.cronie.metadata

@@ -1 +0,0 @@
-03e53a07f2a5b8724e8d7cf7124539b4e82414d3 SOURCES/cronie-1.5.2.tar.gz

.gitignore

@@ -1 +1,2 @@
 SOURCES/cronie-1.5.2.tar.gz
+/cronie-1.5.2.tar.gz

0001-Add-random-within-range-operator.patch

@@ -0,0 +1,369 @@
+From 0f1704a0f8c5fd2a4da6f530694bdd93a7ca3226 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?=
+ <35430604+opohorel@users.noreply.github.com>
+Date: Mon, 8 Nov 2021 16:20:09 +0100
+Subject: [PATCH] Add random within range '~' operator
+
+With the operator one can specify for a job a random time or date within
+a specified range for a field.
+The random value is generated when the crontab where the job is
+specified, is loaded.
+---
+ man/crontab.5 |   9 ++
+ src/entry.c   | 262 ++++++++++++++++++++++++++++++++------------------
+ 2 files changed, 176 insertions(+), 95 deletions(-)
+
+diff --git a/man/crontab.5 b/man/crontab.5
+index a011c89..ba8f0c3 100644
+--- a/man/crontab.5
++++ b/man/crontab.5
+@@ -199,6 +199,15 @@ hyphen.  The specified range is inclusive.  For example, 8-11 for
+ an 'hours' entry specifies execution at hours 8, 9, 10, and 11. The first
+ number must be less than or equal to the second one.
+ .PP
++Randomization of the execution time within a range can be used.
++A random number within a range specified as two numbers separated with
++a tilde is picked.  The specified range is inclusive.
++For example, 6~15 for a 'minutes' entry picks a random minute
++within 6 to 15 range.  The random number is picked when crontab file is parsed.
++The first number must be less than or equal to the second one. You might omit
++one or both of the numbers specifying the range.  For example, ~ for a 'minutes'
++entry picks a random minute within 0 to 59 range.
++.PP
+ Lists are allowed.  A list is a set of numbers (or ranges) separated by
+ commas.  Examples: "1,2,5,9", "0-4,8-12".
+ .PP
+diff --git a/src/entry.c b/src/entry.c
+index 92b55f5..9276f47 100644
+--- a/src/entry.c
++++ b/src/entry.c
+@@ -62,9 +62,22 @@ static const char *ecodes[] = {
+ 	"out of memory"
+ };
+ 
++typedef enum {
++	R_START,
++	R_AST,
++	R_STEP,
++	R_TERMS,
++	R_NUM1,
++	R_RANGE,
++	R_RANGE_NUM2,
++	R_RANDOM,
++	R_RANDOM_NUM2,
++	R_FINISH,
++} range_state_t;
++
+ static int get_list(bitstr_t *, int, int, const char *[], int, FILE *),
+-get_range(bitstr_t *, int, int, const char *[], int, FILE *),
+-get_number(int *, int, const char *[], int, FILE *, const char *),
++get_range(bitstr_t *, int, int, const char *[], FILE *),
++get_number(int *, int, const char *[], FILE *),
+ set_element(bitstr_t *, int, int, int);
+ 
+ void free_entry(entry * e) {
+@@ -449,11 +462,14 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
+ 	/* process all ranges
+ 	 */
+ 	done = FALSE;
++	/* unget ch to allow get_range() to process it properly 
++	 */
++	unget_char(ch, file);
+ 	while (!done) {
+-		if (EOF == (ch = get_range(bits, low, high, names, ch, file)))
++		if (EOF == (ch = get_range(bits, low, high, names, file)))
+ 			return (EOF);
+ 		if (ch == ',')
+-			ch = get_char(file);
++			continue;
+ 		else
+ 			done = TRUE;
+ 	}
+@@ -468,137 +484,193 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
