Update to 1.4.7
- remove merged patches - clean specfile (whitespaces, remove BR automake)
This commit is contained in:
parent
ec872c8667
commit
3a6490b2b2
6
.gitignore
vendored
6
.gitignore
vendored
@ -1,4 +1,2 @@
|
||||
cronie-1.4.4.tar.gz
|
||||
cronie-1.4.5.tar.gz
|
||||
/cronie-1.4.6.tar.gz
|
||||
/cronie.systemd
|
||||
cronie.systemd
|
||||
cronie-1.4.7.tar.gz
|
||||
|
@ -1,134 +0,0 @@
|
||||
diff --git a/anacron/global.h b/anacron/global.h
|
||||
index 91963a7..0fe3f9b 100644
|
||||
--- a/anacron/global.h
|
||||
+++ b/anacron/global.h
|
||||
@@ -42,6 +42,7 @@
|
||||
#define MAX_MSG 150
|
||||
|
||||
#include <signal.h>
|
||||
+#include <time.h>
|
||||
#include "anacron-paths.h"
|
||||
|
||||
/* Some declarations */
|
||||
@@ -102,6 +103,8 @@ extern int running_jobs,running_mailers;
|
||||
|
||||
extern int complaints;
|
||||
|
||||
+extern time_t start_sec;
|
||||
+
|
||||
/* time ranges for START_HOURS_RANGE */
|
||||
extern int range_start;
|
||||
extern int range_stop;
|
||||
diff --git a/anacron/lock.c b/anacron/lock.c
|
||||
index 68fd252..71aae09 100644
|
||||
--- a/anacron/lock.c
|
||||
+++ b/anacron/lock.c
|
||||
@@ -94,6 +94,9 @@ consider_job(job_rec *jr)
|
||||
if (!force && b == 8)
|
||||
{
|
||||
int day_delta;
|
||||
+ time_t jobtime;
|
||||
+ struct tm *t;
|
||||
+
|
||||
if (sscanf(timestamp, "%4d%2d%2d", &ts_year, &ts_month, &ts_day) == 3)
|
||||
dn = day_num(ts_year, ts_month, ts_day);
|
||||
else
|
||||
@@ -149,6 +152,18 @@ consider_job(job_rec *jr)
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
+
|
||||
+ jobtime = start_sec + jr->delay * 60;
|
||||
+
|
||||
+ t = localtime(&jobtime);
|
||||
+ if (!now && range_start != -1 && range_stop != -1 &&
|
||||
+ (t->tm_hour < range_start || t->tm_hour >= range_stop))
|
||||
+ {
|
||||
+ Debug(("The job `%s' falls out of the %02d:00-%02d:00 hours range, skipping.",
|
||||
+ jr->ident, range_start, range_stop));
|
||||
+ xclose (jr->timestamp_fd);
|
||||
+ return 0;
|
||||
+ }
|
||||
}
|
||||
|
||||
/* no! try to grab the lock */
|
||||
diff --git a/anacron/main.c b/anacron/main.c
|
||||
index 2fd3ed5..08db810 100644
|
||||
--- a/anacron/main.c
|
||||
+++ b/anacron/main.c
|
||||
@@ -55,7 +55,7 @@ sigset_t old_sigmask; /* signal mask when started */
|
||||
job_rec *first_job_rec;
|
||||
env_rec *first_env_rec;
|
||||
|
||||
-static time_t start_sec; /* time anacron started */
|
||||
+time_t start_sec; /* time anacron started */
|
||||
static volatile int got_sigalrm, got_sigchld, got_sigusr1;
|
||||
int running_jobs, running_mailers; /* , number of */
|
||||
int range_start = -1;
|
||||
@@ -406,7 +406,6 @@ static void
|
||||
explain_intentions()
|
||||
{
|
||||
int j;
|
||||
- struct tm *t;
|
||||
|
||||
j = 0;
|
||||
while (j < njobs)
|
||||
@@ -417,21 +416,8 @@ explain_intentions()
|
||||
}
|
||||
else
|
||||
{
|
||||
- time_t jobtime = start_sec + job_array[j]->delay * 60;
|
||||
-
|
||||
- t = localtime(&jobtime);
