File: [local] / www / errata.html (download) (as text)
Revision 1.117, Tue May 19 07:06:26 1998 UTC (26 years ago) by deraadt
Branch: MAIN
Changes since 1.116: +3 -2 lines
rev 2 of kill() patch
|
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML Strict//EN">
<html>
<head>
<title>OpenBSD release errata</title>
<link rev=made href=mailto:www@openbsd.org>
<meta name="resource-type" content="document">
<meta name="description" content="the OpenBSD CD errata page">
<meta name="keywords" content="openbsd,cd,errata">
<meta name="distribution" content="global">
<meta name="copyright" content="This document copyright 1997-1998 by OpenBSD.">
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#23238E">
<img alt="[OpenBSD]" SRC="images/smalltitle.gif">
<h2><font color=#0000e0>
This is the OpenBSD 2.3 release errata & patch list:
</font></h2>
<hr>
<a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
<a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
<hr>
<ul>
<a name=all></a>
<li><h3><font color=#e00000>All architectures</font></h3>
<ul>
<a name=kill></a>
<li><font color=#009000><strong>SECURITY FIX</strong></font><br>
The kill(2) system call previously would permit a large set of signals to
be delivered to setuid or setgid processes. If such processes were using
those signals in dubious ways, this could have resulted in security
problems of various kinds.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/kill.patch>
The second revision of a source code patch which solves the problem is
available.</a>
<p>
<a name=immutable></a>
<li><font color=#009000><strong>SECURITY FIX</strong></font><br>
A possible new security problem exists if you rely on securelevels and
immutable or append-only files or character devices. The fix does not
permit mmap'ing of immutable or append-only files which are otherwise
writeable, as the VM system will bypass the meaning of the file flags
when writes happen to the file.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/immutable.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=ipsec></a>
<li><font color=#009000><strong>SECURITY FIX</strong></font><br>
If IPSEC communication is attempted by starting photurisd(8) (which is
disabled by default), a system crash may be evoked from remote if
an attacker uses some classes of invalid packets.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/ipsec.patch>
A source code patch exists which remedies this problem.</a>
<p>
<a name=xterm-xaw></a>
<li><font color=#009000><strong>SECURITY FIX</strong></font><br>
As stated in CERT advisory VB-98.04, there are buffer
overrun problems in <strong>xterm</strong> related to the input-Method,
preeditType, and *Keymap resources. Additional buffer overruns exist in
the <strong>Xaw</strong> library related to the inputMethod and
preeditType resources. The xterm(1) problem represents a security
vulnerability for any platform where xterm is installed setuid-root
(as is the case for all OpenBSD platforms). The Xaw problem represents
a security vulnerability for any setuid-root program that uses the Xaw
library (including xterm). Patch1 from XFree86 3.3.2 corrects
these problems.
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/xterm-xaw.patch>
We provide a version of this patch file specifically for the OpenBSD 2.3 tree</a>.
We also provide tar files which replace the xterm(1) binary and the libXaw
libraries on your system. These are expected to be extracted in
<strong>/usr/X11R6</strong> using the command
<strong>"tar xvfpz Xawfix.tgz"</strong>.
The files are...
<a href=href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/i386/Xawfix.tgz>i386</a>,
<a href=href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/alpha/Xawfix.tgz>alpha</a>,
<a href=href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mac68k/Xawfix.tgz>mac68k</a>,
<a href=href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/mvme68k/Xawfix.tgz>
mvme68k</a>,
<a href=href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/hp300/Xawfix.tgz>hp300</a>,
<a href=href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/Xawfix.tgz>sparc</a>,
<a href=href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/pmax/Xawfix.tgz>pmax</a>,
and
<a href=href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/arc/Xawfix.tgz>arc</a>.
<p>
</ul>
<a name=i386></a>
<li><h3><font color=#e00000>i386</font></h3>
<ul>
<li><font color=#009000><strong>CORRUPTED FILE</strong></font><br>
The CD version of the precompiled ghostscript package is corrupted and
not installable. The correct file can be retrieved by FTP from:
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz>
ftp://ftp.openbsd.org/pub/OpenBSD/2.3/packages/i386/ghostscript-5.10.tgz</a>.
Its checksums (obtained with <i>cksum(1)</i>, <i>md5(1)</i> and
<i>sha1(1)</i> respectively) are:
<ul>
<li>725752890 3639338 ghostscript-5.10.tgz
<li>MD5 (ghostscript-5.10.tgz) = 3144ca814ad1965d671be2b7be3d3050
<li>SHA1 (ghostscript-5.10.tgz) = bd9374fa547ac0078d5207463d3b0a19d80d213c
</ul>
<p>
</ul>
<a name=mac68k></a>
<li><h3><font color=#e00000>mac68k</font></h3>
<ul>
<li>No problems identified yet.
