Compare commits

...

No commits in common. "c8s" and "c9" have entirely different histories.
c8s ... c9

17 changed files with 231 additions and 516 deletions

1
.cronie.metadata Normal file
View File

@ -0,0 +1 @@
0275d7c3b5376664f9e2c50b8c8cc338408b08b2 SOURCES/cronie-1.5.7.tar.gz

3
.gitignore vendored
View File

@ -1,2 +1 @@
SOURCES/cronie-1.5.2.tar.gz SOURCES/cronie-1.5.7.tar.gz
/cronie-1.5.2.tar.gz

View File

@ -0,0 +1,114 @@
From 09afe49c73cb495f32b96dce32728352c46ba865 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
Date: Thu, 29 Apr 2021 16:03:05 +0200
Subject: [PATCH] Address issues found by coverity scan
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jan Staněk <jstanek@redhat.com>
---
anacron/main.c | 8 ++++++--
anacron/runjob.c | 2 ++
src/crontab.c | 1 +
src/database.c | 3 ++-
src/pw_dup.c | 1 +
5 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/anacron/main.c b/anacron/main.c
index d092970..65f8fed 100644
--- a/anacron/main.c
+++ b/anacron/main.c
@@ -44,8 +44,8 @@ int day_now;
int year, month, day_of_month; /* date anacron started */
char *program_name;
-char *anacrontab;
-char *spooldir;
+char *anacrontab = NULL;
+char *spooldir = NULL;
int serialize, force, update_only, now,
no_daemon, quiet, testing_only; /* command-line options */
char **job_args; /* vector of "job" command-line arguments */
@@ -128,12 +128,14 @@ parse_opts(int argc, char *argv[])
quiet = 1;
break;
case 't':
+ free(anacrontab);
anacrontab = strdup(optarg);
break;
case 'T':
testing_only = 1;
break;
case 'S':
+ free(spooldir);
spooldir = strdup(optarg);
break;
case 'V':
@@ -208,9 +210,11 @@ go_background(void)
/* stdin is already closed */
if (fclose(stdout)) die_e("Can't close stdout");
+ /* coverity[leaked_handle] fd 1 closed automatically */
xopen(1, "/dev/null", O_WRONLY);
if (fclose(stderr)) die_e("Can't close stderr");
+ /* coverity[leaked_handle] fd 2 closed automatically */
xopen(2, "/dev/null", O_WRONLY);
pid = xfork();
diff --git a/anacron/runjob.c b/anacron/runjob.c
index 341351f..04d6904 100644
--- a/anacron/runjob.c
+++ b/anacron/runjob.c
@@ -237,7 +237,9 @@ launch_mailer(job_rec *jr)
xcloselog();
/* Ensure stdout/stderr are sane before exec-ing sendmail */
+ /* coverity[leaked_handle] STDOUT closed automatically */
xclose(STDOUT_FILENO); xopen(STDOUT_FILENO, "/dev/null", O_WRONLY);
+ /* coverity[leaked_handle] STDERR closed automatically */
xclose(STDERR_FILENO); xopen(STDERR_FILENO, "/dev/null", O_WRONLY);
xclose(jr->output_fd);
diff --git a/src/crontab.c b/src/crontab.c
index 240c112..41c8984 100644
--- a/src/crontab.c
+++ b/src/crontab.c
@@ -872,6 +872,7 @@ static int replace_cmd(void) {
if ((error = check_syntax(tmp)) < 0) {
fprintf(stderr, "Invalid crontab file, can't install.\n");
+ fclose(tmp);
goto done;
}
diff --git a/src/database.c b/src/database.c
index c1e4593..bff0256 100644
--- a/src/database.c
+++ b/src/database.c
@@ -559,7 +559,8 @@ int load_database(cron_db * old_db) {
if (not_a_crontab(dp))
continue;
- strncpy(fname, dp->d_name, NAME_MAX + 1);
+ strncpy(fname, dp->d_name, NAME_MAX);
+ fname[NAME_MAX] = '\0';
if (!glue_strings(tabname, sizeof tabname, SPOOL_DIR, fname, '/'))
continue; /* XXX log? */
diff --git a/src/pw_dup.c b/src/pw_dup.c
index ea787cd..c6f7b00 100644
--- a/src/pw_dup.c
+++ b/src/pw_dup.c
@@ -121,6 +121,7 @@ pw_dup(const struct passwd *pw) {
cp += ssize;
}
+ /* cppcheck-suppress[memleak symbolName=cp] memory originally pointed to by cp returned via newpw */
return (newpw);
}
--
2.31.1

