Annotation of www/errata.html, Revision 1.308
1.1 deraadt 1: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
2: <html>
3: <head>
1.281 deraadt 4: <title>OpenBSD 2.8 errata</title>
1.1 deraadt 5: <link rev=made href=mailto:www@openbsd.org>
6: <meta name="resource-type" content="document">
7: <meta name="description" content="the OpenBSD CD errata page">
8: <meta name="keywords" content="openbsd,cd,errata">
9: <meta name="distribution" content="global">
1.107 deraadt 10: <meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
1.1 deraadt 11: </head>
12:
13: <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
14:
1.127 pauls 15: <img alt="[OpenBSD]" height=30 width=141 SRC="images/smalltitle.gif">
1.68 deraadt 16: <h2><font color=#0000e0>
1.281 deraadt 17: This is the OpenBSD 2.8 release errata & patch list:
1.94 deraadt 18:
1.96 deraadt 19: </font></h2>
20:
1.94 deraadt 21: <hr>
1.240 jason 22: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.94 deraadt 23: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
24: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
1.144 deraadt 25: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
1.176 deraadt 26: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.198 deraadt 27: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
1.232 deraadt 28: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
1.281 deraadt 29: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
1.94 deraadt 30: <hr>
31:
1.281 deraadt 32: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8.tar.gz>
1.142 deraadt 33: You can also fetch a tar.gz file containing all the following patches</a>.
34: This file is updated once a day.
35:
1.240 jason 36: <p> The patches below are available in CVS via the
1.281 deraadt 37: <code>OPENBSD_2_8</code> <a href="stable.html">patch branch</a>.
1.278 ericj 38:
39: <p>
40: For more detailed information on install patches to OpenBSD, please
41: consult the <a href="./faq/faq10.html#10.14">OpenBSD FAQ</a>.
1.142 deraadt 42: <hr>
43:
1.197 deraadt 44: <dl>
1.43 deraadt 45: <a name=all></a>
1.67 deraadt 46: <li><h3><font color=#e00000>All architectures</font></h3>
1.25 deraadt 47: <ul>
1.308 ! jason 48: <a name=lepci></a>
! 49: <li><font color=#009000><strong>019: IMPLEMENTATION FIX: Jan 31, 2001</strong></font><br>
! 50: Fix memory allocation in the PCI LANCE driver, <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=le&sektion=4&arch=i386">le</a>. A side effect of this is that OpenBSD under VMWare now works again.<br>
! 51: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/019_lepci.patch">A source code patch exists which remedies the problem.</a><br>
! 52: <p>
1.305 jason 53: <a name=named></a>
54: <li><font color=#009000><strong>018: SECURITY FIX: Jan 29, 2001</strong></font><br>
1.306 deraadt 55: Merge <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8">named</a>
56: with ISC BIND 4.9.8-REL, which fixes some buffer vulnerabilities (actually it appears
1.307 jason 57: that these were already impossible to exploit beforehands).<br>
1.305 jason 58: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/018_named.patch">A source code patch exists which remedies the problem.</a><br>
59: <p>
1.303 jason 60: <a name=rnd></a>
1.302 jason 61: <li><font color=#009000><strong>017: SECURITY FIX: Jan 22, 2001</strong></font><br>
1.304 jason 62: The <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=random&sektion=4">rnd(4)</a> device does not use all of its input when data is written to it.<br>
1.302 jason 63: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/017_rnd.patch">A source code patch exists which remedies the problem.</a><br>
64: <p>
1.300 jason 65: <a name=tl></a>
1.301 jason 66: <li><font color=#009000><strong>016: RELIABILITY FIX: Jan 4, 2001</strong></font><br>
1.300 jason 67: Allow ThunderLAN cards to share interrupts nicely.<br>
68: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/016_tl.patch">A source code patch exists which remedies the problem.</a>
69: <p>
1.299 ericj 70: <a name=xlock></a>
71: <li><font color=#009000><strong>014: SECURITY FIX: Dec 22, 2000</strong></font><br>
72: Improve xlock(1)'s authentication by authenticating via a pipe in an early forked process. No known vulnerability exists, this is just a precautionary patch.<br>
73: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/014_xlock.patch">A source code patch exists which remedies the problem.</a>
74: <p>
75: In addition to a source code patch, new xlock binaries have been created for each architecture listed below. Place these binaries at <i>/usr/X11R6/bin/xlock</i>
76: and <i>chmod 4755 /usr/X11R6/bin/xlock</i>.