|
||||
- if (range_start != -1 && range_stop != -1 &&
|
||||
- (t->tm_hour < range_start || t->tm_hour >= range_stop))
|
||||
- {
|
||||
- Debug(("The job `%s' falls out of the %02d:00-%02d:00 hours range, skipping.",
|
||||
- job_array[j]->ident, range_start, range_stop));
|
||||
- job_array[j]->drop_job = 1;
|
||||
- }
|
||||
- else
|
||||
- {
|
||||
- explain("Will run job `%s' in %d min.",
|
||||
+ explain("Will run job `%s' in %d min.",
|
||||
job_array[j]->ident, job_array[j]->delay);
|
||||
- }
|
||||
}
|
||||
j++;
|
||||
}
|
||||
@@ -443,15 +429,12 @@ int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
int j;
|
||||
-
|
||||
int cwd;
|
||||
-
|
||||
- int dropped_jobs = 0;
|
||||
+ struct timeval tv;
|
||||
+ struct timezone tz;
|
||||
|
||||
anacrontab = NULL;
|
||||
spooldir = NULL;
|
||||
- struct timeval tv;
|
||||
- struct timezone tz;
|
||||
|
||||
if (gettimeofday(&tv, &tz) != 0)
|
||||
explain("Can't get exact time, failure.");
|
||||
@@ -514,16 +497,11 @@ main(int argc, char *argv[])
|
||||
running_jobs = running_mailers = 0;
|
||||
for(j = 0; j < njobs; ++j)
|
||||
{
|
||||
- if (job_array[j]->drop_job == 1)
|
||||
- {
|
||||
- ++dropped_jobs;
|
||||
- continue;
|
||||
- }
|
||||
xsleep(time_till(job_array[j]));
|
||||
if (serialize) wait_jobs();
|
||||
launch_job(job_array[j]);
|
||||
}
|
||||
wait_children();
|
||||
- explain("Normal exit (%d job%s run)", njobs-dropped_jobs, (njobs-dropped_jobs == 1 ? "" : "s"));
|
||||
+ explain("Normal exit (%d job%s run)", njobs, njobs == 1 ? "" : "s");
|
||||
exit(0);
|
||||
}
|
@ -1,34 +0,0 @@
|
||||
diff -up cronie-1.4.6/man/cron.8.wrong cronie-1.4.6/man/cron.8
|
||||
--- cronie-1.4.6/man/cron.8.wrong 2010-10-21 17:31:28.000000000 +0200
|
||||
+++ cronie-1.4.6/man/cron.8 2010-10-26 10:16:38.000000000 +0200
|
||||
@@ -27,7 +27,7 @@
|
||||
crond \- daemon to execute scheduled commands
|
||||
.SH SYNOPSIS
|
||||
.B crond
|
||||
-.RB [ -n " | " -p " | " -s " | " -m \fP\fI<mail command>\fP ]
|
||||
+.RB [ -n " | " -p " | " -s " | " -c " | " -m \fP\fI<mail command>\fP ]
|
||||
|
||||
.B crond
|
||||
.B -x
|
||||
@@ -147,6 +147,9 @@ Allows
|
||||
.I Cron
|
||||
to accept any user set crontables.
|
||||
.TP
|
||||
+.B "\-c"
|
||||
+This option enables clustering support, as described below.
|
||||
+.TP
|
||||
.B "\-s"
|
||||
This option will direct
|
||||
.I Cron
|
||||
diff -up cronie-1.4.6/man/crontab.1.wrong cronie-1.4.6/man/crontab.1
|
||||
--- cronie-1.4.6/man/crontab.1.wrong 2010-10-22 09:49:29.000000000 +0200
|
||||
+++ cronie-1.4.6/man/crontab.1 2010-10-26 11:53:57.000000000 +0200
|
||||
@@ -139,7 +139,7 @@ This option is relevant only if
|
||||
was started with the \fB-c\fP option, to enable clustering support. It is
|
||||
used to set the host in the cluster which should run the jobs specified in the
|
||||
crontab files in the
|
||||
-.I /var/spool/cron\
|
||||
+.I /var/spool/cron
|
||||
directory.
