Compare commits
	
		
			No commits in common. "c8s" and "c9-beta" have entirely different histories.
		
	
	
		
	
		
							
								
								
									
										1
									
								
								.cronie.metadata
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								.cronie.metadata
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1 @@ | |||||||
|  | 0275d7c3b5376664f9e2c50b8c8cc338408b08b2 SOURCES/cronie-1.5.7.tar.gz | ||||||
							
								
								
									
										3
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										3
									
								
								.gitignore
									
									
									
									
										vendored
									
									
								
							| @ -1,2 +1 @@ | |||||||
| SOURCES/cronie-1.5.2.tar.gz | SOURCES/cronie-1.5.7.tar.gz | ||||||
| /cronie-1.5.2.tar.gz |  | ||||||
|  | |||||||
							
								
								
									
										114
									
								
								SOURCES/0001-Address-issues-found-by-coverity-scan.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										114
									
								
								SOURCES/0001-Address-issues-found-by-coverity-scan.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,114 @@ | |||||||
|  | From 09afe49c73cb495f32b96dce32728352c46ba865 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com> | ||||||
|  | Date: Thu, 29 Apr 2021 16:03:05 +0200 | ||||||
|  | Subject: [PATCH] Address issues found by coverity scan | ||||||
|  | MIME-Version: 1.0 | ||||||
|  | Content-Type: text/plain; charset=UTF-8 | ||||||
|  | Content-Transfer-Encoding: 8bit | ||||||
|  | 
 | ||||||
|  | Signed-off-by: Jan Staněk <jstanek@redhat.com> | ||||||
|  | ---
 | ||||||
|  |  anacron/main.c   | 8 ++++++-- | ||||||
|  |  anacron/runjob.c | 2 ++ | ||||||
|  |  src/crontab.c    | 1 + | ||||||
|  |  src/database.c   | 3 ++- | ||||||
|  |  src/pw_dup.c     | 1 + | ||||||
|  |  5 files changed, 12 insertions(+), 3 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/anacron/main.c b/anacron/main.c
 | ||||||
|  | index d092970..65f8fed 100644
 | ||||||
|  | --- a/anacron/main.c
 | ||||||
|  | +++ b/anacron/main.c
 | ||||||
|  | @@ -44,8 +44,8 @@ int day_now;
 | ||||||
|  |  int year, month, day_of_month;                 /* date anacron started */ | ||||||
|  |   | ||||||
|  |  char *program_name; | ||||||
|  | -char *anacrontab;
 | ||||||
|  | -char *spooldir;
 | ||||||
|  | +char *anacrontab = NULL;
 | ||||||
|  | +char *spooldir = NULL;
 | ||||||
|  |  int serialize, force, update_only, now, | ||||||
|  |      no_daemon, quiet, testing_only;            /* command-line options */ | ||||||
|  |  char **job_args;                       	       /* vector of "job" command-line arguments */ | ||||||
|  | @@ -128,12 +128,14 @@ parse_opts(int argc, char *argv[])
 | ||||||
|  |  	    quiet = 1; | ||||||
|  |  	    break; | ||||||
|  |  	case 't': | ||||||
|  | +	    free(anacrontab);
 | ||||||
|  |  	    anacrontab = strdup(optarg); | ||||||
|  |  	    break; | ||||||
|  |  	case 'T': | ||||||
|  |  	    testing_only = 1; | ||||||
|  |  	    break; | ||||||
|  |  	case 'S': | ||||||
|  | +	    free(spooldir);
 | ||||||
|  |  	    spooldir = strdup(optarg); | ||||||
|  |  	    break; | ||||||
|  |  	case 'V': | ||||||
|  | @@ -208,9 +210,11 @@ go_background(void)
 | ||||||
|  |      /* stdin is already closed */ | ||||||
|  |   | ||||||
|  |      if (fclose(stdout)) die_e("Can't close stdout"); | ||||||
|  | +    /* coverity[leaked_handle] – fd 1 closed automatically */
 | ||||||
|  |      xopen(1, "/dev/null", O_WRONLY); | ||||||
|  |   | ||||||
|  |      if (fclose(stderr)) die_e("Can't close stderr"); | ||||||
|  | +    /* coverity[leaked_handle] – fd 2 closed automatically */
 | ||||||
|  |      xopen(2, "/dev/null", O_WRONLY); | ||||||
|  |   | ||||||
|  |      pid = xfork(); | ||||||
|  | diff --git a/anacron/runjob.c b/anacron/runjob.c
 | ||||||
|  | index 341351f..04d6904 100644
 | ||||||
|  | --- a/anacron/runjob.c
 | ||||||
|  | +++ b/anacron/runjob.c
 | ||||||
|  | @@ -237,7 +237,9 @@ launch_mailer(job_rec *jr)
 | ||||||
|  |  	xcloselog(); | ||||||
|  |   | ||||||
|  |  	/* Ensure stdout/stderr are sane before exec-ing sendmail */ | ||||||
|  | +	/* coverity[leaked_handle] – STDOUT closed automatically */
 | ||||||
|  |  	xclose(STDOUT_FILENO); xopen(STDOUT_FILENO, "/dev/null", O_WRONLY); | ||||||
|  | +	/* coverity[leaked_handle] – STDERR closed automatically */
 | ||||||
|  |  	xclose(STDERR_FILENO); xopen(STDERR_FILENO, "/dev/null", O_WRONLY); | ||||||
|  |  	xclose(jr->output_fd); | ||||||
|  |   | ||||||
|  | diff --git a/src/crontab.c b/src/crontab.c
 | ||||||
|  | index 240c112..41c8984 100644
 | ||||||
|  | --- a/src/crontab.c
 | ||||||
|  | +++ b/src/crontab.c
 | ||||||
|  | @@ -872,6 +872,7 @@ static int replace_cmd(void) {
 | ||||||
|  |   | ||||||
|  |  	if ((error = check_syntax(tmp)) < 0) { | ||||||
|  |  		fprintf(stderr, "Invalid crontab file, can't install.\n"); | ||||||
|  | +		fclose(tmp);
 | ||||||
|  |  		goto done; | ||||||
|  |  	} | ||||||
|  |   | ||||||
|  | diff --git a/src/database.c b/src/database.c
 | ||||||
|  | index c1e4593..bff0256 100644
 | ||||||
|  | --- a/src/database.c
 | ||||||
|  | +++ b/src/database.c
 | ||||||
|  | @@ -559,7 +559,8 @@ int load_database(cron_db * old_db) {
 | ||||||
|  |  			if (not_a_crontab(dp)) | ||||||
|  |  				continue; | ||||||
|  |   | ||||||
|  | -			strncpy(fname, dp->d_name, NAME_MAX + 1);
 | ||||||
|  | +			strncpy(fname, dp->d_name, NAME_MAX);
 | ||||||
|  | +			fname[NAME_MAX] = '\0';
 | ||||||
|  |   | ||||||
|  |  			if (!glue_strings(tabname, sizeof tabname, SPOOL_DIR, fname, '/')) | ||||||
|  |  				continue;	/* XXX log? */ | ||||||
|  | diff --git a/src/pw_dup.c b/src/pw_dup.c
 | ||||||
|  | index ea787cd..c6f7b00 100644
 | ||||||
|  | --- a/src/pw_dup.c
 | ||||||
