[src/netbsd-6-1]: src/doc ticket 1309

[bouyer <bouyer%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/decfd71b478f
branches:  netbsd-6-1
changeset: 776079:decfd71b478f
user:      bouyer <bouyer%NetBSD.org@localhost>
date:      Wed Jul 01 07:24:30 2015 +0000

description:
ticket 1309

diffstat:

 doc/CHANGES-6.1.6 |  16 +++++++++++++++-
 1 files changed, 15 insertions(+), 1 deletions(-)

diffs (27 lines):

diff -r 378340a5cf5f -r decfd71b478f doc/CHANGES-6.1.6
--- a/doc/CHANGES-6.1.6 Wed Jul 01 07:22:48 2015 +0000
+++ b/doc/CHANGES-6.1.6 Wed Jul 01 07:24:30 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.1.6,v 1.1.2.42 2015/05/27 05:57:00 msaitoh Exp $
+# $NetBSD: CHANGES-6.1.6,v 1.1.2.43 2015/07/01 07:24:30 bouyer Exp $
 
 A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6
 release:
@@ -5718,3 +5718,17 @@
 
        Fix off by one error, pointed out by Wei Liu in port-xen/49919.
        [bouyer, ticket #1299]
+usr.bin/calendar/calendar.c                    1.51
+
+       Correct privilege handling problems in calendar -a (which runs as root
+       from /etc/daily); do not exec other programs while the real uid is
+       still 0.
+
+       Also, clear the supplementary groups list up front and call initgroups
+       when becoming another user, to avoid leaking any extra group
+       privileges that we might have.
+
+       And finally, don't silently ignore errors changing uid and gid; those
+       are serious if they happen.
+       [dholland, ticket #1309]
+