diff --git a/CVE-2013-4319.patch b/CVE-2013-4319.patch new file mode 100644 index 0000000..e37e7df --- /dev/null +++ b/CVE-2013-4319.patch @@ -0,0 +1,26 @@ +diff --git a/src/server/process_request.c b/src/server/process_request.c +index 4817ed0..6b4c955 100644 +--- a/src/server/process_request.c ++++ b/src/server/process_request.c +@@ -679,6 +679,21 @@ void process_request( + log_buffer); + } + ++ if (svr_conn[sfds].cn_authen != PBS_NET_CONN_FROM_PRIVIL) ++ { ++ sprintf(log_buffer, "request type %s from host %s rejected (connection not privileged)", ++ reqtype_to_txt(request->rq_type), ++ request->rq_host); ++ ++ log_record(PBSEVENT_JOB, PBS_EVENTCLASS_JOB, id, log_buffer); ++ ++ req_reject(PBSE_BADHOST, 0, request, NULL, "request not authorized"); ++ ++ close_client(sfds); ++ ++ return; ++ } ++ + /* if (!tfind(svr_conn[sfds].cn_addr, &okclients)) */ + if (!AVL_is_in_tree(svr_conn[sfds].cn_addr, 0, okclients)) + { diff --git a/CVE-2013-4495.patch b/CVE-2013-4495.patch new file mode 100644 index 0000000..71c95b9 --- /dev/null +++ b/CVE-2013-4495.patch @@ -0,0 +1,411 @@ +From 64da0af7ed27284f3397081313850bba270593db Mon Sep 17 00:00:00 2001 +From: David Beer +Date: Mon, 11 Nov 2013 11:55:08 -0700 +Subject: [PATCH] Fix CVE 2013-4495. Note: this patch has been verified as + fixing this security hole but has not received other regression testing. + +--- + src/server/svr_mail.c | 297 ++++++++++++++++++++++++++++++-------------------- + 1 file changed, 178 insertions(+), 119 deletions(-) + +diff --git a/src/server/svr_mail.c b/src/server/svr_mail.c +index 26b6dd7..a776399 100644 +--- a/src/server/svr_mail.c ++++ b/src/server/svr_mail.c +@@ -91,6 +91,7 @@ + #include + #include + #include ++#include + #include "list_link.h" + #include "attribute.h" + #include "server_limits.h" +@@ -98,7 +99,7 @@ + #include "log.h" + #include "server.h" + #include "rpp.h" +- ++#include "utils.h" + + /* External Functions Called */ + +@@ -111,21 +112,100 @@ extern struct server server; + + extern int LOGLEVEL; + ++ ++ ++ ++/* ++ * write_email() ++ * ++ * In emailing, the mail body is written to a pipe connected to ++ * standard input for sendmail. This function supplies the body ++ * of the message. ++ * ++ */ ++void write_email( ++ ++ FILE *outmail_input, ++ job *pjob, ++ char *mailto, ++ int mailpoint, ++ char *text) ++ ++ { ++ char *bodyfmt = NULL; ++ char bodyfmtbuf[MAXLINE]; ++ char *subjectfmt = NULL; ++ ++ /* Pipe in mail headers: To: and Subject: */ ++ fprintf(outmail_input, "To: %s\n", mailto); ++ ++ /* mail subject line formating statement */ ++ if ((server.sv_attr[SRV_ATR_MailSubjectFmt].at_flags & ATR_VFLAG_SET) && ++ (server.sv_attr[SRV_ATR_MailSubjectFmt].at_val.at_str != NULL)) ++ { ++ subjectfmt = server.sv_attr[SRV_ATR_MailSubjectFmt].at_val.at_str; ++ } ++ else ++ { ++ subjectfmt = "PBS JOB %i"; ++ } ++ ++ fprintf(outmail_input, "Subject: "); ++ svr_format_job(outmail_input, pjob, subjectfmt, mailpoint, text); ++ fprintf(outmail_input, "\n"); ++ ++ /* Set "Precedence: bulk" to avoid vacation messages, etc */ ++ fprintf(outmail_input, "Precedence: bulk\n\n"); ++ ++ /* mail body formating statement */ ++ if ((server.sv_attr[SRV_ATR_MailBodyFmt].at_flags & ATR_VFLAG_SET) && ++ (server.sv_attr[SRV_ATR_MailBodyFmt].at_val.at_str != NULL)) ++ { ++ bodyfmt = server.sv_attr[SRV_ATR_MailBodyFmt].at_val.at_str; ++ } ++ else ++ { ++ bodyfmt = strcpy(bodyfmtbuf, "PBS Job Id: %i\n" ++ "Job Name: %j\n"); ++ if (pjob->ji_wattr[JOB_ATR_exec_host].at_flags & ATR_VFLAG_SET) ++ { ++ strcat(bodyfmt, "Exec host: %h\n"); ++ } ++ ++ strcat(bodyfmt, "%m\n"); ++ ++ if (text != NULL) ++ { ++ strcat(bodyfmt, "%d\n"); ++ } ++ } ++ ++ /* Now pipe in the email body */ ++ svr_format_job(outmail_input, pjob, bodyfmt, mailpoint, text); ++ } /* write_email() */ ++ ++ ++ + void svr_mailowner( + + job *pjob, /* I */ +- int mailpoint, /* note, single character */ ++ int mailpoint, /* note, single character */ + int force, /* if set to MAIL_FORCE, force mail delivery */ + char *text) /* (optional) additional message text */ + + { +- char *cmdbuf; +- int i; +- char *mailfrom; +- char mailto[1024]; +- char *bodyfmt, *subjectfmt; +- char bodyfmtbuf[1024]; +- FILE *outmail; ++ int status = 0; ++ int numargs = 0; ++ int pipes[2]; ++ int counter; ++ pid_t pid; ++ char *mailptr; ++ char *mailfrom = NULL; ++ char tmpBuf[LOG_BUF_SIZE]; ++ // We call sendmail with cmd_name + 2 arguments + # of mailto addresses + 1 for null ++ char *sendmail_args[100]; ++ char mailto[1024]; ++ FILE *stream; + + struct array_strings *pas; + +@@ -217,17 +297,12 @@ void svr_mailowner( + return; /* its all up to the child now */ + } + +- /* +- * From here on, we are a child process of the server. +- * Fix up file descriptors and signal handlers. +- */ +- +- rpp_terminate(); +- +- net_close(-1); +- ++ /* Close the rest of the open file descriptors */ ++ int numfds = sysconf(_SC_OPEN_MAX); ++ while (--numfds > 0) ++ close(numfds); ++ + /* Who is mail from, if SRV_ATR_mailfrom not set use default */ +- + if ((mailfrom = server.sv_attr[SRV_ATR_mailfrom].at_val.at_str) == NULL) + { + if (LOGLEVEL >= 5) +@@ -244,19 +319,18 @@ void svr_mailowner( + } + mailfrom = PBS_DEFAULT_MAIL; + } +- ++ + /* Who does the mail go to? If mail-list, them; else owner */ +- + *mailto = '\0'; + + if (pjob->ji_wattr[JOB_ATR_mailuser].at_flags & ATR_VFLAG_SET) + { + /* has mail user list, send to them rather than owner */ +- + pas = pjob->ji_wattr[JOB_ATR_mailuser].at_val.at_arst; + + if (pas != NULL) + { ++ int i; + for (i = 0;i < pas->as_usedptr;i++) + { + if ((strlen(mailto) + strlen(pas->as_string[i]) + 2) < sizeof(mailto)) +@@ -270,7 +344,6 @@ void svr_mailowner( + else + { + /* no mail user list, just send to owner */ +- + if ((server.sv_attr[SRV_ATR_MailDomain].at_flags & ATR_VFLAG_SET) && + (server.sv_attr[SRV_ATR_MailDomain].at_val.at_str != NULL)) + { +@@ -316,135 +389,121 @@ void svr_mailowner( + } + } + +- /* mail subject line formating statement */ +- +- if ((server.sv_attr[SRV_ATR_MailSubjectFmt].at_flags & ATR_VFLAG_SET) && +- (server.sv_attr[SRV_ATR_MailSubjectFmt].at_val.at_str != NULL)) +- { +- subjectfmt = server.sv_attr[SRV_ATR_MailSubjectFmt].at_val.at_str; +- } +- else +- { +- subjectfmt = "PBS JOB %i"; +- } +- +- /* mail body formating statement */ ++ sendmail_args[numargs++] = (char *)SENDMAIL_CMD; ++ sendmail_args[numargs++] = (char *)"-f"; ++ sendmail_args[numargs++] = (char *)mailfrom; + +- if ((server.sv_attr[SRV_ATR_MailBodyFmt].at_flags & ATR_VFLAG_SET) && +- (server.sv_attr[SRV_ATR_MailBodyFmt].at_val.at_str != NULL)) +- { +- bodyfmt = server.sv_attr[SRV_ATR_MailBodyFmt].at_val.at_str; +- } +- else ++ /* Add the e-mail addresses to the command line */ ++ mailptr = strdup(mailto); ++ sendmail_args[numargs++] = mailptr; ++ for (counter=0; counter < (int)strlen(mailptr); counter++) + { +- bodyfmt = strcpy(bodyfmtbuf, "PBS Job Id: %i\n" +- "Job Name: %j\n"); +- if (pjob->ji_wattr[JOB_ATR_exec_host].at_flags & ATR_VFLAG_SET) +- { +- strcat(bodyfmt, "Exec host: %h\n"); +- } +- +- strcat(bodyfmt, "%m\n"); +- +- if (text != NULL) ++ if (mailptr[counter] == ',') + { +- strcat(bodyfmt, "%d\n"); ++ mailptr[counter] = '\0'; ++ sendmail_args[numargs++] = mailptr + counter + 1; ++ if (numargs >= 99) ++ break; + } + } +- /* setup sendmail command line with -f from_whom */ +- +- i = strlen(SENDMAIL_CMD) + strlen(mailfrom) + strlen(mailto) + 6; + +- if ((cmdbuf = malloc(i)) == NULL) ++ sendmail_args[numargs] = NULL; ++ ++ /* Create a pipe to talk to the sendmail process we are about to fork */ ++ if (pipe(pipes) == -1) + { +- char tmpBuf[LOG_BUF_SIZE]; +- +- snprintf(tmpBuf,sizeof(tmpBuf), +- "Unable to popen() command '%s' for writing: '%s' (error %d)\n", +- cmdbuf, +- strerror(errno), +- errno); ++ snprintf(tmpBuf, sizeof(tmpBuf), "Unable to pipes for sending e-mail\n"); + log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, + PBS_EVENTCLASS_JOB, + pjob->ji_qs.ji_jobid, + tmpBuf); + +- exit(1); ++ free(mailptr); ++ exit(-1); + } + +- sprintf(cmdbuf, "%s -f %s %s", +- +- SENDMAIL_CMD, +- mailfrom, +- mailto); +- +- outmail = (FILE *)popen(cmdbuf, "w"); +- +- if (outmail == NULL) ++ if ((pid=fork()) == -1) + { +- char tmpBuf[LOG_BUF_SIZE]; +- +- snprintf(tmpBuf,sizeof(tmpBuf), +- "Unable to popen() command '%s' for writing: '%s' (error %d)\n", +- cmdbuf, +- strerror(errno), +- errno); ++ snprintf(tmpBuf, sizeof(tmpBuf), "Unable to fork for sending e-mail\n"); + log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, + PBS_EVENTCLASS_JOB, + pjob->ji_qs.ji_jobid, + tmpBuf); + ++ free(mailptr); ++ close(pipes[0]); ++ close(pipes[1]); ++ exit(-1); ++ } ++ else if (pid == 0) ++ { ++ /* CHILD */ ++ ++ /* Make stdin the read end of the pipe */ ++ dup2(pipes[0], 0); ++ ++ /* Close the rest of the open file descriptors */ ++ int numfds = sysconf(_SC_OPEN_MAX); ++ while (--numfds > 0) ++ close(numfds); ++ ++ execv(SENDMAIL_CMD, sendmail_args); ++ /* This never returns, but if the execv fails the child should exit */ + exit(1); + } ++ else ++ { ++ /* This is the parent */ + +- /* Pipe in mail headers: To: and Subject: */ ++ /* Close the read end of the pipe */ ++ close(pipes[0]); + +- fprintf(outmail, "To: %s\n", +- mailto); ++ /* Write the body to the pipe */ ++ stream = fdopen(pipes[1], "w"); ++ write_email(stream, pjob, mailto, mailpoint, text); + +- fprintf(outmail, "Subject: "); +- svr_format_job(outmail, pjob, subjectfmt, mailpoint, text); +- fprintf(outmail, "\n"); ++ fflush(stream); + +- /* Set "Precedence: bulk" to avoid vacation messages, etc */ ++ /* Close and wait for the command to finish */ ++ if (fclose(stream) != 0) ++ { ++ snprintf(tmpBuf,sizeof(tmpBuf), ++ "Piping mail body to sendmail closed: errno %d:%s\n", ++ errno, strerror(errno)); + +- fprintf(outmail, "Precedence: bulk\n\n"); ++ log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, ++ PBS_EVENTCLASS_JOB, ++ pjob->ji_qs.ji_jobid, ++ tmpBuf); ++ } + +- /* Now pipe in the email body */ +- svr_format_job(outmail, pjob, bodyfmt, mailpoint, text); ++ // we aren't going to block in order to find out whether or not sendmail worked ++ if ((waitpid(pid, &status, WNOHANG) != 0) && ++ (status != 0)) ++ { ++ snprintf(tmpBuf,sizeof(tmpBuf), ++ "Sendmail command returned %d. Mail may not have been sent\n", ++ status); + +- errno = 0; +- if ((i = pclose(outmail)) != 0) +- { +- char tmpBuf[LOG_BUF_SIZE]; ++ log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, ++ PBS_EVENTCLASS_JOB, ++ pjob->ji_qs.ji_jobid, ++ tmpBuf); ++ } + +- snprintf(tmpBuf,sizeof(tmpBuf), +- "Email '%c' to %s failed: Child process '%s' %s %d (errno %d:%s)\n", +- mailpoint, +- mailto, +- cmdbuf, +- ((WIFEXITED(i)) ? ("returned") : ((WIFSIGNALED(i)) ? ("killed by signal") : ("croaked"))), +- ((WIFEXITED(i)) ? (WEXITSTATUS(i)) : ((WIFSIGNALED(i)) ? (WTERMSIG(i)) : (i))), +- errno, +- strerror(errno)); +- log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, +- PBS_EVENTCLASS_JOB, +- pjob->ji_qs.ji_jobid, +- tmpBuf); +- } +- else if (LOGLEVEL >= 4) +- { +- log_event(PBSEVENT_ERROR | PBSEVENT_ADMIN | PBSEVENT_JOB, +- PBS_EVENTCLASS_JOB, +- pjob->ji_qs.ji_jobid, +- "Email sent successfully\n"); ++ // don't leave zombies ++ while (waitpid(-1, &status, WNOHANG) != 0) ++ { ++ // zombie reaped, NO-OP ++ } ++ ++ free(mailptr); ++ exit(0); + } ++ ++ /* NOT REACHED */ + + exit(0); +- +- /*NOTREACHED*/ +- +- return; + } /* END svr_mailowner() */ + + /* END svr_mail.c */ diff --git a/pbs-config-multilib b/pbs-config-multilib new file mode 100644 index 0000000..4e6d74c --- /dev/null +++ b/pbs-config-multilib @@ -0,0 +1,103 @@ +#! /bin/sh + +package="pbs" +version="2.3.8" + +prefix="/usr" +exec_prefix="/usr" +bindir="/usr/bin" +sbindir="/usr/sbin" +libexecdir="/usr/libexec" +datadir="/usr/share" +sysconfdir="/etc" +sharedstatedir="/usr/com" +localstatedir="/var" +infodir="/usr/share/info" +mandir="/usr/share/man" +includedir="/usr/include/torque" +libs="-ltorque" + +if test "$#" -eq 0; then + cat <= 7 || 0%{?fedora} > 0 +BuildRequires: systemd +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +%endif %if 0%{?doxydoc} BuildRequires: graphviz @@ -119,13 +128,15 @@ BuildRequires: doxygen %if "%{?rhel}" == "5" BuildRequires: graphviz-gd %endif -%if %{?fedora}%{!?fedora:0} >= 9 +%if %{?fedora}%{!?fedora:0} >= 9 || %{?rhel}%{!?rhel:0} >= 7 BuildRequires: tex(latex) BuildRequires: tex-xtab BuildRequires: tex-sectsty BuildRequires: tex-tocloft BuildRequires: tex-multirow +%if %{?fedora}%{!?fedora:0} BuildRequires: tex-adjustbox +%endif %else %if %{?rhel}%{!?rhel:0} >= 6 BuildRequires: tex(latex) @@ -360,7 +371,7 @@ install -pm 644 %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} \ chmod 644 torque.setup %build -CFLAGS="%{optflags} -Wno-overlength-strings -DUSE_INTERP_RESULT -DUSE_INTERP_ERRORLINE" +CFLAGS="%{optflags} -DUSE_INTERP_RESULT -DUSE_INTERP_ERRORLINE" %configure --includedir=%{_includedir}/torque \ --with-server-home=%{torquehomedir} --with-pam=/%{_lib}/security \ --with-sendmail=%{_sbindir}/sendmail --disable-static \ @@ -370,7 +381,7 @@ CFLAGS="%{optflags} -Wno-overlength-strings -DUSE_INTERP_RESULT -DUSE_INTERP_ERR make %{?