|  | +++ b/src/pw_dup.c
 | ||||||
|  | @@ -121,6 +121,7 @@ pw_dup(const struct passwd *pw) {
 | ||||||
|  |  		cp += ssize; | ||||||
|  |  	} | ||||||
|  |   | ||||||
|  | +	/* cppcheck-suppress[memleak symbolName=cp] memory originally pointed to by cp returned via newpw */
 | ||||||
|  |  	return (newpw); | ||||||
|  |  } | ||||||
|  |   | ||||||
|  | -- 
 | ||||||
|  | 2.31.1 | ||||||
|  | 
 | ||||||
| @ -1,8 +1,8 @@ | |||||||
| From 0f1704a0f8c5fd2a4da6f530694bdd93a7ca3226 Mon Sep 17 00:00:00 2001 | From 8c3f71bbe109f5df8280eeaa2152dabc4f48474a Mon Sep 17 00:00:00 2001 | ||||||
| From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= | From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= | ||||||
|  <35430604+opohorel@users.noreply.github.com> |  <35430604+opohorel@users.noreply.github.com> | ||||||
| Date: Mon, 8 Nov 2021 16:20:09 +0100 | Date: Mon, 8 Nov 2021 16:20:09 +0100 | ||||||
| Subject: [PATCH] Add random within range '~' operator | Subject: [PATCH 2/5] Add random within range '~' operator | ||||||
| 
 | 
 | ||||||
| With the operator one can specify for a job a random time or date within | With the operator one can specify for a job a random time or date within | ||||||
| a specified range for a field. | a specified range for a field. | ||||||
| @ -10,14 +10,14 @@ The random value is generated when the crontab where the job is | |||||||
| specified, is loaded. | specified, is loaded. | ||||||
| ---
 | ---
 | ||||||
|  man/crontab.5 |   9 ++ |  man/crontab.5 |   9 ++ | ||||||
|  src/entry.c   | 262 ++++++++++++++++++++++++++++++++------------------ |  src/entry.c   | 267 +++++++++++++++++++++++++++++++------------------- | ||||||
|  2 files changed, 176 insertions(+), 95 deletions(-) |  2 files changed, 175 insertions(+), 101 deletions(-) | ||||||
| 
 | 
 | ||||||
| diff --git a/man/crontab.5 b/man/crontab.5
 | diff --git a/man/crontab.5 b/man/crontab.5
 | ||||||
| index a011c89..ba8f0c3 100644
 | index 04358cb..5d89862 100644
 | ||||||
| --- a/man/crontab.5
 | --- a/man/crontab.5
 | ||||||
| +++ b/man/crontab.5
 | +++ b/man/crontab.5
 | ||||||
| @@ -199,6 +199,15 @@ hyphen.  The specified range is inclusive.  For example, 8-11 for
 | @@ -205,6 +205,15 @@ hyphen.  The specified range is inclusive.  For example, 8-11 for
 | ||||||
|  an 'hours' entry specifies execution at hours 8, 9, 10, and 11. The first |  an 'hours' entry specifies execution at hours 8, 9, 10, and 11. The first | ||||||
|  number must be less than or equal to the second one. |  number must be less than or equal to the second one. | ||||||
|  .PP |  .PP | ||||||
| @ -34,7 +34,7 @@ index a011c89..ba8f0c3 100644 | |||||||
|  commas.  Examples: "1,2,5,9", "0-4,8-12". |  commas.  Examples: "1,2,5,9", "0-4,8-12". | ||||||
|  .PP |  .PP | ||||||
| diff --git a/src/entry.c b/src/entry.c
 | diff --git a/src/entry.c b/src/entry.c
 | ||||||
| index 92b55f5..9276f47 100644
 | index 36e639e..f2bb717 100644
 | ||||||
| --- a/src/entry.c
 | --- a/src/entry.c
 | ||||||
| +++ b/src/entry.c
 | +++ b/src/entry.c
 | ||||||
| @@ -62,9 +62,22 @@ static const char *ecodes[] = {
 | @@ -62,9 +62,22 @@ static const char *ecodes[] = {
 | ||||||
| @ -62,7 +62,7 @@ index 92b55f5..9276f47 100644 | |||||||
|  set_element(bitstr_t *, int, int, int); |  set_element(bitstr_t *, int, int, int); | ||||||
|   |   | ||||||
|  void free_entry(entry * e) { |  void free_entry(entry * e) { | ||||||
| @@ -449,11 +462,14 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
 | @@ -467,11 +480,14 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
 | ||||||
|  	/* process all ranges |  	/* process all ranges | ||||||
|  	 */ |  	 */ | ||||||
|  	done = FALSE; |  	done = FALSE; | ||||||
| @ -79,7 +79,7 @@ index 92b55f5..9276f47 100644 | |||||||
|  		else |  		else | ||||||
|  			done = TRUE; |  			done = TRUE; | ||||||
|  	} |  	} | ||||||
| @@ -468,137 +484,193 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
 | @@ -486,144 +502,193 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
 | ||||||
|  	return (ch); |  	return (ch); | ||||||
|  } |  } | ||||||
|   |   | ||||||
| @ -247,6 +247,7 @@ index 92b55f5..9276f47 100644 | |||||||
| -		/* no step.  default==1.
 | -		/* no step.  default==1.
 | ||||||
| -		 */
 | -		 */
 | ||||||
| -		num3 = 1;
 | -		num3 = 1;
 | ||||||
|  | -	}
 | ||||||
| +			case R_RANDOM:
 | +			case R_RANDOM:
 | ||||||
| +				if (is_separator(ch)) {
 | +				if (is_separator(ch)) {
 | ||||||
| +					num2 = high;
 | +					num2 = high;
 | ||||||
| @ -260,7 +261,12 @@ index 92b55f5..9276f47 100644 | |||||||
| +				 */
 | +				 */
 | ||||||
| +				else
 | +				else
 | ||||||
| +					return (EOF);
 | +					return (EOF);
 | ||||||
| +
 |   | ||||||
|  | -	/* num1 (through i) will be validated by set_element() below, but num2
 | ||||||
|  | -	 * and num3 are merely used as loop condition and increment, and must
 | ||||||
|  | -	 * be validated separately.
 | ||||||
|  | -	 */
 | ||||||
|  | -	if (num2 < low || num2 > high || num3 > high)
 | ||||||
| +				/* if invalid random range was selected */
 | +				/* if invalid random range was selected */
 | ||||||
| +				if (num1 > num2)
 | +				if (num1 > num2)
 | ||||||
| +					return (EOF);
 | +					return (EOF);
 | ||||||
| @ -276,9 +282,9 @@ index 92b55f5..9276f47 100644 | |||||||
| +				 */
 | +				 */
 | ||||||
| +				return (EOF);
 | +				return (EOF);
 | ||||||
| +		}
 | +		}
 | ||||||
|  	} | +	}
 | ||||||
| +	if (state != R_FINISH || ch == EOF)
 | +	if (state != R_FINISH || ch == EOF)
 | ||||||
| +		return (EOF);
 |  		return (EOF); | ||||||
|   |   | ||||||
| -	/* range. set all elements from num1 to num2, stepping
 | -	/* range. set all elements from num1 to num2, stepping
 | ||||||
| -	 * by num3.  (the step is a downward-compatible extension