<p>
</ul>
<a name=sparc></a>
<li><h3><font color=#e00000>sparc</font></h3>
<ul>
<li><font color=#009000><strong>RELIABILITY FIX</strong></font><br>
The 2.3 release does not run reliably on the sun4m LX/LC machines
(ie. Sparc Classic).
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/iommureg.patch>
A source code patch exists which remedies this problem.</a>
Two kernels which replace the ones in the release are also provided:
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd>bsd</a> and
<a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/sparc/bsd.scsi3>bsd.scsi3</a>.
<p>
</ul>
<a name=amiga></a>
<li><h3><font color=#e00000>amiga</font></h3>
<ul>
<li>No problems identified yet.
<p>
</ul>
<a name=pmax></a>
<li><h3><font color=#e00000>pmax</font></h3>
<ul>
<li><font color=#009000><strong>RELEASE WARNING</strong></font><br>
The XFree86 binary set shipped on the CD and FTP site are not the
exact final set that we shipped for the other releases. A few minor
changes, mostly in <strong>xdm(1)</strong> configuration, were made
after those binaries were made. Patches for this might come out later.
<p>
<li><font color=#009000><strong>X11 RELEASE ERROR</strong></font><br>
The XFree86 binary set was linked with an older version of the X
library. To work around the problem, do the following as root.
<p>
<ul>
cd /usr/lib/
<br>
ln -s libc.so.18.0 libc.so.17
</ul>
<p>
<li><font color=#009000><strong>INSTALLATION PROCESS FLAW</strong></font><br>
The pmax install does not correctly install the boot block.
To work around the problem, after the install program has finished, do
the following (assuming scsi id 0):
<p>
<ul>
disklabel rz0 > /tmp/label
<br>
disklabel -R -B rz0 /tmp/label
</ul>
<p>
</ul>
<a name=arc></a>
<li><h3><font color=#e00000>arc</font></h3>
<ul>
<li><font color=#009000><strong>RELEASE WARNING</strong></font><br>
The XFree86 binary set shipped on the CD and FTP site are not the
exact final set that we shipped for the other releases. A few minor
changes, mostly in <strong>xdm(1)</strong> configuration, were made
after those binaries were made. Patches for this might come out later.
<p>
<li><font color=#009000><strong>X11 RELEASE ERROR</strong></font><br>
The XFree86 binary set was linked with an older version of the X
library. To work around the problem, do the following as root.
<p>
<ul>
cd /usr/lib/
<br>
ln -s libc.so.18.0 libc.so.17
</ul>
<p>
</ul>
<a name=alpha></a>
<li><h3><font color=#e00000>alpha</font></h3>
<ul>
<li><font color=#009000><strong>RELEASE WARNING</strong></font><br>
When you start the install an upgrade option is advertised but
there really is no such option.
<p>
</ul>
<a name=hp300></a>
<li><h3><font color=#e00000>hp300</font></h3>
<ul>
<li><font color=#009000><strong>RELEASE WARNING</strong></font><br>
When you start the install an upgrade option is advertised but
there really is no such option.
<p>
<li><font color=#009000><strong>RELEASE WARNING</strong></font><br>
Unlabelled disks with weird geometries can panic the kernel.
A fix will be made available when 2.3 is out.
<p>
</ul>
<a name=mvme68k></a>
<li><h3><font color=#e00000>mvme68k</font></h3>
<ul>
<li>No problems identified yet.
<p>
</ul>
<a name=powerpc></a>
<li><h3><font color=#e00000>powerpc</font></h3>
<ul>
<li><font color=#009000><strong>SECURITY FIX</strong></font><br>
The powerpc release shipped on the OpenBSD 2.3 CD does not contain
two late fixes applied late in the release cycle. The
<a href=errata22.html#rmjob>rmjob</a> and
<a href=errata22.html#uucpd>uucpd</a> patches should be applied to
the system if those subsystems are used.
<p>
</ul>
</ul>
<br>
<hr>
<a href=errata21.html>For 2.1 errata, please refer here</a>.<br>
<a href=errata22.html>For 2.2 errata, please refer here</a>.<br>
<hr>
<a href=orders.html><img src=back.gif border=0 alt=OpenBSD></a>
<a href=mailto:www@openbsd.org>www@openbsd.org</a>
<br><small>$OpenBSD: errata.html,v 1.117 1998/05/19 07:06:26 deraadt Exp $</small>
</body>
</html>
![[BACK]](/icons/back.gif){kind=icon}
Return to errata.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www