View File

@ -1,8 +1,8 @@
From 0f1704a0f8c5fd2a4da6f530694bdd93a7ca3226 Mon Sep 17 00:00:00 2001 From 8c3f71bbe109f5df8280eeaa2152dabc4f48474a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?=
<35430604+opohorel@users.noreply.github.com> <35430604+opohorel@users.noreply.github.com>
Date: Mon, 8 Nov 2021 16:20:09 +0100 Date: Mon, 8 Nov 2021 16:20:09 +0100
Subject: [PATCH] Add random within range '~' operator Subject: [PATCH 2/5] Add random within range '~' operator
With the operator one can specify for a job a random time or date within With the operator one can specify for a job a random time or date within
a specified range for a field. a specified range for a field.
@ -10,14 +10,14 @@ The random value is generated when the crontab where the job is
specified, is loaded. specified, is loaded.
--- ---
man/crontab.5 | 9 ++ man/crontab.5 | 9 ++
src/entry.c | 262 ++++++++++++++++++++++++++++++++------------------ src/entry.c | 267 +++++++++++++++++++++++++++++++-------------------
2 files changed, 176 insertions(+), 95 deletions(-) 2 files changed, 175 insertions(+), 101 deletions(-)
diff --git a/man/crontab.5 b/man/crontab.5 diff --git a/man/crontab.5 b/man/crontab.5
index a011c89..ba8f0c3 100644 index 04358cb..5d89862 100644
--- a/man/crontab.5 --- a/man/crontab.5
+++ b/man/crontab.5 +++ b/man/crontab.5
@@ -199,6 +199,15 @@ hyphen. The specified range is inclusive. For example, 8-11 for @@ -205,6 +205,15 @@ hyphen. The specified range is inclusive. For example, 8-11 for
an 'hours' entry specifies execution at hours 8, 9, 10, and 11. The first an 'hours' entry specifies execution at hours 8, 9, 10, and 11. The first
number must be less than or equal to the second one. number must be less than or equal to the second one.
.PP .PP
@ -34,7 +34,7 @@ index a011c89..ba8f0c3 100644
commas. Examples: "1,2,5,9", "0-4,8-12". commas. Examples: "1,2,5,9", "0-4,8-12".
.PP .PP
diff --git a/src/entry.c b/src/entry.c diff --git a/src/entry.c b/src/entry.c
index 92b55f5..9276f47 100644 index 36e639e..f2bb717 100644
--- a/src/entry.c --- a/src/entry.c
+++ b/src/entry.c +++ b/src/entry.c
@@ -62,9 +62,22 @@ static const char *ecodes[] = { @@ -62,9 +62,22 @@ static const char *ecodes[] = {
@ -62,7 +62,7 @@ index 92b55f5..9276f47 100644
set_element(bitstr_t *, int, int, int); set_element(bitstr_t *, int, int, int);
void free_entry(entry * e) { void free_entry(entry * e) {
@@ -449,11 +462,14 @@ get_list(bitstr_t * bits, int low, int high, const char *names[], @@ -467,11 +480,14 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
/* process all ranges /* process all ranges
*/ */
done = FALSE; done = FALSE;
@ -79,7 +79,7 @@ index 92b55f5..9276f47 100644
else else
done = TRUE; done = TRUE;
} }
@@ -468,137 +484,193 @@ get_list(bitstr_t * bits, int low, int high, const char *names[], @@ -486,144 +502,193 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
return (ch); return (ch);
} }
@ -247,6 +247,7 @@ index 92b55f5..9276f47 100644
- /* no step. default==1. - /* no step. default==1.
- */ - */
- num3 = 1; - num3 = 1;
- }
+ case R_RANDOM: + case R_RANDOM:
+ if (is_separator(ch)) { + if (is_separator(ch)) {
+ num2 = high; + num2 = high;
@ -260,7 +261,12 @@ index 92b55f5..9276f47 100644
+ */ + */
+ else + else
+ return (EOF); + return (EOF);
+
- /* num1 (through i) will be validated by set_element() below, but num2
- * and num3 are merely used as loop condition and increment, and must
- * be validated separately.
- */
- if (num2 < low || num2 > high || num3 > high)
+ /* if invalid random range was selected */ + /* if invalid random range was selected */
+ if (num1 > num2) + if (num1 > num2)
+ return (EOF); + return (EOF);
@ -276,9 +282,9 @@ index 92b55f5..9276f47 100644
+ */ + */
+ return (EOF); + return (EOF);
+ } + }
} + }
+ if (state != R_FINISH || ch == EOF) + if (state != R_FINISH || ch == EOF)
+ return (EOF); return (EOF);
- /* range. set all elements from num1 to num2, stepping - /* range. set all elements from num1 to num2, stepping
- * by num3. (the step is a downward-compatible extension - * by num3. (the step is a downward-compatible extension
@ -365,5 +371,5 @@ index 92b55f5..9276f47 100644
bad: bad:
-- --
2.35.1 2.36.1