 | -	 * by num3.  (the step is a downward-compatible extension
 | ||||||
| @ -365,5 +371,5 @@ index 92b55f5..9276f47 100644 | |||||||
|   |   | ||||||
|    bad: |    bad: | ||||||
| -- 
 | -- 
 | ||||||
| 2.35.1 | 2.36.1 | ||||||
| 
 | 
 | ||||||
| @ -1,7 +1,7 @@ | |||||||
| From 07bf4b9037de19b580cfa24f5ad023b56725b285 Mon Sep 17 00:00:00 2001 | From 0589b06aa369efd3cd5dfc0bba9a868f48a14506 Mon Sep 17 00:00:00 2001 | ||||||
| From: Tomas Mraz <tmraz@fedoraproject.org> | From: Tomas Mraz <tmraz@fedoraproject.org> | ||||||
| Date: Wed, 5 Jan 2022 19:17:18 +0100 | Date: Wed, 5 Jan 2022 19:17:18 +0100 | ||||||
| Subject: [PATCH 2/4] get_number: Add missing NUL termination for the scanned | Subject: [PATCH 3/5] get_number: Add missing NUL termination for the scanned | ||||||
|  string |  string | ||||||
| 
 | 
 | ||||||
| ---
 | ---
 | ||||||
| @ -21,5 +21,5 @@ index f2bb717..15ce9b5 100644 | |||||||
|  		goto bad; |  		goto bad; | ||||||
|   |   | ||||||
| -- 
 | -- 
 | ||||||
| 2.35.1 | 2.36.1 | ||||||
| 
 | 
 | ||||||
| @ -1,7 +1,7 @@ | |||||||
| From 299ef06ea4371afa97301cec64dc8f21c4f7b11b Mon Sep 17 00:00:00 2001 | From 991a5f2a44c68f576b6c6da3a7ac8fbc8f97a3b0 Mon Sep 17 00:00:00 2001 | ||||||
| From: Tomas Mraz <tmraz@fedoraproject.org> | From: Tomas Mraz <tmraz@fedoraproject.org> | ||||||
| Date: Tue, 22 Mar 2022 14:35:48 +0100 | Date: Tue, 22 Mar 2022 14:35:48 +0100 | ||||||
| Subject: [PATCH 3/4] Fix regression in handling */x crontab entries | Subject: [PATCH 4/5] Fix regression in handling */x crontab entries | ||||||
| 
 | 
 | ||||||
| Fixes #102 | Fixes #102 | ||||||
| ---
 | ---
 | ||||||
| @ -24,5 +24,5 @@ index 15ce9b5..e9e258b 100644 | |||||||
|  					break; |  					break; | ||||||
|  				} |  				} | ||||||
| -- 
 | -- 
 | ||||||
| 2.35.1 | 2.36.1 | ||||||
| 
 | 
 | ||||||
| @ -1,7 +1,7 @@ | |||||||
| From 62e53f1cdb9c1e12a01ee7814c92cd937d50328d Mon Sep 17 00:00:00 2001 | From d1a4e2b1a091df104881a6dcd0e41d805c86cb1a Mon Sep 17 00:00:00 2001 | ||||||
| From: w30023233 <wangyuhang27@huawei.com> | From: w30023233 <wangyuhang27@huawei.com> | ||||||
| Date: Wed, 23 Mar 2022 15:40:01 +0800 | Date: Wed, 23 Mar 2022 15:40:01 +0800 | ||||||
| Subject: [PATCH 4/4] Fix regression in handling 1-5 crontab entries | Subject: [PATCH 5/5] Fix regression in handling 1-5 crontab entries | ||||||
| 
 | 
 | ||||||
| ---
 | ---
 | ||||||
|  src/entry.c | 1 + |  src/entry.c | 1 + | ||||||
| @ -20,5 +20,5 @@ index e9e258b..bb7cb62 100644 | |||||||
|  					state = R_RANGE_NUM2; |  					state = R_RANGE_NUM2; | ||||||
|  					break; |  					break; | ||||||
| -- 
 | -- 
 | ||||||
| 2.35.1 | 2.36.1 | ||||||
| 
 | 
 | ||||||
| @ -5,13 +5,19 @@ | |||||||
| 
 | 
 | ||||||
| Summary:   Cron daemon for executing programs at set times | Summary:   Cron daemon for executing programs at set times | ||||||
| Name:      cronie | Name:      cronie | ||||||
| Version:   1.5.2 | Version:   1.5.7 | ||||||
| Release:   10%{?dist} | Release:   8%{?dist} | ||||||
| License:   MIT and BSD and ISC and GPLv2+ | License:   MIT and BSD and ISC and GPLv2+ | ||||||
| Group:     System Environment/Base |  | ||||||
| URL:       https://github.com/cronie-crond/cronie | URL:       https://github.com/cronie-crond/cronie | ||||||
| Source0:   https://github.com/cronie-crond/cronie/releases/download/cronie-%{version}/cronie-%{version}.tar.gz | Source0:   https://github.com/cronie-crond/cronie/releases/download/cronie-%{version}/cronie-%{version}.tar.gz | ||||||
| 
 | 
 | ||||||
|  | Patch:     0001-Address-issues-found-by-coverity-scan.patch | ||||||
|  | # Add support for "~" ("random within range") + regression fixing patches (rhbz#2090691) | ||||||
|  | Patch:     0002-Add-random-within-range-operator.patch | ||||||
|  | Patch:     0003-get_number-Add-missing-NUL-termination-for-the-scann.patch | ||||||
|  | Patch:     0004-Fix-regression-in-handling-x-crontab-entries.patch | ||||||
|  | Patch:     0005-Fix-regression-in-handling-1-5-crontab-entries.patch | ||||||
|  | 
 | ||||||
| Requires:  dailyjobs | Requires:  dailyjobs | ||||||
| 
 | 
 | ||||||
| %if %{with selinux} | %if %{with selinux} | ||||||
| @ -28,34 +34,17 @@ Buildrequires: audit-libs-devel >= 1.4.1 | |||||||
| 
 | 
 | ||||||
| BuildRequires:    gcc | BuildRequires:    gcc | ||||||
| BuildRequires:    systemd | BuildRequires:    systemd | ||||||
|  | BuildRequires: make | ||||||
| Obsoletes:        %{name}-sysvinit | Obsoletes:        %{name}-sysvinit | ||||||
| 
 | 
 | ||||||
| Requires(post):   coreutils sed | Requires(post):   coreutils sed | ||||||
| Requires(post):   systemd |  | ||||||
| Requires(preun):  systemd |  | ||||||
| Requires(postun): systemd |  | ||||||
| Requires(post):   systemd |  | ||||||
| 
 | 
 | ||||||
| # Some parts of code could result in a memory leak. | %if 0%{?fedora} && 0%{?fedora} < 28 || 0%{?rhel} && 0%{?rhel} < 8 | ||||||
| Patch0:     fix-memory-leaks.patch | %{?systemd_requires} | ||||||
| # Some parts of code could result in undefined behavior. | %else | ||||||
| Patch1:     fix-unsafe-code.patch | %{?systemd_ordering} # does not exist on Fedora27/RHEL7 | ||||||
| # Use correct selinux role | %endif | ||||||
| Patch2:     cronie-1.5.2-context-role.patch | 
 | ||||||
| # Make systemd restart crond when it fails. |  | ||||||
| Patch3:     cronie-1.5.2-restart-on-failure.patch |  | ||||||
| # Revert "Avoid creating pid files when crond doesn't fork" |  | ||||||
| Patch4:     cronie-1.5.2-create-pid-files.patch |  | ||||||
| # Use system-auth in PAM (rhbz#2005526) |  | ||||||
| Patch5:     cronie-1.5.2-use-pam-system-auth.patch |  | ||||||
| # Add support for "~" ("random within range") + regression fixing patches (rhbz#1832510) |  | ||||||
| Patch6:     0001-Add-random-within-range-operator.patch |  | ||||||
