diff --git a/cronie-1.4.11-kill_fd.patch b/cronie-1.4.11-kill_fd.patch new file mode 100644 index 0000000..62bd6ef --- /dev/null +++ b/cronie-1.4.11-kill_fd.patch @@ -0,0 +1,39 @@ +diff -up cronie-1.4.11/src/do_command.c.pff cronie-1.4.11/src/do_command.c +--- cronie-1.4.11/src/do_command.c.pff 2013-07-18 14:27:08.000000000 +0200 ++++ cronie-1.4.11/src/do_command.c 2014-04-30 14:42:32.761953732 +0200 +@@ -238,6 +238,12 @@ static int child_process(entry * e, char + */ + { + char *shell = env_get("SHELL", jobenv); ++ int fd, fdmax = getdtablesize(); ++ ++ /* close all unwanted open file descriptors */ ++ for(fd = STDERR + 1; fd < fdmax; fd++) { ++ close(fd); ++ } + + #if DEBUGGING + if (DebugFlags & DTEST) { +diff -up cronie-1.4.11/src/popen.c.pff cronie-1.4.11/src/popen.c +--- cronie-1.4.11/src/popen.c.pff 2013-07-18 14:27:08.000000000 +0200 ++++ cronie-1.4.11/src/popen.c 2014-04-30 14:43:42.177095194 +0200 +@@ -69,6 +69,7 @@ FILE *cron_popen(char *program, const ch + ssize_t out; + char buf[PIPE_BUF]; + struct sigaction sa; ++ int fd; + + #ifdef __GNUC__ + (void) &iop; /* Avoid fork clobbering */ +@@ -121,6 +122,11 @@ FILE *cron_popen(char *program, const ch + sa.sa_handler = SIG_DFL; + sigaction(SIGPIPE, &sa, NULL); + ++ /* close all unwanted open file descriptors */ ++ for (fd = STDERR + 1; fd < fds; fd++) { ++ close(fd); ++ } ++ + if (cron_change_user_permanently(pw, pw->pw_dir) != 0) + _exit(2); + diff --git a/cronie.spec b/cronie.spec index 08c077b..d16df7b 100644 --- a/cronie.spec +++ b/cronie.spec @@ -6,9 +6,10 @@ Summary: Cron daemon for executing programs at set times Name: cronie Version: 1.4.11 -Release: 5%{?dist} +Release: 6%{?dist} Patch0: correct-env.patch Patch1: unitfile-killprocess.patch +Patch2: cronie-1.4.11-kill_fd.patch License: MIT and BSD and ISC and GPLv2+ Group: System Environment/Base URL: https://fedorahosted.org/cronie @@ -79,6 +80,7 @@ extra features. %setup -q %patch0 -p1 -b .jobenv %patch1 -p1 +%patch2 -p1 %build %configure \ @@ -203,6 +205,9 @@ exit 0 %attr(0644,root,root) %{_sysconfdir}/cron.d/dailyjobs %changelog +* Wed Apr 30 2014 Marcela Mašláňová - 1.4.11-6 +- unwanted fd could make trouble to SElinux 1075106 + * Thu Jan 16 2014 Ville Skyttä - 1.4.11-5 - Drop INSTALL from docs, fix rpmlint tabs vs spaces warning.