77: <p>
78: <ul>
79: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/xlock">Xlock - i386</a>
80: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/xlock">Xlock - sparc</a>
81: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mac68k/xlock">Xlock - mac68k</a>
82: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/powerpc/xlock">Xlock - powerpc</a>
83: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/amiga/xlock">Xlock - amiga</a>
84: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/hp300/xlock">Xlock - hp300</a>
85: <li><a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/mvme68k/xlock">Xlock - mvme68k</a>
86: </ul>
87: <p>
1.296 ericj 88: <a name=procfs></a>
89: <li><font color=#009000><strong>013: SECURITY FIX: Dec 18, 2000</strong></font><br>
1.298 ericj 90: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_procfs&sektion=8">Procfs</a> contained numerous overflows, which could lead an intruder to root permissions. Procfs is NOT enabled by default in OpenBSD. <br>
91: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/013_procfs.patch">A source code patch exists which remedies the problem.</a>
92: <p>
1.292 deraadt 93: <a name=hwcrypto></a>
94: <li><font color=#009000><strong>011: RELIABILITY FIX: Dec 13, 2000</strong></font><br>
1.294 jufi 95: The crypto subsystem could incorrectly fail to run certain software ciphers,
1.292 deraadt 96: if a hardware card existed in the machine.<br>
97: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/011_hwcrypto.patch">
98: A source code patch exists which remedies the problem.</a>
1.293 deraadt 99: <p>
1.292 deraadt 100: <a name=fastroute></a>
101: <li><font color=#009000><strong>010: RELIABILITY FIX: Dec 11, 2000</strong></font><br>
102: A crash could occur during fast routing, if IPSEC was enabled.<br>
103: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/010_fastroute.patch">
104: A source code patch exists which remedies the problem.</a>
1.293 deraadt 105: <p>
1.290 deraadt 106: <a name=kerberos2></a>
1.291 deraadt 107: <li><font color=#009000><strong>009: SECURITY FIX: Dec 10, 2000</strong></font><br>
1.295 aaron 108: Another problem exists in the Kerberos libraries.<br>
1.290 deraadt 109: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/009_kerberos2.patch">
110: A source code patch exists which remedies the problem.</a>
111: <p>
1.286 deraadt 112: <a name=kerberos></a>
1.288 deraadt 113: <li><font color=#009000><strong>008: SECURITY FIX: Dec 7, 2000</strong></font><br>
1.286 deraadt 114: Two problems have recently been discovered in the KerberosIV code.<p>
115: 1. A symlink problem was discovered in the KerberosIV password checking
116: routines /usr/bin/su and /usr/bin/login, which makes it possible for a
117: local user to overwrite any file on the local machine.<p>
1.287 jufi 118: 2. It is possible to specify environment variables in telnet
1.286 deraadt 119: which will be passed over the to the remote host. This makes it
120: possible to set environment variables on the remote side, including
121: ones that have special meaning on the server. It is not clear at this
122: time what the impact is, but we recommend everyone to upgrade their
1.289 jufi 123: machines immediately.<p>
1.288 deraadt 124: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/008_kerberos.patch">
1.286 deraadt 125: A source code patch exists which remedies the problem.</a>
126: <p>
1.285 deraadt 127: <a name=ftpd></a>
128: <li><font color=#009000><strong>005: SECURITY FIX: Dec 4, 2000</strong></font><br>
129: OpenBSD 2.8's ftpd contains a one-byte overflow in the replydirname() function.<br>
130: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/005_ftpd.patch">
1.296 ericj 131: A source code patch exists which remedies the problem.</a><br>
1.298 ericj 132: You can view the <a href="advisories/ftpd_replydirname.txt">OpenBSD Advisory</a> here.
1.285 deraadt 133: <p>
1.284 jason 134: <a name=rijndael> </a>
135: <li><font color=#009000><strong>004: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
1.292 deraadt 136: First off, AES (rijndael) encryption and decryption were broken for IPSec
137: and swap encryption.<br>
138: Secondly, the AES code did not work properly on big endian machines.<br>
1.284 jason 139: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/004_rijndael.patch">
1.292 deraadt 140: A second revision source code patch exists which remedies the problem.</a>
1.284 jason 141: <p>
1.282 deraadt 142: <li><font color=#009000><strong>002: IMPLEMENTATION FIX: Nov 10, 2000</strong></font><br>
143: In ssh(1), skey support for SSH1 protocol was broken. Some people might consider
144: that kind of important.<br>
145: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/002_sshskey.patch>
146: A source code patch exists which remedies this problem.</a>
1.25 deraadt 147: </ul>
1.177 deraadt 148: <p>
1.42 deraadt 149: <a name=i386></a>
1.67 deraadt 150: <li><h3><font color=#e00000>i386</font></h3>
1.25 deraadt 151: <ul>
1.299 ericj 152: <a name=pms></a>
153: <li><font color=#009000><strong>015: STABILITY FIX: Dec 22, 2000</strong></font><br>
154: Some machines locked up while trying to use the mouse in console mode. This patch solves that problem.<br>
155: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/i386/015_pms.patch">A source code patch exists which remedies this problem.</a>
156: <p>
1.285 deraadt 157: <a name=pcibios></a>
158: <li><font color=#009000><strong>006: STABILITY FIX: Dec 4, 2000</strong></font><br>
159: On some machines, a PCIBIOS device driver interrupt allocation bug can cause a
160: kernel hang while probing PCI devices. If you have this symptom, you can disable
161: PCIBIOS as a workaround. To do this,
162: <ul>
163: <li>Enter the User Kernel Configuration by booting with the
164: option "boot -c".