| Patch7:     0002-get_number-Add-missing-NUL-termination-for-the-scann.patch |  | ||||||
| Patch8:     0003-Fix-regression-in-handling-x-crontab-entries.patch |  | ||||||
| Patch9:     0004-Fix-regression-in-handling-1-5-crontab-entries.patch |  | ||||||
| # Optimization to close fds from /proc/self/fd in case of high nofile limit after fork |  | ||||||
| # https://github.com/cronie-crond/cronie/commit/e3682c7135b9176b60d226c60ee4e78cf1ab711b |  | ||||||
| Patch10:     optimization_to_close_fds.patch |  | ||||||
| 
 | 
 | ||||||
| %description | %description | ||||||
| Cronie contains the standard UNIX daemon crond that runs specified programs at | Cronie contains the standard UNIX daemon crond that runs specified programs at | ||||||
| @ -66,7 +55,6 @@ SELinux. | |||||||
| %package anacron | %package anacron | ||||||
| Summary:   Utility for running regular jobs | Summary:   Utility for running regular jobs | ||||||
| Requires:  crontabs | Requires:  crontabs | ||||||
| Group:     System Environment/Base |  | ||||||
| Provides:  dailyjobs | Provides:  dailyjobs | ||||||
| Provides:  anacron = 2.4 | Provides:  anacron = 2.4 | ||||||
| Obsoletes: anacron <= 2.3 | Obsoletes: anacron <= 2.3 | ||||||
| @ -86,7 +74,6 @@ for better utilization of resources shared among multiple systems. | |||||||
| 
 | 
 | ||||||
| %package noanacron | %package noanacron | ||||||
| Summary:   Utility for running simple regular jobs in old cron style | Summary:   Utility for running simple regular jobs in old cron style | ||||||
| Group:     System Environment/Base |  | ||||||
| Provides:  dailyjobs | Provides:  dailyjobs | ||||||
| Requires:  crontabs | Requires:  crontabs | ||||||
| Requires:  %{name} = %{version}-%{release} | Requires:  %{name} = %{version}-%{release} | ||||||
| @ -96,19 +83,7 @@ Old style of running {hourly,daily,weekly,monthly}.jobs without anacron. No | |||||||
| extra features. | extra features. | ||||||
| 
 | 
 | ||||||
| %prep | %prep | ||||||
| %setup -q | %autosetup -p1 | ||||||
| 
 |  | ||||||
| %patch0 -p1 |  | ||||||
| %patch1 -p1 |  | ||||||
| %patch2 -p1 |  | ||||||
| %patch3 -p1 |  | ||||||
| %patch4 -p1 |  | ||||||
| %patch5 -p1 |  | ||||||
| %patch6 -p1 |  | ||||||
| %patch7 -p1 |  | ||||||
| %patch8 -p1 |  | ||||||
| %patch9 -p1 |  | ||||||
| %patch10 -p1 |  | ||||||
| 
 | 
 | ||||||
| %build | %build | ||||||
| %configure \ | %configure \ | ||||||
| @ -128,10 +103,10 @@ extra features. | |||||||
| --enable-pie \ | --enable-pie \ | ||||||
| --enable-relro | --enable-relro | ||||||
| 
 | 
 | ||||||
| make %{?_smp_mflags} V=2 | %make_build V=2 | ||||||
| 
 | 
 | ||||||
| %install | %install | ||||||
| make install DESTDIR=$RPM_BUILD_ROOT DESTMAN=$RPM_BUILD_ROOT%{_mandir} | %make_install DESTMAN=$RPM_BUILD_ROOT%{_mandir} | ||||||
| mkdir -pm700 $RPM_BUILD_ROOT%{_localstatedir}/spool/cron | mkdir -pm700 $RPM_BUILD_ROOT%{_localstatedir}/spool/cron | ||||||
| mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ | mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ | ||||||
| mkdir -pm755 $RPM_BUILD_ROOT%{_sysconfdir}/cron.d/ | mkdir -pm755 $RPM_BUILD_ROOT%{_sysconfdir}/cron.d/ | ||||||
| @ -153,8 +128,7 @@ touch $RPM_BUILD_ROOT/var/spool/anacron/cron.monthly | |||||||
| install -m 644 contrib/dailyjobs $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/dailyjobs | install -m 644 contrib/dailyjobs $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/dailyjobs | ||||||
| 
 | 
 | ||||||
| # install systemd initscript | # install systemd initscript | ||||||
| mkdir -p $RPM_BUILD_ROOT/lib/systemd/system/ | install -m 644 -D contrib/cronie.systemd $RPM_BUILD_ROOT/usr/lib/systemd/system/crond.service | ||||||
| install -m 644 contrib/cronie.systemd $RPM_BUILD_ROOT/lib/systemd/system/crond.service |  | ||||||
| 
 | 
 | ||||||
| %post | %post | ||||||
| # run after an installation | # run after an installation | ||||||
| @ -220,7 +194,7 @@ exit 0 | |||||||
| %config(noreplace) %{_sysconfdir}/sysconfig/crond | %config(noreplace) %{_sysconfdir}/sysconfig/crond | ||||||
| %config(noreplace,missingok) %{_sysconfdir}/cron.deny | %config(noreplace,missingok) %{_sysconfdir}/cron.deny | ||||||
| %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/0hourly | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/0hourly | ||||||
| %attr(0644,root,root) /lib/systemd/system/crond.service | %attr(0644,root,root) /usr/lib/systemd/system/crond.service | ||||||
| 
 | 
 | ||||||
| %files anacron | %files anacron | ||||||
| %{_sbindir}/anacron | %{_sbindir}/anacron | ||||||
| @ -237,42 +211,73 @@ exit 0 | |||||||
| %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs | %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
| * Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-10 | * Mon Jul 11 2022 Jan Staněk <jstanek@redhat.com> - 1.5.7-8 | ||||||
| - Bump release because of CI issues |  | ||||||
| - Related: RHEL-2609 |  | ||||||
| 
 |  | ||||||
| * Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-9 |  | ||||||
| - Add `optimization_to_close_fds.patch` |  | ||||||
| - Resolves: RHEL-2609 |  | ||||||
| 
 |  | ||||||
| * Mon Jul 11 2022 Jan Staněk <jstanek@redhat.com> - 1.5.2-8 |  | ||||||
| - Set 'missingok' for /etc/cron.deny to not recreate it on update | - Set 'missingok' for /etc/cron.deny to not recreate it on update | ||||||
| 
 | 
 | ||||||
| * Mon May 02 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-7 | * Tue May 31 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.7-7 | ||||||
|  | - Add gating.yaml | ||||||
|  |   Related: rhbz#2090691 | ||||||
|  | 
 | ||||||
|  | * Fri May 27 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.7-6 | ||||||
| - Add support for "~" ("random within range") | - Add support for "~" ("random within range") | ||||||
|   Resolves: rhbz#1832510 |   Resolves: rhbz#2090691 | ||||||
