From b76f0e703d5be8172d24119ff746b5c884a981c0 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Wed, 3 Nov 2021 21:32:52 -0400 Subject: [PATCH] import at-3.1.23-10.el9 --- .at.metadata | 1 + .gitignore | 1 + SOURCES/at-3.1.14-fix_no_export.patch | 15 + SOURCES/at-3.1.14-mailwithhostname.patch | 62 ++ SOURCES/at-3.1.14-opt_V.patch | 17 + SOURCES/at-3.1.14-usePOSIXtimers.patch | 111 ++++ SOURCES/at-3.1.16-clear-nonjobs.patch | 42 ++ SOURCES/at-3.1.16-fclose-error.patch | 26 + SOURCES/at-3.1.18-make.patch | 82 +++ SOURCES/at-3.1.18-nitpicks.patch | 80 +++ SOURCES/at-3.1.18-noabort.patch | 43 ++ SOURCES/at-3.1.18-utc-dst.patch | 24 + SOURCES/at-3.1.20-aborted-jobs.patch | 22 + SOURCES/at-3.1.20-lock-locks.patch | 108 +++ SOURCES/at-3.1.20-log-jobs.patch | 14 + SOURCES/at-3.1.20-pam.patch | 436 ++++++++++++ SOURCES/at-3.1.20-shell.patch | 47 ++ SOURCES/at-3.1.23-document-n.patch | 22 + SOURCES/at-3.2.23-coverity-fix.patch | 115 ++++ SOURCES/at-aarch64.patch | 486 ++++++++++++++ SOURCES/atd.sysconf | 9 + SOURCES/atd.systemd | 13 + SOURCES/pam_atd | 9 + SPECS/at.spec | 810 +++++++++++++++++++++++ 24 files changed, 2595 insertions(+) create mode 100644 .at.metadata create mode 100644 .gitignore create mode 100644 SOURCES/at-3.1.14-fix_no_export.patch create mode 100644 SOURCES/at-3.1.14-mailwithhostname.patch create mode 100644 SOURCES/at-3.1.14-opt_V.patch create mode 100644 SOURCES/at-3.1.14-usePOSIXtimers.patch create mode 100644 SOURCES/at-3.1.16-clear-nonjobs.patch create mode 100644 SOURCES/at-3.1.16-fclose-error.patch create mode 100644 SOURCES/at-3.1.18-make.patch create mode 100644 SOURCES/at-3.1.18-nitpicks.patch create mode 100644 SOURCES/at-3.1.18-noabort.patch create mode 100644 SOURCES/at-3.1.18-utc-dst.patch create mode 100644 SOURCES/at-3.1.20-aborted-jobs.patch create mode 100644 SOURCES/at-3.1.20-lock-locks.patch create mode 100644 SOURCES/at-3.1.20-log-jobs.patch create mode 100644 SOURCES/at-3.1.20-pam.patch create mode 100644 SOURCES/at-3.1.20-shell.patch create mode 100644 SOURCES/at-3.1.23-document-n.patch create mode 100644 SOURCES/at-3.2.23-coverity-fix.patch create mode 100644 SOURCES/at-aarch64.patch create mode 100644 SOURCES/atd.sysconf create mode 100644 SOURCES/atd.systemd create mode 100644 SOURCES/pam_atd create mode 100644 SPECS/at.spec diff --git a/.at.metadata b/.at.metadata new file mode 100644 index 0000000..6b6bb49 --- /dev/null +++ b/.at.metadata @@ -0,0 +1 @@ +30a8158968ff0ffe55d7f728c568618f965c98d8 SOURCES/at_3.1.23.orig.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c144c6c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/at_3.1.23.orig.tar.gz diff --git a/SOURCES/at-3.1.14-fix_no_export.patch b/SOURCES/at-3.1.14-fix_no_export.patch new file mode 100644 index 0000000..096eed7 --- /dev/null +++ b/SOURCES/at-3.1.14-fix_no_export.patch @@ -0,0 +1,15 @@ +diff -up at-3.1.14/at.c.export at-3.1.14/at.c +--- at-3.1.14/at.c.export 2013-10-07 14:53:59.980521240 +0200 ++++ at-3.1.14/at.c 2013-10-07 14:54:35.722560527 +0200 +@@ -388,8 +388,9 @@ writefile(time_t runtimer, char queue) + unsigned int i; + for (i = 0; i < sizeof(no_export) / sizeof(no_export[0]); i++) { + export = export +- && (strncmp(*atenv, no_export[i], +- (size_t) (eqp - *atenv)) != 0); ++ && ((((size_t) (eqp - *atenv)) != strlen(no_export[i])) ++ ||(strncmp(*atenv, no_export[i],(size_t) (eqp - *atenv)) != 0) ++ ); + } + eqp++; + } diff --git a/SOURCES/at-3.1.14-mailwithhostname.patch b/SOURCES/at-3.1.14-mailwithhostname.patch new file mode 100644 index 0000000..a2b3f79 --- /dev/null +++ b/SOURCES/at-3.1.14-mailwithhostname.patch @@ -0,0 +1,62 @@ +diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c +--- at-3.1.14/atd.c.mail 2013-12-04 11:39:44.556239282 +0100 ++++ at-3.1.14/atd.c 2013-12-04 11:40:50.544234246 +0100 +@@ -100,6 +100,10 @@ int selinux_enabled=0; + #define BATCH_INTERVAL_DEFAULT 60 + #define CHECK_INTERVAL 3600 + ++#ifndef MAXHOSTNAMELEN ++#define MAXHOSTNAMELEN 64 ++#endif ++ + /* Global variables */ + + uid_t real_uid, effective_uid; +@@ -117,6 +121,7 @@ static time_t last_chg; + static int nothing_to_do; + unsigned int batch_interval; + static int run_as_daemon = 0; ++static int mail_with_hostname = 0; + + static volatile sig_atomic_t term_signal = 0; + +@@ -298,6 +303,7 @@ run_file(const char *filename, uid_t uid + char fmt[64]; + unsigned long jobno; + int rc; ++ char hostbuf[MAXHOSTNAMELEN]; + #ifdef WITH_PAM + int retcode; + #endif +@@ -452,6 +458,11 @@ run_file(const char *filename, uid_t uid + + write_string(fd_out, "Subject: Output from your job "); + write_string(fd_out, jobbuf); ++ if (mail_with_hostname > 0) { ++ gethostname(hostbuf, MAXHOSTNAMELEN-1); ++ write_string(fd_out, " "); ++ write_string(fd_out, hostbuf); ++ } + write_string(fd_out, "\nTo: "); + write_string(fd_out, mailname); + write_string(fd_out, "\n\n"); +@@ -843,7 +854,7 @@ main(int argc, char *argv[]) + run_as_daemon = 1; + batch_interval = BATCH_INTERVAL_DEFAULT; + +- while ((c = getopt(argc, argv, "sdl:b:f")) != EOF) { ++ while ((c = getopt(argc, argv, "sdnl:b:f")) != EOF) { + switch (c) { + case 'l': + if (sscanf(optarg, "%lf", &load_avg) != 1) +@@ -865,6 +876,10 @@ main(int argc, char *argv[]) + daemon_foreground++; + break; + ++ case 'n': ++ mail_with_hostname=1; ++ break; ++ + case 's': + run_as_daemon = 0; + break; diff --git a/SOURCES/at-3.1.14-opt_V.patch b/SOURCES/at-3.1.14-opt_V.patch new file mode 100644 index 0000000..c9c2106 --- /dev/null +++ b/SOURCES/at-3.1.14-opt_V.patch @@ -0,0 +1,17 @@ +diff -up at-3.1.14/at.c.opt at-3.1.14/at.c +--- at-3.1.14/at.c.opt 2013-09-26 16:54:29.920476315 +0200 ++++ at-3.1.14/at.c 2013-09-26 16:55:06.301562646 +0200 +@@ -842,10 +842,9 @@ main(int argc, char **argv) + */ + + if (disp_version) { +- fprintf(stderr, "at version " VERSION "\n" +- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n" +- "or contact the maintainers (at@packages.debian.org).\n"); +- exit(EXIT_SUCCESS); ++ fprintf(stderr, "at version " VERSION "\n"); ++ if (argc == 2) ++ exit(EXIT_SUCCESS); + } + + /* select our program diff --git a/SOURCES/at-3.1.14-usePOSIXtimers.patch b/SOURCES/at-3.1.14-usePOSIXtimers.patch new file mode 100644 index 0000000..89c5614 --- /dev/null +++ b/SOURCES/at-3.1.14-usePOSIXtimers.patch @@ -0,0 +1,111 @@ +diff -up at-3.1.14/atd.c.timers at-3.1.14/atd.c +--- at-3.1.14/atd.c.timers 2013-12-02 11:03:01.250080057 +0100 ++++ at-3.1.14/atd.c 2013-12-02 11:06:15.560243498 +0100 +@@ -831,6 +831,54 @@ run_loop() + return next_job; + } + ++#ifdef HAVE_TIMER_CREATE ++timer_t timer; ++struct itimerspec timeout; ++ ++void timer_setup() ++{ ++ struct sigevent sev; ++ ++ sev.sigev_notify = SIGEV_SIGNAL; ++ sev.sigev_signo = SIGHUP; ++ sev.sigev_value.sival_ptr = &timer; ++ ++ memset(&timeout, 0, sizeof(timeout)); ++ ++ if (timer_create(CLOCK_REALTIME, &sev, &timer) < 0) ++ pabort("unable to create timer"); ++} ++ ++time_t atd_gettime() ++{ ++ struct timespec curtime; ++ ++ clock_gettime(CLOCK_REALTIME, &curtime); ++ ++ return curtime.tv_sec; ++} ++ ++void atd_setalarm(time_t next) ++{ ++ timeout.it_value.tv_sec = next; ++ timer_settime(timer, TIMER_ABSTIME, &timeout, NULL); ++ pause(); ++} ++#else ++void timer_setup() ++{ ++} ++ ++time_t atd_gettime() ++{ ++ return time(NULL); ++} ++ ++void atd_setalarm(time_t next) ++{ ++ sleep(next - atd_gettime()); ++} ++#endif + /* Global functions */ + + int +@@ -936,7 +984,7 @@ main(int argc, char *argv[]) + sigaction(SIGCHLD, &act, NULL); + + if (!run_as_daemon) { +- now = time(NULL); ++ now = atd_gettime(); + run_loop(); + exit(EXIT_SUCCESS); + } +@@ -959,13 +1007,14 @@ main(int argc, char *argv[]) + act.sa_handler = set_term; + sigaction(SIGINT, &act, NULL); + ++ timer_setup(); + daemon_setup(); + + do { +- now = time(NULL); ++ now = atd_gettime(); + next_invocation = run_loop(); + if (next_invocation > now) { +- sleep(next_invocation - now); ++ atd_setalarm(next_invocation); + } + } while (!term_signal); + daemon_cleanup(); +diff -up at-3.1.14/config.h.in.timers at-3.1.14/config.h.in +--- at-3.1.14/config.h.in.timers 2013-12-02 11:00:27.000000000 +0100 ++++ at-3.1.14/config.h.in 2013-12-02 11:02:06.521033976 +0100 +@@ -38,6 +38,9 @@ + /* Define to 1 if you have the `getloadavg' function. */ + #undef HAVE_GETLOADAVG + ++/* Define to 1 if you have the `timer_create' function. */ ++#undef HAVE_TIMER_CREATE ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_GETOPT_H + +diff -up at-3.1.14/configure.ac.timers at-3.1.14/configure.ac +--- at-3.1.14/configure.ac.timers 2013-12-02 11:00:27.000000000 +0100 ++++ at-3.1.14/configure.ac 2013-12-02 11:02:45.217066560 +0100 +@@ -254,6 +254,10 @@ AC_CHECK_LIB(selinux, is_selinux_enabled + AC_SUBST(SELINUXLIB) + AC_SUBST(WITH_SELINUX) + ++dnl check for POSIX timer functions ++AC_SEARCH_LIBS([timer_create],[rt]) ++AC_CHECK_FUNCS([timer_create]) ++ + AC_MSG_CHECKING(groupname to run under) + AC_ARG_WITH(daemon_groupname, + [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], diff --git a/SOURCES/at-3.1.16-clear-nonjobs.patch b/SOURCES/at-3.1.16-clear-nonjobs.patch new file mode 100644 index 0000000..05fc2c2 --- /dev/null +++ b/SOURCES/at-3.1.16-clear-nonjobs.patch @@ -0,0 +1,42 @@ +diff -up at-3.1.16/atd.c.clear-nonjobs at-3.1.16/atd.c +--- at-3.1.16/atd.c.clear-nonjobs 2014-12-11 10:32:24.000000000 +0100 ++++ at-3.1.16/atd.c 2015-09-09 11:40:22.544679351 +0200 +@@ -414,10 +414,22 @@ run_file(const char *filename, uid_t uid + sprintf(fmt, "#!