Module Name: src Committed By: bouyer Date: Wed Jul 1 07:30:55 UTC 2015
Modified Files: src/doc [netbsd-7]: CHANGES-7.0 Log Message: tickets 860 and 861 To generate a diff of this commit: cvs rdiff -u -r1.1.2.334 -r1.1.2.335 src/doc/CHANGES-7.0 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/doc/CHANGES-7.0 diff -u src/doc/CHANGES-7.0:1.1.2.334 src/doc/CHANGES-7.0:1.1.2.335 --- src/doc/CHANGES-7.0:1.1.2.334 Mon Jun 29 17:27:13 2015 +++ src/doc/CHANGES-7.0 Wed Jul 1 07:30:55 2015 @@ -1,4 +1,4 @@ -# $NetBSD: CHANGES-7.0,v 1.1.2.334 2015/06/29 17:27:13 snj Exp $ +# $NetBSD: CHANGES-7.0,v 1.1.2.335 2015/07/01 07:30:55 bouyer Exp $ A complete list of changes from the initial NetBSD 7.0 branch on 11 Aug 2014 until the 7.0 release: @@ -32183,3 +32183,28 @@ sbin/gpt/recover.c 1.6 recover simply copies the existing header over the missing one. [jnemeth, ticket #847] +usr.bin/calendar/calendar.c 1.51 + + Correct privilege handling problems in calendar -a (which runs as root + from /etc/daily); do not exec other programs while the real uid is + still 0. + + Also, clear the supplementary groups list up front and call initgroups + when becoming another user, to avoid leaking any extra group + privileges that we might have. + + And finally, don't silently ignore errors changing uid and gid; those + are serious if they happen. + [dholland, ticket #860] + +usr.bin/calendar/calendar.c 1.52 + + Repair accidental regression in -r1.49: for -a mode, don't allow + calendars to be other than regular files unless the -x option is in + effect. + + (If not in -a mode, we're running purely as the user whose calendar it + is and if they want to DoS themselves with named pipes it's their own + lookout.) + [dholland, ticket #861] +