|
||||
If a hostname is supplied, the host whose hostname returned by
|
||||
.BR gethostname(2)
|
@ -1,210 +0,0 @@
|
||||
diff -up cronie-1.4.6/src/cron.c.old cronie-1.4.6/src/cron.c
|
||||
--- cronie-1.4.6/src/cron.c.old 2010-10-21 07:56:27.000000000 +0200
|
||||
+++ cronie-1.4.6/src/cron.c 2010-12-16 13:44:44.000000000 +0100
|
||||
@@ -198,6 +198,11 @@ int main(int argc, char *argv[]) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
+ if (cron_init_security() < 0) {
|
||||
+ log_it("CRON", pid, "DEATH", "Critical security parameters not initialized", 0);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
/* Get the default locale character set for the mail
|
||||
* "Content-Type: ...; charset=" header
|
||||
*/
|
||||
diff -up cronie-1.4.6/src/funcs.h.old cronie-1.4.6/src/funcs.h
|
||||
--- cronie-1.4.6/src/funcs.h.old 2010-10-04 16:07:25.000000000 +0200
|
||||
+++ cronie-1.4.6/src/funcs.h 2010-12-16 09:59:02.000000000 +0100
|
||||
@@ -85,6 +85,8 @@ long get_gmtoff(time_t *, struct tm *);
|
||||
|
||||
/* Red Hat security stuff (security.c):
|
||||
*/
|
||||
+int cron_init_security( void );
|
||||
+
|
||||
void cron_restore_default_security_context( void );
|
||||
|
||||
int cron_set_job_security_context( entry *e, user *u, char ***jobenvp );
|
||||
diff -up cronie-1.4.6/src/security.c.old cronie-1.4.6/src/security.c
|
||||
--- cronie-1.4.6/src/security.c.old 2010-10-04 16:07:25.000000000 +0200
|
||||
+++ cronie-1.4.6/src/security.c 2010-12-16 09:59:02.000000000 +0100
|
||||
@@ -41,15 +41,14 @@ static int
|
||||
cron_conv(int num_msg, const struct pam_message **msgm,
|
||||
struct pam_response **response, void *appdata_ptr)
|
||||
{
|
||||
- struct pam_message**m = msgm;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < num_msg; i++) {
|
||||
- switch (m[i]->msg_style) {
|
||||
+ switch (msgm[i]->msg_style) {
|
||||
case PAM_ERROR_MSG:
|
||||
case PAM_TEXT_INFO:
|
||||
- if (m[i]->msg != NULL) {
|
||||
- log_it("CRON", getpid(), "pam_message", m[i]->msg, 0);
|
||||
+ if (msgm[i]->msg != NULL) {
|
||||
+ log_it("CRON", getpid(), "pam_message", msgm[i]->msg, 0);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
@@ -81,6 +80,11 @@ static char **build_env(char **cronenv);
|
||||
static int cron_change_selinux_range(user * u, security_context_t ucontext);
|
||||
static int cron_get_job_range(user * u, security_context_t * ucontextp,
|
||||
char **jobenv);
|
||||
+
|
||||
+static security_class_t file_class;
|
||||
+static security_class_t context_class;
|
||||
+static access_vector_t entrypoint_bit;
|
||||
+static access_vector_t contains_bit;
|
||||
#endif
|
||||
|
||||
void cron_restore_default_security_context() {
|
||||
@@ -89,6 +93,40 @@ void cron_restore_default_security_conte
|
||||
#endif
|
||||
}
|
||||
|
||||
+int cron_init_security() {
|
||||
+#ifdef WITH_SELINUX
|
||||
+ int rv = -1;
|
||||
+
|
||||
+ if (is_selinux_enabled() <= 0)
|
||||
+ return 0;
|
||||
+
|
||||
+ if (security_getenforce() <= 0)
|
||||
+ rv = 0;
|
||||
+
|
||||
+ file_class = string_to_security_class("file");
|
||||
+ if (!file_class) {
|
||||
+ log_it("CRON", getpid(), "ERROR", "Failed to translate security class file", errno);
|
||||
+ return rv;
|
||||
+ }
|
||||
+ context_class = string_to_security_class("context");
|
||||
+ if (!context_class) {
|
||||
+ log_it("CRON", getpid(), "ERROR", "Failed to translate security class context", errno);
|
||||
+ return rv;
|
||||
+ }
|
||||
+ entrypoint_bit = string_to_av_perm(file_class, "entrypoint");
|
||||
+ if (!entrypoint_bit) {
|
||||
+ log_it("CRON", getpid(), "ERROR", "Failed to translate av perm entrypoint", errno);
|
||||
+ return rv;
|
||||
+ }
|
||||
+ contains_bit = string_to_av_perm(context_class, "contains");
|
||||
+ if (!contains_bit) {
|
||||
+ log_it("CRON", getpid(), "ERROR", "Failed to translate av perm contains", errno);
|
||||
+ return rv;
|
||||
+ }
|
||||
+#endif
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
int cron_set_job_security_context(entry * e, user * u, char ***jobenv) {
|
||||
time_t minutely_time = 0;
|
||||
#ifdef WITH_PAM
|
||||
@@ -254,7 +292,7 @@ static int cron_authorize_context(securi
|
||||
#ifdef WITH_SELINUX
|
||||
struct av_decision avd;
|
||||
int retval;
|
||||
- unsigned int bit = FILE__ENTRYPOINT;
|
||||
+
|
||||
/*
|
||||
* Since crontab files are not directly executed,
|
||||
* crond must ensure that the crontab file has
|
||||
@@ -262,9 +300,11 @@ static int cron_authorize_context(securi
|
||||
* the user cron job. It performs an entrypoint
|
||||
* permission check for this purpose.