+ 	return (ch);
+ }
+ 
++inline static int is_separator(int ch) {
++	switch (ch) {
++		case '\t':
++		case '\n':
++		case ' ':
++		case ',':
++			return 1;
++		default:
++			return 0;
++	}
++}
++
++
+ 
+ static int
+ get_range(bitstr_t * bits, int low, int high, const char *names[],
+-	int ch, FILE * file) {
++		FILE * file) {
+ 	/* range = number | number "-" number [ "/" number ]
++	 *         | [number] "~" [number]
+ 	 */
++	
++	int ch, i, num1, num2, num3;
+ 
+-	int i, num1, num2, num3;
++	/* default value for step
++	 */
++	num3 = 1;
++	range_state_t state = R_START;
++
++	while (state != R_FINISH && ((ch = get_char(file)) != EOF)) {
++		switch (state) {
++			case R_START:
++				if (ch == '*') {
++					num1 = low;
++					num2 = high;
++					state = R_AST;
++					break;
++				}
++				if (ch == '~') {
++					num1 = low;
++					state = R_RANDOM;
++					break;
++				}
++				unget_char(ch, file);
++				if (get_number(&num1, low, names, file) != EOF) {
++					state = R_NUM1;
++					break;
++				}
++				return (EOF);
+ 
+-	Debug(DPARS | DEXT, ("get_range()...entering, exit won't show\n"));
++			case R_AST:
++				if (ch == '/') {
++					state = R_STEP;
++					break;
++				}
++				if (is_separator(ch)) {
++					state = R_FINISH;
++					break;
++				}
++				return (EOF);
+ 
+-		if (ch == '*') {
+-		/* '*' means "first-last" but can still be modified by /step
+-		 */
+-		num1 = low;
+-		num2 = high;
+-		ch = get_char(file);
+-		if (ch == EOF)
+-			return (EOF);
+-	}
+-	else {
+-		ch = get_number(&num1, low, names, ch, file, ",- \t\n");
+-		if (ch == EOF)
+-			return (EOF);
++			case R_STEP:
++				if (get_number(&num3, 0, PPC_NULL, file) != EOF) {
++					state = R_TERMS;
++					break;
++				}
++				return (EOF);
+ 
+-		if (ch != '-') {
+-			/* not a range, it's a single number.
+-			 */
+-			if (EOF == set_element(bits, low, high, num1)) {
+-				unget_char(ch, file);
++			case R_TERMS:
++				if (is_separator(ch)) {
++					state = R_FINISH;
++					break;
++				}
+ 				return (EOF);
+-			}
+-			return (ch);
+-		}
+-		else {
+-			/* eat the dash
+-			 */
+-			ch = get_char(file);
+-			if (ch == EOF)
++
++			case R_NUM1:
++				if (ch == '-') {
++					state = R_RANGE;
++					break;
++				}
++				if (ch == '~') {
++					state = R_RANDOM;
++					break;
++				}
++				if (is_separator(ch)) {
++					num2 = num1;
++					state = R_FINISH;
++					break;
++				}
+ 				return (EOF);
+ 
+-			/* get the number following the dash
+-			 */
+-			ch = get_number(&num2, low, names, ch, file, "/, \t\n");
+-			if (ch == EOF || num1 > num2)
++			case R_RANGE:
++				if (get_number(&num2, low, names, file) != EOF) {
++					state = R_RANGE_NUM2;
++					break;
++				}
+ 				return (EOF);
+-		}
+-	}
+ 
+-	/* check for step size
+-	 */
+-	if (ch == '/') {
+-		/* eat the slash
+-		 */
+-		ch = get_char(file);
+-		if (ch == EOF)
+-			return (EOF);
++			case R_RANGE_NUM2:
++				if (ch == '/') {
++					state = R_STEP;
++					break;
++				}
++				if (is_separator(ch)) {
++					state = R_FINISH;
++					break;
++				}
++				return (EOF);
+ 
+-		/* get the step size -- note: we don't pass the
+-		 * names here, because the number is not an
