Module Name: src
Committed By: bouyer
Date: Wed Jul 1 07:24:31 UTC 2015
Modified Files:
src/doc [netbsd-6-0]: CHANGES-6.0.7
Log Message:
ticket 1309
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.43 -r1.1.2.44 src/doc/CHANGES-6.0.7
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-6.0.7
diff -u src/doc/CHANGES-6.0.7:1.1.2.43 src/doc/CHANGES-6.0.7:1.1.2.44
--- src/doc/CHANGES-6.0.7:1.1.2.43 Wed May 27 05:57:31 2015
+++ src/doc/CHANGES-6.0.7 Wed Jul 1 07:24:31 2015
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.0.7,v 1.1.2.43 2015/05/27 05:57:31 msaitoh Exp $
+# $NetBSD: CHANGES-6.0.7,v 1.1.2.44 2015/07/01 07:24:31 bouyer Exp $
A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7
release:
@@ -5998,3 +5998,17 @@ sys/arch/xen/xen/xenevt.c 1.42
Fix off by one error, pointed out by Wei Liu in port-xen/49919.
[bouyer, ticket #1299]
+usr.bin/calendar/calendar.c 1.51
+
+ Correct privilege handling problems in calendar -a (which runs as root
+ from /etc/daily); do not exec other programs while the real uid is
+ still 0.
+
+ Also, clear the supplementary groups list up front and call initgroups
+ when becoming another user, to avoid leaking any extra group
+ privileges that we might have.
+
+ And finally, don't silently ignore errors changing uid and gid; those
+ are serious if they happen.
+ [dholland, ticket #1309]
+