|
||||
*/
|
||||
+ if (!file_class || !entrypoint_bit)
|
||||
+ return 0;
|
||||
retval = security_compute_av(scontext, file_context,
|
||||
- SECCLASS_FILE, bit, &avd);
|
||||
- if (retval || ((bit & avd.allowed) != bit))
|
||||
+ file_class, entrypoint_bit, &avd);
|
||||
+ if (retval || ((entrypoint_bit & avd.allowed) != entrypoint_bit))
|
||||
return 0;
|
||||
#endif
|
||||
return 1;
|
||||
@@ -275,16 +315,17 @@ static int cron_authorize_range(security
|
||||
#ifdef WITH_SELINUX
|
||||
struct av_decision avd;
|
||||
int retval;
|
||||
- unsigned int bit = CONTEXT__CONTAINS;
|
||||
/*
|
||||
* Since crontab files are not directly executed,
|
||||
* so crond must ensure that any user specified range
|
||||
* falls within the seusers-specified range for that Linux user.
|
||||
*/
|
||||
+ if (!context_class || !contains_bit)
|
||||
+ return 0;
|
||||
retval = security_compute_av(scontext, ucontext,
|
||||
- SECCLASS_CONTEXT, bit, &avd);
|
||||
+ context_class, contains_bit, &avd);
|
||||
|
||||
- if (retval || ((bit & avd.allowed) != bit))
|
||||
+ if (retval || ((contains_bit & avd.allowed) != contains_bit))
|
||||
return 0;
|
||||
#endif
|
||||
return 1;
|
||||
@@ -479,15 +520,22 @@ get_security_context(const char *name, i
|
||||
}
|
||||
|
||||
if (!cron_authorize_context(scontext, file_context)) {
|
||||
+ char *msg=NULL;
|
||||
+ if (asprintf(&msg,
|
||||
+ "Unauthorized SELinux context=%s file_context=%s", (char *) scontext, file_context) >= 0) {
|
||||
+ log_it(name, getpid(), msg, tabname, 0);
|
||||
+ free(msg);
|
||||
+ } else {
|
||||
+ log_it(name, getpid(), "Unauthorized SELinux context", tabname, 0);
|
||||
+ }
|
||||
freecon(scontext);
|
||||
freecon(file_context);
|
||||
if (security_getenforce() > 0) {
|
||||
- log_it(name, getpid(), "Unauthorized SELinux context", tabname, 0);
|
||||
return -1;
|
||||
}
|
||||
else {
|
||||
log_it(name, getpid(),
|
||||
- "Unauthorized SELinux context, but SELinux in permissive mode, continuing",
|
||||
+ "SELinux in permissive mode, continuing",
|
||||
tabname, 0);
|
||||
return 0;
|
||||
}
|
||||
@@ -515,22 +563,30 @@ int crontab_security_access(void) {
|
||||
security_context_t user_context;
|
||||
if (getprevcon_raw(&user_context) == 0) {
|
||||
security_class_t passwd_class;
|
||||
+ access_vector_t crontab_bit;
|
||||
struct av_decision avd;
|
||||
- int retval;
|
||||
+ int retval = 0;
|
||||
|
||||
passwd_class = string_to_security_class("passwd");
|
||||
if (passwd_class == 0) {
|
||||
- selinux_check_passwd_access = -1;
|
||||
fprintf(stderr, "Security class \"passwd\" is not defined in the SELinux policy.\n");
|
||||
+ retval = -1;
|
||||
+ }
|
||||
+
|
||||
+ if (retval == 0) {
|
||||
+ crontab_bit = string_to_av_perm(passwd_class, "crontab");
|
||||
+ if (crontab_bit == 0) {
|
||||
+ fprintf(stderr, "Security av permission \"crontab\" is not defined in the SELinux policy.\n");
|
||||
+ retval = -1;
|
||||