/bin/sh\n# atrun uid=%%d gid=%%d\n# mail %%%ds %%d", + mailsize ); + ++ /* Unlink the file unless there was an error reading it (perhaps ++ * temporary). ++ * If the file has a bogus format there is no reason in trying ++ * to run it again and again. ++ */ + if (fscanf(stream, fmt, +- &nuid, &ngid, mailname, &send_mail) != 4) +- pabort("File %.500s is in wrong format - aborting", +- filename); ++ &nuid, &ngid, mailname, &send_mail) != 4) { ++ if (ferror(stream)) ++ perr("Error reading the job file"); ++ ++ unlink(filename); ++ pabort("File %.500s is in wrong format - aborting", ++ filename); ++ } ++ ++ unlink(filename); + + if (mailname[0] == '-') + pabort("illegal mail name %.300s in job %8lu (%.300s)", mailname, +@@ -427,12 +439,6 @@ run_file(const char *filename, uid_t uid + pabort("Job %8lu (%.500s) - userid %d does not match file uid %d", + jobno, filename, nuid, uid); + +- /* We are now committed to executing this script. Unlink the +- * original. +- */ +- +- unlink(filename); +- + fclose(stream); + if (chdir(ATSPOOL_DIR) < 0) + perr("Cannot chdir to " ATSPOOL_DIR); diff --git a/SOURCES/at-3.1.16-fclose-error.patch b/SOURCES/at-3.1.16-fclose-error.patch new file mode 100644 index 0000000..5006d68 --- /dev/null +++ b/SOURCES/at-3.1.16-fclose-error.patch @@ -0,0 +1,26 @@ +diff -up at-3.1.16/at.c.fclose at-3.1.16/at.c +--- at-3.1.16/at.c.fclose 2014-11-06 16:11:28.000000000 +0100 ++++ at-3.1.16/at.c 2014-11-24 15:30:12.704502966 +0100 +@@ -209,7 +209,11 @@ nextjob() + jobno = (1 + jobno) % 0xfffff; /* 2^20 jobs enough? */ + fprintf(fid, "%05lx\n", jobno); + +- fclose(fid); ++ if (ferror(fid)) ++ jobno = EOF; ++ ++ if (fclose(fid) != 0) ++ jobno = EOF; + return jobno; + } + +@@ -494,7 +498,8 @@ writefile(time_t runtimer, char queue) + if (ferror(stdin)) + panic("Input error"); + +- fclose(fp); ++ if (fclose(fp) != 0) ++ panic("Output error"); + + /* Set the x bit so that we're ready to start executing + */ diff --git a/SOURCES/at-3.1.18-make.patch b/SOURCES/at-3.1.18-make.patch new file mode 100644 index 0000000..171b63c --- /dev/null +++ b/SOURCES/at-3.1.18-make.patch @@ -0,0 +1,82 @@ +diff -up at-3.1.18/Makefile.in.make at-3.1.18/Makefile.in +--- at-3.1.18/Makefile.in.make 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/Makefile.in 2016-03-23 12:38:15.652898579 +0100 +@@ -68,13 +68,13 @@ LIST = Filelist Filelist.asc + all: at atd atd.service atrun + + at: $(ATOBJECTS) +- $(CC) $(LDFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) ++ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm + + atd: $(RUNOBJECTS) +- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) ++ $(CC) $(LDFLAGS) -pie -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) + + y.tab.c y.tab.h: parsetime.y + $(YACC) -d parsetime.y +@@ -89,38 +89,41 @@ atrun: atrun.in + configure + + .c.o: +- $(CC) -c $(CFLAGS) $(DEFS) $*.c ++ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c + + install: all +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) +- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) ++ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(bindir) ++ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) ++ $(INSTALL) -m 755 -d $(IROOT)$(docdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/ ++ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) ++ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) ++ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) + touch $(IROOT)$(LFILE) + chmod 600 $(IROOT)$(LFILE) + chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) +- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir) ++ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ ++ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd ++ $(INSTALL) -m 4755 at $(IROOT)$(bindir) + $(LN_S) -f at $(IROOT)$(bindir)/atq + $(LN_S) -f at $(IROOT)$(bindir)/atrm +- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) +- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ ++ $(INSTALL) -m 755 batch $(IROOT)$(bindir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) ++ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) ++ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) ++ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ + cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 +- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ ++ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ + sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman +- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 ++ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 + rm -f tmpman +- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/ ++ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/ + cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5 +- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) ++ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) + rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ + $(IROOT)$(mandir)/cat1/atq.1* + rm -f $(IROOT)$(mandir)/cat1/atd.8* diff --git a/SOURCES/at-3.1.18-nitpicks.patch b/SOURCES/at-3.1.18-nitpicks.patch new file mode 100644 index 0000000..2bcaebb --- /dev/null +++ b/SOURCES/at-3.1.18-nitpicks.patch @@ -0,0 +1,80 @@ +diff -up at-3.1.18/atd.c.nit at-3.1.18/atd.c +--- at-3.1.18/atd.c.nit 2016-03-23 12:46:49.222277787 +0100 ++++ at-3.1.18/atd.c 2016-03-23 12:47:50.521639804 +0100 +@@ -196,6 +196,18 @@ myfork() + + #define fork myfork + #endif ++#undef ATD_MAIL_PROGRAM ++#undef ATD_MAIL_NAME ++#if defined(SENDMAIL) ++#define ATD_MAIL_PROGRAM SENDMAIL ++#define ATD_MAIL_NAME "sendmail" ++#elif defined(MAILC) ++#define ATD_MAIL_PROGRAM MAILC ++#define ATD_MAIL_NAME "mail" ++#elif defined(MAILX) ++#define ATD_MAIL_PROGRAM MAILX ++#define ATD_MAIL_NAME "mailx" ++#endif + + #ifdef WITH_SELINUX + static int +@@ -339,6 +351,9 @@ run_file(const char *filename, uid_t uid + free(newname); + return; + } ++ ++ (void) setsid(); /* own session for process */ ++ + /* Let's see who we mail to. Hopefully, we can read it from + * the command file; if not, send it to the owner, or, failing that, + * to root. +@@ -507,6 +522,9 @@ run_file(const char *filename, uid_t uid + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir("/"); + + execle("/bin/sh", "sh", (char *) NULL, nenvp); +@@ -572,6 +590,9 @@ run_file(const char *filename, uid_t uid + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir ("/"); + + #if defined(SENDMAIL) +@@ -699,6 +720,7 @@ run_loop() + * Let's remove the lockfile and reschedule. + */ + strncpy(lock_name, dirent->d_name, sizeof(lock_name)); ++ lock_name[sizeof(lock_name)-1] = '\0'; + lock_name[0] = '='; + unlink(lock_name); + next_job = now; +@@ -733,6 +755,7 @@ run_loop() + run_batch++; + if (strcmp(batch_name, dirent->d_name) > 0) { + strncpy(batch_name, dirent->d_name, sizeof(batch_name)); ++ batch_name[sizeof(batch_name)-1] = '\0'; + batch_uid = buf.st_uid; + batch_gid = buf.st_gid; + batch_queue = queue; +diff -up at-3.1.18/at.1.in.nit at-3.1.18/at.1.in +--- at-3.1.18/at.1.in.nit 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/at.1.in 2016-03-23 12:46:49.226277876 +0100 +@@ -210,7 +210,7 @@ queue for + .BR batch . + Queues with higher letters run with increased niceness. The special + queue "=" is reserved for jobs which are currently running. +-.P ++ + If a job is submitted to a queue designated with an uppercase letter, the + job is treated as if it were submitted to batch at the time of the job. + Once the time is reached, the batch processing rules with respect to load diff --git a/SOURCES/at-3.1.18-noabort.patch b/SOURCES/at-3.1.18-noabort.patch new file mode 100644 index 0000000..1154fb9 --- /dev/null +++ b/SOURCES/at-3.1.18-noabort.patch @@ -0,0 +1,43 @@ +diff -up at-3.1.18/atd.c.noabort at-3.1.18/atd.c +--- at-3.1.18/atd.c.noabort 2016-03-23 12:49:15.147520116 +0100 ++++ at-3.1.18/atd.c 2016-03-23 12:49:15.148520138 +0100 +@@ -349,9 +349,12 @@ run_file(const char *filename, uid_t uid + */ + + pid = fork(); +- if (pid == -1) +- perr("Cannot fork"); +- ++ if (pid == -1) { ++ lerr("Cannot fork for job execution"); ++ free(mailname); ++ free(newname); ++ return; ++ } + else if (pid != 0) { + free(mailname); + free(newname); +@@ -669,15 +672,19 @@ run_loop() + * up. + */ + +- if (stat(".", &buf) == -1) +- perr("Cannot stat " ATJOB_DIR); ++ if (stat(".", &buf) == -1) { ++ lerr("Cannot stat " ATJOB_DIR); ++ return next_job; ++ } + + if (nothing_to_do && buf.st_mtime <= last_chg) + return next_job; + last_chg = buf.st_mtime; + +- if ((spool = opendir(".")) == NULL) +- perr("Cannot read " ATJOB_DIR); ++ if ((spool = opendir(".")) == NULL) { ++ lerr("Cannot read " ATJOB_DIR); ++ return next_job; ++ } + + run_batch = 0; + nothing_to_do = 1; diff --git a/SOURCES/at-3.1.18-utc-dst.patch b/SOURCES/at-3.1.18-utc-dst.patch new file mode 100644 index 0000000..3a2a40b --- /dev/null +++ b/SOURCES/at-3.1.18-utc-dst.patch @@ -0,0 +1,24 @@ +diff -up at-3.1.18/parsetime.y.dst at-3.1.18/parsetime.y +--- at-3.1.18/parsetime.y.dst 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/parsetime.y 2015-07-01 13:53:14.088881926 +0200 +@@ -476,8 +476,8 @@ parsetime(time_t currtime, int argc, cha + exectm = *localtime(&currtime); + currtime -= exectm.tm_sec; + exectm.tm_sec = 0; +- exectm.tm_isdst = -1; + memcpy(&currtm,&exectm,sizeof(currtm)); ++ exectm.tm_isdst = -1; + time_only = 0; + yearspec = 0; + +@@ -503,8 +503,8 @@ parsetime(time_t currtime, int argc, cha + return 0; + if (isgmt) { + exectime -= timezone; +- if (currtm.tm_isdst && !exectm.tm_isdst) +- exectime -= 3600; ++ if (exectm.tm_isdst) ++ exectime += 3600; + } + if (exectime < currtime) + panic("refusing to create job destined in the past"); diff --git a/SOURCES/at-3.1.20-aborted-jobs.patch