new upstream release 1.5.3 fixing CVE-2019-9704 and CVE-2019-9705

2019-03-15 11:31:56 +01:00 · 2019-03-15 11:31:56 +01:00 · c28ae405c5
commit c28ae405c5
parent 592f27bf38
4 changed files with 7 additions and 46 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 /cronie-1.5.0.tar.gz
 /cronie-1.5.1.tar.gz
 /cronie-1.5.2.tar.gz
+/cronie-1.5.3.tar.gz
--- a/cronie-1.5.2-context-role.patch
+++ b/cronie-1.5.2-context-role.patch
@ -1,41 +0,0 @@
-From 1f866530f5b3c49012c61b299f3c4e1dceff2a71 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 18 Oct 2018 14:25:58 +0200
-Subject: [PATCH] Use the role from the crond context for system job contexts.
-
-New SELinux policy added multiple roles for the system_u user on crond_t.
-The default context returned from get_default_context_with_level() is now
-unconfined_t instead of system_cronjob_t which is incorrect for system cron
-jobs.
-We use the role to limit the default context to system_cronjob_t.
---
- src/security.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/security.c b/src/security.c
-index d1bdc7f..5213cf3 100644
--- a/src/security.c
-+++ b/src/security.c
-@@ -505,6 +505,7 @@ get_security_context(const char *name, int crontab_fd,
- 		retval = get_default_context_with_level(seuser, level, NULL, &scontext);
- 	}
- 	else {
-+		const char *current_user, *current_role;
- 		if (getcon(&current_context_str) < 0) {
- 			log_it(name, getpid(), "getcon FAILED", "", 0);
- 			return (security_getenforce() > 0);
-@@ -517,8 +518,9 @@ get_security_context(const char *name, int crontab_fd,
- 			return (security_getenforce() > 0);
- 		}
- 
-		const char *current_user = context_user_get(current_context);
-		retval = get_default_context_with_level(current_user, level, NULL, &scontext);
-+		current_user = context_user_get(current_context);
-+		current_role = context_role_get(current_context);
-+		retval = get_default_context_with_rolelevel(current_user, current_role, level, NULL, &scontext);
- 
- 		freecon(current_context_str);
- 		context_free(current_context);
-- 
-2.14.5
-
--- a/cronie.spec
+++ b/cronie.spec
@ -5,12 +5,11 @@

 Summary:   Cron daemon for executing programs at set times
 Name:      cronie
-Version:   1.5.2
-Release:   5%{?dist}
+Version:   1.5.3
+Release:   1%{?dist}
 License:   MIT and BSD and ISC and GPLv2+
 URL:       https://github.com/cronie-crond/cronie
 Source0:   https://github.com/cronie-crond/cronie/releases/download/cronie-%{version}/cronie-%{version}.tar.gz
-Patch1:    cronie-1.5.2-context-role.patch

 Requires:  dailyjobs

@ -77,7 +76,6 @@ extra features.

 %prep
 %setup -q
-%patch1 -p1 -b .context-role

 %build
 %configure \
@ -206,6 +204,9 @@ exit 0
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs

 %changelog
+* Fri Mar 15 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.3-1
+- new upstream release 1.5.3 fixing CVE-2019-9704 and CVE-2019-9705
+
 * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.2-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (cronie-1.5.2.tar.gz) = e306b4b8388bff0181ca4b3f15b81c0881d727b0f502c28204e8325359c49baeb1b1a4a5751ffc11eb5ebdeefe42704b77f6727f029c60c99c70b9885f6b4d18
+SHA512 (cronie-1.5.3.tar.gz) = 68771d50dff4e34b2c9302f1167ea3b604f19b809630339457bb55b4479a30de465fd05e64df9c9493040de3b4ed686b0bdfc497c2bb0008909c4829531fbb27