Module Name: src
Committed By: jdc
Date: Sun Oct 13 07:26:23 UTC 2013
Modified Files:
src/doc [netbsd-5-2]: CHANGES-5.2.2
Log Message:
Ticket #1884.
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.1 -r1.1.2.2 src/doc/CHANGES-5.2.2
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-5.2.2
diff -u src/doc/CHANGES-5.2.2:1.1.2.1 src/doc/CHANGES-5.2.2:1.1.2.2
--- src/doc/CHANGES-5.2.2:1.1.2.1 Sun Oct 13 07:22:18 2013
+++ src/doc/CHANGES-5.2.2 Sun Oct 13 07:26:23 2013
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-5.2.2,v 1.1.2.1 2013/10/13 07:22:18 jdc Exp $
+# $NetBSD: CHANGES-5.2.2,v 1.1.2.2 2013/10/13 07:26:23 jdc Exp $
A complete list of changes from the NetBSD 5.2 release to the NetBSD 5.2.1
release:
@@ -10,3 +10,14 @@ sys/sys/param.h patched by hand
Welcome to 5.2.1_PATCH.
[jdc]
+xsrc/external/mit/xorg-server/dist/dix/dixfonts.c 1.2 via patch
+xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c 1.4 via patch
+
+ Fix CVE-2013-4396 using a patch from Alan Coopersmith:
+ Save a pointer to the passed in closure structure before copying it
+ and overwriting the *c pointer to point to our copy instead of the
+ original. If we hit an error, once we free(c), reset c to point to
+ the original structure before jumping to the cleanup code that
+ references *c.
+ [spz, ticket #966]
+