View File

@ -1,7 +1,7 @@
From 07bf4b9037de19b580cfa24f5ad023b56725b285 Mon Sep 17 00:00:00 2001 From 0589b06aa369efd3cd5dfc0bba9a868f48a14506 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org> From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Wed, 5 Jan 2022 19:17:18 +0100 Date: Wed, 5 Jan 2022 19:17:18 +0100
Subject: [PATCH 2/4] get_number: Add missing NUL termination for the scanned Subject: [PATCH 3/5] get_number: Add missing NUL termination for the scanned
string string
--- ---
@ -21,5 +21,5 @@ index f2bb717..15ce9b5 100644
goto bad; goto bad;
-- --
2.35.1 2.36.1

View File

@ -1,7 +1,7 @@
From 299ef06ea4371afa97301cec64dc8f21c4f7b11b Mon Sep 17 00:00:00 2001 From 991a5f2a44c68f576b6c6da3a7ac8fbc8f97a3b0 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org> From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 22 Mar 2022 14:35:48 +0100 Date: Tue, 22 Mar 2022 14:35:48 +0100
Subject: [PATCH 3/4] Fix regression in handling */x crontab entries Subject: [PATCH 4/5] Fix regression in handling */x crontab entries
Fixes #102 Fixes #102
--- ---
@ -24,5 +24,5 @@ index 15ce9b5..e9e258b 100644
break; break;
} }
-- --
2.35.1 2.36.1

View File

@ -1,7 +1,7 @@
From 62e53f1cdb9c1e12a01ee7814c92cd937d50328d Mon Sep 17 00:00:00 2001 From d1a4e2b1a091df104881a6dcd0e41d805c86cb1a Mon Sep 17 00:00:00 2001
From: w30023233 <wangyuhang27@huawei.com> From: w30023233 <wangyuhang27@huawei.com>
Date: Wed, 23 Mar 2022 15:40:01 +0800 Date: Wed, 23 Mar 2022 15:40:01 +0800
Subject: [PATCH 4/4] Fix regression in handling 1-5 crontab entries Subject: [PATCH 5/5] Fix regression in handling 1-5 crontab entries
--- ---
src/entry.c | 1 + src/entry.c | 1 +
@ -20,5 +20,5 @@ index e9e258b..bb7cb62 100644
state = R_RANGE_NUM2; state = R_RANGE_NUM2;
break; break;
-- --
2.35.1 2.36.1