165: <li>Once at the <i>UKC></i> prompt, enter <pre><tt>
166: UKC> disable pcibios
167: UKC> quit
168: </tt></pre>
169: <li>See <a href="./faq/faq5.html#5.6">FAQ 5.6</a> after a successful
170: boot for instructions on how to re-write your kernel to disable PCIBIOS
171: permanently.
172: </ul>
173: <p>
1.39 deraadt 174: </ul>
1.155 deraadt 175: <p>
1.47 deraadt 176: <a name=mac68k></a>
1.67 deraadt 177: <li><h3><font color=#e00000>mac68k</font></h3>
1.39 deraadt 178: <ul>
1.285 deraadt 179: <a name=x_mac68k></a>
180: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
181: The X packages
182: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xshare28.tgz">share28.tgz</a>
183: and
184: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mac68k/xfont28.tgz">font28.tgz</a>
185: were not on the CD, and only available via FTP install. These packages can be
186: added post-install by using the following command:
187: <tt><pre>
188: # cd /; tar xvfpz xshare28.tgz
189: # cd /; tar xvfpz xfont28.tgz
190: </pre></tt>
1.25 deraadt 191: </ul>
1.155 deraadt 192: <p>
1.65 deraadt 193: <a name=sparc></a>
1.67 deraadt 194: <li><h3><font color=#e00000>sparc</font></h3>
1.25 deraadt 195: <ul>
1.285 deraadt 196: <a name=x_sparc></a>
197: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
198: The X packages
199: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xshare28.tgz">share28.tgz</a>
200: and
201: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sparc/xfont28.tgz">font28.tgz</a>
202: were not on the CD, and only available via FTP install. These packages can be
203: added post-install by using the following command:
204: <tt><pre>
205: # cd /; tar xvfpz xshare28.tgz
206: # cd /; tar xvfpz xfont28.tgz
207: </pre></tt>
208: <p>
209: <a name=qe></a>
1.284 jason 210: <li><font color=#009000><strong>003: RELIABILITY FIX: Nov 17, 2000</strong></font><br>
211: Configuring a qec+qe causes a NMI panic.<br>
212: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/003_qe.patch>
213: A source code patch exists which remedies this problem.</a>
214: <p>
1.282 deraadt 215: <a name=zsconsole> </a>
216: <li><font color=#009000><strong>001: RELIABILITY FIX: Nov 10, 2000</strong></font><br>
217: When running a sparc with a serial console, certain types of interrupts would
218: cause great grief.<br>
219: <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/sparc/001_zsconsole.patch>
220: A source code patch exists which remedies this problem.</a>
1.39 deraadt 221: </ul>
1.177 deraadt 222: <p>
1.93 deraadt 223: <a name=amiga></a>
1.67 deraadt 224: <li><h3><font color=#e00000>amiga</font></h3>
1.93 deraadt 225: <ul>
1.285 deraadt 226: <a name=x_amiga></a>
227: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
228: The X packages
229: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xshare28.tgz">share28.tgz</a>
230: and
231: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/amiga/xfont28.tgz">font28.tgz</a>
232: were not on the CD, and only available via FTP install. These packages can be
233: added post-install by using the following command:
234: <tt><pre>
235: # cd /; tar xvfpz xshare28.tgz
236: # cd /; tar xvfpz xfont28.tgz
237: </pre></tt>
1.25 deraadt 238: </ul>
1.155 deraadt 239: <p>
1.65 deraadt 240: <a name=pmax></a>
1.67 deraadt 241: <li><h3><font color=#e00000>pmax</font></h3>
1.25 deraadt 242: <ul>
1.281 deraadt 243: <li>No problems identified yet.