b/SOURCES/at-3.1.20-aborted-jobs.patch new file mode 100644 index 0000000..78a196f --- /dev/null +++ b/SOURCES/at-3.1.20-aborted-jobs.patch @@ -0,0 +1,22 @@ +diff -up at-3.1.20/atd.c.aborted at-3.1.20/atd.c +--- at-3.1.20/atd.c.aborted 2017-09-14 15:31:47.971486148 +0200 ++++ at-3.1.20/atd.c 2017-09-14 15:43:53.506567281 +0200 +@@ -731,12 +731,17 @@ run_loop() + /* Is the file already locked? + */ + if (buf.st_nlink > 1) { ++ if (run_time < buf.st_mtime) ++ run_time = buf.st_mtime; + if (run_time + CHECK_INTERVAL <= now) { +- + /* Something went wrong the last time this was executed. + * Let's remove the lockfile and reschedule. ++ * We also change the timestamp to avoid rerunning the job more ++ * than once every CHECK_INTERVAL. + */ + strncpy(lock_name, dirent->d_name, sizeof(lock_name)); ++ if (utime(lock_name, 0) < 0) ++ syslog(LOG_ERR, "utime couldn't be set for lock file %s\n", lock_name); + lock_name[sizeof(lock_name)-1] = '\0'; + lock_name[0] = '='; + unlink(lock_name); diff --git a/SOURCES/at-3.1.20-lock-locks.patch b/SOURCES/at-3.1.20-lock-locks.patch new file mode 100644 index 0000000..17d6ad4 --- /dev/null +++ b/SOURCES/at-3.1.20-lock-locks.patch @@ -0,0 +1,108 @@ +diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c +--- at-3.1.20/atd.c.lock-locks 2016-07-01 10:41:50.640867692 +0200 ++++ at-3.1.20/atd.c 2016-07-01 10:42:32.345844967 +0200 +@@ -74,6 +74,9 @@ + #include + #endif + ++#include ++#include ++ + /* Local headers */ + + #include "privs.h" +@@ -288,7 +291,7 @@ run_file(const char *filename, uid_t uid + * mail to the user. + */ + pid_t pid; +- int fd_out, fd_in; ++ int fd_out, fd_in, fd_std; + char jobbuf[9]; + char *mailname = NULL; + int mailsize = 128; +@@ -410,6 +413,10 @@ run_file(const char *filename, uid_t uid + + fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); + ++ if (flock(fd_in, LOCK_EX | LOCK_NB) != 0) ++ perr("Somebody already locked the job %8lu (%.500s) - " ++ "aborting", jobno, filename); ++ + /* + * If the spool directory is mounted via NFS `atd' isn't able to + * read from the job file and will bump out here. The file is +@@ -553,10 +560,7 @@ run_file(const char *filename, uid_t uid + PRIV_END + } + /* We're the parent. Let's wait. +- */ +- close(fd_in); +- +- /* We inherited the master's SIGCHLD handler, which does a ++ We inherited the master's SIGCHLD handler, which does a + non-blocking waitpid. So this blocking one will eventually + return with an ECHILD error. + */ +@@ -573,14 +577,14 @@ run_file(const char *filename, uid_t uid + /* some sendmail implementations are confused if stdout, stderr are + * not available, so let them point to /dev/null + */ +- if ((fd_in = open("/dev/null", O_WRONLY)) < 0) ++ if ((fd_std = open("/dev/null", O_WRONLY)) < 0) + perr("Could not open /dev/null."); +- if (dup2(fd_in, STDOUT_FILENO) < 0) ++ if (dup2(fd_std, STDOUT_FILENO) < 0) + perr("Could not use /dev/null as standard output."); +- if (dup2(fd_in, STDERR_FILENO) < 0) ++ if (dup2(fd_std, STDERR_FILENO) < 0) + perr("Could not use /dev/null as standard error."); +- if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO) +- close(fd_in); ++ if (fd_std != STDOUT_FILENO && fd_std != STDERR_FILENO) ++ close(fd_std); + + if (unlink(filename) == -1) + syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s", +@@ -588,7 +592,12 @@ run_file(const char *filename, uid_t uid + + /* The job is now finished. We can delete its input file. + */ +- chdir(ATJOB_DIR); ++ if (chdir(ATJOB_DIR) != 0) ++ perr("Somebody removed %s directory from under us.", ATJOB_DIR); ++ ++ /* This also removes the flock */ ++ (void)close(fd_in); ++ + unlink(newname); + free(newname); + +@@ -723,16 +732,18 @@ run_loop() + + /* Skip lock files */ + if (queue == '=') { +- /* FIXME: calhariz */ +- /* I think the following code is broken, but commenting +- may haven unknow side effects. Make a release and see +- in the wild how it works. For more information see: +- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818508/* +- +- /* if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { */ +- /* /\* Remove stale lockfile FIXME: lock the lockfile, if you fail, it's still in use. *\/ */ +- /* unlink(dirent->d_name); */ +- /* } */ ++ if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { ++ int fd; ++ ++ fd = open(dirent->d_name, O_RDONLY); ++ if (fd != -1) { ++ if (flock(fd, LOCK_EX | LOCK_NB) == 0) { ++ unlink(dirent->d_name); ++ syslog(LOG_NOTICE, "removing stale lock file %s\n", dirent->d_name); ++ } ++ (void)close(fd); ++ } ++ } + continue; + } + /* Skip any other file types which may have been invented in diff --git a/SOURCES/at-3.1.20-log-jobs.patch b/SOURCES/at-3.1.20-log-jobs.patch new file mode 100644 index 0000000..44cc7d3 --- /dev/null +++ b/SOURCES/at-3.1.20-log-jobs.patch @@ -0,0 +1,14 @@ +diff -up at-3.1.20/atd.c.log-jobs at-3.1.20/atd.c +--- at-3.1.20/atd.c.log-jobs 2018-05-23 15:09:35.158362293 +0200 ++++ at-3.1.20/atd.c 2018-05-23 15:18:39.153965582 +0200 +@@ -376,6 +376,10 @@ run_file(const char *filename, uid_t uid + pabort("Userid %lu not found - aborting job %8lu (%.500s)", + (unsigned long) uid, jobno, filename); + } ++ ++ syslog(LOG_INFO, "Starting job %lu (%.500s) for user '%s' (%lu)", ++ jobno, filename, pentry->pw_name, (unsigned long) uid); ++ + PRIV_START + + stream = fopen(filename, "r"); diff --git a/SOURCES/at-3.1.20-pam.patch b/SOURCES/at-3.1.20-pam.patch new file mode 100644 index 0000000..418fa84 --- /dev/null +++ b/SOURCES/at-3.1.20-pam.patch @@ -0,0 +1,436 @@ +diff -up at-3.1.20/at.c.pam at-3.1.20/at.c +--- at-3.1.20/at.c.pam 2016-06-28 22:18:00.000000000 +0200 ++++ at-3.1.20/at.c 2016-07-01 09:44:22.251683924 +0200 +@@ -144,18 +144,13 @@ sigc(int signo) + /* If the user presses ^C, remove the spool file and exit + */ + if (fcreated) { +- /* + PRIV_START +- ++ /* + We need the unprivileged uid here since the file is owned by the real + (not effective) uid. + */ +- setregid(real_gid, effective_gid); +- unlink(atfile); +- setregid(effective_gid, real_gid); +- /* ++ unlink(atfile); + PRIV_END +- */ + } + exit(EXIT_FAILURE); + } +@@ -315,26 +310,19 @@ writefile(time_t runtimer, char queue) + * bit. Yes, this is a kluge. + */ + cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); +- seteuid(real_uid); ++ if ((seteuid(effective_uid)) < 0) ++ perr("Error in seteuid: %s", errno); + if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) + perr("Cannot create atjob file %.500s", atfile); +- seteuid(effective_uid); + + if ((fd2 = dup(fd)) < 0) + perr("Error in dup() of job file"); + +- /* + if (fchown(fd2, real_uid, real_gid) != 0) +- perr("Cannot give away file"); +- */ ++ perr("Cannot give real_uid and real_gid the file"); + + PRIV_END + +- /* We no longer need suid root; now we just need to be able to write +- * to the directory, if necessary. +- */ +- +- REDUCE_PRIV(daemon_uid, daemon_gid) + /* We've successfully created the file; let's set the flag so it + * gets removed in case of an interrupt or error. + */ +@@ -673,7 +661,7 @@ process_jobs(int argc, char **argv, int + We need the unprivileged uid here since the file is owned by the real + (not effective) uid. + */ +- setregid(real_gid, effective_gid); ++ PRIV_START + + if (queue == '=') { + fprintf(stderr, "Warning: deleting running job\n"); +@@ -682,8 +670,8 @@ process_jobs(int argc, char **argv, int + perr("Cannot unlink %.500s", dirent->d_name); + rc = EXIT_FAILURE; + } ++ PRIV_END + +- setregid(effective_gid, real_gid); + done = 1; + + break; +@@ -693,7 +681,7 @@ process_jobs(int argc, char **argv, int + FILE *fp; + int ch; + +- setregid(real_gid, effective_gid); ++ PRIV_START + fp = fopen(dirent->d_name, "r"); + + if (fp) { +@@ -706,7 +694,7 @@ process_jobs(int argc, char **argv, int + perr("Cannot open %.500s", dirent->d_name); + rc = EXIT_FAILURE; + } +- setregid(effective_gid, real_gid); ++ PRIV_END + } + break; + +diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c +--- at-3.1.20/atd.c.pam 2016-06-28 22:14:39.000000000 +0200 ++++ at-3.1.20/atd.c 2016-07-01 09:44:22.251683924 +0200 +@@ -91,6 +91,10 @@ int selinux_enabled = 0; + + /* Macros */ + ++#ifndef LOG_ATD ++#define LOG_ATD LOG_DAEMON ++#endif ++ + #define BATCH_INTERVAL_DEFAULT 60 + #define CHECK_INTERVAL 3600 + +@@ -114,7 +118,7 @@ static int run_as_daemon = 0; + + static volatile sig_atomic_t term_signal = 0; + +-#ifdef HAVE_PAM ++#ifdef WITH_PAM + #include + + static pam_handle_t *pamh = NULL; +@@ -123,15 +127,7 @@ static const struct pam_conv conv = { + NULL + }; + +-#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ +- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ +- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ +- pam_end(pamh, retcode); exit(1); \ +- } +-#define PAM_END { retcode = pam_close_session(pamh,0); \ +- pam_end(pamh,retcode); } +- +-#endif /* HAVE_PAM */ ++#endif /* WITH_PAM */ + + /* Signal handlers */ + RETSIGTYPE +@@ -292,7 +288,7 @@ run_file(const char *filename, uid_t uid + char fmt[64]; + unsigned long jobno; + int rc; +-#ifdef HAVE_PAM ++#ifdef WITH_PAM + int retcode; + #endif + +@@ -449,17 +445,11 @@ run_file(const char *filename, uid_t uid + fstat(fd_out, &buf); + size = buf.st_size; + +-#ifdef HAVE_PAM +- PRIV_START +- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); +- PAM_FAIL_CHECK; +- retcode = pam_acct_mgmt(pamh, PAM_SILENT); +- PAM_FAIL_CHECK; +- retcode = pam_open_session(pamh, PAM_SILENT); +- PAM_FAIL_CHECK; +- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); +- PAM_FAIL_CHECK; +- PRIV_END ++#ifdef WITH_PAM ++ AT_START_PAM; ++ AT_OPEN_PAM_SESSION; ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); + #endif + + close(STDIN_FILENO); +@@ -473,7 +463,14 @@ run_file(const char *filename, uid_t uid + else if (pid == 0) { + char *nul = NULL; + char **nenvp = &nul; ++ char **pam_envp=0L; + ++ PRIV_START ++#ifdef WITH_PAM ++ pam_envp = pam_getenvlist(pamh); ++ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) ++ nenvp = pam_envp; ++#endif + /* Set up things for the child; we want standard input from the + * input file, and standard output and error sent to our output file. + */ +@@ -492,8 +489,6 @@ run_file(const char *filename, uid_t uid + close(fd_in); + close(fd_out); + +- PRIV_START +- + nice((tolower((int) queue) - 'a' + 1) * 2); + + #ifdef WITH_SELINUX +@@ -514,9 +509,9 @@ run_file(const char *filename, uid_t uid + + chdir("/"); + +- if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) +- perr("Exec failed for /bin/sh"); +- ++ execle("/bin/sh", "sh", (char *) NULL, nenvp); ++ perr("Exec failed for /bin/sh"); ++ /* perr exits, the PRIV_END is just for nice form */ + PRIV_END + } + /* We're the parent. Let's wait. +@@ -529,14 +524,6 @@ run_file(const char *filename, uid_t uid + */ + waitpid(pid, (int *) NULL, 0); + +-#ifdef HAVE_PAM +- PRIV_START +- pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); +- retcode = pam_close_session(pamh, PAM_SILENT); +- pam_end(pamh, retcode); +- PRIV_END +-#endif +- + /* Send mail. Unlink the output file after opening it, so it + * doesn't hang around after the run. + */ +@@ -567,8 +554,13 @@ run_file(const char *filename, uid_t uid + unlink(newname); + free(newname); + ++#ifdef ATD_MAIL_PROGRAM + if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { ++ int mail_pid = -1; + ++ mail_pid = fork(); ++ ++ if ( mail_pid == 0 ) { + PRIV_START + + if (initgroups(pentry->pw_name, pentry->pw_gid)) +@@ -590,7 +582,20 @@ run_file(const char *filename, uid_t uid + perr("Exec failed for mail command"); + + PRIV_END ++ } ++ else if ( mail_pid == -1 ) { ++ syslog(LOG_ERR, "fork of mailer failed: %m"); ++ } ++ /* Parent */ ++ waitpid(mail_pid, (int *) NULL, 0); + } ++ ++#ifdef WITH_PAM ++ AT_CLOSE_PAM; ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); ++#endif ++#endif + exit(EXIT_SUCCESS); + } + +diff -up at-3.1.20/config.h.in.pam at-3.1.20/config.h.in +--- at-3.1.20/config.h.in.pam 2015-12-18 21:29:24.000000000 +0100 ++++ at-3.1.20/config.h.in 2016-07-01 09:44:22.251683924 +0200 +@@ -68,8 +68,8 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_NLIST_H + +-/* Define to 1 for PAM support */ +-#undef HAVE_PAM ++/* Define if you are building with_pam */ ++#undef WITH_PAM + + /* Define to 1 if you have the `pstat_getdynamic' function. */ + #undef HAVE_PSTAT_GETDYNAMIC +diff -up at-3.1.20/configure.ac.pam at-3.1.20/configure.ac +--- at-3.1.20/configure.ac.pam 2016-06-28 22:55:52.000000000 +0200 ++++ at-3.1.20/configure.ac 2016-07-01 09:45:23.268092527 +0200 +@@ -78,7 +78,7 @@ AC_FUNC_GETLOADAVG + AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) + AC_CHECK_HEADERS(security/pam_appl.h, [ + PAMLIB="-lpam" +- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support]) ++ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support]) + ]) + + dnl Checking for programs +@@ -239,6 +239,13 @@ AC_ARG_WITH(daemon_username, + ) + AC_SUBST(DAEMON_USERNAME) + ++AC_ARG_WITH(pam, ++[ --with-pam Define to enable pam support ], ++AC_DEFINE(WITH_PAM), ++) ++AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') ++AC_SUBST(PAMLIB) ++ + AC_ARG_WITH(selinux, + [ --with-selinux Define to run with selinux (default=check)], + [], +diff -up at-3.1.20/Makefile.in.pam at-3.1.20/Makefile.in +--- at-3.1.20/Makefile.in.pam 2016-07-01 09:44:22.250683901 +0200 ++++ at-3.1.20/Makefile.in 2016-07-01 09:44:22.252683947 +0200 +@@ -68,7 +68,7 @@ LIST = Filelist Filelist.asc + all: at atd atd.service atrun + + at: $(ATOBJECTS) +- $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) ++ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) $(PAMLIB) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm +diff -up at-3.1.20/perm.c.pam at-3.1.20/perm.c +--- at-3.1.20/perm.c.pam 2015-08-22 00:09:22.000000000 +0200 ++++ at-3.1.20/perm.c 2016-07-01 09:44:22.252683947 +0200 +@@ -51,6 +51,14 @@ + #define PRIV_END while(0) + #endif + ++#ifdef WITH_PAM ++#include ++static pam_handle_t *pamh = NULL; ++static const struct pam_conv conv = { ++ NULL ++}; ++#endif ++ + /* Structures and unions */ + + +@@ -108,18 +116,45 @@ user_in_file(const char *path, const cha + int + check_permission() + { +- uid_t uid = geteuid(); ++ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid(); + struct passwd *pentry; + int allow = 0, deny = 1; + +- if (uid == 0) ++ int retcode = 0; ++ if (euid == 0) + return 1; + +- if ((pentry = getpwuid(uid)) == NULL) { ++ if ((pentry = getpwuid(euid)) == NULL) { + perror("Cannot access user database"); + exit(EXIT_FAILURE); + } + ++#ifdef WITH_PAM ++/* ++ * We must check if the atd daemon userid will be allowed to gain the job owner user's ++ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access. ++ */ ++ if (setreuid(daemon_uid, daemon_uid) != 0) { ++ fprintf(stderr, "cannot set egid: %s", strerror(errno)); ++ exit(1); ++ } ++ if (setregid(daemon_gid, daemon_gid) != 0) { ++ fprintf(stderr, "cannot set euid: %s", strerror(errno)); ++ exit(1); ++ } ++ ++ AT_START_PAM; ++ AT_CLOSE_PAM; ++ if (setregid(gid,egid) != 0) { ++ fprintf(stderr, "cannot set egid: %s", strerror(errno)); ++ exit(1); ++ } ++ if (setreuid(uid,euid) != 0) { ++ fprintf(stderr, "cannot set euid: %s", strerror(errno)); ++ exit(1); ++ } ++#endif ++ + allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); + if (allow==0 || allow==1) + return allow; +diff -up at-3.1.20/privs.h.pam at-3.1.20/privs.h +--- at-3.1.20/privs.h.pam 2015-08-22 00:09:22.000000000 +0200 ++++ at-3.1.20/privs.h 2016-07-01 09:44:22.252683947 +0200 +@@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da + #error "Cannot implement user ID swapping without setreuid or setresuid" + #endif + #endif ++ ++#ifdef WITH_PAM ++/* PAM failed after session was open. */ ++#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \ ++ pam_close_session(pamh,PAM_SILENT); ++ ++/* syslog will be logging error messages */ ++#ifdef HAVE_UNISTD_H ++#include ++#endif ++ ++/* PAM fail even before opening the session */ ++#define PAM_FAIL_CHECK \ ++ do { if (retcode != PAM_SUCCESS) { \ ++ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \ ++ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ ++ if (pamh) \ ++ pam_end(pamh, retcode); \ ++ if (setregid(getgid(),getegid()) != 0) { \ ++ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \ ++ exit(1); \ ++ } \ ++ if (setreuid(getuid(),geteuid()) != 0) { \ ++ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \ ++ exit(1); \ ++ } \ ++ exit(1); \ ++ } \ ++ } while (0) \ ++ ++static int pam_session_opened = 0; //global for open session ++ ++#define AT_START_PAM { \ ++ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \ ++ PAM_FAIL_CHECK; \ ++} ++ ++#define AT_OPEN_PAM_SESSION { \ ++ retcode = pam_open_session(pamh, PAM_SILENT); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \ ++ PAM_FAIL_CHECK; \ ++ if (retcode == PAM_SUCCESS) \ ++ pam_session_opened = 1; \ ++} ++ ++#define AT_CLOSE_PAM { \ ++ if (pam_session_opened != 0) { \ ++ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); \ ++ pam_close_session(pamh, PAM_SILENT); \ ++ } \ ++ pam_end(pamh, PAM_SUCCESS); \ ++} ++ ++#endif ++ diff --git a/SOURCES/at-3.1.20-shell.patch b/SOURCES/at-3.1.20-shell.patch new file mode 100644 index 0000000..ac9586c --- /dev/null +++ b/SOURCES/at-3.1.20-shell.patch @@ -0,0 +1,47 @@ +diff -up at-3.1.20/at.c.shell at-3.1.20/at.c +--- at-3.1.20/at.c.shell 2016-07-01 09:47:13.392684445 +0200 ++++ at-3.1.20/at.c 2016-07-01 09:48:47.679931959 +0200 +@@ -62,11 +62,8 @@ + #include + #include + +-#ifdef TM_IN_SYS_TIME + #include +-#else + #include +-#endif + + #ifdef HAVE_UNISTD_H + #include +@@ -239,6 +236,12 @@ writefile(time_t runtimer, char queue) + int kill_errno; + int rc; + int mailsize = 128; ++ struct timeval tv; ++ struct timezone tz; ++ long int i; ++ ++ gettimeofday(&tv, &tz); ++ srandom(getpid()+tv.tv_usec); + + /* Install the signal handler for SIGINT; terminate after removing the + * spool file if necessary +@@ -465,6 +468,9 @@ writefile(time_t runtimer, char queue) + fprintf(fp, " || {\n\t echo 'Execution directory " + "inaccessible' >&2\n\t exit 1\n}\n"); + ++ i = random(); ++ fprintf(fp, "${SHELL:-/bin/sh} << \'marcinDELIMITER%08lx\'\n", i); ++ + istty = isatty(fileno(stdin)); + if (istty) { + fprintf(stderr, "at> "); +@@ -480,7 +486,7 @@ writefile(time_t runtimer, char queue) + if (istty) { + fprintf(stderr, "\n"); + } +- fprintf(fp, "\n"); ++ fprintf(fp, "marcinDELIMITER%08lx\n", i); + if (ferror(fp)) + panic("Output error"); + fflush(fp); diff --git a/SOURCES/at-3.1.23-document-n.patch b/SOURCES/at-3.1.23-document-n.patch new file mode 100644 index 0000000..7028300 --- /dev/null +++ b/SOURCES/at-3.1.23-document-n.patch @@ -0,0 +1,22 @@ +diff -up at-3.1.23/atd.8.in.document-n at-3.1.23/atd.8.in +--- at-3.1.23/atd.8.in.document-n 2018-08-27 14:49:09.824182482 +0200 ++++ at-3.1.23/atd.8.in 2018-08-27 14:50:34.625518639 +0200 +@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi + .IR batch_interval ] + .RB [ \-d ] + .RB [ \-f ] ++.RB [ \-n ] + .RB [ \-s ] + .SH DESCRIPTION + .B atd +@@ -44,6 +45,10 @@ in the foreground. + Process the at/batch queue only once. + This is primarily of use for compatibility with old versions of + .BR at ; ++.B \-n ++Append the