version 1.82, 2019/04/02 12:46:56 |
version 1.83, 2019/05/27 22:55:19 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
<html> |
<html lang=en id=errata> |
<head> |
<meta charset=utf-8> |
|
|
<title>OpenBSD 2.4 Errata</title> |
<title>OpenBSD 2.4 Errata</title> |
<meta name="description" content="the OpenBSD CD errata page"> |
<meta name="description" content="the OpenBSD CD errata page"> |
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
|
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="canonical" href="https://www.openbsd.org/errata24.html"> |
<link rel="canonical" href="https://www.openbsd.org/errata24.html"> |
</head> |
|
|
|
<!-- |
<!-- |
IMPORTANT REMINDER |
IMPORTANT REMINDER |
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
--> |
--> |
|
|
<body bgcolor="#ffffff" text="#000000" link="#23238E"> |
|
|
|
<h2> |
<h2 id=OpenBSD> |
<a href="index.html"> |
<a href="index.html"> |
<font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
<font color="#e00000">2.4 Errata</font> |
2.4 Errata |
</h2> |
</h2> |
<hr> |
<hr> |
|
|
|
|
|
|
<ul> |
<ul> |
<li id="bmap"> |
<li id="bmap"> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font> |
<strong>RELIABILITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A local user can crash the system by reading a file larger than 64meg |
A local user can crash the system by reading a file larger than 64meg |
from an ext2fs partition. |
from an ext2fs partition. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="lnpanic"> |
<li id="lnpanic"> |
<font color="#009000"><strong>RELIABILITY FIX</strong></font> |
<strong>RELIABILITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A local user can crash the system because of a bug in the vfs layer. |
A local user can crash the system because of a bug in the vfs layer. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/lnpanic.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/lnpanic.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="poll"> |
<li id="poll"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A machine crash is possible when playing with poll(2). |
A machine crash is possible when playing with poll(2). |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/poll.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/poll.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="nlink"> |
<li id="nlink"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A machine crash is possible when playing with link(2) on FFS. |
A machine crash is possible when playing with link(2) on FFS. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/nlink.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/nlink.patch"> |
|
|
This is version four of the patch. |
This is version four of the patch. |
<p> |
<p> |
<li id="ping"> |
<li id="ping"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A buffer overflow existed in ping(8), which may have a security issue. |
A buffer overflow existed in ping(8), which may have a security issue. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/ping.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/ping.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="ipqrace"> |
<li id="ipqrace"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A race condition in IP ipq handling could permit a remote crash. |
A race condition in IP ipq handling could permit a remote crash. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/ipqrace.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/ipqrace.patch"> |
|
|
and <a href="errata24.html#tcpfix">the tcp decoding patch</a>. |
and <a href="errata24.html#tcpfix">the tcp decoding patch</a>. |
<p> |
<p> |
<li id="accept"> |
<li id="accept"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A race condition existed between accept(2) and select(2) which could |
A race condition existed between accept(2) and select(2) which could |
permit an attacker to hang sockets from remote. |
permit an attacker to hang sockets from remote. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="maxqueue"> |
<li id="maxqueue"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
IP fragment assembly can bog the machine excessively and cause problems. |
IP fragment assembly can bog the machine excessively and cause problems. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/maxqueue.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/maxqueue.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="uio"> |
<li id="uio"> |
<font color="#009000"><strong>FUNCTIONALITY FIX</strong></font> |
<strong>FUNCTIONALITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The readv(2) and writev(2) system calls would not accept a <em>struct iovec</em> |
The readv(2) and writev(2) system calls would not accept a <em>struct iovec</em> |
with an <strong>iov_len</strong> of 0. This causes a db test in perl to fail. |
with an <b>iov_len</b> of 0. This causes a db test in perl to fail. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/uio.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/uio.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="rst"> |
<li id="rst"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
TCP/IP RST handling was too sloppy. |
TCP/IP RST handling was too sloppy. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/rst.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/rst.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="kvm_mkdb"> |
<li id="kvm_mkdb"> |
<font color="#009000"><strong>FUNCTIONALITY FIX</strong></font> |
<strong>FUNCTIONALITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
During bootup, kvm_mkdb may exit with the error "kvm_mkdb: cannot allocate |
During bootup, kvm_mkdb may exit with the error "kvm_mkdb: cannot allocate |
memory". |
memory". |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="nfs3_solaris7"> |
<li id="nfs3_solaris7"> |
<font color="#009000"><strong>FUNCTIONALITY FIX</strong></font> |
<strong>FUNCTIONALITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A problem with writing to NFS version 3 mounted filesystems from Solaris 7 |
A problem with writing to NFS version 3 mounted filesystems from Solaris 7 |
hosts exists. Attempts to create files will result in an error such as |
hosts exists. Attempts to create files will result in an error such as |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="nfs3"> |
<li id="nfs3"> |
<font color="#009000"><strong>FUNCTIONALITY FIX</strong></font> |
<strong>FUNCTIONALITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A problem with NFS version 3 mounts on big endian machines (m68k, sparc |
A problem with NFS version 3 mounts on big endian machines (m68k, sparc |
and powerpc) exists when mounting filesystems larger than 2gig. You |
and powerpc) exists when mounting filesystems larger than 2gig. You |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="termcap"> |
<li id="termcap"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A security problem exists in the curses and ocurses libraries that affect |
A security problem exists in the curses and ocurses libraries that affect |