+-		 * element id, it's a step size.  'low' is
+-		 * sent as a 0 since there is no offset either.
+-		 */
+-		ch = get_number(&num3, 0, PPC_NULL, ch, file, ", \t\n");
+-		if (ch == EOF || num3 == 0)
+-			return (EOF);
+-	}
+-	else {
+-		/* no step.  default==1.
+-		 */
+-		num3 = 1;
++			case R_RANDOM:
++				if (is_separator(ch)) {
++					num2 = high;
++					state = R_FINISH;
++				}
++				else if (unget_char(ch, file),
++						get_number(&num2, low, names, file) != EOF) {
++					state = R_TERMS;
++				}
++				/* fail if couldn't find match on previous term
++				 */
++				else
++					return (EOF);
++
++				/* if invalid random range was selected */
++				if (num1 > num2)
++					return (EOF);
++
++				/* select random number in range <num1, num2>
++				 */
++				num1 = num2 = random() % (num2 - num1 + 1) + num1;
++				break;
++
++
++			default:
++				/* We should never get here
++				 */
++				return (EOF);
++		}
+ 	}
++	if (state != R_FINISH || ch == EOF)
++		return (EOF);
+ 
+-	/* range. set all elements from num1 to num2, stepping
+-	 * by num3.  (the step is a downward-compatible extension
+-	 * proposed conceptually by bob@acornrc, syntactically
+-	 * designed then implemented by paul vixie).
+-	 */
+ 	for (i = num1; i <= num2; i += num3)
+ 		if (EOF == set_element(bits, low, high, i)) {
+ 			unget_char(ch, file);
+ 			return (EOF);
+ 		}
+-
+-	return (ch);
++	return ch;
+ }
+ 
+ static int
+-get_number(int *numptr, int low, const char *names[], int ch, FILE * file,
+-	const char *terms) {
++get_number(int *numptr, int low, const char *names[], FILE * file) {
+ 	char temp[MAX_TEMPSTR], *pc;
+-	int len, i;
++	int len, i, ch;
++	char *endptr;
+ 
+ 	pc = temp;
+ 	len = 0;
+ 
+-	/* first look for a number */
+-	while (isdigit((unsigned char) ch)) {
++	/* get all alnum characters available */
++	while (isalnum((ch = get_char(file)))) {
+ 		if (++len >= MAX_TEMPSTR)
+ 			goto bad;
+ 		*pc++ = (char)ch;
+-		ch = get_char(file);
+ 	}
+-	*pc = '\0';
+-	if (len != 0) {
+-		/* got a number, check for valid terminator */
+-		if (!strchr(terms, ch))
+-			goto bad;
+-		*numptr = atoi(temp);
+-		return (ch);
++	if (len == 0)
++		goto bad;
++
++	unget_char(ch, file);
++
++	/* try to get number */
++	*numptr = (int) strtol(temp, &endptr, 10);
++	if (*endptr == '\0' && temp != endptr) {
++		/* We have a number */
++		return 0;
+ 	}
+ 
+ 	/* no numbers, look for a string if we have any */
+ 	if (names) {
+-		while (isalpha((unsigned char) ch)) {
+-			if (++len >= MAX_TEMPSTR)
+-				goto bad;
+-			*pc++ = (char)ch;
+-			ch = get_char(file);
+-		}
+-		*pc = '\0';
+-		if (len != 0 && strchr(terms, ch)) {
+-			for (i = 0; names[i] != NULL; i++) {
+-				Debug(DPARS | DEXT,
+-					("get_num, compare(%s,%s)\n", names[i], temp));
+-					if (!strcasecmp(names[i], temp)) {
+-					*numptr = i + low;
+-					return (ch);
+-				}
++		for (i = 0; names[i] != NULL; i++) {
++			Debug(DPARS | DEXT, ("get_num, compare(%s,%s)\n", names[i], temp));
++			if (strcasecmp(names[i], temp) == 0) {
++				*numptr = i + low;
++				return 0;
+ 			}
+ 		}
++	} else {
++		goto bad;
+ 	}
+ 
+   bad:
+-- 
+2.35.1
+