| 
 | 
 | ||||||
| * Mon Sep 20 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-6 | * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.7-5 | ||||||
| - Use system-auth for PAM authentication | - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags | ||||||
|   Resolves: rhbz#2005526 |   Related: rhbz#1991688 | ||||||
| 
 | 
 | ||||||
| * Fri Sep 03 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-5 | * Wed May 12 2021 Jan Staněk <jstanek@redhat.com> - 1.5.7-4 | ||||||
| - Create PID files even when crond does not fork | - Install crond.service into /usr/lib | ||||||
|   Resolves: rhbz#1926300 |  | ||||||
| 
 | 
 | ||||||
| * Wed Jun 12 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-4 | * Fri Apr 30 2021 Jan Staněk <jstanek@redhat.com> - 1.5.7-3 | ||||||
| - Make crond restart on failure | - Address issues found by static scanners | ||||||
| - Resolves: rhbz#1715137 |  | ||||||
| 
 | 
 | ||||||
| * Mon May 20 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-3 | * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.7-2 | ||||||
| - use role from the current context for system crontabs | - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 | ||||||
| - Resolves: rhbz#1708557 |  | ||||||
| 
 | 
 | ||||||
| * Fri Sep 07 2018 Marcel Plch <mplch@redhat.com> - 1.5.2-2 | * Mon Mar 29 2021 Tomáš Mráz <tmraz@fedoraproject.org> - 1.5.7-1 | ||||||
| - Covscan issues review | - new upstream release 1.5.7 with bug fixes and enhancements | ||||||
| - Fix potential memory leaks | 
 | ||||||
| - Fix unsafe code | * Wed Mar 17 2021 Tomáš Mráz <tmraz@fedoraproject.org> - 1.5.6-1 | ||||||
| - Resolves: rhbz#1602467 | - new upstream release 1.5.6 with bug fixes and enhancements | ||||||
|  | 
 | ||||||
|  | * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-5 | ||||||
|  | - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild | ||||||
|  | 
 | ||||||
|  | * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-4 | ||||||
|  | - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild | ||||||
|  | 
 | ||||||
|  | * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.5.5-3 | ||||||
|  | - Use make macros | ||||||
|  | - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro | ||||||
|  | 
 | ||||||
|  | * Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-2 | ||||||
|  | - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild | ||||||
|  | 
 | ||||||
|  | * Thu Oct 31 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.5-1 | ||||||
|  | - new upstream release 1.5.5 with multiple bug fixes and improvements | ||||||
|  | 
 | ||||||
|  | * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-2 | ||||||
|  | - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild | ||||||
|  | 
 | ||||||
|  | * Mon Mar 18 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.4-1 | ||||||
|  | - new upstream release 1.5.4 with regression fix | ||||||
|  | 
 | ||||||
|  | * Fri Mar 15 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.3-1 | ||||||
|  | - new upstream release 1.5.3 fixing CVE-2019-9704 and CVE-2019-9705 | ||||||
|  | 
 | ||||||
|  | * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.2-5 | ||||||
|  | - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild | ||||||
|  | 
 | ||||||
|  | * Fri Nov 30 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-4 | ||||||
|  | - Do not hard-require systemd as crond is used in containers without | ||||||
|  |   systemd (#1654659) | ||||||
|  | 
 | ||||||
|  | * Wed Oct 31 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-3 | ||||||
|  | - use role from the current context for system crontabs (#1639381) | ||||||
|  | 
 | ||||||
|  | * Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.2-2 | ||||||
|  | - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild | ||||||
| 
 | 
 | ||||||
| * Thu May  3 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-1 | * Thu May  3 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-1 | ||||||
| - new upstream release 1.5.2 | - new upstream release 1.5.2 | ||||||
| @ -1,41 +0,0 @@ | |||||||
| From 1f866530f5b3c49012c61b299f3c4e1dceff2a71 Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Tomas Mraz <tmraz@fedoraproject.org> |  | ||||||
| Date: Thu, 18 Oct 2018 14:25:58 +0200 |  | ||||||
| Subject: [PATCH] Use the role from the crond context for system job contexts. |  | ||||||
| 
 |  | ||||||
| New SELinux policy added multiple roles for the system_u user on crond_t. |  | ||||||
| The default context returned from get_default_context_with_level() is now |  | ||||||
| unconfined_t instead of system_cronjob_t which is incorrect for system cron |  | ||||||
| jobs. |  | ||||||
| We use the role to limit the default context to system_cronjob_t. |  | ||||||
| ---
 |  | ||||||
|  src/security.c | 6 ++++-- |  | ||||||
|  1 file changed, 4 insertions(+), 2 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/src/security.c b/src/security.c
 |  | ||||||
| index d1bdc7f..5213cf3 100644
 |  | ||||||
| --- a/src/security.c
 |  | ||||||
| +++ b/src/security.c
 |  | ||||||
| @@ -505,6 +505,7 @@ get_security_context(const char *name, int crontab_fd,
 |  | ||||||
|  		retval = get_default_context_with_level(seuser, level, NULL, &scontext); |  | ||||||
|  	} |  | ||||||
|  	else { |  | ||||||
| +		const char *current_user, *current_role;
 |  | ||||||
|  		if (getcon(¤t_context_str) < 0) { |  | ||||||
|  			log_it(name, getpid(), "getcon FAILED", "", 0); |  | ||||||
|  			return (security_getenforce() > 0); |  | ||||||
| @@ -517,8 +518,9 @@ get_security_context(const char *name, int crontab_fd,
 |  | ||||||
|  			return (security_getenforce() > 0); |  | ||||||
|  		} |  | ||||||
|   |  | ||||||
| -		const char *current_user = context_user_get(current_context);
 |  | ||||||
