-rev.21964 for DTLS Plaintext Recovery Attack (CVE-2011-4108)
-rev.21961 for Uninitialized SSL 3.0 Padding (CVE-2011-4576)
-rev.21456+21954 for Malformed RFC 3779 Data Can Cause Assertion Failures
(CVE-2011-4577)
(rev.21456 is not mentioned in the advisory, but there is code overlap)
-rev.21958 for SGC Restart DoS Attack (CVE-2011-4619)
-rev.21956 for Invalid GOST parameters DoS Attack (CVE-2012-0027)
This module registers a syscall that takes a user_start and user_end address.
When a process calls SYS_syscallemu, the start and end address are recorded
and the syscall installs a filter on p->p_md.md_syscall. The filter then
uses the specified start and end addresses to determine where the syscall
should be routed (either host by calling the original md_syscall function,
or process by posting SIGILL).
earlier, sleep(3) until playing finished)
-also switch to digital mode if an audio device is given on the
cmd line, or the (new) "CDPLAY_DIGITAL" env var is set
(The latter can be used to make digital mode default per system.
As I see it, analog mode is not dead yet - two of three external
DVD drives I looked at have a speaker output.)
Also fix a typo/pasto when checking devices against devices/types in the
configuration file: use value from configuration, not the end of the
device_info table. Devices which aren't explicitly specified in the
device_info table can now be used by adding a type entry in the config
file.
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC
call its d_ioctl function. This should fix an undefined reference to
`clockctlioctl' when you build a kernel that has COMPAT_50 but does not
have pseudo-device clockctl.
When time_t was changed from 32 to 64 bits, this ioctl's number
was changed from _IOWR('C', 0x4, struct clockctl_ntp_adjtime)
to _IOWR('C', 0x8, struct clockctl_ntp_adjtime), but the data
structure did not change, so all the compat code has to do is
change the number and try again.
ntp_timestatus instead of leaving it uninitialised, and don't use
copyout(9) because args->retval is in kernel space, not user space.
Previously, running ntpd(8) in unprivileged mode would call
libc ntp_adjtime(), which would open /dev/clockctl and call
ioctl(CLOCKCTL_NTP_ADJTIME), which would fail with EFAULT.