0002-get_number-Add-missing-NUL-termination-for-the-scann.patch

@@ -0,0 +1,25 @@
+From 07bf4b9037de19b580cfa24f5ad023b56725b285 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Wed, 5 Jan 2022 19:17:18 +0100
+Subject: [PATCH 2/4] get_number: Add missing NUL termination for the scanned
+ string
+
+---
+ src/entry.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/entry.c b/src/entry.c
+index f2bb717..15ce9b5 100644
+--- a/src/entry.c
++++ b/src/entry.c
+@@ -666,6 +666,7 @@ get_number(int *numptr, int low, const char *names[], FILE * file) {
+ 			goto bad;
+ 		*pc++ = (char)ch;
+ 	}
++	*pc = '\0';
+ 	if (len == 0)
+ 		goto bad;
+ 
+-- 
+2.35.1
+

0003-Fix-regression-in-handling-x-crontab-entries.patch

@@ -0,0 +1,28 @@
+From 299ef06ea4371afa97301cec64dc8f21c4f7b11b Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Tue, 22 Mar 2022 14:35:48 +0100
+Subject: [PATCH 3/4] Fix regression in handling */x crontab entries
+
+Fixes #102
+---
+ src/entry.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/entry.c b/src/entry.c
+index 15ce9b5..e9e258b 100644
+--- a/src/entry.c
++++ b/src/entry.c
+@@ -563,7 +563,9 @@ get_range(bitstr_t * bits, int low, int high, const char *names[],
+ 				return (EOF);
+ 
+ 			case R_STEP:
+-				if (get_number(&num3, 0, PPC_NULL, file) != EOF) {
++				unget_char(ch, file);
++				if (get_number(&num3, 0, PPC_NULL, file) != EOF
++				    && num3 != 0) {
+ 					state = R_TERMS;
+ 					break;
+ 				}
+-- 
+2.35.1
+

0004-Fix-regression-in-handling-1-5-crontab-entries.patch

@@ -0,0 +1,24 @@
+From 62e53f1cdb9c1e12a01ee7814c92cd937d50328d Mon Sep 17 00:00:00 2001
+From: w30023233 <wangyuhang27@huawei.com>
+Date: Wed, 23 Mar 2022 15:40:01 +0800
+Subject: [PATCH 4/4] Fix regression in handling 1-5 crontab entries
+
+---
+ src/entry.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/entry.c b/src/entry.c
+index e9e258b..bb7cb62 100644
+--- a/src/entry.c
++++ b/src/entry.c
+@@ -595,6 +595,7 @@ get_range(bitstr_t * bits, int low, int high, const char *names[],
+ 				return (EOF);
+ 
+ 			case R_RANGE:
++				unget_char(ch, file);
+ 				if (get_number(&num2, low, names, file) != EOF) {
+ 					state = R_RANGE_NUM2;
+ 					break;
+-- 
+2.35.1
+

cronie-1.5.2-context-role.patch

@@ -0,0 +1,41 @@
+From 1f866530f5b3c49012c61b299f3c4e1dceff2a71 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Thu, 18 Oct 2018 14:25:58 +0200
+Subject: [PATCH] Use the role from the crond context for system job contexts.
+
+New SELinux policy added multiple roles for the system_u user on crond_t.
+The default context returned from get_default_context_with_level() is now
+unconfined_t instead of system_cronjob_t which is incorrect for system cron
+jobs.
+We use the role to limit the default context to system_cronjob_t.
+---
+ src/security.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/security.c b/src/security.c
+index d1bdc7f..5213cf3 100644
+--- a/src/security.c
++++ b/src/security.c
+@@ -505,6 +505,7 @@ get_security_context(const char *name, int crontab_fd,
+ 		retval = get_default_context_with_level(seuser, level, NULL, &scontext);
+ 	}
+ 	else {
++		const char *current_user, *current_role;
+ 		if (getcon(&current_context_str) < 0) {
+ 			log_it(name, getpid(), "getcon FAILED", "", 0);
+ 			return (security_getenforce() > 0);
+@@ -517,8 +518,9 @@ get_security_context(const char *name, int crontab_fd,
+ 			return (security_getenforce() > 0);
+ 		}
+ 
+-		const char *current_user = context_user_get(current_context);
+-		retval = get_default_context_with_level(current_user, level, NULL, &scontext);
++		current_user = context_user_get(current_context);
++		current_role = context_role_get(current_context);
++		retval = get_default_context_with_rolelevel(current_user, current_role, level, NULL, &scontext);
+ 
+ 		freecon(current_context_str);
+ 		context_free(current_context);
+-- 
+2.14.5
+

cronie-1.5.2-create-pid-files.patch

@@ -0,0 +1,26 @@
+From 0570c2cd979bc9ce1da6a873089e89dbca900a1f Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Tue, 7 May 2019 14:45:53 +0200
+Subject: [PATCH] Revert "Avoid creating pid files when crond doesn't fork"
+
+This reverts commit 5b285b46b88dc63689c6a56542cb2ba81f861b66.
+The PID file is useful to avoid running multiple crond instances
+at once.
+---
+ src/misc.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/misc.c b/src/misc.c
+index 42153b8..faf6ffb 100644
+--- a/src/misc.c
++++ b/src/misc.c
+@@ -315,9 +315,6 @@ void acquire_daemonlock(int closeflag) {
+ 		return;
+ 	}
+ 
+-	if (NoFork == 1)
+-		return; //move along, nothing to do here...
+-
+ 	if (fd == -1) {
+ 		pidfile = _PATH_CRON_PID;
+ 		/* Initial mode is 0600 to prevent flock() race/DoS. */