View File

@ -5,13 +5,19 @@
Summary: Cron daemon for executing programs at set times Summary: Cron daemon for executing programs at set times
Name: cronie Name: cronie
Version: 1.5.2 Version: 1.5.7
Release: 10%{?dist} Release: 8%{?dist}
License: MIT and BSD and ISC and GPLv2+ License: MIT and BSD and ISC and GPLv2+
Group: System Environment/Base
URL: https://github.com/cronie-crond/cronie URL: https://github.com/cronie-crond/cronie
Source0: https://github.com/cronie-crond/cronie/releases/download/cronie-%{version}/cronie-%{version}.tar.gz Source0: https://github.com/cronie-crond/cronie/releases/download/cronie-%{version}/cronie-%{version}.tar.gz
Patch: 0001-Address-issues-found-by-coverity-scan.patch
# Add support for "~" ("random within range") + regression fixing patches (rhbz#2090691)
Patch: 0002-Add-random-within-range-operator.patch
Patch: 0003-get_number-Add-missing-NUL-termination-for-the-scann.patch
Patch: 0004-Fix-regression-in-handling-x-crontab-entries.patch
Patch: 0005-Fix-regression-in-handling-1-5-crontab-entries.patch
Requires: dailyjobs Requires: dailyjobs
%if %{with selinux} %if %{with selinux}
@ -28,34 +34,17 @@ Buildrequires: audit-libs-devel >= 1.4.1
BuildRequires: gcc BuildRequires: gcc
BuildRequires: systemd BuildRequires: systemd
BuildRequires: make
Obsoletes: %{name}-sysvinit Obsoletes: %{name}-sysvinit
Requires(post): coreutils sed Requires(post): coreutils sed
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires(post): systemd
# Some parts of code could result in a memory leak. %if 0%{?fedora} && 0%{?fedora} < 28 || 0%{?rhel} && 0%{?rhel} < 8
Patch0: fix-memory-leaks.patch %{?systemd_requires}
# Some parts of code could result in undefined behavior. %else
Patch1: fix-unsafe-code.patch %{?systemd_ordering} # does not exist on Fedora27/RHEL7
# Use correct selinux role %endif
Patch2: cronie-1.5.2-context-role.patch
# Make systemd restart crond when it fails.
Patch3: cronie-1.5.2-restart-on-failure.patch
# Revert "Avoid creating pid files when crond doesn't fork"
Patch4: cronie-1.5.2-create-pid-files.patch
# Use system-auth in PAM (rhbz#2005526)
Patch5: cronie-1.5.2-use-pam-system-auth.patch
# Add support for "~" ("random within range") + regression fixing patches (rhbz#1832510)
Patch6: 0001-Add-random-within-range-operator.patch
Patch7: 0002-get_number-Add-missing-NUL-termination-for-the-scann.patch
Patch8: 0003-Fix-regression-in-handling-x-crontab-entries.patch
Patch9: 0004-Fix-regression-in-handling-1-5-crontab-entries.patch
# Optimization to close fds from /proc/self/fd in case of high nofile limit after fork
# https://github.com/cronie-crond/cronie/commit/e3682c7135b9176b60d226c60ee4e78cf1ab711b
Patch10: optimization_to_close_fds.patch
%description %description
Cronie contains the standard UNIX daemon crond that runs specified programs at Cronie contains the standard UNIX daemon crond that runs specified programs at
@ -66,7 +55,6 @@ SELinux.
%package anacron %package anacron
Summary: Utility for running regular jobs Summary: Utility for running regular jobs
Requires: crontabs Requires: crontabs
Group: System Environment/Base
Provides: dailyjobs Provides: dailyjobs
Provides: anacron = 2.4 Provides: anacron = 2.4
Obsoletes: anacron <= 2.3 Obsoletes: anacron <= 2.3
@ -86,7 +74,6 @@ for better utilization of resources shared among multiple systems.
%package noanacron %package noanacron
Summary: Utility for running simple regular jobs in old cron style Summary: Utility for running simple regular jobs in old cron style
Group: System Environment/Base
Provides: dailyjobs Provides: dailyjobs
Requires: crontabs Requires: crontabs
Requires: %{name} = %{version}-%{release} Requires: %{name} = %{version}-%{release}
@ -96,19 +83,7 @@ Old style of running {hourly,daily,weekly,monthly}.jobs without anacron. No
extra features. extra features.
%prep %prep
%setup -q %autosetup -p1
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%build %build
%configure \ %configure \
@ -128,10 +103,10 @@ extra features.
--enable-pie \ --enable-pie \
--enable-relro --enable-relro
make %{?_smp_mflags} V=2 %make_build V=2
%install %install
make install DESTDIR=$RPM_BUILD_ROOT DESTMAN=$RPM_BUILD_ROOT%{_mandir} %make_install DESTMAN=$RPM_BUILD_ROOT%{_mandir}
mkdir -pm700 $RPM_BUILD_ROOT%{_localstatedir}/spool/cron mkdir -pm700 $RPM_BUILD_ROOT%{_localstatedir}/spool/cron
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/
mkdir -pm755 $RPM_BUILD_ROOT%{_sysconfdir}/cron.d/ mkdir -pm755 $RPM_BUILD_ROOT%{_sysconfdir}/cron.d/
@ -153,8 +128,7 @@ touch $RPM_BUILD_ROOT/var/spool/anacron/cron.monthly