| -		retval = get_default_context_with_level(current_user, level, NULL, &scontext);
 |  | ||||||
| +		current_user = context_user_get(current_context);
 |  | ||||||
| +		current_role = context_role_get(current_context);
 |  | ||||||
| +		retval = get_default_context_with_rolelevel(current_user, current_role, level, NULL, &scontext);
 |  | ||||||
|   |  | ||||||
|  		freecon(current_context_str); |  | ||||||
|  		context_free(current_context); |  | ||||||
| -- 
 |  | ||||||
| 2.14.5 |  | ||||||
| 
 |  | ||||||
| @ -1,26 +0,0 @@ | |||||||
| From 0570c2cd979bc9ce1da6a873089e89dbca900a1f Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Tomas Mraz <tmraz@fedoraproject.org> |  | ||||||
| Date: Tue, 7 May 2019 14:45:53 +0200 |  | ||||||
| Subject: [PATCH] Revert "Avoid creating pid files when crond doesn't fork" |  | ||||||
| 
 |  | ||||||
| This reverts commit 5b285b46b88dc63689c6a56542cb2ba81f861b66. |  | ||||||
| The PID file is useful to avoid running multiple crond instances |  | ||||||
| at once. |  | ||||||
| ---
 |  | ||||||
|  src/misc.c | 3 --- |  | ||||||
|  1 file changed, 3 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/src/misc.c b/src/misc.c
 |  | ||||||
| index 42153b8..faf6ffb 100644
 |  | ||||||
| --- a/src/misc.c
 |  | ||||||
| +++ b/src/misc.c
 |  | ||||||
| @@ -315,9 +315,6 @@ void acquire_daemonlock(int closeflag) {
 |  | ||||||
|  		return; |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	if (NoFork == 1)
 |  | ||||||
| -		return; //move along, nothing to do here...
 |  | ||||||
| -
 |  | ||||||
|  	if (fd == -1) { |  | ||||||
|  		pidfile = _PATH_CRON_PID; |  | ||||||
|  		/* Initial mode is 0600 to prevent flock() race/DoS. */ |  | ||||||
| @ -1,13 +0,0 @@ | |||||||
| diff -ru cronie-1.5.2/contrib/cronie.systemd cronie-1.5.2_patched/contrib/cronie.systemd
 |  | ||||||
| --- cronie-1.5.2/contrib/cronie.systemd	2018-11-27 15:26:46.797288342 +0100
 |  | ||||||
| +++ cronie-1.5.2_patched/contrib/cronie.systemd	2018-11-27 15:26:19.479159225 +0100
 |  | ||||||
| @@ -7,6 +7,8 @@
 |  | ||||||
|  ExecStart=/usr/sbin/crond -n $CRONDARGS |  | ||||||
|  ExecReload=/bin/kill -HUP $MAINPID |  | ||||||
|  KillMode=process |  | ||||||
| +Restart=on-failure
 |  | ||||||
| +RestartSec=30s
 |  | ||||||
|   |  | ||||||
|  [Install] |  | ||||||
|  WantedBy=multi-user.target |  | ||||||
| 
 |  | ||||||
| @ -1,26 +0,0 @@ | |||||||
| From 978a00ea7ac92852c153ebb3b2152886730ca51c Mon Sep 17 00:00:00 2001 |  | ||||||
| From: Marcel Plch <mplch@redhat.com> |  | ||||||
| Date: Fri, 7 Dec 2018 15:01:19 +0100 |  | ||||||
| Subject: [PATCH] Use system-auth instead of password-auth for PAM |  | ||||||
|  authentication (#25) |  | ||||||
| 
 |  | ||||||
| ---
 |  | ||||||
|  pam/crond | 6 +++--- |  | ||||||
|  1 file changed, 3 insertions(+), 3 deletions(-) |  | ||||||
| 
 |  | ||||||
| diff --git a/pam/crond b/pam/crond
 |  | ||||||
| index 91964aa..560529d 100644
 |  | ||||||
| --- a/pam/crond
 |  | ||||||
| +++ b/pam/crond
 |  | ||||||
| @@ -4,8 +4,8 @@
 |  | ||||||
|  # |  | ||||||
|  # Although no PAM authentication is called, auth modules |  | ||||||
|  # are used for credential setting |  | ||||||
| -auth       include    password-auth
 |  | ||||||
| +auth       include    system-auth
 |  | ||||||
|  account    required   pam_access.so |  | ||||||
| -account    include    password-auth
 |  | ||||||
| +account    include    system-auth
 |  | ||||||
|  session    required   pam_loginuid.so |  | ||||||
| -session    include    password-auth
 |  | ||||||
| +session    include    system-auth
 |  | ||||||
| @ -1,140 +0,0 @@ | |||||||
| diff -ru cronie-1.5.2/anacron/readtab.c cronie-1.5.2_patched/anacron/readtab.c
 |  | ||||||
| --- cronie-1.5.2/anacron/readtab.c	2017-09-14 13:53:21.000000000 +0200
 |  | ||||||
| +++ cronie-1.5.2_patched/anacron/readtab.c	2018-09-07 15:13:17.752498050 +0200
 |  | ||||||
| @@ -134,8 +134,19 @@
 |  | ||||||
|   |  | ||||||
|      var_len = (int)strlen(env_var); |  | ||||||
|      val_len = (int)strlen(value); |  | ||||||
| +    if (!var_len) {
 |  | ||||||
| +        return;
 |  | ||||||
| +    }
 |  | ||||||
| +
 |  | ||||||
|      er = obstack_alloc(&tab_o, sizeof(env_rec)); |  | ||||||
| +    if (er == NULL) {
 |  | ||||||
| +        die_e("Cannot allocate memory.");
 |  | ||||||
| +    }
 |  | ||||||
| +
 |  | ||||||
|      er->assign = obstack_alloc(&tab_o, var_len + 1 + val_len + 1); |  | ||||||
| +    if (er->assign == NULL) {
 |  | ||||||
| +        die_e("Cannot allocate memory.");
 |  | ||||||
| +    }
 |  | ||||||
|      strcpy(er->assign, env_var); |  | ||||||
|      er->assign[var_len] = '='; |  | ||||||
|      strcpy(er->assign + var_len + 1, value); |  | ||||||
| @@ -167,15 +178,24 @@
 |  | ||||||
|  	return; |  | ||||||
|      } |  | ||||||
|      jr = obstack_alloc(&tab_o, sizeof(job_rec)); |  | ||||||
| +    if (jr == NULL) {
 |  | ||||||
| +        die_e("Cannot allocate memory.");
 |  | ||||||
| +    }
 |  | ||||||
|      jr->period = period; |  | ||||||
|      jr->named_period = 0; |  | ||||||
|      delay += random_number; |  | ||||||
|      jr->delay = delay; |  | ||||||
|      jr->tab_line = line_num; |  | ||||||
|      jr->ident = obstack_alloc(&tab_o, ident_len + 1); |  | ||||||
| +    if (jr->ident == NULL) {
 |  | ||||||
| +        die_e("Cannot allocate memory.");
 |  | ||||||
| +    }
 |  | ||||||
|      strcpy(jr->ident, ident); |  | ||||||
|      jr->arg_num = job_arg_num(ident); |  | ||||||
|      jr->command = obstack_alloc(&tab_o, command_len + 1); |  | ||||||
| +    if (jr->command == NULL) {
 |  | ||||||
| +        die_e("Cannot allocate memory.");
 |  | ||||||
| +    }
 |  | ||||||
|      strcpy(jr->command, command); |  | ||||||
|      jr->job_pid = jr->mailer_pid = 0; |  | ||||||
|      if (last_job_rec != NULL) last_job_rec->next = jr; |  | ||||||