cronie-1.5.2-restart-on-failure.patch

@@ -0,0 +1,13 @@
+diff -ru cronie-1.5.2/contrib/cronie.systemd cronie-1.5.2_patched/contrib/cronie.systemd
+--- cronie-1.5.2/contrib/cronie.systemd	2018-11-27 15:26:46.797288342 +0100
++++ cronie-1.5.2_patched/contrib/cronie.systemd	2018-11-27 15:26:19.479159225 +0100
+@@ -7,6 +7,8 @@
+ ExecStart=/usr/sbin/crond -n $CRONDARGS
+ ExecReload=/bin/kill -HUP $MAINPID
+ KillMode=process
++Restart=on-failure
++RestartSec=30s
+ 
+ [Install]
+ WantedBy=multi-user.target
+

cronie-1.5.2-use-pam-system-auth.patch

@@ -0,0 +1,26 @@
+From 978a00ea7ac92852c153ebb3b2152886730ca51c Mon Sep 17 00:00:00 2001
+From: Marcel Plch <mplch@redhat.com>
+Date: Fri, 7 Dec 2018 15:01:19 +0100
+Subject: [PATCH] Use system-auth instead of password-auth for PAM
+ authentication (#25)
+
+---
+ pam/crond | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/pam/crond b/pam/crond
+index 91964aa..560529d 100644
+--- a/pam/crond
++++ b/pam/crond
+@@ -4,8 +4,8 @@
+ #
+ # Although no PAM authentication is called, auth modules
+ # are used for credential setting
+-auth       include    password-auth
++auth       include    system-auth
+ account    required   pam_access.so
+-account    include    password-auth
++account    include    system-auth
+ session    required   pam_loginuid.so
+-session    include    password-auth
++session    include    system-auth

cronie.spec

@@ -6,7 +6,7 @@
 Summary:   Cron daemon for executing programs at set times
 Name:      cronie
 Version:   1.5.2
-Release:   2%{?dist}
+Release:   10%{?dist}
 License:   MIT and BSD and ISC and GPLv2+
 Group:     System Environment/Base
 URL:       https://github.com/cronie-crond/cronie
@@ -38,9 +38,24 @@ Requires(post):   systemd
 
 # Some parts of code could result in a memory leak.
 Patch0:     fix-memory-leaks.patch
-
 # Some parts of code could result in undefined behavior.
 Patch1:     fix-unsafe-code.patch
+# Use correct selinux role
+Patch2:     cronie-1.5.2-context-role.patch
+# Make systemd restart crond when it fails.
+Patch3:     cronie-1.5.2-restart-on-failure.patch
+# Revert "Avoid creating pid files when crond doesn't fork"
+Patch4:     cronie-1.5.2-create-pid-files.patch
+# Use system-auth in PAM (rhbz#2005526)
+Patch5:     cronie-1.5.2-use-pam-system-auth.patch
+# Add support for "~" ("random within range") + regression fixing patches (rhbz#1832510)
+Patch6:     0001-Add-random-within-range-operator.patch
+Patch7:     0002-get_number-Add-missing-NUL-termination-for-the-scann.patch
+Patch8:     0003-Fix-regression-in-handling-x-crontab-entries.patch
+Patch9:     0004-Fix-regression-in-handling-1-5-crontab-entries.patch
+# Optimization to close fds from /proc/self/fd in case of high nofile limit after fork
+# https://github.com/cronie-crond/cronie/commit/e3682c7135b9176b60d226c60ee4e78cf1ab711b
+Patch10:     optimization_to_close_fds.patch
 
 %description
 Cronie contains the standard UNIX daemon crond that runs specified programs at
@@ -85,6 +100,15 @@ extra features.
 