install -m 644 contrib/dailyjobs $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/dailyjobs install -m 644 contrib/dailyjobs $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/dailyjobs
# install systemd initscript # install systemd initscript
mkdir -p $RPM_BUILD_ROOT/lib/systemd/system/ install -m 644 -D contrib/cronie.systemd $RPM_BUILD_ROOT/usr/lib/systemd/system/crond.service
install -m 644 contrib/cronie.systemd $RPM_BUILD_ROOT/lib/systemd/system/crond.service
%post %post
# run after an installation # run after an installation
@ -220,7 +194,7 @@ exit 0
%config(noreplace) %{_sysconfdir}/sysconfig/crond %config(noreplace) %{_sysconfdir}/sysconfig/crond
%config(noreplace,missingok) %{_sysconfdir}/cron.deny %config(noreplace,missingok) %{_sysconfdir}/cron.deny
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/0hourly %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/0hourly
%attr(0644,root,root) /lib/systemd/system/crond.service %attr(0644,root,root) /usr/lib/systemd/system/crond.service
%files anacron %files anacron
%{_sbindir}/anacron %{_sbindir}/anacron
@ -237,42 +211,73 @@ exit 0
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs
%changelog %changelog
* Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-10 * Mon Jul 11 2022 Jan Staněk <jstanek@redhat.com> - 1.5.7-8
- Bump release because of CI issues
- Related: RHEL-2609
* Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-9
- Add `optimization_to_close_fds.patch`
- Resolves: RHEL-2609
* Mon Jul 11 2022 Jan Staněk <jstanek@redhat.com> - 1.5.2-8
- Set 'missingok' for /etc/cron.deny to not recreate it on update - Set 'missingok' for /etc/cron.deny to not recreate it on update
* Mon May 02 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-7 * Tue May 31 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.7-7
- Add support for "~" ("random within range") - Add gating.yaml
Resolves: rhbz#1832510 Related: rhbz#2090691
* Mon Sep 20 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-6 * Fri May 27 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.7-6
- Use system-auth for PAM authentication - Add support for "~" ("random within range")
Resolves: rhbz#2005526 Resolves: rhbz#2090691
* Fri Sep 03 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-5 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.7-5
- Create PID files even when crond does not fork - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Resolves: rhbz#1926300 Related: rhbz#1991688
* Wed Jun 12 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-4 * Wed May 12 2021 Jan Staněk <jstanek@redhat.com> - 1.5.7-4
- Make crond restart on failure - Install crond.service into /usr/lib
- Resolves: rhbz#1715137
* Mon May 20 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-3 * Fri Apr 30 2021 Jan Staněk <jstanek@redhat.com> - 1.5.7-3
- use role from the current context for system crontabs - Address issues found by static scanners
- Resolves: rhbz#1708557
* Fri Sep 07 2018 Marcel Plch <mplch@redhat.com> - 1.5.2-2 * Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.7-2
- Covscan issues review - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
- Fix potential memory leaks
- Fix unsafe code * Mon Mar 29 2021 Tomáš Mráz <tmraz@fedoraproject.org> - 1.5.7-1
- Resolves: rhbz#1602467 - new upstream release 1.5.7 with bug fixes and enhancements
* Wed Mar 17 2021 Tomáš Mráz <tmraz@fedoraproject.org> - 1.5.6-1
- new upstream release 1.5.6 with bug fixes and enhancements
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.5.5-3
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 31 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.5-1
- new upstream release 1.5.5 with multiple bug fixes and improvements
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Mar 18 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.4-1
- new upstream release 1.5.4 with regression fix
* Fri Mar 15 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.3-1
- new upstream release 1.5.3 fixing CVE-2019-9704 and CVE-2019-9705
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Nov 30 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-4
- Do not hard-require systemd as crond is used in containers without
systemd (#1654659)
* Wed Oct 31 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-3
- use role from the current context for system crontabs (#1639381)
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu May 3 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-1 * Thu May 3 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-1
- new upstream release 1.5.2 - new upstream release 1.5.2