hostname of the system to the subject of the e-mails sent by ++.BR atd . ++.TP 8 + .B "atd \-s" + is equivalent to the old + .B atrun diff --git a/SOURCES/at-3.2.23-coverity-fix.patch b/SOURCES/at-3.2.23-coverity-fix.patch new file mode 100644 index 0000000..119f2d5 --- /dev/null +++ b/SOURCES/at-3.2.23-coverity-fix.patch @@ -0,0 +1,115 @@ +From 4be4813262b3b57a95a5f3ce909d30741aa3ac72 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= +Date: Fri, 9 Apr 2021 16:47:33 +0200 +Subject: [PATCH] Address issues raised by static analysis +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jan Staněk +--- + at.c | 22 ++++++++++++++++++---- + daemon.c | 21 ++++++++++++++------- + 2 files changed, 32 insertions(+), 11 deletions(-) + +diff --git a/at.c b/at.c +index df55dc9..0c74e2e 100644 +--- a/at.c ++++ b/at.c +@@ -545,17 +545,27 @@ writefile(time_t runtimer, char queue) + return; + } + +- if (fstat(fd, &statbuf) == -1) ++ if (fstat(fd, &statbuf) == -1) { ++ close(fd); + return; ++ } + if ((statbuf.st_uid != 0) || !S_ISREG(statbuf.st_mode) || +- (statbuf.st_mode & (S_IWGRP | S_IWOTH))) ++ (statbuf.st_mode & (S_IWGRP | S_IWOTH))) { ++ close(fd); + return; ++ } + + fp = fdopen(fd, "r"); +- if (fp == NULL) ++ if (fp == NULL) { ++ close(fd); + return; +- if (fscanf(fp, "%d", &pid) != 1) ++ } ++ if (fscanf(fp, "%d", &pid) != 1) { ++ fclose(fp); + return; ++ } else { ++ fclose(fp); ++ } + + kill_errno = 0; + +@@ -640,6 +650,8 @@ list_jobs(void) + else + printf("%ld\t%s %c\n", jobno, timestr, queue); + } ++ closedir(spool); ++ + PRIV_END + } + +@@ -722,6 +734,8 @@ process_jobs(int argc, char **argv, int what) + putchar(ch); + } + done = 1; ++ fclose(fp); ++ fp = NULL; + } + else { + perr("Cannot open %.500s", dirent->d_name); +diff --git a/daemon.c b/daemon.c +index 4003b56..bc8191e 100644 +--- a/daemon.c ++++ b/daemon.c +@@ -122,18 +122,23 @@ daemon_setup() + /* Set up standard daemon environment */ + pid_t pid; + mode_t old_umask; +- int fd; ++ int fd, devnull; + FILE *fp; + + if (!daemon_debug) { +- close(0); +- close(1); +- close(2); +- if ((open("/dev/null", O_RDWR) != 0) || +- (open("/dev/null", O_RDWR) != 1) || +- (open("/dev/null", O_RDWR) != 2)) { ++ devnull = open("/dev/null", O_RDWR); ++ if (devnull == -1) { + perr("Error redirecting I/O"); + } ++ ++ if ((dup2(devnull, 0) == -1) || ++ (dup2(devnull, 1) == -1) || ++ (dup2(devnull, 2) == -1)) { ++ close(devnull); ++ perr("Error redirecting I/O"); ++ } else { ++ close(devnull); ++ } + } + + if (daemon_foreground) +@@ -208,6 +213,8 @@ daemon_setup() + fcntl(fd, F_SETFD, FD_CLOEXEC); + PRIV_END + ++ /* See the above comment. */ ++ /* coverity[leaked_storage: FALSE] */ + return; + } + +-- +2.31.1 + diff --git a/SOURCES/at-aarch64.patch b/SOURCES/at-aarch64.patch new file mode 100644 index 0000000..7f8a449 --- /dev/null +++ b/SOURCES/at-aarch64.patch @@ -0,0 +1,486 @@ +diff -urN at-3.1.13/config.guess at-3.1.13-aarch64/config.guess +--- at-3.1.13/config.guess 2011-06-25 07:43:14.000000000 -0500 ++++ at-3.1.13-aarch64/config.guess 2013-03-07 19:22:31.804824167 -0600 +@@ -2,9 +2,9 @@ + # Attempt to guess a canonical system name. + # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, + # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +-# 2011 Free Software Foundation, Inc. ++# 2011, 2012 Free Software Foundation, Inc. + +-timestamp='2011-05-11' ++timestamp='2012-09-25' + + # This file is free software; you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by +@@ -17,9 +17,7 @@ + # General Public License for more details. + # + # You should have received a copy of the GNU General Public License +-# along with this program; if not, write to the Free Software +-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +-# 02110-1301, USA. ++# along with this program; if not, see . + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -57,8 +55,8 @@ + + Originally written by Per Bothner. + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -145,7 +143,7 @@ + case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or +- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, ++ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward +@@ -202,6 +200,10 @@ + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; ++ *:Bitrig:*:*) ++ UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` ++ echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} ++ exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} +@@ -304,7 +306,7 @@ + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; +- arm:riscos:*:*|arm:RISCOS:*:*) ++ arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) +@@ -792,21 +794,26 @@ + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) +- case ${UNAME_MACHINE} in +- pc98) +- echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ UNAME_PROCESSOR=`/usr/bin/uname -p` ++ case ${UNAME_PROCESSOR} in + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) +- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; ++ *:MINGW64*:*) ++ echo ${UNAME_MACHINE}-pc-mingw64 ++ exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; ++ i*:MSYS*:*) ++ echo ${UNAME_MACHINE}-pc-msys ++ exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 +@@ -861,6 +868,13 @@ + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; ++ aarch64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ aarch64_be:Linux:*:*) ++ UNAME_MACHINE=aarch64_be ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; +@@ -895,13 +909,16 @@ + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + cris:Linux:*:*) +- echo cris-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) +- echo crisv32-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + frv:Linux:*:*) +- echo frv-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ hexagon:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:Linux:*:*) + LIBC=gnu +@@ -943,7 +960,7 @@ + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + or32:Linux:*:*) +- echo or32-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu +@@ -978,13 +995,13 @@ + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + tile*:Linux:*:*) +- echo ${UNAME_MACHINE}-tilera-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; + x86_64:Linux:*:*) +- echo x86_64-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +@@ -1191,6 +1208,9 @@ + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; ++ x86_64:Haiku:*:*) ++ echo x86_64-unknown-haiku ++ exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; +@@ -1246,7 +1266,7 @@ + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; +- NSE-?:NONSTOP_KERNEL:*:*) ++ NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) +@@ -1315,11 +1335,11 @@ + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; ++ x86_64:VMkernel:*:*) ++ echo ${UNAME_MACHINE}-unknown-esx ++ exit ;; + esac + +-#echo '(No uname command or uname output not recognized.)' 1>&2 +-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 +- + eval $set_cc_for_build + cat >$dummy.c <. + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -76,8 +74,8 @@ + GNU config.sub ($timestamp) + + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -125,13 +123,17 @@ + maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ +- linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ ++ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; ++ android-linux) ++ os=-linux-android ++ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ++ ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] +@@ -154,7 +156,7 @@ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ +- -apple | -axis | -knuth | -cray | -microblaze) ++ -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; +@@ -223,6 +225,12 @@ + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; ++ -lynx*178) ++ os=-lynxos178 ++ ;; ++ -lynx*5) ++ os=-lynxos5 ++ ;; + -lynx*) + os=-lynxos + ;; +@@ -247,20 +255,25 @@ + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ ++ | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ ++ | be32 | be64 \ + | bfin \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ ++ | epiphany \ + | fido | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ ++ | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ ++ | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ +- | maxq | mb | microblaze | mcore | mep | metag \ ++ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ +@@ -291,7 +304,7 @@ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ +- | rx \ ++ | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ +@@ -300,7 +313,7 @@ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ +- | v850 | v850e \ ++ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | we32k \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) +@@ -315,8 +328,7 @@ + c6x) + basic_machine=tic6x-unknown + ;; +- m6811 | m68hc11 | m6812 | m68hc12 | picochip) +- # Motorola 68HC11/12. ++ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; +@@ -329,7 +341,10 @@ + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; +- ++ xgate) ++ basic_machine=$basic_machine-unknown ++ os=-none ++ ;; + xscaleeb) + basic_machine=armeb-unknown + ;; +@@ -352,11 +367,13 @@ + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ ++ | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ ++ | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | clipper-* | craynv-* | cydra-* \ +@@ -365,12 +382,15 @@ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ ++ | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ ++ | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ +- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ ++ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ ++ | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ +@@ -400,7 +420,7 @@ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ +- | romp-* | rs6000-* | rx-* \ ++ | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ +@@ -408,10 +428,11 @@ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ +- | tile-* | tilegx-* \ ++ | tile*-* \ + | tron-* \ + | ubicom32-* \ +- | v850-* | v850e-* | vax-* \ ++ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ ++ | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ +@@ -711,7 +732,6 @@ + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +-# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 +@@ -769,9 +789,13 @@ + basic_machine=ns32k-utek + os=-sysv + ;; +- microblaze) ++ microblaze*) + basic_machine=microblaze-xilinx + ;; ++ mingw64) ++ basic_machine=x86_64-pc ++ os=-mingw64 ++ ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 +@@ -808,10 +832,18 @@ + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; ++ msys) ++ basic_machine=i386-pc ++ os=-msys ++ ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; ++ nacl) ++ basic_machine=le32-unknown ++ os=-nacl ++ ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 +@@ -1120,13 +1152,8 @@ + basic_machine=t90-cray + os=-unicos + ;; +- # This must be matched before tile*. +- tilegx*) +- basic_machine=tilegx-unknown +- os=-linux-gnu +- ;; + tile*) +- basic_machine=tile-unknown ++ basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) +@@ -1330,15 +1357,15 @@ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ +- | -openbsd* | -solidbsd* \ ++ | -bitrig* | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ +- | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ +- | -mingw32* | -linux-gnu* | -linux-android* \ +- | -linux-newlib* | -linux-uclibc* \ ++ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ ++ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ ++ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ +@@ -1521,6 +1548,9 @@ + c4x-* | tic4x-*) + os=-coff + ;; ++ hexagon-*) ++ os=-elf ++ ;; + tic54x-*) + os=-coff + ;; +@@ -1548,9 +1578,6 @@ + ;; + m68000-sun) + os=-sunos3 +- # This also exists in the configure program, but was not the +- # default. +- # os=-sunos4 + ;; + m68*-cisco) + os=-aout diff --git a/SOURCES/atd.sysconf b/SOURCES/atd.sysconf new file mode 100644 index 0000000..056ce81 --- /dev/null +++ b/SOURCES/atd.sysconf @@ -0,0 +1,9 @@ +# specify additional command line arguments for atd +# +# -l Specifies a limiting load factor, over which batch jobs should not be run, instead of the compile-time +# choice of 0.8. For an SMP system with n CPUs, you will probably want to set this higher than n-1. +# +# -b Specifiy the minimum interval in seconds between the start of two batch jobs (60 default). + +#example: +#OPTS="-l 4 -b 120" diff --git a/SOURCES/atd.systemd b/SOURCES/atd.systemd new file mode 100644 index 0000000..962b0d0 --- /dev/null +++ b/SOURCES/atd.systemd @@ -0,0 +1,13 @@ +[Unit] +Description=Deferred execution scheduler +Documentation=man:atd(8) +After=syslog.target systemd-user-sessions.service + +[Service] +EnvironmentFile=/etc/sysconfig/atd +ExecStart=/usr/sbin/atd -f $OPTS +IgnoreSIGPIPE=no +KillMode=process + +[Install] +WantedBy=multi-user.target diff --git a/SOURCES/pam_atd b/SOURCES/pam_atd new file mode 100644 index 0000000..1fd529e --- /dev/null +++ b/SOURCES/pam_atd @@ -0,0 +1,9 @@ +# The PAM configuration file for the at daemon +# +# +auth required pam_env.so +auth include password-auth +account required pam_access.so +account include password-auth +session required pam_loginuid.so +session include password-auth diff --git a/SPECS/at.spec b/SPECS/at.spec new file mode 100644 index 0000000..5fdd581 --- /dev/null +++ b/SPECS/at.spec @@ -0,0 +1,810 @@ +%bcond_without pam + +Summary: Job spooling tools +Name: at +Version: 3.1.23 +Release: 10%{?dist} +# http://packages.debian.org/changelogs/pool/main/a/at/current/copyright +# + install-sh is MIT license with changes under Public Domain +License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain +URL: http://ftp.debian.org/debian/pool/main/a/at + +Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz +# git upstream source git://git.debian.org/git/collab-maint/at.git +Source1: pam_atd +Source3: atd.sysconf +Source5: atd.systemd + +Patch: at-aarch64.patch +Patch: at-3.1.18-make.patch +Patch: at-3.1.20-pam.patch +Patch: at-3.1.14-opt_V.patch +Patch: at-3.1.20-shell.patch +Patch: at-3.1.18-nitpicks.patch +Patch: at-3.1.14-fix_no_export.patch +Patch: at-3.1.14-mailwithhostname.patch +Patch: at-3.1.14-usePOSIXtimers.patch +Patch: at-3.1.20-aborted-jobs.patch +Patch: at-3.1.18-noabort.patch +Patch: at-3.1.16-fclose-error.patch +Patch: at-3.1.16-clear-nonjobs.patch +Patch: at-3.1.18-utc-dst.patch +Patch: at-3.1.20-lock-locks.patch +Patch: at-3.1.23-document-n.patch +Patch: at-3.1.20-log-jobs.patch +Patch: at-3.2.23-coverity-fix.patch + +BuildRequires: gcc +BuildRequires: flex flex-static bison autoconf +BuildRequires: libselinux-devel >= 1.27.9 +BuildRequires: perl(Test::Harness) +BuildRequires: perl(Test::More) + +%if %{with pam} +BuildRequires: pam-devel +%endif +Conflicts: crontabs <= 1.5 +# No, I'm not kidding +BuildRequires: smtpdaemon +BuildRequires: make + +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +# at-sysvinit subpackage dropped +Obsoletes: at-sysvinit < 3.1.16-1 + +%description +At and batch read commands from standard input or from a specified +file. At allows you to specify that a command will be run at a +particular time. Batch will execute commands when the system load +levels drop to a particular level. Both commands use user's shell. + +You should install the at package if you need a utility for +time-oriented job control. Note: If it is a recurring job that will +need to be repeated at the same time every day/week, etc. you should +use crontab instead. + +%prep +%autosetup -N +cp %{SOURCE1} . +%autopatch -p1 + +%build +# at-3.1.14-usePOSIXtimers.patch touches configure.in +autoconf +# uselles files +rm -f lex.yy.* y.tab.* +%configure --with-atspool=%{_localstatedir}/spool/at/spool \ + --with-jobdir=%{_localstatedir}/spool/at \ + --with-daemon_username=root \ + --with-daemon_groupname=root \ + --with-selinux \ + %{?with_pam:--with-pam} + +make + +%install +make install \ + DAEMON_USERNAME=`id -nu`\ + DAEMON_GROUPNAME=`id -ng` \ + DESTDIR=%{buildroot}\ + sbindir=%{buildroot}%{_prefix}/sbin\ + bindir=%{buildroot}%{_bindir}\ + prefix=%{buildroot}%{_prefix}\ + exec_prefix=%{buildroot}%{_prefix}\ + docdir=%{buildroot}/usr/doc\ + mandir=%{buildroot}%{_mandir}\ + etcdir=%{buildroot}%{_sysconfdir} \ + ATJOB_DIR=%{buildroot}%{_localstatedir}/spool/at \ + ATSPOOL_DIR=%{buildroot}%{_localstatedir}/spool/at/spool \ + INSTALL_ROOT_USER=`id -nu` \ + INSTALL_ROOT_GROUP=`id -nu`; + +echo > %{buildroot}%{_sysconfdir}/at.deny +mkdir docs +cp %{buildroot}/%{_prefix}/doc/at/* docs/ + +mkdir -p %{buildroot}%{_sysconfdir}/pam.d +install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/atd + +mkdir -p %{buildroot}/etc/sysconfig +install -m 644 %{SOURCE3} %{buildroot}/etc/sysconfig/atd + +# install systemd initscript +mkdir -p %{buildroot}/%{_unitdir}/ +install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/atd.service + +# remove unpackaged files from the buildroot +rm -r %{buildroot}%{_prefix}/doc + +%check +make test + +%post +touch %{_localstatedir}/spool/at/.SEQ +chmod 600 %{_localstatedir}/spool/at/.SEQ +chown root:root %{_localstatedir}/spool/at/.SEQ +%systemd_post atd.service + +%preun +%systemd_preun atd.service + +%postun +%systemd_postun_with_restart atd.service + +%triggerun -- at < 3.1.12-6 +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply atd +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save atd + +# The package is allowed to autostart: +/bin/systemctl enable atd.service >/dev/null 2>&1 + +/sbin/chkconfig --del atd >/dev/null 2>&1 || : +/bin/systemctl try-restart atd.service >/dev/null 2>&1 || : +/bin/systemctl daemon-reload >/dev/null 2>&1 || : + +%files +%license Copyright COPYING +%doc README timespec ChangeLog +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd +%attr(0700,root,root) %dir %{_localstatedir}/spool/at +%attr(0600,root,root) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ +%attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd +%{_sbindir}/atrun +%attr(0755,root,root) %{_sbindir}/atd +%{_mandir}/man*/* +%{_bindir}/batch +%{_bindir}/atrm +%{_bindir}/atq +%attr(4755,root,root) %{_bindir}/at +%attr(0644,root,root) /%{_unitdir}/atd.service + +%changelog +* Mon Aug 09 2021 Mohan Boddu +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Tue Jun 22 2021 Mohan Boddu +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Fri Apr 23 2021 Jan Staněk - 3.1.23-8 +- Patch issues found by coverity. Resolves: rhbz#1938678 + +* Thu Apr 15 2021 Mohan Boddu - 3.1.23-7 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 3.1.23-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jul 27 2020 Fedora Release Engineering - 3.1.23-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jan 28 2020 Fedora Release Engineering - 3.1.23-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 24 2019 Fedora Release Engineering - 3.1.