From fbcfc75aed582ca9f9cd924ff43db9f19443a741 Mon Sep 17 00:00:00 2001
From: Ian Lepore <ian@FreeBSD.org>
Date: Sat, 13 Jul 2019 16:48:27 +0000
Subject: [PATCH] Add an entry mentioning the permission/mode change to daily
 accounting files.

---
 UPDATING | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/UPDATING b/UPDATING
index 479a9a6eb72..5b3bc132926 100644
--- a/UPDATING
+++ b/UPDATING
@@ -31,6 +31,14 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
 	disable the most expensive debugging functionality run
 	"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
 
+20190713:
+    Default permissions on the /var/account/acct file (and copies of it rotated 
+    by periodic daily scripts) are changed from 0644 to 0640 because the file 
+    contains sensitive information that should not be world-readable.  If the 
+    /var/account directory must be created by rc.d/accounting, the mode used is 
+    now 0750.  Admins who use the accounting feature are encouraged to change 
+    the mode of an existing /var/account directory to 0750 or 0700.  
+
 20190620:
 	Entropy collection and the /dev/random device are no longer optional
 	components.  The "device random" option has been removed.