View File

@ -1,41 +0,0 @@
From 1f866530f5b3c49012c61b299f3c4e1dceff2a71 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 18 Oct 2018 14:25:58 +0200
Subject: [PATCH] Use the role from the crond context for system job contexts.
New SELinux policy added multiple roles for the system_u user on crond_t.
The default context returned from get_default_context_with_level() is now
unconfined_t instead of system_cronjob_t which is incorrect for system cron
jobs.
We use the role to limit the default context to system_cronjob_t.
---
src/security.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/security.c b/src/security.c
index d1bdc7f..5213cf3 100644
--- a/src/security.c
+++ b/src/security.c
@@ -505,6 +505,7 @@ get_security_context(const char *name, int crontab_fd,
retval = get_default_context_with_level(seuser, level, NULL, &scontext);
}
else {
+ const char *current_user, *current_role;
if (getcon(&current_context_str) < 0) {
log_it(name, getpid(), "getcon FAILED", "", 0);
return (security_getenforce() > 0);
@@ -517,8 +518,9 @@ get_security_context(const char *name, int crontab_fd,
return (security_getenforce() > 0);
}
- const char *current_user = context_user_get(current_context);
- retval = get_default_context_with_level(current_user, level, NULL, &scontext);
+ current_user = context_user_get(current_context);
+ current_role = context_role_get(current_context);
+ retval = get_default_context_with_rolelevel(current_user, current_role, level, NULL, &scontext);
freecon(current_context_str);
context_free(current_context);
--
2.14.5

