CVS commit: [netbsd-4] src/doc

Sat, 19 Nov 2011 06:40:50 -0800 

Module Name:    src
Committed By:   bouyer
Date:           Sat Nov 19 14:40:07 UTC 2011

Modified Files:
        src/doc [netbsd-4]: CHANGES-4.1

Log Message:
Tickets 1432, 1436, 1438, 1439


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.229 -r1.1.2.230 src/doc/CHANGES-4.1

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/doc/CHANGES-4.1
diff -u src/doc/CHANGES-4.1:1.1.2.229 src/doc/CHANGES-4.1:1.1.2.230
--- src/doc/CHANGES-4.1:1.1.2.229	Wed Nov  2 18:29:10 2011
+++ src/doc/CHANGES-4.1	Sat Nov 19 14:40:07 2011
@@ -1,4 +1,4 @@
-#	$NetBSD: CHANGES-4.1,v 1.1.2.229 2011/11/02 18:29:10 riz Exp $
+#	$NetBSD: CHANGES-4.1,v 1.1.2.230 2011/11/19 14:40:07 bouyer Exp $
 
 A complete list of changes from the NetBSD 4.0 release to the NetBSD 4.1
 release:
@@ -4522,3 +4522,41 @@ share/zoneinfo/zone.tab			patch
 	Update to tzdata2011n.
 	[apb, ticket #1435]
 
+lib/librmt/rmtlib.c				1.23, 1.24
+
+	Improve isrmt() check: it cannot be a rmt fd if there are no pipes
+	open for the fd.  Prevents collision with rumphijack.
+	Also, prevent potential hyperspace memory access.
+
+	PR/38413: Takahiro Kambe: mt(1) print some junk output when using
+	remote tape
+	Not all fields are valid in the ioctl to get tape info in the rmt
+	protocol. Zero out the struct so that we don't print junk.
+	[dholland, ticket #1432]
+
+sys/uvm/uvm_meter.c				1.57 via patch
+
+	if you are going to dereference a variable, check the variable itself,
+	not it cousin.
+	[christos, ticket #1436]
+
+sys/kern/kern_event.c				1.73
+
+	PR/45618: Motoyuki OHMORI: kqueue EVFILT_TIMER with smaller timeout
+	value makes DIAGNOSTIC kernel panic:  
+		KASSERT((c->c_flags & CALLOUT_PENDING) !=3D 0);
+	If the computed ticks are <= 0 set it to 1
+	[christos, ticket #1438]
+
+dist/openpam/lib/openpam_configure.c		1.6
+
+	Don't allow '/' characters in the "service" argument to pam_start()
+	The "service" is blindly appended to config directories ("/etc/pam.d/"),
+	and if a user can control the "service" it can get PAM to read config
+	files from any location.
+	This is not a problem with most software because the "service" is
+	usually a constant string. The check protects 3rd party software
+	from being abused.
+	(CVE-2011-4122)
+	[drochner, ticket #1439]
+

Reply via email to