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jan 31 2019 Fedora Release Engineering - 3.1.23-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Aug 27 2018 Tomáš Mráz - 3.1.23-1 +- new upstream release + +* Thu Jul 12 2018 Fedora Release Engineering - 3.1.20-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed May 23 2018 Tomáš Mráz - 3.1.20-11 +- log the jobs being run + +* Sun Feb 25 2018 Florian Weimer - 3.1.20-10 +- Drop "BuildRequires: fileutils /etc/init.d" + +* Wed Feb 07 2018 Fedora Release Engineering - 3.1.20-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Sep 14 2017 Tomáš Mráz - 3.1.20-8 +- improve the wrong_format patch, also rename it to correct name + +* Thu Sep 14 2017 Tomáš Mráz - 3.1.20-7 +- the ownership of the spool directory should be root as at is configured + with daemon username root +- document the -n option + +* Wed Aug 02 2017 Fedora Release Engineering - 3.1.20-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3.1.20-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Mar 28 2017 Tomáš Mráz - 3.1.20-4 +- fix the POSIX timers support (#1436523) + +* Fri Feb 10 2017 Fedora Release Engineering - 3.1.20-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Feb 2 2017 Tomáš Mráz - 3.1.20-2 +- properly include the license files + +* Fri Jul 1 2016 Tomáš Mráz - 3.1.20-1 +- new upstream release +- properly lock the lock files to be able to safely remove + stale ones + +* Mon May 23 2016 Tomáš Mráz - 3.1.18-2 +- SIGPIPE should not be ignored in atd (#1338039) + +* Wed Mar 23 2016 Tomáš Mráz - 3.1.18-1 +- new upstream release +- correct the DST correction when using UTC time specification (#1320322) + +* Wed Feb 03 2016 Fedora Release Engineering - 3.1.16-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Sep 9 2015 Tomáš Mráz - 3.1.16-7 +- clear non-job files from at dir + +* Wed Jun 17 2015 Fedora Release Engineering - 3.1.16-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Nov 28 2014 Tomáš Mráz - 3.1.16-5 +- superfluous patch dropped + +* Mon Nov 24 2014 Tomáš Mráz - 3.1.16-4 +- test for write error on fclose (#1166882) + +* Thu Nov 6 2014 Tomáš Mráz - 3.1.16-3 +- make atd less abort prone + +* Fri Oct 10 2014 Tomáš Mráz - 3.1.16-2 +- add proper Obsoletes for the sysvinit subpackage + +* Thu Oct 2 2014 Tomáš Mráz - 3.1.16-1 +- new upstream release fixing regression from security fix in bash +- drop sysvinit subpackage + +* Fri Aug 15 2014 Fedora Release Engineering - 3.1.14-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 3.1.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Mar 25 2014 Marcela Mašláňová - 3.1.14-3 +- 1079304 remove part of patch, which is not needed anymore + +* Tue Jan 28 2014 Marcela Mašláňová - 3.1.14-2 +- remove parallel build -> it fails on secondary arches 1058686 + +* Mon Dec 2 2013 Marcela Mašláňová - 3.1.14-1 +- new release 3.1.14 +- all Fedora specifics backported +- 718422 File a0000f0149b7f3 is in wrong format - aborting +- 925041 Does not support aarch64 in f19 and rawhide + +* Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Feb 11 2013 Peter Robinson 3.1.13-12 +- Fix patch to fix FTBFS with gcc 4.8 + +* Wed Nov 14 2012 Marcela Mašláňová - 3.1.13-11 +- fix license field again + +* Thu Nov 1 2012 Marcela Mašláňová - 3.1.13-10 +- fix license field +- fix systemd macros in scriptlets part of the specfile +- fix selinux patch to apply without fuzz=2 + +* Fri Jul 27 2012 Fedora Release Engineering - 3.1.13-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Apr 17 2012 Marcela Mašláňová - 3.1.13-8 +- at-3.1.13-mailwithhostname.patch in email mention also hostname address +- at-3.1.13-usePOSIXtimers.patch use POSIX timers, so we won't need + pm-utils hack anymore +- at-3.1.13-help.patch update usage +- systemd-user-sessions.service is used in unit file, so the atd should be + started after almost all services are up and running +- 812682 pam support work with new systemd defaults + +* Thu Jan 12 2012 Fedora Release Engineering - 3.1.13-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Nov 14 2011 Marcela Mašláňová - 3.1.13-5 +- 754156 fix typo in script + +* Mon Nov 14 2011 Marcela Mašláňová - 3.1.13-5 +- fix incorrect option in test in 56atd + +* Wed Oct 26 2011 Fedora Release Engineering - 3.1.13-4 +- Rebuilt for glibc bug#747377 + +* Sun Sep 4 2011 Marcela Mašláňová - 3.1.13-3 +- 729742 fix 56atd script for systemd + +* Mon Aug 15 2011 Marcela Mašláňová - 3.1.13-2 +- rebuilt with new rpm +- Related: rhbz#728707 + +* Fri Jul 29 2011 Marcela Mašláňová - 3.1.13-1 +- update to 3.1.13 +- rewrite patches to be applicable + +* Thu Jul 21 2011 Marcela Mašláňová - 3.1.12-11 +- fix permission of init.d/atd + +* Wed Jul 20 2011 Marcela Mašláňová - 3.1.12-10 +- create sysvinit script 714642 (inspired by cronie) +- clean specfile, consistent macros, tab/spaces + +* Tue Jul 19 2011 Marcela Mašláňová - 3.1.12-9 +- re-add missing export SHELL 674426 +- remove sysvinit scripts 714642 +- clean specfile (use bcond, remove defattr) + +* Mon Feb 07 2011 Fedora Release Engineering - 3.1.12-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Dec 7 2010 Marcela Mašláňová - 3.1.12-7 +- fix typo in systemd configuration +- fix permissions of config files + +* Tue Nov 30 2010 Marcela Mašláňová - 3.1.12-6 +- 617320 systemd init script replacement + +* Mon Mar 15 2010 Marcela Mašláňová - 3.1.12-5 +- 568222 interrupted 'at' job creates empty job for non-root + +* Mon Mar 1 2010 Marcela Mašláňová - 3.1.12-4 +- 568779 atd is alway runnig after suspend/resume + +* Fri Feb 12 2010 Marcela Mašláňová - 3.1.12-3 +- prevent arbitrary destruction of at jobs (based on 564243) + +* Mon Jan 18 2010 Marcela Mašláňová - 3.1.12-2 +- polish pam in atd again + +* Thu Dec 3 2009 Marcela Mašláňová - 3.1.12-1 +- update to the new version of at +- adapt patches for new version +- change our pam config to source +- start using new upstream test instead of our nonfunctinal +- upstream changed nofork option -n to foreground option -f + +* Tue Oct 13 2009 Marcela Mašláňová - 3.1.11-1 +- 528582 add noreplace option into files section +- rewrite pam2 patch - check return value, use "better" macro, etc. +- new version of at + +* Wed Sep 16 2009 Tomas Mraz 3.1.10-37 +- improve the PAM configuration, use password-auth common stack + +* Tue Aug 18 2009 Adam Jackson 3.1.10-36 +- Remove Requires: pm-utils-filesystem, dead package + +* Fri Jul 24 2009 Fedora Release Engineering - 3.1.10-35 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon Jul 20 2009 Marcela Mašláňová - 3.1.10-34 +- require pm-utils-filesystem instead of pm-utils which should help + minimal installation. + +* Mon Jun 1 2009 Marcela Mašláňová - 3.1.10-33 +- clean cvs, check patches + +* Wed Mar 18 2009 Marcela Mašláňová - 3.1.10-32 +- add the forgotten add delimiter thanks to Cong Ma + +* Thu Feb 26 2009 Marcela Mašláňová - 3.1.10-31 +- preun script is sometimes failing. Add apostrofs around zero. + +* Thu Feb 26 2009 Marcela Mašláňová - 3.1.10-30 +- 435765 and 486844 in some cases could be used bash for at commands + even if user sets different default shell. Also bash4.0 fix Here Documents + which breaks previous patch at-3.1.10-shell.patch. + +* Mon Feb 23 2009 Fedora Release Engineering - 3.1.10-29 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Thu Feb 19 2009 Marcela Mašláňová - 3.1.10-28 +- 486227 add hyphen date into manual page. + +* Wed Dec 3 2008 Marcela Mašláňová - 3.1.10-27 +- 464393 add script into pm-utils, because daemon wasn't taking all jobs + after suspend/hibernate + +* Fri Oct 24 2008 Marcela Mašláňová - 3.1.10-26 +- update init script according to SysVInitScript + +* Tue Sep 16 2008 Marcela Maslanova - 3.1.10-25 +- thanks dwalsh for selinux patch, which fix #460873 + +* Fri Jul 18 2008 Marcela Maslanova - 3.1.10-24 +- 446004 hope adding || into scriptlets fix removing old package after upgrade +- fixes for fuzz=0 + +* Tue Mar 25 2008 Marcela Maslanova - 3.1.10-23 +- 436952 use local instead of posix output date/time format. + +* Thu Feb 28 2008 Marcela Maslanova - 3.1.10-22 +- #435250 mixed OPTS and OPTIONS variable in sysconfig + +* Tue Feb 19 2008 Fedora Release Engineering - 3.1.10-21 +- Autorebuild for GCC 4.3 + +* Tue Jan 8 2008 Marcela Maslanova - 3.1.10-20 +- used PIE instead of pie (with pie wasn't build on 64b successful) +- rewrite PAM fail check +- fix checking of settings setuid(s) + +* Mon Dec 3 2007 Marcela Maslanova - 3.1.10-19 +- another problem with permission + +* Tue Oct 30 2007 Marcela Maslanova - 3.1.10-18 +- Bug 398981: change on correct permissions + +* Fri Oct 05 2007 Marcela Maslanova - 3.1.10-17 +- Bug 250147: add optional support for gnome-keyring to passwd pam stack + +* Wed Aug 22 2007 Marcela Maslanova - 3.1.10-16 +- macro with_pam instead of have_pam +- license tag is gplv2+ because of license in source files + +* Wed Jul 11 2007 Marcela Maslanova - 3.1.10-15 +- rewrite init script +- add own session - setsid +- Resolves: rhbz#247091 + +* Mon Jul 9 2007 Marcela Maslanova - 3.1.10-14 +- feature: add configuration file +- fix -V option +- fix init script + +* Tue Jul 3 2007 Marcela Maslanova - 3.1.10-13 +- Resolves: rhbz#243064 + +* Tue Jul 3 2007 Marcela Maslanova - 3.1.10-12 +- crashing atd +- work only for root, still broken some functions +- Resolves: rhbz#243064 + +* Tue Mar 27 2007 Marcela Maslanova - 3.1.10-11 +- mistake in pam_atd +- rhbz#234120 + +* Mon Mar 05 2007 Marcela Maslanova - 3.1.10-10 +- rhbz#224597 + +* Sat Mar 03 2007 Marcela Maslanova - 3.1.10-9 +- review + +* Tue Feb 20 2007 Marcela Maslanova - 3.1.10-8 +- review +- rhbz#225288 + +* Tue Jan 30 2007 Marcela Maslanova - 3.1.10-7 +- no debug file - useless +- new pam configuration +- rhbz#224597 + +* Fri Oct 27 2006 Marcela Maslanova - 3.1.10-6 +- fix daylight-saving again +- fix #214759 - problem with seteuid + +* Wed Oct 25 2006 Marcela Maslanova - 3.1.10-5 +- daylight-saving + +* Tue Oct 24 2006 Marcela Maslanova - 3.1.10-3 +- new version from upstream 3.1.10 + +* Wed Aug 23 2006 Marcela Maslanova - 3.1.8-82.fc6 +- #176486 don't fork option added (patch from Enrico Scholz) + +* Wed Jul 12 2006 Jesse Keating - 3.1.8-81.2 +- rebuild + +* Fri Feb 10 2006 Jesse Keating - 3.1.8-81.