View File

@ -1,26 +0,0 @@
From 0570c2cd979bc9ce1da6a873089e89dbca900a1f Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 7 May 2019 14:45:53 +0200
Subject: [PATCH] Revert "Avoid creating pid files when crond doesn't fork"
This reverts commit 5b285b46b88dc63689c6a56542cb2ba81f861b66.
The PID file is useful to avoid running multiple crond instances
at once.
---
src/misc.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/src/misc.c b/src/misc.c
index 42153b8..faf6ffb 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -315,9 +315,6 @@ void acquire_daemonlock(int closeflag) {
return;
}
- if (NoFork == 1)
- return; //move along, nothing to do here...
-
if (fd == -1) {
pidfile = _PATH_CRON_PID;
/* Initial mode is 0600 to prevent flock() race/DoS. */

View File

@ -1,13 +0,0 @@
diff -ru cronie-1.5.2/contrib/cronie.systemd cronie-1.5.2_patched/contrib/cronie.systemd
--- cronie-1.5.2/contrib/cronie.systemd 2018-11-27 15:26:46.797288342 +0100
+++ cronie-1.5.2_patched/contrib/cronie.systemd 2018-11-27 15:26:19.479159225 +0100
@@ -7,6 +7,8 @@
ExecStart=/usr/sbin/crond -n $CRONDARGS
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
+Restart=on-failure
+RestartSec=30s
[Install]
WantedBy=multi-user.target

View File

@ -1,26 +0,0 @@
From 978a00ea7ac92852c153ebb3b2152886730ca51c Mon Sep 17 00:00:00 2001
From: Marcel Plch <mplch@redhat.com>
Date: Fri, 7 Dec 2018 15:01:19 +0100
Subject: [PATCH] Use system-auth instead of password-auth for PAM
authentication (#25)
---
pam/crond | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/pam/crond b/pam/crond
index 91964aa..560529d 100644
--- a/pam/crond
+++ b/pam/crond
@@ -4,8 +4,8 @@
#
# Although no PAM authentication is called, auth modules
# are used for credential setting
-auth include password-auth
+auth include system-auth
account required pam_access.so
-account include password-auth
+account include system-auth
session required pam_loginuid.so
-session include password-auth
+session include system-auth

View File

@ -1,140 +0,0 @@
diff -ru cronie-1.5.2/anacron/readtab.c cronie-1.5.2_patched/anacron/readtab.c
--- cronie-1.5.2/anacron/readtab.c 2017-09-14 13:53:21.000000000 +0200
+++ cronie-1.5.2_patched/anacron/readtab.c 2018-09-07 15:13:17.752498050 +0200
@@ -134,8 +134,19 @@
var_len = (int)strlen(env_var);
val_len = (int)strlen(value);
+ if (!var_len) {
+ return;
+ }
+
er = obstack_alloc(&tab_o, sizeof(env_rec));
+ if (er == NULL) {
+ die_e("Cannot allocate memory.");
+ }
+
er->assign = obstack_alloc(&tab_o, var_len + 1 + val_len + 1);
+ if (er->assign == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(er->assign, env_var);
er->assign[var_len] = '=';
strcpy(er->assign + var_len + 1, value);
@@ -167,15 +178,24 @@
return;
}
jr = obstack_alloc(&tab_o, sizeof(job_rec));
+ if (jr == NULL) {
+ die_e("Cannot allocate memory.");
+ }
jr->period = period;
jr->named_period = 0;
delay += random_number;
jr->delay = delay;
jr->tab_line = line_num;
jr->ident = obstack_alloc(&tab_o, ident_len + 1);
+ if (jr->ident == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(jr->ident, ident);
jr->arg_num = job_arg_num(ident);
jr->command = obstack_alloc(&tab_o, command_len + 1);
+ if (jr->command == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(jr->command, command);
jr->job_pid = jr->mailer_pid = 0;
if (last_job_rec != NULL) last_job_rec->next = jr;
@@ -208,6 +228,9 @@
}
jr = obstack_alloc(&tab_o, sizeof(job_rec));
+ if (jr == NULL) {
+ die_e("Cannot allocate memory.");
+ }
if (!strncmp ("@monthly", periods, 8)) {
jr->named_period = 1;
} else if (!strncmp("@yearly", periods, 7) || !strncmp("@annually", periods, 9) || !strncmp(/* backwards compat misspelling */"@annualy", periods, 8)) {
@@ -225,9 +248,15 @@
jr->delay = delay;
jr->tab_line = line_num;
jr->ident = obstack_alloc(&tab_o, ident_len + 1);
+ if (jr->ident == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(jr->ident, ident);
jr->arg_num = job_arg_num(ident);
jr->command = obstack_alloc(&tab_o, command_len + 1);
+ if (jr->command == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(jr->command, command);
jr->job_pid = jr->mailer_pid = 0;
if (last_job_rec != NULL) last_job_rec->next = jr;
diff -ru cronie-1.5.2/anacron/runjob.c cronie-1.5.2_patched/anacron/runjob.c
--- cronie-1.5.2/anacron/runjob.c 2018-01-24 17:02:33.000000000 +0100
+++ cronie-1.5.2_patched/anacron/runjob.c 2018-09-07 15:13:17.752498050 +0200
@@ -104,9 +104,44 @@
static void
xputenv(const char *s)
{
- char *copy = strdup (s);
- if (!copy) die_e("Not enough memory to set the environment");
- if (putenv(copy)) die_e("Can't set the environment");
+ char *name = NULL, *val = NULL;
+ char *eq_ptr;
+ const char *errmsg;
+ size_t eq_index;
+
+ if (s == NULL) {
+ die_e("Invalid environment string");
+ }
+
+ eq_ptr = strchr(s, '=');
+ if (eq_ptr == NULL) {
+ die_e("Invalid environment string");
+ }
+
+ eq_index = (size_t) (eq_ptr - s);
+
+ name = malloc((eq_index + 1) * sizeof(char));
+ if (name == NULL) {
+ die_e("Not enough memory to set the environment");
+ }
+
+ val = malloc((strlen(s) - eq_index) * sizeof(char));
+ if (val == NULL) {
+ die_e("Not enough memory to set the environment");
+ }
+
+ strncpy(name, s, eq_index);
+ name[eq_index] = '\0';
+ strcpy(val, s + eq_index + 1);
+
+ if (setenv(name, val, 1)) {
+ die_e("Can't set the environment");
+ }
+
+ free(name);
+ free(val);
+ return;
+
}
static void
diff -ru cronie-1.5.2/src/entry.c cronie-1.5.2_patched/src/entry.c
--- cronie-1.5.2/src/entry.c 2017-09-14 13:53:21.000000000 +0200
+++ cronie-1.5.2_patched/src/entry.c 2018-09-07 15:13:17.752498050 +0200
@@ -131,8 +131,10 @@
goto eof;
}
ch = get_char(file);
- if (ch == EOF)
+ if (ch == EOF) {
+ free(e);
return NULL;
+ }
}
if (ch == '@') {

