Module Name: src
Committed By: bouyer
Date: Wed Jul 1 07:30:55 UTC 2015
Modified Files:
src/doc [netbsd-7]: CHANGES-7.0
Log Message:
tickets 860 and 861
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.334 -r1.1.2.335 src/doc/CHANGES-7.0
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-7.0
diff -u src/doc/CHANGES-7.0:1.1.2.334 src/doc/CHANGES-7.0:1.1.2.335
--- src/doc/CHANGES-7.0:1.1.2.334 Mon Jun 29 17:27:13 2015
+++ src/doc/CHANGES-7.0 Wed Jul 1 07:30:55 2015
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-7.0,v 1.1.2.334 2015/06/29 17:27:13 snj Exp $
+# $NetBSD: CHANGES-7.0,v 1.1.2.335 2015/07/01 07:30:55 bouyer Exp $
A complete list of changes from the initial NetBSD 7.0 branch on 11 Aug 2014
until the 7.0 release:
@@ -32183,3 +32183,28 @@ sbin/gpt/recover.c 1.6
recover simply copies the existing header over the missing one.
[jnemeth, ticket #847]
+usr.bin/calendar/calendar.c 1.51
+
+ Correct privilege handling problems in calendar -a (which runs as root
+ from /etc/daily); do not exec other programs while the real uid is
+ still 0.
+
+ Also, clear the supplementary groups list up front and call initgroups
+ when becoming another user, to avoid leaking any extra group
+ privileges that we might have.
+
+ And finally, don't silently ignore errors changing uid and gid; those
+ are serious if they happen.
+ [dholland, ticket #860]
+
+usr.bin/calendar/calendar.c 1.52
+
+ Repair accidental regression in -r1.49: for -a mode, don't allow
+ calendars to be other than regular files unless the -x option is in
+ effect.
+
+ (If not in -a mode, we're running purely as the user whose calendar it
+ is and if they want to DoS themselves with named pipes it's their own
+ lookout.)
+ [dholland, ticket #861]
+
