diff --git a/CVE-2013-4319.patch b/CVE-2013-4319.patch new file mode 100644 index 0000000..e37e7df --- /dev/null +++ b/CVE-2013-4319.patch @@ -0,0 +1,26 @@ +diff --git a/src/server/process_request.c b/src/server/process_request.c +index 4817ed0..6b4c955 100644 +--- a/src/server/process_request.c ++++ b/src/server/process_request.c +@@ -679,6 +679,21 @@ void process_request( + log_buffer); + } + ++ if (svr_conn[sfds].cn_authen != PBS_NET_CONN_FROM_PRIVIL) ++ { ++ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)", ++ reqtype_to_txt(request->rq_type), ++ request->rq_host); ++ ++ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, id, log_buffer); ++ ++ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized"); ++ ++ close_client(sfds); ++ ++ return; ++ } ++ + /* if (!tfind(svr_conn[sfds].cn_addr, &okclients)) */ + if (!AVL_is_in_tree(svr_conn[sfds].cn_addr, 0, okclients)) + { diff --git a/CVE-2013-4495.patch b/CVE-2013-4495.patch new file mode 100644 index 0000000..71c95b9 --- /dev/null +++ b/CVE-2013-4495.patch @@ -0,0 +1,411 @@ +From 64da0af7ed27284f3397081313850bba270593db Mon Sep 17 00:00:00 2001 +From: David Beer +Date: Mon, 11 Nov 2013 11:55:08 -0700 +Subject: [PATCH] Fix CVE 2013-4495. Note: this patch has been verified as + fixing this security hole but has not received other regression testing. + +--- + src/server/svr_mail.c | 297 ++++++++++++++++++++++++++++++-------------------- + 1 file changed, 178 insertions(+), 119 deletions(-) + +diff --git a/src/server/svr_mail.c b/src/server/svr_mail.c +index 26b6dd7..a776399 100644 +--- a/src/server/svr_mail.c ++++ b/src/server/svr_mail.c +@@ -91,6 +91,7 @@ + #include + #include + #include ++#include + #include "list_link.h" + #include "attribute.h" + #include "server_limits.h" +@@ -98,7 +99,7 @@ + #include "log.h" + #include "server.h" + #include "rpp.h" +- ++#include "utils.h" + + /* External Functions Called */ + +@@ -111,21 +112,100 @@ extern struct server server; + + extern int LOGLEVEL; + ++ ++ ++ ++/* ++ * write_email() ++ * ++ * In emailing, the mail body is written to a pipe connected to ++ * standard input for sendmail. This function supplies the body ++ * of the message. ++ * ++ */ ++void write_email( ++ ++ FILE *outmail_input, ++ job *pjob, ++ char *mailto, ++ int mailpoint, ++ char *text) ++ ++ { ++ char *bodyfmt = NULL; ++ char bodyfmtbuf[MAXLINE]; ++ char *subjectfmt = NULL; ++ ++ /* Pipe in mail headers: To: and Subject: */ ++ fprintf(outmail_input, "To: %s\n", mailto); ++ ++ /* mail subject line formating statement */ ++ if ((server.sv_attr[SRV_ATR_MailSubjectFmt].at_flags & ATR_VFLAG_SET) && ++ (server.sv_attr[SRV_ATR_MailSubjectFmt].at_val.at_str != NULL)) ++ { ++ subjectfmt = server.sv_attr[SRV_ATR_MailSubjectFmt].at_val.at_str; ++ } ++ else ++ { ++ subjectfmt = "PBS JOB %i"; ++ } ++ ++ fprintf(outmail_input, "Subject: "); ++ svr_format_job(outmail_input, pjob, subjectfmt, mailpoint, text); ++ fprintf(outmail_input, "\n"); ++ ++ /* Set "Precedence: bulk" to avoid vacation messages, etc */ ++ fprintf(outmail_input, "Precedence: bulk\n\n"); ++ ++ /* mail body formating statement */ ++ if ((server.sv_attr[SRV_ATR_MailBodyFmt].at_flags & ATR_VFLAG_SET) && ++ (server.sv_attr[SRV_ATR_MailBodyFmt].at_val.at_str != NULL)) ++ { ++ bodyfmt = server.sv_attr[SRV_ATR_MailBodyFmt].at_val.at_str; ++ } ++ else ++ { ++ bodyfmt = strcpy(bodyfmtbuf, "PBS Job Id: %i\n" ++ "Job Name: %j\n"); ++ if (pjob->ji_wattr[JOB_ATR_exec_host].at_flags & ATR_VFLAG_SET) ++ { ++ strcat(bodyfmt, "Exec host: %h\n"); ++ } ++ ++ strcat(bodyfmt, "%m\n"); ++ ++ if (text != NULL) ++ { ++ strcat(bodyfmt, "%d\n"); ++ } ++ } ++ ++ /* Now pipe in the email body */ ++ svr_format_job(outmail_input, pjob, bodyfmt, mailpoint, text); ++ } /* write_email() */ ++ ++ ++ + void svr_mailowner( + + job *pjob, /* I */ +- int mailpoint, /* note, single character */ ++ int mailpoint, /* note, single character */ + int force, /* if set to MAIL_FORCE, force mail delivery */ + char *text) /* (optional) additional message text */ + + { +- char *cmdbuf; +- int i; +- char *mailfrom; +- char mailto[1024]; +- char *bodyfmt, *subjectfmt; +- char bodyfmtbuf[1024]; +- FILE *outmail; ++ int status = 0; ++ int numargs = 0; ++ int pipes[2]; ++ int counter; ++ pid_t pid; ++ char *mailptr; ++ char *mailfrom = NULL; ++ char tmpBuf[LOG_BUF_SIZE]; ++ // We call sendmail with cmd_name + 2 arguments + # of mailto addresses + 1 for null ++ char *sendmail_args[100]; ++ char mailto[1024]; ++ FILE *stream; + + struct array_strings *pas; + +@@ -217,17 +297,12 @@ void svr_mailowner( + return; /* its all up to the child now */ + } + +- /* +- * From here on, we are a child process of the server. +- * Fix up file descriptors and signal handlers. +- */ +- +- rpp_terminate(); +- +- net_close(-1); +- ++ /* Close the rest of the open file descriptors */ ++ int numfds = sysconf(_SC_OPEN_MAX); ++ while (--numfds > 0) ++ close(numfds); ++ + /* Who is mail from, if SRV_ATR_mailfrom not set use default */ +- + if ((mailfrom = server.sv_attr[SRV_ATR_mailfrom].at_val.at_str) == NULL) + { + if (LOGLEVEL >= 5) +@@ -244,19 +319,18 @@ void svr_mailowner( + } + mailfrom = PBS_DEFAULT_MAIL; + } +- ++ + /* Who does the mail go to? If mail-list, them; else owner */ +- + *mailto = '\0'; + + if (pjob->ji_wattr[JOB_ATR_mailuser].at_flags & ATR_VFLAG_SET) + { + /* has mail user list, send to them rather than owner */ +- + pas = pjob->ji_wattr[JOB_ATR_mailuser].at_val.at_arst; + + if (pas != NULL) + { ++ int i; + for (i = 0;i < pas->as_usedptr;i++) + { + if ((strlen(mailto) + strlen(pas->as_string[i]) + 2) < sizeof(mailto)) +@@ -270,7 +344,6 @@ void svr_mailowner( + else + { + /* no mail user list, just send to owner */ +- + if ((server.sv_attr[SRV_ATR_MailDomain].at_flags & ATR_VFLAG_SET) && + (server.sv_attr[SRV_ATR_MailDomain].at_val.at_str != NULL)) + { +@@ -316,135 +389,121 @@ void svr_mailowner( + } + } + +- /* mail subject line formating statement */ +- +- if ((server.sv_attr[SRV_ATR_MailSubjectFmt].at_flags & ATR_VFLAG_SET) && +- (server.sv_attr[SRV_ATR_MailSubjectFmt].at_val.at_str != NULL)) +- { +- subjectfmt = server.sv_attr[SRV_ATR_MailSubjectFmt].at_val.at_str; +- } +- else +- { +- subjectfmt = "PBS JOB %i"; +- } +- +- /* mail body formating statement */ ++ sendmail_args[numargs++] = (char *)SENDMAIL_CMD; ++ sendmail_args[numargs++] = (char *)"-f"; ++ sendmail_args[numargs++] = (char *)mailfrom; + +- if ((server.sv_attr[SRV_ATR_MailBodyFmt].at_flags & ATR_VFLAG_SET) && +- (server.sv_attr[SRV_ATR_MailBodyFmt].at_val.at_str != NULL)) +- { +- bodyfmt = server.sv_attr[SRV_ATR_MailBodyFmt].at_val.at_str; +- } +- else ++ /* Add the e-mail addresses to the command line */ ++ mailptr = strdup(mailto); ++ sendmail_args[numargs++] = mailptr; ++ for (counter=0; counter < (int)strlen(mailptr); counter++) + { +- bodyfmt = strcpy(bodyfmtbuf, "PBS Job Id: %i\n" +- "Job Name: %j\n"); +- if (pjob->ji_wattr[JOB_ATR_exec_host].at_flags & ATR_VFLAG_SET) +- { +- strcat(bodyfmt, "Exec host: %h\n"); +- } +- +- strcat(bodyfmt, "%m\n"); +- +- if (text != NULL) ++ if (mailptr[counter] == ',') + { +- strcat(bodyfmt, "%d\n"); ++ mailptr[counter] = '\0'; ++ sendmail_args[numargs++] = mailptr + counter + 1; ++ if (numargs >= 99) ++ break; + } + } +- /* setup sendmail command line with -f from_whom */ +- +- i = strlen(SENDMAIL_CMD) + strlen(mailfrom) + strlen(mailto) + 6; + +- if ((cmdbuf = malloc(i)) == NULL) ++ sendmail_args[numargs] = NULL; ++ ++ /* Create a pipe to talk to the sendmail process we are about to fork */ ++ if (pipe(pipes) == -1) + { +- char tmpBuf[LOG_BUF_SIZE]; +- +- snprintf(tmpBuf,sizeof(tmpBuf), +- "Unable to popen() command '%s' for writing: '%s' (error %d)\n", +- cmdbuf, +- strerror(errno), +- errno); ++ snprintf(tmpBuf, sizeof(tmpBuf), "Unable to pipes for sending e-mail\n"); + log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, + PBS_EVENTCLASS_JOB, + pjob->ji_qs.ji_jobid, + tmpBuf); + +- exit(1); ++ free(mailptr); ++ exit(-1); + } + +- sprintf(cmdbuf, "%s -f %s %s", +- +- SENDMAIL_CMD, +- mailfrom, +- mailto); +- +- outmail = (FILE *)popen(cmdbuf, "w"); +- +- if (outmail == NULL) ++ if ((pid=fork()) == -1) + { +- char tmpBuf[LOG_BUF_SIZE]; +- +- snprintf(tmpBuf,sizeof(tmpBuf), +- "Unable to popen() command '%s' for writing: '%s' (error %d)\n", +- cmdbuf, +- strerror(errno), +- errno); ++ snprintf(tmpBuf, sizeof(tmpBuf), "Unable to fork for sending e-mail\n"); + log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, + PBS_EVENTCLASS_JOB, + pjob->ji_qs.ji_jobid, + tmpBuf); + ++ free(mailptr); ++ close(pipes[0]); ++ close(pipes[1]); ++ exit(-1); ++ } ++ else if (pid == 0) ++ { ++ /* CHILD */ ++ ++ /* Make stdin the read end of the pipe */ ++ dup2(pipes[0], 0); ++ ++ /* Close the rest of the open file descriptors */ ++ int numfds = sysconf(_SC_OPEN_MAX); ++ while (--numfds > 0) ++ close(numfds); ++ ++ execv(SENDMAIL_CMD, sendmail_args); ++ /* This never returns, but if the execv fails the child should exit */ + exit(1); + } ++ else ++ { ++ /* This is the parent */ + +- /* Pipe in mail headers: To: and Subject: */ ++ /* Close the read end of the pipe */ ++ close(pipes[0]); + +- fprintf(outmail, "To: %s\n", +- mailto); ++ /* Write the body to the pipe */ ++ stream = fdopen(pipes[1], "w"); ++ write_email(stream, pjob, mailto, mailpoint, text); + +- fprintf(outmail, "Subject: "); +- svr_format_job(outmail, pjob, subjectfmt, mailpoint, text); +- fprintf(outmail, "\n"); ++ fflush(stream); + +- /* Set "Precedence: bulk" to avoid vacation messages, etc */ ++ /* Close and wait for the command to finish */ ++ if (fclose(stream) != 0) ++ { ++ snprintf(tmpBuf,sizeof(tmpBuf), ++ "Piping mail body to sendmail closed: errno %d:%s\n", ++ errno, strerror(errno)); + +- fprintf(outmail, "Precedence: bulk\n\n"); ++ log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, ++ PBS_EVENTCLASS_JOB, ++ pjob->ji_qs.ji_jobid, ++ tmpBuf); ++ } + +- /* Now pipe in the email body */ +- svr_format_job(outmail, pjob, bodyfmt, mailpoint, text); ++ // we aren't going to block in order to find out whether or not sendmail worked ++ if ((waitpid(pid, &status, WNOHANG) != 0) && ++ (status != 0)) ++ { ++ snprintf(tmpBuf,sizeof(tmpBuf), ++ "Sendmail command returned %d. Mail may not have been sent\n", ++ status); + +- errno = 0; +- if ((i = pclose(outmail)) != 0) +- { +- char tmpBuf[LOG_BUF_SIZE]; ++ log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, ++ PBS_EVENTCLASS_JOB, ++ pjob->ji_qs.ji_jobid, ++ tmpBuf); ++ } + +- snprintf(tmpBuf,sizeof(tmpBuf), +- "Email '%c' to %s failed: Child process '%s' %s %d (errno %d:%s)\n", +- mailpoint, +- mailto, +- cmdbuf, +- ((WIFEXITED(i)) ? ("returned") : ((WIFSIGNALED(i)) ? ("killed by signal") : ("croaked"))), +- ((WIFEXITED(i)) ? (WEXITSTATUS(i)) : ((WIFSIGNALED(i)) ? (WTERMSIG(i)) : (i))), +- errno, +- strerror(errno)); +- log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, +- PBS_EVENTCLASS_JOB, +- pjob->ji_qs.ji_jobid, +- tmpBuf); +- } +- else if (LOGLEVEL >= 4) +- { +- log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, +- PBS_EVENTCLASS_JOB, +- pjob->ji_qs.ji_jobid, +- "Email sent successfully\n"); ++ // don't leave zombies ++ while (waitpid(-1, &status, WNOHANG) != 0) ++ { ++ // zombie reaped, NO-OP ++ } ++ ++ free(mailptr); ++ exit(0); + } ++ ++ /* NOT REACHED */ + + exit(0); +- +- /*NOTREACHED*/ +- +- return; + } /* END svr_mailowner() */ + + /* END svr_mail.c */ diff --git a/pbs-mom.service b/pbs-mom.service new file mode 100644 index 0000000..e37aeba --- /dev/null +++ b/pbs-mom.service @@ -0,0 +1,10 @@ +[Unit] +Description=pbs-mom +After=syslog.target network.target trqauthd.service + +[Service] +Type=forking +ExecStart=/usr/sbin/pbs_mom + +[Install] +WantedBy=multi-user.target diff --git a/pbs-sched.service b/pbs-sched.service new file mode 100644 index 0000000..d1bd0e0 --- /dev/null +++ b/pbs-sched.service @@ -0,0 +1,10 @@ +[Unit] +Description=pbs-sched +After=syslog.target network.target trqauthd.service + +[Service] +Type=forking +ExecStart=/usr/sbin/pbs_sched + +[Install] +WantedBy=multi-user.target diff --git a/pbs-server.service b/pbs-server.service new file mode 100644 index 0000000..7040a91 --- /dev/null +++ b/pbs-server.service @@ -0,0 +1,10 @@ +[Unit] +Description=pbs-server +After=syslog.target network.target trqauthd.service + +[Service] +Type=forking +ExecStart=/usr/sbin/pbs_server + +[Install] +WantedBy=multi-user.target diff --git a/torque.spec b/torque.spec index 71b0868..ec29554 100644 --- a/torque.spec +++ b/torque.spec @@ -71,7 +71,7 @@ Name: torque Version: 4.2.10 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Tera-scale Open-source Resource and QUEue manager Source0: http://www.adaptivecomputing.com/download/%{name}/%{name}-%{version}.tar.gz Source2: xpbs.desktop @@ -80,6 +80,10 @@ Source4: xpbs.png Source5: xpbsmon.png Source6: README.Fedora