View File

@ -1,117 +0,0 @@
diff -ru cronie-1.5.2/src/cronnext.c cronie-1.5.2_patched/src/cronnext.c
--- cronie-1.5.2/src/cronnext.c 2018-05-03 18:41:12.000000000 +0200
+++ cronie-1.5.2_patched/src/cronnext.c 2018-09-07 15:17:54.555924440 +0200
@@ -71,13 +71,13 @@
/*
* print entry flags
*/
-char *flagname[]= {
- [MIN_STAR] = "MIN_STAR",
- [HR_STAR] = "HR_STAR",
- [DOM_STAR] = "DOM_STAR",
- [DOW_STAR] = "DOW_STAR",
- [WHEN_REBOOT] = "WHEN_REBOOT",
- [DONT_LOG] = "DONT_LOG"
+const char *flagname[]= {
+ "MIN_STAR",
+ "HR_STAR",
+ "DOM_STAR",
+ "DOW_STAR",
+ "WHEN_REBOOT",
+ "DONT_LOG"
};
void printflags(char *indent, int flags) {
@@ -85,8 +85,8 @@
int first = 1;
printf("%s flagnames:", indent);
- for (f = 1; f < sizeof(flagname); f = f << 1)
- if (flags & f) {
+ for (f = 0; f < sizeof(flagname)/sizeof(char *); f++)
+ if (flags & (int)1 << f) {
printf("%s%s", first ? " " : "|", flagname[f]);
first = 0;
}
diff -ru cronie-1.5.2/src/do_command.c cronie-1.5.2_patched/src/do_command.c
--- cronie-1.5.2/src/do_command.c 2017-09-14 13:53:21.000000000 +0200
+++ cronie-1.5.2_patched/src/do_command.c 2018-09-07 15:17:54.555924440 +0200
@@ -418,7 +418,7 @@
if (mailto && safe_p(usernm, mailto)
&& strncmp(MailCmd,"off",3) && !SyslogOutput) {
char **env;
- char mailcmd[MAX_COMMAND];
+ char mailcmd[MAX_COMMAND+1]; /* +1 for terminator */
char hostname[MAXHOSTNAMELEN];
char *content_type = env_get("CONTENT_TYPE", jobenv),
*content_transfer_encoding =
@@ -434,7 +434,7 @@
}
}
else {
- strncpy(mailcmd, MailCmd, MAX_COMMAND);
+ strncpy(mailcmd, MailCmd, MAX_COMMAND+1);
}
if (!(mail = cron_popen(mailcmd, "w", e->pwd, jobenv))) {
perror(mailcmd);
diff -ru cronie-1.5.2/src/env.c cronie-1.5.2_patched/src/env.c
--- cronie-1.5.2/src/env.c 2017-09-14 13:53:21.000000000 +0200
+++ cronie-1.5.2_patched/src/env.c 2018-09-07 15:17:54.554924435 +0200
@@ -63,7 +63,7 @@
for (i = 0; i < count; i++)
if ((p[i] = strdup(envp[i])) == NULL) {
save_errno = errno;
- while (--i >= 0)
+ while (i-- > 0)
free(p[i]);
free(p);
errno = save_errno;
@@ -263,7 +263,9 @@
}
if (state != FINI && state != EQ2 && !(state == VALUE && !quotechar)) {
Debug(DPARS, ("load_env, not an env var, state = %d\n", state));
- fseek(f, filepos, 0);
+ if (fseek(f, filepos, 0)) {
+ return ERR;
+ }
Set_LineNum(fileline);
return (FALSE);
}
diff -ru cronie-1.5.2/src/globals.h cronie-1.5.2_patched/src/globals.h
--- cronie-1.5.2/src/globals.h 2017-01-17 16:53:50.000000000 +0100
+++ cronie-1.5.2_patched/src/globals.h 2018-09-07 15:17:54.555924440 +0200
@@ -77,7 +77,7 @@
XTRN time_t StartTime;
XTRN int NoFork;
XTRN int PermitAnyCrontab;
-XTRN char MailCmd[MAX_COMMAND];
+XTRN char MailCmd[MAX_COMMAND+1]; /* +1 for terminator */
XTRN char cron_default_mail_charset[MAX_ENVSTR];
XTRN int EnableClustering;
XTRN int ChangePath;
diff -ru cronie-1.5.2/src/security.c cronie-1.5.2_patched/src/security.c
--- cronie-1.5.2/src/security.c 2017-09-14 13:29:47.000000000 +0200
+++ cronie-1.5.2_patched/src/security.c 2018-09-07 15:17:54.554924435 +0200
@@ -417,7 +417,7 @@
}
}
- if (strcmp(u->scontext, ucontext)) {
+ if (!ucontext || strcmp(u->scontext, ucontext)) {
if (!cron_authorize_range(u->scontext, ucontext)) {
if (security_getenforce() > 0) {
# ifdef WITH_AUDIT
diff -ru cronie-1.5.2/src/user.c cronie-1.5.2_patched/src/user.c
--- cronie-1.5.2/src/user.c 2017-01-17 16:53:50.000000000 +0100
+++ cronie-1.5.2_patched/src/user.c 2018-09-07 15:17:54.555924440 +0200
@@ -44,6 +44,10 @@
free_user (user * u) {
entry *e, *ne;
+ if (!u) {
+ return;
+ }
+
free(u->name);
free(u->tabname);
for (e = u->crontab; e != NULL; e = ne) {

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier1.functional}

View File

@ -1,40 +0,0 @@
--- ./src/do_command.c 2023-09-07 09:40:32.016272074 +0200
+++ ./src/do_command.c 2023-09-07 09:43:04.938995232 +0200
@@ -30,6 +30,7 @@
#include <string.h>
#include <sys/wait.h>
#include <unistd.h>
+#include <dirent.h>
#include "externs.h"
#include "funcs.h"
@@ -239,10 +240,26 @@
{
char *shell = env_get("SHELL", jobenv);
int fd, fdmax = getdtablesize();
+ DIR *dir;
+ struct dirent *dent;
- /* close all unwanted open file descriptors */
- for(fd = STDERR + 1; fd < fdmax; fd++) {
- close(fd);
+ /*
+ * if /proc is mounted, we can optimize what fd can be closed,
+ * but if it isn't available, fall back to the previous behavior.
+ */
+ if ((dir = opendir("/proc/self/fd")) != NULL) {
+ while ((dent = readdir(dir)) != NULL) {
+ if (!strcmp(dent->d_name, ".") || !strcmp(dent->d_name, ".."))
+ continue;
+ fd = atoi(dent->d_name);
+ if (fd > STDERR_FILENO)
+ close(fd);
+ }
+ } else {
+ /* close all unwanted open file descriptors */
+ for(fd = STDERR + 1; fd < fdmax; fd++) {
+ close(fd);
+ }
}
#if DEBUGGING

View File

@ -1 +0,0 @@
SHA512 (cronie-1.5.2.tar.gz) = e306b4b8388bff0181ca4b3f15b81c0881d727b0f502c28204e8325359c49baeb1b1a4a5751ffc11eb5ebdeefe42704b77f6727f029c60c99c70b9885f6b4d18