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jason Vas Dias - 3.1.8-81 +- rebuild for new gcc, glibc, glibc-kernheaders +- workaround new refusal of /usr/bin/install to chown + +* Sun Dec 18 2005 Jason Vas Dias - 3.1.8-80.2 +- rebuild for new flex + +* Fri Dec 16 2005 Jesse Keating +- rebuilt for new gcj + +* Fri Oct 14 2005 Dan Walsh - 3.1.8-80 +- Add seuserbyname support + +* Fri Sep 30 2005 Tomas Mraz - 3.1.8-79 +- use include instead of pam_stack in pam config + +* Fri Jun 03 2005 Jason Vas Dias 3.1.8-78 +- fix bug 159220: add pam_loginuid to pam session stack in /etc/pam.d/atd +- fix bug 102341: add '-r' synonym for '-d' / atrm for POSIX / SuS conformance + +* Fri Apr 08 2005 Jason Vas Dias 3.1.8-77 +- always call pam_setcred(pamh, PAM_DELETE_CRED) before session +- close + +* Tue Apr 05 2005 Jason Vas Dias 3.1.8-70 +- always call pam_close_session on PAM_FAIL or pam_end + +* Tue Mar 08 2005 Jason Vas Dias 3.1.8-68 +- Put PAM authentication check in 'check_permissions()', so +- user can know when using at(1) if PAM permission is denied. + +* Tue Mar 08 2005 Jason Vas Dias 3.1.8-67 +- better fix for bug 150131: change DAEMON_USERNAME and +- DAEMON_GROUPNAME to 'root' . + +* Mon Mar 07 2005 Jason Vas Dias 3.1.8-66 +- fix bug 150131: atd should not relinquish root privilege if +- doing su(1) equivalent with PAM . + +* Tue Jan 25 2005 Jason Vas Dias 3.1.8-64 +- bugs 5160/146132: add PAM authentication control to atd + +* Tue Oct 05 2004 Jason Vas Dias 3.1.8-60 +- fix bug 131510: no_export env. var. blacklisting should not +- remove 'SHELL' when only 'SHELLOPTS' is blacklisted. +- at(1) man-page should not say 'commands are run with /bin/sh' +- and should explain usage of SHELL environement variable and +- details of blacklisted variables. + +* Tue Sep 28 2004 Rik van Riel 3.1.8-58 +- fix typo in man page, bug 112303 +- (regenerated at-3.1.8-man-timespec-path.patch with fix) + +* Tue Aug 03 2004 Jason Vas Dias +- fixed bug 125634 - made usage() agree with manpage + +* Thu Jul 29 2004 Jason Vas Dias +- Added POSIX.2 -t option for RFE 127485 + +* Thu Jul 29 2004 Jason Vas Dias +- Had to disable the 'make test' for the build BEFORE +- any changes were made (building on FC2 - perl issue?) +- test.pl generates these 'errors' for what looks like +- valid output to me: +- $ ./test.pl 2>&1 | egrep -v '(^ok$)|(time_only)' +- 1..3656 +- not ok +- 'Monday - 1 month': 'Fri Jul 2 18:29:00 2004' =? 'Sat Jul 3 18:29:00 2004' +- not ok +- 'Monday - 10 months': 'Thu Oct 2 18:29:00 2003' =? 'Fri Oct 3 18:29:00 2003' +- not ok +- 'next week - 1 month': 'Mon Jul 5 18:29:00 2004' =? 'Tue Jul 6 18:29:00 2004' +- not ok +- 'next week - 10 months': 'Sun Oct 5 18:29:00 2003' =? 'Mon Oct 6 18:29:00 2003' +- will investigate and fix for next release. + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Wed May 12 2004 Thomas Woerner - 3.1.8-54 +- fixed pie patch: at is pie, now +- added build requires for libselinux-devel + +* Tue May 4 2004 Dan Walsh - 3.1.8-53 +- Add fileentrypoint check + +* Thu Apr 15 2004 Dan Walsh - 3.1.8-52 +- Fix SELinux patch + +* Mon Feb 23 2004 Tim Waugh +- Use ':' instead of '.' as separator for chown. + +* Fri Feb 13 2004 Elliot Lee - 3.1.8-50 +- rebuilt + +* Tue Dec 9 2003 Jens Petersen - 3.1.8-49 +- replace at-3.1.8-SHELL-91233.patch by at-3.1.8-SHELL-111386.patch which + now executes $SHELL directly in the at shell script after all the variables + have been setup with /bin/sh (#91233) [suggested by Göran Uddeborg] +- this changelog is now in utf-8 + +* Fri Nov 7 2003 Jens Petersen - 3.1.8-48 +- add at-3.1.8-pie.patch to build atd as pie (#108415) [Ulrich Drepper] + +* Fri Oct 31 2003 Dan Walsh - 3.1.8-47.sel + +* Fri Jun 20 2003 Jens Petersen - 3.1.8-46 +- add at-3.1.8-atrun.8-typo-97697.patch to fix typo in atrun.8 (#97697) +- update at.1 description of shell behaviour (#91233) + +* Tue Jun 17 2003 Jens Petersen - 3.1.8-45 +- make the job shell default to SHELL instead of "/bin/sh" (#91233) + +* Wed Jun 04 2003 Elliot Lee - 3.1.8-44 +- rebuilt + +* Tue Jun 3 2003 Jens Petersen - 3.1.8-43 +- Replace redundant at-3.1.7-paths.patch by at-3.1.8-man-timespec-path.patch + to fix timespec path + +* Tue Jun 3 2003 Jens Petersen - 3.1.8-41 +- update source to at_3.1.8-11 from debian upstream + - update source url + - at-debian.patch no longer needed + - at-3.1.7-paths.patch: the patch to "at.1.in" no longer needed + - replace at-3.1.8-lexer.patch with at-3.1.8-11-lexer-parser.diff + - at-3.1.8-dst.patch no longer needed + - at-3.1.8-lsbdoc.patch no longer needed + - at-3.1.8-o_excl.patch no longer needed + - bump release number +- at-3.1.8-test.patch: move out test.pl to a separate source file + - apply at-3.1.8-test-fix.patch to it and drop patch +- at-3.1.8-shell.patch: drop (#22216,#91233) +- run "make test" after building +- add "--without check" rpmbuild option +- fix autoconf comment to point to right patch +- use _sysconfdir, _sbindir, _bindir, and _localstatedir + +* Wed Jan 22 2003 Tim Powers 3.1.8-33 +- rebuilt + +* Wed Nov 27 2002 Tim Powers 3.1.8-32 +- remove unpackaged files from the buildroot + +* Thu Jul 25 2002 Bill Huang +- Fixed delaying job execution and missing starting jobs..(bug#69595) + (Thanks Bujor D Silaghi for his patch.) + +* Fri Jul 19 2002 Bill Huang +- Fixed cleaning atq and multiple atd daemon.(bug#67414) + (Thanks Bujor D Silaghi for his patch.) + +* Fri Jul 19 2002 Bill Huang +- Fixed error message output in atd.c + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Mon May 27 2002 Bill Huang +- Rebuild for Milan + +* Thu May 23 2002 Tim Powers +- automated rebuild + +* Fri Feb 1 2002 Bernhard Rosenkraenzer 3.1.8-25 +- Require smtpdaemon rather than sendmail - postfix works just as well. + +* Thu Jan 31 2002 Bill Nottingham 3.1.8-24 +- rebuild in new env. + +* Thu Jan 17 2002 Trond Eivind Glomsrød 3.1.8-23 +- s/Copyright/License/ + +* Mon Jan 14 2002 Adrian Havill 3.1.8-21 +- fix man page (#51253) +- fix env prop problem (#49491) +- .SEQ should not be executable (#52626) +- beefed up file creation perms against symlink exploits (O_EXCL) + +* Thu Aug 2 2001 Crutcher Dunnavant 3.1.8-20 +- updated patch update, still bug #46546 + +* Wed Jul 18 2001 Crutcher Dunnavant +- applied enrico.scholz@informatik.tu-chemnitz.de's change to the env patch to +- address bug #46546 + +* Mon Jun 25 2001 Crutcher Dunnavant +- changed atd.init to start at 95, stop at 5, closing #15915 +- applied mailto:wp@supermedia.pl's environment patch + +* Sun Jun 24 2001 Elliot Lee +- Bump release + rebuild. + +* Wed Apr 4 2001 Crutcher Dunnavant +- much love to David Kilzer +- who nailed UTC, Leap year, DST, and some other edge cases down +- he also wrote a test harness in perl +- bug #28448 + +* Fri Feb 2 2001 Trond Eivind Glomsrød +- i18nize initscript + +* Tue Dec 12 2000 Bill Nottingham +- fix documentation of which shell commands will be run with (#22216) + +* Wed Aug 23 2000 Crutcher Dunnavant +- Well, we will likely never really close the UTC issues, +- because of 1) fractional timezones, and 2) daylight savigns time. +- but there is a slight tweak to the handling of dst in the UTC patch. + +* Wed Aug 23 2000 Crutcher Dunnavant +- fixed bug #15685 +- which had at miscaluclating UTC times. + +* Sat Jul 15 2000 Bill Nottingham +- move initscript back + +* Wed Jul 12 2000 Prospector +- automatic rebuild + +* Thu Jul 6 2000 Bill Nottingham +- prereq /etc/init.d + +* Sat Jul 1 2000 Nalin Dahyabhai +- fix syntax error in init script + +* Tue Jun 27 2000 Preston Brown +- don't prereq, only require initscripts + +* Mon Jun 26 2000 Preston Brown +- move init script +- add condrestart directive +- fix post/preun/postun scripts +- prereq initscripts >= 5.20 + +* Sat Jun 17 2000 Bill Nottingham +- fix verify of /var/spool/at/.SEQ (#12262) + +* Mon Jun 12 2000 Nalin Dahyabhai +- fix status checking and syntax error in init script + +* Fri Jun 9 2000 Bill Nottingham +- fix for long usernames (#11321) +- add some bugfixes from debian + +* Mon May 8 2000 Bernhard Rosenkraenzer +- 3.1.8 + +* Wed Mar 1 2000 Bill Nottingham +- fix a couple of more typos, null-terminate some strings + +* Thu Feb 10 2000 Bill Nottingham +- fix many-years-old typo in atd.c + +* Thu Feb 3 2000 Bill Nottingham +- handle compressed man pages + +* Mon Aug 16 1999 Bill Nottingham +- initscript munging, build as non-root user + +* Sun Jun 13 1999 Jeff Johnson +- correct perms for /var/spool/at after defattr. + +* Mon May 24 1999 Jeff Johnson +- reset SIGCHLD before exec (#3016). + +* Sun Mar 21 1999 Cristian Gafton +- auto rebuild in the new build environment (release 8) + +* Thu Mar 18 1999 Cristian Gafton +- fix handling the 12:00 time + +* Wed Jan 13 1999 Bill Nottingham +- configure fix for arm + +* Wed Jan 06 1999 Cristian Gafton +- build for glibc 2.1 + +* Tue May 05 1998 Prospector System +- translations modified for de, fr, tr + +* Wed Apr 22 1998 Michael K. Johnson +- enhanced initscript + +* Sun Nov 09 1997 Michael K. Johnson +- learned to spell + +* Wed Oct 22 1997 Michael K. Johnson +- updated to at version 3.1.7 +- updated lock and sequence file handling with ghost +- Use chkconfig and atd, now conflicts with old crontabs packages + +* Thu Jun 19 1997 Erik Troan +- built against glibc +