| @@ -208,6 +228,9 @@
 |  | ||||||
|      } |  | ||||||
|   |  | ||||||
|      jr = obstack_alloc(&tab_o, sizeof(job_rec)); |  | ||||||
| +    if (jr == NULL) {
 |  | ||||||
| +        die_e("Cannot allocate memory.");
 |  | ||||||
| +    }
 |  | ||||||
|      if (!strncmp ("@monthly", periods, 8)) { |  | ||||||
|  		jr->named_period = 1; |  | ||||||
|      } else if (!strncmp("@yearly", periods, 7) || !strncmp("@annually", periods, 9) || !strncmp(/* backwards compat misspelling */"@annualy", periods, 8)) { |  | ||||||
| @@ -225,9 +248,15 @@
 |  | ||||||
|      jr->delay = delay; |  | ||||||
|      jr->tab_line = line_num; |  | ||||||
|      jr->ident = obstack_alloc(&tab_o, ident_len + 1); |  | ||||||
| +    if (jr->ident == NULL) {
 |  | ||||||
| +        die_e("Cannot allocate memory.");
 |  | ||||||
| +    }
 |  | ||||||
|      strcpy(jr->ident, ident); |  | ||||||
|      jr->arg_num = job_arg_num(ident); |  | ||||||
|      jr->command = obstack_alloc(&tab_o, command_len + 1); |  | ||||||
| +    if (jr->command == NULL) {
 |  | ||||||
| +        die_e("Cannot allocate memory.");
 |  | ||||||
| +    }
 |  | ||||||
|      strcpy(jr->command, command); |  | ||||||
|      jr->job_pid = jr->mailer_pid = 0; |  | ||||||
|      if (last_job_rec != NULL) last_job_rec->next = jr; |  | ||||||
| diff -ru cronie-1.5.2/anacron/runjob.c cronie-1.5.2_patched/anacron/runjob.c
 |  | ||||||
| --- cronie-1.5.2/anacron/runjob.c	2018-01-24 17:02:33.000000000 +0100
 |  | ||||||
| +++ cronie-1.5.2_patched/anacron/runjob.c	2018-09-07 15:13:17.752498050 +0200
 |  | ||||||
| @@ -104,9 +104,44 @@
 |  | ||||||
|  static void |  | ||||||
|  xputenv(const char *s) |  | ||||||
|  { |  | ||||||
| -    char *copy = strdup (s);
 |  | ||||||
| -    if (!copy) die_e("Not enough memory to set the environment");
 |  | ||||||
| -    if (putenv(copy)) die_e("Can't set the environment");
 |  | ||||||
| +    char *name = NULL, *val = NULL;
 |  | ||||||
| +    char *eq_ptr;
 |  | ||||||
| +    const char *errmsg;
 |  | ||||||
| +    size_t eq_index;
 |  | ||||||
| +
 |  | ||||||
| +    if (s == NULL) {
 |  | ||||||
| +        die_e("Invalid environment string");
 |  | ||||||
| +    }
 |  | ||||||
| +
 |  | ||||||
| +    eq_ptr = strchr(s, '=');
 |  | ||||||
| +    if (eq_ptr == NULL) {
 |  | ||||||
| +        die_e("Invalid environment string");
 |  | ||||||
| +    }
 |  | ||||||
| +
 |  | ||||||
| +    eq_index = (size_t) (eq_ptr - s);
 |  | ||||||
| +
 |  | ||||||
| +    name = malloc((eq_index + 1) * sizeof(char));
 |  | ||||||
| +    if (name == NULL) {
 |  | ||||||
| +        die_e("Not enough memory to set the environment");
 |  | ||||||
| +    }
 |  | ||||||
| +
 |  | ||||||
| +    val = malloc((strlen(s) - eq_index) * sizeof(char));
 |  | ||||||
| +    if (val == NULL) {
 |  | ||||||
| +        die_e("Not enough memory to set the environment");
 |  | ||||||
| +    }
 |  | ||||||
| +
 |  | ||||||
| +    strncpy(name, s, eq_index);
 |  | ||||||
| +    name[eq_index] = '\0';
 |  | ||||||
| +    strcpy(val, s + eq_index + 1);
 |  | ||||||
| +
 |  | ||||||
| +    if (setenv(name, val, 1)) {
 |  | ||||||
| +        die_e("Can't set the environment");
 |  | ||||||
| +    }
 |  | ||||||
| +
 |  | ||||||
| +    free(name);
 |  | ||||||
| +    free(val);
 |  | ||||||
| +    return;
 |  | ||||||
| +
 |  | ||||||
|  } |  | ||||||
|   |  | ||||||
|  static void |  | ||||||
| diff -ru cronie-1.5.2/src/entry.c cronie-1.5.2_patched/src/entry.c
 |  | ||||||
| --- cronie-1.5.2/src/entry.c	2017-09-14 13:53:21.000000000 +0200
 |  | ||||||
| +++ cronie-1.5.2_patched/src/entry.c	2018-09-07 15:13:17.752498050 +0200
 |  | ||||||
| @@ -131,8 +131,10 @@
 |  | ||||||
|  			goto eof; |  | ||||||
|  		} |  | ||||||
|  		ch = get_char(file); |  | ||||||
| -		if (ch == EOF)
 |  | ||||||
| +		if (ch == EOF) {
 |  | ||||||
| +			free(e);
 |  | ||||||
|  			return NULL; |  | ||||||
| +		}
 |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
|  	if (ch == '@') { |  | ||||||
| @ -1,117 +0,0 @@ | |||||||
| diff -ru cronie-1.5.2/src/cronnext.c cronie-1.5.2_patched/src/cronnext.c
 |  | ||||||
| --- cronie-1.5.2/src/cronnext.c	2018-05-03 18:41:12.000000000 +0200
 |  | ||||||
| +++ cronie-1.5.2_patched/src/cronnext.c	2018-09-07 15:17:54.555924440 +0200
 |  | ||||||
| @@ -71,13 +71,13 @@
 |  | ||||||
|  /* |  | ||||||
|   * print entry flags |  | ||||||
|   */ |  | ||||||
| -char *flagname[]= {
 |  | ||||||
| -	[MIN_STAR] =	"MIN_STAR",
 |  | ||||||
| -	[HR_STAR] =	"HR_STAR",
 |  | ||||||
| -	[DOM_STAR] =	"DOM_STAR",
 |  | ||||||
| -	[DOW_STAR] =	"DOW_STAR",
 |  | ||||||
| -	[WHEN_REBOOT] =	"WHEN_REBOOT",
 |  | ||||||
| -	[DONT_LOG] =	"DONT_LOG"
 |  | ||||||
| +const char *flagname[]= {
 |  | ||||||
| +	"MIN_STAR",
 |  | ||||||
| +	"HR_STAR",
 |  | ||||||
| +	"DOM_STAR",
 |  | ||||||
| +	"DOW_STAR",
 |  | ||||||
| +	"WHEN_REBOOT",
 |  | ||||||
| +	"DONT_LOG"
 |  | ||||||
|  }; |  | ||||||
|   |  | ||||||
|  void printflags(char *indent, int flags) { |  | ||||||
| @@ -85,8 +85,8 @@
 |  | ||||||
|  	int first = 1; |  | ||||||
|   |  | ||||||
|  	printf("%s    flagnames:", indent); |  | ||||||
| -	for (f = 1; f < sizeof(flagname);  f = f << 1)
 |  | ||||||
| -		if (flags & f) {
 |  | ||||||
| +	for (f = 0; f < sizeof(flagname)/sizeof(char *);  f++)
 |  | ||||||
| +		if (flags & (int)1 << f) {
 |  | ||||||
|  			printf("%s%s", first ? " " : "|", flagname[f]); |  | ||||||
|  			first = 0; |  | ||||||
|  		} |  | ||||||
| diff -ru cronie-1.5.2/src/do_command.c cronie-1.5.2_patched/src/do_command.c
 |  | ||||||
| --- cronie-1.5.2/src/do_command.c	2017-09-14 13:53:21.000000000 +0200
 |  | ||||||
| +++ cronie-1.5.2_patched/src/do_command.c	2018-09-07 15:17:54.555924440 +0200
 |  | ||||||
| @@ -418,7 +418,7 @@
 |  | ||||||
