OpenBSD 2.4 Errata

=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata24.html,v retrieving revision 1.82 retrieving revision 1.83 diff -c -r1.82 -r1.83 *** www/errata24.html 2019/04/02 12:46:56 1.82 --- www/errata24.html 2019/05/27 22:55:19 1.83 *************** *** 1,25 **** ! ! ! OpenBSD 2.4 Errata - - - !

! OpenBSD ! 2.4 Errata

--- 1,23 ---- ! ! ! ! OpenBSD 2.4 Errata !

! OpenBSD ! 2.4 Errata

*************** *** 87,93 ****

! RELIABILITY FIX All architectures
A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. --- 85,91 ----
- ! RELIABILITY FIX All architectures
  A local user can crash the system by reading a file larger than 64meg from an ext2fs partition. *************** *** 95,115 **** A source code patch exists which remedies this problem.
- ! RELIABILITY FIX All architectures
  A local user can crash the system because of a bug in the vfs layer. A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A machine crash is possible when playing with poll(2). A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A machine crash is possible when playing with link(2) on FFS. --- 93,113 ---- A source code patch exists which remedies this problem.
- ! RELIABILITY FIX All architectures
  A local user can crash the system because of a bug in the vfs layer. A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A machine crash is possible when playing with poll(2). A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A machine crash is possible when playing with link(2) on FFS. *************** *** 117,130 **** This is version four of the patch.
- ! SECURITY FIX All architectures
  A buffer overflow existed in ping(8), which may have a security issue. A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A race condition in IP ipq handling could permit a remote crash. --- 115,128 ---- This is version four of the patch.
- ! SECURITY FIX All architectures
  A buffer overflow existed in ping(8), which may have a security issue. A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A race condition in IP ipq handling could permit a remote crash. *************** *** 133,139 **** and the tcp decoding patch.
- ! SECURITY FIX All architectures
  A race condition existed between accept(2) and select(2) which could permit an attacker to hang sockets from remote. --- 131,137 ---- and the tcp decoding patch.
- ! SECURITY FIX All architectures
  A race condition existed between accept(2) and select(2) which could permit an attacker to hang sockets from remote. *************** *** 141,169 **** A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  IP fragment assembly can bog the machine excessively and cause problems. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX All architectures
  The readv(2) and writev(2) system calls would not accept a struct iovec ! with an iov_len of 0. This causes a db test in perl to fail. A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  TCP/IP RST handling was too sloppy. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX All architectures
  During bootup, kvm_mkdb may exit with the error "kvm_mkdb: cannot allocate memory". --- 139,167 ---- A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  IP fragment assembly can bog the machine excessively and cause problems. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX All architectures
  The readv(2) and writev(2) system calls would not accept a struct iovec ! with an iov_len of 0. This causes a db test in perl to fail. A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  TCP/IP RST handling was too sloppy. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX All architectures
  During bootup, kvm_mkdb may exit with the error "kvm_mkdb: cannot allocate memory". *************** *** 171,177 **** A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX All architectures
  A problem with writing to NFS version 3 mounted filesystems from Solaris 7 hosts exists. Attempts to create files will result in an error such as --- 169,175 ---- A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX All architectures
  A problem with writing to NFS version 3 mounted filesystems from Solaris 7 hosts exists. Attempts to create files will result in an error such as *************** *** 180,186 **** A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX All architectures
  A problem with NFS version 3 mounts on big endian machines (m68k, sparc and powerpc) exists when mounting filesystems larger than 2gig. You --- 178,184 ---- A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX All architectures
  A problem with NFS version 3 mounts on big endian machines (m68k, sparc and powerpc) exists when mounting filesystems larger than 2gig. You *************** *** 190,196 **** A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A security problem exists in the curses and ocurses libraries that affect setuid programs linked with -lcurses or -locurses. --- 188,194 ---- A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A security problem exists in the curses and ocurses libraries that affect setuid programs linked with -lcurses or -locurses. *************** *** 202,216 **** platform. Unpack it in /usr/lib.
