font color=#e00000>i386</font></h3>
1.25 deraadt 144: <ul>
1.299 ericj 145: <a name=pms></a>
146: <li><font color=#009000><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br>
147: Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
148: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">A source code patch exists which remedies this problem.</a>
149: <p>
1.285 deraadt 150: <a name=pcibios></a>
151: <li><font color=#009000><strong>006: STABILITY FIX: Dec 4, 2000</strong></font><br>
152: On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
153: kernel hang while probing PCI devices. If you have this symptom, you can disable
154: PCIBIOS as a workaround. To do this,
155: <ul>
156: <li>Enter the User Kernel Configuration by booting with the
157: option "boot -c".
158: <li>Once at the <i>UKC></i> prompt, enter <pre><tt>
159: UKC> disable pcibios
160: UKC> quit
161: </tt></pre>
162: <li>See <a href="./faq/faq5.html#5.6">FAQ 5.6</a> after a successful
163: boot for instructions on how to re-write your kernel to disable PCIBIOS
164: permanently.
165: </ul>
166: <p>
1.39 deraadt 167: </ul>
1.155 deraadt 168: <p>
1.47 deraadt 169: <a name=mac68k></a>
1.67 deraadt 170: <li><h3><font color=#e00000>mac68k</font></h3>
1.39 deraadt 171: <ul>
1.285 deraadt 172: <a name=x_mac68k></a>
173: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
174: The X packages
175: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xshare28.tgz">share28.tgz</a>
176: and
177: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xfont28.tgz">font28.tgz</a>
178: were not on the CD, and only available via FTP install. These packages can be
179: added post-install by using the following command:
180: <tt><pre>
181: # cd /; tar xvfpz xshare28.tgz
182: # cd /; tar xvfpz xfont28.tgz
183: </pre></tt>
1.25 deraadt 184: </ul>
1.155 deraadt 185: <p>
1.65 deraadt 186: <a name=sparc></a>
1.67 deraadt 187: <li><h3><font color=#e00000>sparc</font></h3>
1.25 deraadt 188: <ul>
1.285 deraadt 189: <a name=x_sparc></a>
190: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
191: The X packages
192: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xshare28.tgz">share28.tgz</a>
193: and
194: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xfont28.tgz">font28.tgz</a>
195: were not on the CD, and only available via FTP install. These packages can be
196: added post-install by using the following command:
197: <tt><pre>
198: # cd /; tar xvfpz xshare28.tgz
199: # cd /; tar xvfpz xfont28.tgz
200: </pre></tt>
201: <p>
202: <a name=qe></a>
1.284 jason 203: <li><font color=#009000><strong>003: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
204: Configuring a qec+qe causes a NMI panic.<br>
205: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch>
206: A source code patch exists which remedies this problem.</a>
207: <p>
1.282 deraadt 208: <a name=zsconsole> </a>
209: <li><font color=#009000><strong>001: RELIABILITY FIX: Nov 10, 2000</strong></font><br>
210: When running a sparc with a serial console, certain types of interrupts would
211: cause great grief.<br>
212: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch>
213: A source code patch exists which remedies this problem.</a>
1.39 deraadt 214: </ul>
1.177 deraadt 215: <p>
1.93 deraadt 216: <a name=amiga></a>
1.67 deraadt 217: <li><h3><font color=#e00000>amiga</font></h3>
1.93 deraadt 218: <ul>
1.285 deraadt 219: <a name=x_amiga></a>
220: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
221: The X packages
222: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xshare28.tgz">share28.tgz</a>
223: and
224: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xfont28.tgz">font28.tgz</a>
225: were not on the CD, and only available via FTP install. These packages can be
226: added post-install by using the following command:
227: <tt><pre>
228: # cd /; tar xvfpz xshare28.tgz
229: # cd /; tar xvfpz xfont28.tgz
230: </pre></tt>
1.25 deraadt 231: </ul>
1.155 deraadt 232: <p>
1.65 deraadt 233: <a name=pmax></a>
1.67 deraadt 234: <li><h3><font color=#e00000>pmax</font></h3>
1.25 deraadt 235: <ul>
1.281 deraadt 236: <li>No problems identified yet.
