todr_settime_ymdhms. This allows drivers to avoid repeated conversions, and
allows us to centralize check for Y2038 overflow. As discussed on
tech-kern.
- Rollback the updates for rsa.h, rsa_eay.c and rsa_err.c as they were
not necessary to address this vulnerability.
- Small update to the patch for rsa_sign.c for backward compatability so
the same patch can be applied to 0.9.[6-9]
by the initial PCI_NETBSD_CONFIGURE, nor should it be manually wired by
the indirect stuff. This is all taken care of by the prep_init() function.
7025-F40 support supports the primary pci bus only. The second PCI bus
on the machine is still unsupported, but the machine runs and can access
everything except for the two slots the other bus covers.
We can have in a register an address that points to/into some variable
in the data segment, but db_print_loc_and_inst only looks for
functions, so it will misprint it as something unrelated from libkern
+ huge offset. E.g. instead of netbsd:cpu_info_store it would print
netbsd:prop_string_create_cstring+0xdeadbeef
Worse, if the address happens to be odd (char field in a struct, an
element of char array), attempt at printing the "instruction" at that
address will cause a fault and will abort "mach frame".
Disassemly is not really that useful in "mach frame" listing anyway
and more often just clutters things by overflowing 80 columns.
* Assertion failure in ISC BIND SIG query processing (CVE-2006-4095)
- Recursive servers
Queries for SIG records will trigger an assertion failure if more
than one RRset is returned. However exposure can be minimized by
restricting which sources can ask for recursion.
- Authoritative servers
If a nameserver is serving a RFC 2535 DNSSEC zone and is queried
for the SIG records where there are multiple RRsets, then the
named program will trigger an assertion failure when it tries
to construct the response.
* INSIST failure in ISC BIND recursive query handling code (CVE-2006-4096)
It is possible to trigger an INSIST failure by sending enough
recursive queries such that the response to the query arrives after
all the clients waiting for the response have left the recursion
queue. However exposure can be minimized by restricting which sources
can ask for recursion.
ok'ed christos@