1.25 deraadt 244: </ul>
1.155 deraadt 245: <p>
1.281 deraadt 246: <a name=hp300></a>
247: <li><h3><font color=#e00000>hp300</font></h3>
1.59 deraadt 248: <ul>
1.285 deraadt 249: <a name=x_hp300></a>
250: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
251: The X packages
252: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xshare28.tgz">share28.tgz</a>
253: and
254: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/hp300/xfont28.tgz">font28.tgz</a>
255: were not on the CD, and only available via FTP install. These packages can be
256: added post-install by using the following command:
257: <tt><pre>
258: # cd /; tar xvfpz xshare28.tgz
259: # cd /; tar xvfpz xfont28.tgz
260: </pre></tt>
1.59 deraadt 261: </ul>
1.155 deraadt 262: <p>
1.281 deraadt 263: <a name=mvme68k></a>
264: <li><h3><font color=#e00000>mvme68k</font></h3>
1.56 deraadt 265: <ul>
1.285 deraadt 266: <a name=x_mvme68k></a>
267: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
268: The X packages
269: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xshare28.tgz">share28.tgz</a>
270: and
271: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/mvme68k/xfont28.tgz">font28.tgz</a>
272: were not on the CD, and only available via FTP install. These packages can be
273: added post-install by using the following command:
274: <tt><pre>
275: # cd /; tar xvfpz xshare28.tgz
276: # cd /; tar xvfpz xfont28.tgz
277: </pre></tt>
1.56 deraadt 278: </ul>
1.155 deraadt 279: <p>
1.281 deraadt 280: <a name=powerpc></a>
281: <li><h3><font color=#e00000>powerpc</font></h3>
1.110 millert 282: <ul>
1.293 deraadt 283: <a name=imacdv></a>
284: <li><font color=#009000><strong>012: INSTALL PROBLEM: Dec 14, 2000</strong></font><br>
285: The IMac DV+ (and probably some other machines) incorrectly identify their video
286: hardware, but it is possible to work around the problem.<br>
287: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/012_imacdv.patch">
288: A source code patch exists which remedies the problem.</a>
1.56 deraadt 289: </ul>
1.155 deraadt 290: <p>
1.281 deraadt 291: <a name=vax></a>
292: <li><h3><font color=#e00000>vax</font></h3>
1.25 deraadt 293: <ul>
1.232 deraadt 294: <li>No problems identified yet.
1.25 deraadt 295: </ul>
1.155 deraadt 296: <p>
1.281 deraadt 297: <a name=sun3></a>
298: <li><h3><font color=#e00000>sun3</font></h3>
1.95 deraadt 299: <ul>
1.285 deraadt 300: <a name=x_sun3></a>
301: <li><font color=#009000><strong>007: INSTALL PROBLEM: Dec 4, 2000</strong></font><br>
302: The X packages
303: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xshare28.tgz">share28.tgz</a>
304: and
305: <a href="ftp://ftp.openbsd.org/pub/OpenBSD/2.8/sun3/xfont28.tgz">font28.tgz</a>
306: were not on the CD, and only available via FTP install. These packages can be
307: added post-install by using the following command:
308: <tt><pre>
309: # cd /; tar xvfpz xshare28.tgz
310: # cd /; tar xvfpz xfont28.tgz
311: </pre></tt>
1.144 deraadt 312: </ul>
313:
1.197 deraadt 314: </dl>
1.25 deraadt 315: <br>
1.75 deraadt 316:
1.25 deraadt 317: <hr>
1.240 jason 318: <a href=stable.html>For OpenBSD patch branch information, please refer here.</a><br>
1.93 deraadt 319: <a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
320: <a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
1.144 deraadt 321: <a href=errata23.html>For 2.3 errata, please refer here</a>.<br>
1.176 deraadt 322: <a href=errata24.html>For 2.4 errata, please refer here</a>.<br>
1.198 deraadt 323: <a href=errata25.html>For 2.5 errata, please refer here</a>.<br>
1.232 deraadt 324: <a href=errata26.html>For 2.6 errata, please refer here</a>.<br>
1.281 deraadt 325: <a href=errata27.html>For 2.7 errata, please refer here</a>.<br>
1.2 deraadt 326: <hr>
1.176 deraadt 327:
1.186 deraadt 328: <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
1.2 deraadt 329: <a href=mailto:www@openbsd.org>www@openbsd.org</a>
1.308 ! jason 330: <br><small>$OpenBSD: errata.html,v 1.307 2001/01/31 08:05:38 jason Exp $</small>
1.2 deraadt 331:
332: </body>
333: </html>