|  			if (mailto && safe_p(usernm, mailto) |  | ||||||
|  				&& strncmp(MailCmd,"off",3) && !SyslogOutput) { |  | ||||||
|  				char **env; |  | ||||||
| -				char mailcmd[MAX_COMMAND];
 |  | ||||||
| +				char mailcmd[MAX_COMMAND+1]; /* +1 for terminator */
 |  | ||||||
|  				char hostname[MAXHOSTNAMELEN]; |  | ||||||
|  				char *content_type = env_get("CONTENT_TYPE", jobenv), |  | ||||||
|  					*content_transfer_encoding = |  | ||||||
| @@ -434,7 +434,7 @@
 |  | ||||||
|  					} |  | ||||||
|  				} |  | ||||||
|  				else { |  | ||||||
| -					strncpy(mailcmd, MailCmd, MAX_COMMAND);
 |  | ||||||
| +					strncpy(mailcmd, MailCmd, MAX_COMMAND+1);
 |  | ||||||
|  				} |  | ||||||
|  				if (!(mail = cron_popen(mailcmd, "w", e->pwd, jobenv))) { |  | ||||||
|  					perror(mailcmd); |  | ||||||
| diff -ru cronie-1.5.2/src/env.c cronie-1.5.2_patched/src/env.c
 |  | ||||||
| --- cronie-1.5.2/src/env.c	2017-09-14 13:53:21.000000000 +0200
 |  | ||||||
| +++ cronie-1.5.2_patched/src/env.c	2018-09-07 15:17:54.554924435 +0200
 |  | ||||||
| @@ -63,7 +63,7 @@
 |  | ||||||
|  		for (i = 0; i < count; i++) |  | ||||||
|  			if ((p[i] = strdup(envp[i])) == NULL) { |  | ||||||
|  				save_errno = errno; |  | ||||||
| -				while (--i >= 0)
 |  | ||||||
| +				while (i-- > 0)
 |  | ||||||
|  					free(p[i]); |  | ||||||
|  				free(p); |  | ||||||
|  				errno = save_errno; |  | ||||||
| @@ -263,7 +263,9 @@
 |  | ||||||
|  	} |  | ||||||
|  	if (state != FINI && state != EQ2 && !(state == VALUE && !quotechar)) { |  | ||||||
|  		Debug(DPARS, ("load_env, not an env var, state = %d\n", state)); |  | ||||||
| -			fseek(f, filepos, 0);
 |  | ||||||
| +			if (fseek(f, filepos, 0)) {
 |  | ||||||
| +                return ERR;
 |  | ||||||
| +           }
 |  | ||||||
|  		Set_LineNum(fileline); |  | ||||||
|  		return (FALSE); |  | ||||||
|  	} |  | ||||||
| diff -ru cronie-1.5.2/src/globals.h cronie-1.5.2_patched/src/globals.h
 |  | ||||||
| --- cronie-1.5.2/src/globals.h	2017-01-17 16:53:50.000000000 +0100
 |  | ||||||
| +++ cronie-1.5.2_patched/src/globals.h	2018-09-07 15:17:54.555924440 +0200
 |  | ||||||
| @@ -77,7 +77,7 @@
 |  | ||||||
|  XTRN time_t	StartTime; |  | ||||||
|  XTRN int	NoFork; |  | ||||||
|  XTRN int        PermitAnyCrontab; |  | ||||||
| -XTRN char       MailCmd[MAX_COMMAND];
 |  | ||||||
| +XTRN char       MailCmd[MAX_COMMAND+1]; /* +1 for terminator */
 |  | ||||||
|  XTRN char       cron_default_mail_charset[MAX_ENVSTR]; |  | ||||||
|  XTRN int        EnableClustering; |  | ||||||
|  XTRN int	ChangePath; |  | ||||||
| diff -ru cronie-1.5.2/src/security.c cronie-1.5.2_patched/src/security.c
 |  | ||||||
| --- cronie-1.5.2/src/security.c	2017-09-14 13:29:47.000000000 +0200
 |  | ||||||
| +++ cronie-1.5.2_patched/src/security.c	2018-09-07 15:17:54.554924435 +0200
 |  | ||||||
| @@ -417,7 +417,7 @@
 |  | ||||||
|  		} |  | ||||||
|  	} |  | ||||||
|   |  | ||||||
| -	if (strcmp(u->scontext, ucontext)) {
 |  | ||||||
| +	if (!ucontext || strcmp(u->scontext, ucontext)) {
 |  | ||||||
|  		if (!cron_authorize_range(u->scontext, ucontext)) { |  | ||||||
|  			if (security_getenforce() > 0) { |  | ||||||
|  # ifdef WITH_AUDIT |  | ||||||
| diff -ru cronie-1.5.2/src/user.c cronie-1.5.2_patched/src/user.c
 |  | ||||||
| --- cronie-1.5.2/src/user.c	2017-01-17 16:53:50.000000000 +0100
 |  | ||||||
| +++ cronie-1.5.2_patched/src/user.c	2018-09-07 15:17:54.555924440 +0200
 |  | ||||||
| @@ -44,6 +44,10 @@
 |  | ||||||
|  free_user (user * u) { |  | ||||||
|  	entry *e, *ne; |  | ||||||
|   |  | ||||||
| +	if (!u) {
 |  | ||||||
| +		return;
 |  | ||||||
| +	}
 |  | ||||||
| +
 |  | ||||||
|  	free(u->name); |  | ||||||
|  	free(u->tabname); |  | ||||||
|  	for (e = u->crontab; e != NULL; e = ne)	{ |  | ||||||
| @ -1,6 +0,0 @@ | |||||||
| --- !Policy |  | ||||||
| product_versions: |  | ||||||
|   - rhel-8 |  | ||||||
| decision_context: osci_compose_gate |  | ||||||
| rules: |  | ||||||
|   - !PassingTestCaseRule {test_case_name: osci.brew-build.tier1.functional} |  | ||||||
| @ -1,40 +0,0 @@ | |||||||
| --- ./src/do_command.c	2023-09-07 09:40:32.016272074 +0200
 |  | ||||||
| +++ ./src/do_command.c	2023-09-07 09:43:04.938995232 +0200
 |  | ||||||
| @@ -30,6 +30,7 @@
 |  | ||||||
|  #include <string.h> |  | ||||||
|  #include <sys/wait.h> |  | ||||||
|  #include <unistd.h> |  | ||||||
| +#include <dirent.h>
 |  | ||||||
|   |  | ||||||
|  #include "externs.h" |  | ||||||
|  #include "funcs.h" |  | ||||||
| @@ -239,10 +240,26 @@
 |  | ||||||
|  		{ |  | ||||||
|  			char *shell = env_get("SHELL", jobenv); |  | ||||||
|  			int fd, fdmax = getdtablesize(); |  | ||||||
| +			DIR *dir;
 |  | ||||||
| +			struct dirent *dent;
 |  | ||||||
|   |  | ||||||
| -			/* close all unwanted open file descriptors */
 |  | ||||||
| -			for(fd = STDERR + 1; fd < fdmax; fd++) {
 |  | ||||||
| -				close(fd);
 |  | ||||||
| +			/*
 |  | ||||||
| +			 * if /proc is mounted, we can optimize what fd can be closed,
 |  | ||||||
| +			 * but if it isn't available, fall back to the previous behavior.
 |  | ||||||
| +			 */
 |  | ||||||
| +			if ((dir = opendir("/proc/self/fd")) != NULL) {
 |  | ||||||
| +				while ((dent = readdir(dir)) != NULL) {
 |  | ||||||
| +					if (!strcmp(dent->d_name, ".") || !strcmp(dent->d_name, ".."))
 |  | ||||||
| +						continue;
 |  | ||||||
| +					fd = atoi(dent->d_name);
 |  | ||||||
| +					if (fd > STDERR_FILENO)
 |  | ||||||
| +						close(fd);
 |  | ||||||
| +					}
 |  | ||||||
| +			} else {
 |  | ||||||
| +				/* close all unwanted open file descriptors */
 |  | ||||||
| +				for(fd = STDERR + 1; fd < fdmax; fd++) {
 |  | ||||||
| +					close(fd);
 |  | ||||||
| +				}
 |  | ||||||
|  			} |  | ||||||
|   |  | ||||||
|  #if DEBUGGING |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user