- ! FUNCTIONALITY FIX All architectures
  ! A workaround for an xterm problem that causes vi to not restore the correct cursor position on exit. A source code patch exists which remedies this problem.
  Alternately, you can also download a pre-compiled terminfo file to be ! installed as /usr/share/misc/terminfo.db. For i386, alpha and mips, use the little endian version. For sparc, m68k and powerpc, use the --- 200,214 ---- platform. Unpack it in /usr/lib.
- ! FUNCTIONALITY FIX All architectures
  ! A workaround for an xterm problem that causes vi to not restore the correct cursor position on exit. A source code patch exists which remedies this problem.
  Alternately, you can also download a pre-compiled terminfo file to be ! installed as /usr/share/misc/terminfo.db. For i386, alpha and mips, use the little endian version. For sparc, m68k and powerpc, use the *************** *** 218,231 **** big endian version.
- ! FUNCTIONALITY FIX All architectures
  ! userdir support was accidentally left out of httpd(8). A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A remotely exploitable problem exists in bootpd(8). bootpd is disabled by default, but some people may actually be using it. --- 216,229 ---- big endian version.
- ! FUNCTIONALITY FIX All architectures
  ! userdir support was accidentally left out of httpd(8). A source code patch exists which remedies this problem.
- ! SECURITY FIX All architectures
  A remotely exploitable problem exists in bootpd(8). bootpd is disabled by default, but some people may actually be using it. *************** *** 234,257 **** This is the second version of the patch.
- ! SECURITY FIX All architectures
  A remote machine lockup problem exists in the TCP decoding code. A source code patch exists which remedies this problem.
- ! SECURITY FIX
  This is another fix for a kernel crash caused by the ! crashme program. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX
  The kernel was using a fixed and hard-coded location for the arguments ! vector passed from the /boot loader. This prevented ! /boot from placing the boot arguments vector at any other location, causing a kernel crash early in the autoconfiguration stage. In 2.5, the bootblocks will be modified to use a new location. Hence, if you wish old kernels to boot on a new bootblock, those --- 232,255 ---- This is the second version of the patch.
- ! SECURITY FIX All architectures
  A remote machine lockup problem exists in the TCP decoding code. A source code patch exists which remedies this problem.
- ! SECURITY FIX
  This is another fix for a kernel crash caused by the ! crashme program. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX
  The kernel was using a fixed and hard-coded location for the arguments ! vector passed from the /boot loader. This prevented ! /boot from placing the boot arguments vector at any other location, causing a kernel crash early in the autoconfiguration stage. In 2.5, the bootblocks will be modified to use a new location. Hence, if you wish old kernels to boot on a new bootblock, those *************** *** 260,273 **** A source code patch exists which remedies this problem.
- ! SECURITY FIX
  i386 trace-trap handling when DDB was configured could cause a system crash. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX
  i386 installboot had a sign extension bug which prevented proper bootblock initialization when the root filesystem was placed beyond 4GB. --- 258,271 ---- A source code patch exists which remedies this problem.
- ! SECURITY FIX
  i386 trace-trap handling when DDB was configured could cause a system crash. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX
  i386 installboot had a sign extension bug which prevented proper bootblock initialization when the root filesystem was placed beyond 4GB. *************** *** 276,282 **** that your root filesystem is below 4GB, for now.
- ! DRIVER FIX
  The sparc hme(4) and be(4) drivers work poorly on some types of SS-20 machines. This is because those machines lie, saying they support 64-bit DMA bursting. No sun4m machines support that. --- 274,280 ---- that your root filesystem is below 4GB, for now.
- ! DRIVER FIX
  The sparc hme(4) and be(4) drivers work poorly on some types of SS-20 machines. This is because those machines lie, saying they support 64-bit DMA bursting. No sun4m machines support that. *************** *** 284,297 **** A source code patch exists which remedies this problem.
- ! DRIVER FIX
  The sparc le(4) driver does media changes incorrectly on one type of sbus le(4) card. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX
  The Xhp as shipped does not have the execute permissions set. The fix is 'chmod 755 /usr/X11R6/bin/Xhp' if you have installed X.
  --- 282,295 ---- A source code patch exists which remedies this problem.
- ! DRIVER FIX
  The sparc le(4) driver does media changes incorrectly on one type of sbus le(4) card. A source code patch exists which remedies this problem.
- ! FUNCTIONALITY FIX
  The Xhp as shipped does not have the execute permissions set. The fix is 'chmod 755 /usr/X11R6/bin/Xhp' if you have installed X.
  *************** *** 299,304 ****
- - - --- 297,299 ----