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
 
 %build
 %configure \
@@ -194,7 +218,7 @@ exit 0
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/crond
 %endif
 %config(noreplace) %{_sysconfdir}/sysconfig/crond
-%config(noreplace) %{_sysconfdir}/cron.deny
+%config(noreplace,missingok) %{_sysconfdir}/cron.deny
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/0hourly
 %attr(0644,root,root) /lib/systemd/system/crond.service
 
@@ -213,6 +237,37 @@ exit 0
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs
 
 %changelog
+* Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-10
+- Bump release because of CI issues
+- Related: RHEL-2609
+
+* Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-9
+- Add `optimization_to_close_fds.patch`
+- Resolves: RHEL-2609
+
+* Mon Jul 11 2022 Jan Staněk <jstanek@redhat.com> - 1.5.2-8
+- Set 'missingok' for /etc/cron.deny to not recreate it on update
+
+* Mon May 02 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-7
+ - Add support for "~" ("random within range") 
+  Resolves: rhbz#1832510
+ 
+* Mon Sep 20 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-6
+- Use system-auth for PAM authentication
+  Resolves: rhbz#2005526
+
+* Fri Sep 03 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-5
+- Create PID files even when crond does not fork
+  Resolves: rhbz#1926300
+
+* Wed Jun 12 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-4
+- Make crond restart on failure
+- Resolves: rhbz#1715137
+
+* Mon May 20 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-3
+- use role from the current context for system crontabs
+- Resolves: rhbz#1708557
+
 * Fri Sep 07 2018 Marcel Plch <mplch@redhat.com> - 1.5.2-2
 - Covscan issues review
 - Fix potential memory leaks
@@ -409,7 +464,7 @@ exit 0
 - update to 1.4.6
 
 * Fri Aug 13 2010 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.5-4
-- 623908 fix fd leak in anacron, which caused denail of prelink 
+- 623908 fix fd leak in anacron, which caused denail of prelink
   and others
 
 * Mon Aug  9 2010 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.5-2
@@ -485,7 +540,7 @@ exit 0
 - add sendmail file into requirement, cause it's needed some MTA
 
 * Thu Sep 18 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.2-2
-- 462252  /etc/sysconfig/crond does not need to be executable 
+- 462252  /etc/sysconfig/crond does not need to be executable
 
 * Thu Jun 26 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.2-1
 - update to 1.2
@@ -512,7 +567,7 @@ exit 0
 - 431366 after reboot wasn't cron in chkconfig
 
 * Tue Feb  5 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.0-3
-- 431366 trigger part => after update from vixie-cron on cronie will 
+- 431366 trigger part => after update from vixie-cron on cronie will
   be daemon running.
 
 * Wed Jan 30 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.0-2

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-8
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier1.functional}

optimization_to_close_fds.patch

@@ -0,0 +1,40 @@
+--- ./src/do_command.c	2023-09-07 09:40:32.016272074 +0200
++++ ./src/do_command.c	2023-09-07 09:43:04.938995232 +0200
+@@ -30,6 +30,7 @@
+ #include <string.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
++#include <dirent.h>
+ 
+ #include "externs.h"
+ #include "funcs.h"
+@@ -239,10 +240,26 @@
+ 		{
+ 			char *shell = env_get("SHELL", jobenv);
+ 			int fd, fdmax = getdtablesize();
++			DIR *dir;
++			struct dirent *dent;
+ 
+-			/* close all unwanted open file descriptors */
+-			for(fd = STDERR + 1; fd < fdmax; fd++) {
+-				close(fd);
++			/*
++			 * if /proc is mounted, we can optimize what fd can be closed,
++			 * but if it isn't available, fall back to the previous behavior.
++			 */
++			if ((dir = opendir("/proc/self/fd")) != NULL) {
++				while ((dent = readdir(dir)) != NULL) {
++					if (!strcmp(dent->d_name, ".") || !strcmp(dent->d_name, ".."))
++						continue;
++					fd = atoi(dent->d_name);
++					if (fd > STDERR_FILENO)
++						close(fd);
++					}
++			} else {
++				/* close all unwanted open file descriptors */
++				for(fd = STDERR + 1; fd < fdmax; fd++) {
++					close(fd);
++				}
+ 			}
+ 
+ #if DEBUGGING

sources

@@ -0,0 +1 @@
+SHA512 (cronie-1.5.2.tar.gz) = e306b4b8388bff0181ca4b3f15b81c0881d727b0f502c28204e8325359c49baeb1b1a4a5751ffc11eb5ebdeefe42704b77f6727f029c60c99c70b9885f6b4d18