Source8: config +Source20: pbs-mom.service +Source21: pbs-sched.service +Source22: pbs-server.service +Source23: trqauthd.service # Feb 3rd 2011, I've sent a mail upstream to request the re-inclusion # of the OpenPBS license file in distribution. # I'll announce to fedora-devel once this is resolved either way. @@ -111,7 +115,12 @@ BuildRequires: tcl-devel BuildRequires: tk-devel %endif - +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +%endif %if 0%{?doxydoc} BuildRequires: graphviz @@ -119,13 +128,15 @@ BuildRequires: doxygen %if "%{?rhel}" == "5" BuildRequires: graphviz-gd %endif -%if %{?fedora}%{!?fedora:0} >= 9 +%if %{?fedora}%{!?fedora:0} >= 9 || %{?rhel}%{!?rhel:0} >= 7 BuildRequires: tex(latex) BuildRequires: tex-xtab BuildRequires: tex-sectsty BuildRequires: tex-tocloft BuildRequires: tex-multirow +%if %{?fedora}%{!?fedora:0} BuildRequires: tex-adjustbox +%endif %else %if %{?rhel}%{!?rhel:0} >= 6 BuildRequires: tex(latex) @@ -135,6 +146,8 @@ BuildRequires: tetex-latex %endif %endif +Requires(post): /bin/grep /etc/services + %description TORQUE (Tera-scale Open-source Resource and QUEue manager) is a resource manager providing control over batch jobs and distributed compute nodes. @@ -368,7 +381,7 @@ CFLAGS="%{optflags} -DUSE_INTERP_RESULT -DUSE_INTERP_ERRORLINE" make %{?_smp_mflags} -for daemon in pbs_mom pbs_sched pbs_server +for daemon in pbs_mom pbs_sched pbs_server trqauthd do sed -i -e 's|^PBS_HOME=.*|PBS_HOME=%{torquehomedir}|' \ -e 's|^PBS_DAEMON=.*|PBS_DAEMON=%{_sbindir}/'$daemon'|' \ @@ -385,11 +398,21 @@ rm -f %{buildroot}%{_libdir}/*/buildindex rm -f %{buildroot}/%{_lib}/security/pam_pbssimpleauth.{a,la} mkdir -p %{buildroot}%{_bindir} +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +# install systemd scripts +mkdir -p %{buildroot}%{_unitdir} +install -p -m 644 %{SOURCE20} %{buildroot}%{_unitdir}/ +install -p -m 644 %{SOURCE21} %{buildroot}%{_unitdir}/ +install -p -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/ +install -p -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/ +%else # install initscripts mkdir -p %{buildroot}%{_initrddir} install -p -m 755 contrib/init.d/pbs_mom %{buildroot}%{_initrddir}/pbs_mom install -p -m 755 contrib/init.d/pbs_sched %{buildroot}%{_initrddir}/pbs_sched install -p -m 755 contrib/init.d/pbs_server %{buildroot}%{_initrddir}/pbs_server +install -p -m 755 contrib/init.d/trqauthd %{buildroot}%{_initrddir}/trqauthd +%endif %if %{build_gui} # This is really trivial, but cleans up an rpmlint warning @@ -496,21 +519,17 @@ EOF rm -rf %{buildroot} %post -if grep -q "PBS services" /etc/services;then - : PBS services already installed -else - cat<<__EOF__>>/etc/services -# Standard PBS services -pbs 15001/tcp # pbs server (pbs_server) -pbs 15001/udp # pbs server (pbs_server) -pbs_mom 15002/tcp # mom to/from server -pbs_mom 15002/udp # mom to/from server -pbs_resmom 15003/tcp # mom resource management requests -pbs_resmom 15003/udp # mom resource management requests -pbs_sched 15004/tcp # scheduler -pbs_sched 15004/udp # scheduler +for srvs in pbs:15001 pbs_mon:15002 pbs_resmom:15003 pbs_sched:15004 ; do + port=${srvs/*:/} + srvs=${srvs/:*/} + for proto in tcp udp ; do + if ! grep -q $srvs'\W\W*'$port'/'$proto /etc/services;then + cat<<__EOF__>>/etc/services +$srvs $port/$proto __EOF__ -fi + fi + done +done %posttrans client /usr/sbin/alternatives --install %{_bindir}/qsub qsub %{_bindir}/qsub-torque 10 \ @@ -547,31 +566,55 @@ fi %post mom +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_post pbs-mom.service +%else /sbin/chkconfig --add pbs_mom +%endif %preun mom +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_preun pbs-mom.service +%else if [ $1 -eq 0 ]; then /sbin/service pbs_mom stop >/dev/null 2>&1 /sbin/chkconfig --del pbs_mom fi +%endif %post scheduler +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_post pbs-sched.service +%else /sbin/chkconfig --add pbs_sched +%endif %preun scheduler +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_preun pbs-sched.service +%else if [ $1 -eq 0 ]; then /sbin/service pbs_sched stop >/dev/null 2>&1 /sbin/chkconfig --del pbs_sched fi +%endif %post server +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_post pbs-server.service +%else /sbin/chkconfig --add pbs_server +%endif %preun server +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_preun pbs-server.service +%else if [ $1 -eq 0 ]; then /sbin/service pbs_server stop >/dev/null 2>&1 /sbin/chkconfig --del pbs_server fi +%endif %files %defattr(-, root, root, -) @@ -729,7 +772,11 @@ fi %{_sbindir}/qnoded %{_sbindir}/pbs_demux %{_bindir}/pbs_track +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%{_unitdir}/pbs-mom.service +%else %{_initrddir}/pbs_mom +%endif %if %{use_rcp} %attr(4755, root, root) %{_sbindir}/pbs_rcp %endif @@ -751,7 +798,11 @@ fi %defattr(-, root, root, -) %attr(0755, root, root) %{_sbindir}/pbs_sched %{_sbindir}/qschedd +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%{_unitdir}/pbs-sched.service +%else %{_initrddir}/pbs_sched +%endif %dir %{torquehomedir}/sched_priv %config(noreplace) %{torquehomedir}/sched_priv/* %{torquehomedir}/sched_logs @@ -772,7 +823,13 @@ fi %attr(0755, root, root) %{_sbindir}/momctl %attr(0755, root, root) %{_sbindir}/trqauthd %{_sbindir}/qserverd +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%{_unitdir}/pbs-server.service +%{_unitdir}/trqauthd.service +%else %{_initrddir}/pbs_server +%{_initrddir}/trqauthd.service +%endif %dir %{_var}/log/torque/server_logs %{torquehomedir}/server_logs %{torquehomedir}/server_priv @@ -814,6 +871,9 @@ fi %endif %changelog +* Fri Apr 24 2015 David Brown - 4.2.10-2 +- Bugfix - #1154413 make manipulating services better. + * Mon Apr 6 2015 David Brown - 4.2.10-1 - Updated upstream version @@ -827,6 +887,12 @@ fi - merged fedora latest into epel - This breaks old configs and should be treated carefully +* Wed Oct 01 2014 Haïkel Guémar - 3.0.4-6 +- Fix CVE-2013-4319 (RHBZ #1005918, #1005919) + +* Fri Sep 05 2014 Haïkel Guémar - 3.0.4-5 +- Fix CVE-2013-4495 (RHBZ #1029752) + * Mon Sep 01 2014 Haïkel Guémar - 4.2.8-1 - upstream 4.2.8 diff --git a/trqauthd.service b/trqauthd.service new file mode 100644 index 0000000..c581da3 --- /dev/null +++ b/trqauthd.service @@ -0,0 +1,10 @@ +[Unit] +Description=trqauthd +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/usr/sbin/trqauthd + +[Install] +WantedBy=multi-user.target