diff --git a/.gitignore b/.gitignore index b78dae2..10d8907 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ /cronie-1.5.0.tar.gz /cronie-1.5.1.tar.gz /cronie-1.5.2.tar.gz +/cronie-1.5.3.tar.gz diff --git a/cronie-1.5.2-context-role.patch b/cronie-1.5.2-context-role.patch deleted file mode 100644 index b30a4d4..0000000 --- a/cronie-1.5.2-context-role.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 1f866530f5b3c49012c61b299f3c4e1dceff2a71 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Thu, 18 Oct 2018 14:25:58 +0200 -Subject: [PATCH] Use the role from the crond context for system job contexts. - -New SELinux policy added multiple roles for the system_u user on crond_t. -The default context returned from get_default_context_with_level() is now -unconfined_t instead of system_cronjob_t which is incorrect for system cron -jobs. -We use the role to limit the default context to system_cronjob_t. ---- - src/security.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/security.c b/src/security.c -index d1bdc7f..5213cf3 100644 ---- a/src/security.c -+++ b/src/security.c -@@ -505,6 +505,7 @@ get_security_context(const char *name, int crontab_fd, - retval = get_default_context_with_level(seuser, level, NULL, &scontext); - } - else { -+ const char *current_user, *current_role; - if (getcon(¤t_context_str) < 0) { - log_it(name, getpid(), "getcon FAILED", "", 0); - return (security_getenforce() > 0); -@@ -517,8 +518,9 @@ get_security_context(const char *name, int crontab_fd, - return (security_getenforce() > 0); - } - -- const char *current_user = context_user_get(current_context); -- retval = get_default_context_with_level(current_user, level, NULL, &scontext); -+ current_user = context_user_get(current_context); -+ current_role = context_role_get(current_context); -+ retval = get_default_context_with_rolelevel(current_user, current_role, level, NULL, &scontext); - - freecon(current_context_str); - context_free(current_context); --- -2.14.5 - diff --git a/cronie.spec b/cronie.spec index 532e9ee..60317fe 100644 --- a/cronie.spec +++ b/cronie.spec @@ -5,12 +5,11 @@ Summary: Cron daemon for executing programs at set times Name: cronie -Version: 1.5.2 -Release: 5%{?dist} +Version: 1.5.3 +Release: 1%{?dist} License: MIT and BSD and ISC and GPLv2+ URL: https://github.com/cronie-crond/cronie Source0: https://github.com/cronie-crond/cronie/releases/download/cronie-%{version}/cronie-%{version}.tar.gz -Patch1: cronie-1.5.2-context-role.patch Requires: dailyjobs @@ -77,7 +76,6 @@ extra features. %prep %setup -q -%patch1 -p1 -b .context-role %build %configure \ @@ -206,6 +204,9 @@ exit 0 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs %changelog +* Fri Mar 15 2019 Tomáš Mráz - 1.5.3-1 +- new upstream release 1.5.3 fixing CVE-2019-9704 and CVE-2019-9705 + * Thu Jan 31 2019 Fedora Release Engineering - 1.5.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/sources b/sources index aa30937..fef5b7a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (cronie-1.5.2.tar.gz) = e306b4b8388bff0181ca4b3f15b81c0881d727b0f502c28204e8325359c49baeb1b1a4a5751ffc11eb5ebdeefe42704b77f6727f029c60c99c70b9885f6b4d18 +SHA512 (cronie-1.5.3.tar.gz) = 68771d50dff4e34b2c9302f1167ea3b604f19b809630339457bb55b4479a30de465fd05e64df9c9493040de3b4ed686b0bdfc497c2bb0008909c4829531fbb27