setuid programs linked with -lcurses or -locurses. |
setuid programs linked with -lcurses or -locurses. |
|
|
platform. Unpack it in /usr/lib. |
platform. Unpack it in /usr/lib. |
<p> |
<p> |
<li id="terminfo"> |
<li id="terminfo"> |
<font color="#009000"><strong>FUNCTIONALITY FIX</strong></font> |
<strong>FUNCTIONALITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A workaround for an xterm problem that causes <strong>vi</strong> to not |
A workaround for an xterm problem that causes <b>vi</b> to not |
restore the correct cursor position on exit. |
restore the correct cursor position on exit. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/terminfo.src.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/terminfo.src.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<br> |
<br> |
Alternately, you can also download a pre-compiled terminfo file to be |
Alternately, you can also download a pre-compiled terminfo file to be |
installed as <strong>/usr/share/misc/terminfo.db</strong>. For i386, |
installed as <b>/usr/share/misc/terminfo.db</b>. For i386, |
alpha and mips, use the |
alpha and mips, use the |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/terminfo.db-LE.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/terminfo.db-LE.tar.gz"> |
little endian</a> version. For sparc, m68k and powerpc, use the |
little endian</a> version. For sparc, m68k and powerpc, use the |
|
|
big endian</a> version. |
big endian</a> version. |
<p> |
<p> |
<li id="userdir"> |
<li id="userdir"> |
<font color="#009000"><strong>FUNCTIONALITY FIX</strong></font> |
<strong>FUNCTIONALITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
<strong>userdir</strong> support was accidentally left out of httpd(8). |
<b>userdir</b> support was accidentally left out of httpd(8). |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/userdir.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/userdir.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="bootpd"> |
<li id="bootpd"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
A remotely exploitable problem exists in bootpd(8). bootpd is disabled |
by default, but some people may actually be using it. |
by default, but some people may actually be using it. |
|
|
This is the second version of the patch. |
This is the second version of the patch. |
<p> |
<p> |
<li id="tcpfix"> |
<li id="tcpfix"> |
<font color="#009000"><strong>SECURITY FIX</strong></font> |
<strong>SECURITY FIX</strong> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A remote machine lockup problem exists in the TCP decoding code. |
A remote machine lockup problem exists in the TCP decoding code. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/tcpfix.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/common/tcpfix.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="tss"> |
<li id="tss"> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<strong>SECURITY FIX</strong><br> |
This is another fix for a kernel crash caused by the |
This is another fix for a kernel crash caused by the |
<strong>crashme</strong> program. |
<b>crashme</b> program. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/tss.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/tss.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="bootargv"> |
<li id="bootargv"> |
<font color="#009000"><strong>FUNCTIONALITY FIX</strong></font><br> |
<strong>FUNCTIONALITY FIX</strong><br> |
The kernel was using a fixed and hard-coded location for the arguments |
The kernel was using a fixed and hard-coded location for the arguments |
vector passed from the <strong>/boot</strong> loader. This prevented |
vector passed from the <b>/boot</b> loader. This prevented |
<strong>/boot</strong> from placing the boot arguments vector at any |
<b>/boot</b> from placing the boot arguments vector at any |
other location, causing a kernel crash early in the autoconfiguration |
other location, causing a kernel crash early in the autoconfiguration |
stage. In 2.5, the bootblocks will be modified to use a new location. |
stage. In 2.5, the bootblocks will be modified to use a new location. |
Hence, if you wish old kernels to boot on a new bootblock, those |
Hence, if you wish old kernels to boot on a new bootblock, those |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="trctrap"> |
<li id="trctrap"> |
<font color="#009000"><strong>SECURITY FIX</strong></font><br> |
<strong>SECURITY FIX</strong><br> |
i386 trace-trap handling when DDB was configured could cause a system |
i386 trace-trap handling when DDB was configured could cause a system |
crash. |
crash. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/trctrap.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/trctrap.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="installboot"> |
<li id="installboot"> |
<font color="#009000"><strong>FUNCTIONALITY FIX</strong></font><br> |
<strong>FUNCTIONALITY FIX</strong><br> |
i386 installboot had a sign extension bug which prevented proper bootblock |
i386 installboot had a sign extension bug which prevented proper bootblock |
initialization when the root filesystem was placed beyond 4GB. |
initialization when the root filesystem was placed beyond 4GB. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/installboot.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/i386/installboot.patch"> |
|
|
that your root filesystem is below 4GB, for now. |
that your root filesystem is below 4GB, for now. |
<p> |
<p> |
<li id="hme"> |
<li id="hme"> |
<font color="#009000"><strong>DRIVER FIX</strong></font><br> |
<strong>DRIVER FIX</strong><br> |
The sparc hme(4) and be(4) drivers work poorly on some types of SS-20 |
The sparc hme(4) and be(4) drivers work poorly on some types of SS-20 |
machines. This is because those machines lie, saying they support 64-bit DMA |
machines. This is because those machines lie, saying they support 64-bit DMA |
bursting. No sun4m machines support that. |
bursting. No sun4m machines support that. |
|
|
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="le"> |
<li id="le"> |
<font color="#009000"><strong>DRIVER FIX</strong></font><br> |
<strong>DRIVER FIX</strong><br> |
The sparc le(4) driver does media changes incorrectly on one type of |
The sparc le(4) driver does media changes incorrectly on one type of |
sbus le(4) card. |
sbus le(4) card. |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/sparc/le.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/2.4/sparc/le.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
<li id="hp300X"> |
<li id="hp300X"> |
<font color="#009000"><strong>FUNCTIONALITY FIX</strong></font><br> |
<strong>FUNCTIONALITY FIX</strong><br> |
The Xhp as shipped does not have the execute permissions set. The fix is |
The Xhp as shipped does not have the execute permissions set. The fix is |
'chmod 755 /usr/X11R6/bin/Xhp' if you have installed X. |
'chmod 755 /usr/X11R6/bin/Xhp' if you have installed X. |
<p> |
<p> |
|
|
</ul> |
</ul> |
|
|
<hr> |
<hr> |
|
|
</body> |
|
</html> |
|