+ }
|
||||
}
|
||||
|
||||
- retval = security_compute_av_raw(user_context,
|
||||
- user_context,
|
||||
- passwd_class,
|
||||
- PASSWD__CRONTAB,
|
||||
- &avd);
|
||||
+ if (retval == 0)
|
||||
+ retval = security_compute_av_raw(user_context,
|
||||
+ user_context, passwd_class,
|
||||
+ crontab_bit, &avd);
|
||||
|
||||
- if ((retval == 0) && ((PASSWD__CRONTAB & avd.allowed) == PASSWD__CRONTAB)) {
|
||||
+ if ((retval == 0) && ((crontab_bit & avd.allowed) == crontab_bit)) {
|
||||
selinux_check_passwd_access = 0;
|
||||
}
|
||||
freecon(user_context);
|
22
cronie.spec
22
cronie.spec
@ -5,16 +5,13 @@
|
||||
|
||||
Summary: Cron daemon for executing programs at set times
|
||||
Name: cronie
|
||||
Version: 1.4.6
|
||||
Release: 9%{?dist}
|
||||
Version: 1.4.7
|
||||
Release: 1%{?dist}
|
||||
License: MIT and BSD and ISC and GPLv2
|
||||
Group: System Environment/Base
|
||||
URL: https://fedorahosted.org/cronie
|
||||
Source0: https://fedorahosted.org/releases/c/r/cronie/%{name}-%{version}.tar.gz
|
||||
Source1: cronie.systemd
|
||||
Patch0: cronie-1.4.6-manpages.patch
|
||||
Patch1: cronie-1.4.6-anacron-locks.patch
|
||||
Patch2: cronie-1.4.6-selinux.patch
|
||||
|
||||
Requires: syslog, bash >= 2.0
|
||||
Conflicts: sysklogd < 1.4.1
|
||||
@ -33,7 +30,6 @@ Buildrequires: pam-devel >= 1.0.1
|
||||
%if %{with audit}
|
||||
Buildrequires: audit-libs-devel >= 1.4.1
|
||||
%endif
|
||||
BuildRequires: automake
|
||||
|
||||
Requires(post): /sbin/chkconfig coreutils sed
|
||||
Requires(postun): /sbin/chkconfig
|
||||
@ -78,12 +74,8 @@ Old style of {hourly,daily,weekly,monthly}.jobs without anacron. No features.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
|
||||
%configure \
|
||||
%if %{with pam}
|
||||
--with-pam \
|
||||
@ -97,7 +89,9 @@ Old style of {hourly,daily,weekly,monthly}.jobs without anacron. No features.
|
||||
%if %{with inotify}
|
||||
--with-inotify \
|
||||
%endif
|
||||
--enable-anacron --enable-pie
|
||||
--enable-anacron \
|
||||
--enable-pie \
|
||||
--enable-relro
|
||||
|
||||
make %{?_smp_mflags}
|
||||
|
||||
@ -129,9 +123,6 @@ install -m 644 contrib/dailyjobs $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/dailyjobs
|
||||
mkdir -p $RPM_BUILD_ROOT/lib/systemd/system/
|
||||
install -m 644 %SOURCE1 $RPM_BUILD_ROOT/lib/systemd/system/crond.service
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post
|
||||
/sbin/chkconfig --add crond >/dev/null 2>&1 || :
|
||||
/bin/systemctl enable crond.service >/dev/null 2>&1 || :
|
||||
@ -213,6 +204,9 @@ cp -a /var/lock/subsys/crond /var/lock/subsys/cronie > /dev/null 2>&1 ||:
|
||||
%attr(0644,root,root) %{_sysconfdir}/cron.d/dailyjobs
|
||||
|
||||
%changelog
|
||||
* Tue Mar 15 2011 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.7-1
|
||||
- new release 1.4.7
|
||||
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.6-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user