1.25 deraadt 237: </ul>
1.155 deraadt 238: <p>
1.281 deraadt 239: <a name=hp300></a>
240: <li><h3><font color=#e00000>hp300</font></h3>
1.59 deraadt 241: <ul>
1.285 deraadt 242: <a name=x_hp300></a>
243: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
244: The X packages
245: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xshare28.tgz">share28.tgz</a>
246: and
247: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xfont28.tgz">font28.tgz</a>
248: were not on the CD, and only available via FTP install. These packages can be
249: added post-install by using the following command:
250: <tt><pre>
251: # cd /; tar xvfpz xshare28.tgz
252: # cd /; tar xvfpz xfont28.tgz
253: </pre></tt>
1.59 deraadt 254: </ul>
1.155 deraadt 255: <p>
1.281 deraadt 256: <a name=mvme68k></a>
257: <li><h3><font color=#e00000>mvme68k</font></h3>
1.56 deraadt 258: <ul>
1.285 deraadt 259: <a name=x_mvme68k></a>
260: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
261: The X packages
262: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xshare28.tgz">share28.tgz</a>
263: and
264: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xfont28.tgz">font28.tgz</a>
265: were not on the CD, and only available via FTP install. These packages can be
266: added post-install by using the following command:
267: <tt><pre>
268: # cd /; tar xvfpz xshare28.tgz
269: # cd /; tar xvfpz xfont28.tgz
270: </pre></tt>
1.56 deraadt 271: </ul>
1.155 deraadt 272: <p>
1.281 deraadt 273: <a name=powerpc></a>
274: <li><h3><font color=#e00000>powerpc</font></h3>
1.110 millert 275: <ul>
1.293 deraadt 276: <a name=imacdv></a>
277: <li><font color=#009000><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br>
278: The IMac DV+ (and probably some other machines) incorrectly identify their video
279: hardware, but it is possible to work around the problem.<br>
280: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/012_imacdv.patch">
281: A source code patch exists which remedies the problem.</a>
1.56 deraadt 282: </ul>
1.155 deraadt 283: <p>
1.281 deraadt 284: <a name=vax></a>
285: <li><h3><font color=#e00000>vax</font></h3>
1.25 deraadt 286: <ul>
1.232 deraadt 287: <li>No problems identified yet.
1.25 deraadt 288: </ul>
1.155 deraadt 289: <p>
1.281 deraadt 290: <a name=sun3></a>
291: <li><h3><font color=#e00000>sun3</font></h3>
1.95 deraadt 292: <ul>
1.285 deraadt 293: <a name=x_sun3></a>
294: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
295: The X packages
296: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
297: and
298: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
299: were not on the CD, and only available via FTP install. These packages can be
300: added post-install by using the following command:
301: <tt><pre>
302: # cd /; tar xvfpz xshare28.tgz
303: # cd /; tar xvfpz xfont28.tgz
304: </pre></tt>
1.144 deraadt 305: </ul>
306:
1.197 deraadt 307: </dl>
1.25 deraadt 308: <br>
1.75 deraadt 309:
1.25 deraadt 310: <hr>
1.240 jason 311: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.93 deraadt 312: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
313: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
1.144 deraadt 314: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
1.176 deraadt 315: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.198 deraadt 316: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
1.232 deraadt 317: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
1.281 deraadt 318: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
1.2 deraadt 319: <hr>
1.176 deraadt 320:
1.186 deraadt 321: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.2 deraadt 322: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.305 ! jason 323: <br><small>$OpenBSD: errata.html,v 1.304 2001/01/25 15:24:01 jason Exp $</small>
1.2 deraadt 324:
325: </body>
326: </html>