# $NetBSD: CHANGES-5.2.2,v 1.1.2.11 2014/01/17 18:17:05 bouyer Exp $ A complete list of changes from the NetBSD 5.2 release to the NetBSD 5.2.1 release: doc/README.files patched by hand gnu/usr.bin/groff/tmac/mdoc.local patched by hand sys/sys/param.h patched by hand Welcome to 5.2.1_PATCH. [jdc] xsrc/external/mit/xorg-server/dist/dix/dixfonts.c 1.2 via patch xsrc/xfree/xc/programs/Xserver/dix/dixfonts.c 1.4 via patch Fix CVE-2013-4396 using a patch from Alan Coopersmith: Save a pointer to the passed in closure structure before copying it and overwriting the *c pointer to point to our copy instead of the original. If we hit an error, once we free(c), reset c to point to the original structure before jumping to the cleanup code that references *c. [spz, ticket #966] sys/arch/xen/xen/evtchn.c 1.70 Remove the "evtchn_do_event: handler %p didn't lower ipl %d %d\n" printf as analysis shows it actually isn't a bug in the handler, but related to spin mutexes. Fixes port-xen/46313 [bouyer, ticket #1890] sys/netinet6/nd6.c 1.146 usr.sbin/ndp/ndp.c 1.42 Instead of voodo casts use simple byte pointer arithmetic and memcpy to create the "packed" binary format we pass out to userland when querying the router/prefix list. Simplify code to print the router/prefix list: use memcpy and local structs properly aligned on the stack to decode the binary format passed by the kernel - instead of (bogusly) assuming the format will obey all local alignement requirements. [martin, ticket #1892] etc/ntp.conf 1.16, 1.17, 1.18 via patch external/bsd/ntp/dist/ntpd/ntp_request.c patch Patch from ntp 4.2.7p404 to prevent an amplifier and DoS attack. Add several "restrict" lines to the default ntp.conf and improve comments [spz, ticket #1895] distrib/ews4800mips/Makefile 1.3 Add "cdroms" to the SUBDIR list for src/distrib/ews4800mips. Should prevent the iso image from being created in the source tree [apb, ticket #1894] xsrc/external/mit/libXfont/dist/src/bitmap/bdfread.c patch xsrc/xfree/xc/lib/font/bitmap/bdfread.c patch Fix CVE-2013-6462: scanf without field width limits can crash with huge input data. [wiz, ticket #1896] dist/bind/bin/named/query.c patch a fix by ISC for CVE-2014-0591: 3693. [security] memcpy was incorrectly called with overlapping ranges resulting in malformed names being generated on some platforms. This could cause INSIST failures when serving NSEC3 signed zones. [RT #35120] [spz, ticket #1897] distrib/notes/common/main patched by hand doc/LAST_MINUTE patched by hand doc/README.files patched by hand gnu/usr.bin/groff/tmac/mdoc.local patched by hand sys/sys/param.h patched by hand Welcome to 5.2.2! [bouyer]