_smp_mflags} -for daemon in pbs_mom pbs_sched pbs_server +for daemon in pbs_mom pbs_sched pbs_server trqauthd do sed -i -e 's|^PBS_HOME=.*|PBS_HOME=%{torquehomedir}|' \ -e 's|^PBS_DAEMON=.*|PBS_DAEMON=%{_sbindir}/'$daemon'|' \ @@ -387,18 +398,28 @@ rm -f %{buildroot}%{_libdir}/*/buildindex rm -f %{buildroot}/%{_lib}/security/pam_pbssimpleauth.{a,la} mkdir -p %{buildroot}%{_bindir} +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +# install systemd scripts +mkdir -p %{buildroot}%{_unitdir} +install -p -m 644 %{SOURCE20} %{buildroot}%{_unitdir}/ +install -p -m 644 %{SOURCE21} %{buildroot}%{_unitdir}/ +install -p -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/ +install -p -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/ +%else # install initscripts mkdir -p %{buildroot}%{_initrddir} -install -p -m 755 contrib/init.d/pbs_mom %{buildroot}%{_initrddir}/pbs_mom -install -p -m 755 contrib/init.d/pbs_sched %{buildroot}%{_initrddir}/pbs_sched -install -p -m 755 contrib/init.d/pbs_server %{buildroot}%{_initrddir}/pbs_server +install -p -m 755 contrib/init.d/pbs_mom %{buildroot}%{_initrddir}/pbs-mom +install -p -m 755 contrib/init.d/pbs_sched %{buildroot}%{_initrddir}/pbs-sched +install -p -m 755 contrib/init.d/pbs_server %{buildroot}%{_initrddir}/pbs-server +install -p -m 755 contrib/init.d/trqauthd %{buildroot}%{_initrddir}/trqauthd +%endif %if %{build_gui} # This is really trivial, but cleans up an rpmlint warning sed -i -e 's|%{_lib}/../||' %{buildroot}%{_bindir}/xpbs -desktop-file-install --dir %{buildroot}%{_datadir}/applications xpbs.desktop -desktop-file-install --dir %{buildroot}%{_datadir}/applications xpbsmon.desktop +desktop-file-install --dir %{buildroot}%{_datadir}/applications --vendor=adaptivecomputing.com xpbs.desktop +desktop-file-install --dir %{buildroot}%{_datadir}/applications --vendor=adaptivecomputing.com xpbsmon.desktop install -d %{buildroot}%{_datadir}/pixmaps install -p -m0644 xpbs.png xpbsmon.png %{buildroot}%{_datadir}/pixmaps %endif @@ -545,31 +566,55 @@ fi %post mom -/sbin/chkconfig --add pbs_mom +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_post pbs-mom.service +%else +/sbin/chkconfig --add pbs-mom +%endif %preun mom +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_preun pbs-mom.service +%else if [ $1 -eq 0 ]; then - /sbin/service pbs_mom stop >/dev/null 2>&1 - /sbin/chkconfig --del pbs_mom + /sbin/service pbs-mom stop >/dev/null 2>&1 + /sbin/chkconfig --del pbs-mom fi +%endif %post scheduler -/sbin/chkconfig --add pbs_sched +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_post pbs-sched.service +%else +/sbin/chkconfig --add pbs-sched +%endif %preun scheduler +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_preun pbs-sched.service +%else if [ $1 -eq 0 ]; then - /sbin/service pbs_sched stop >/dev/null 2>&1 - /sbin/chkconfig --del pbs_sched + /sbin/service pbs-sched stop >/dev/null 2>&1 + /sbin/chkconfig --del pbs-sched fi +%endif %post server -/sbin/chkconfig --add pbs_server +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_post pbs-server.service +%else +/sbin/chkconfig --add pbs-server +%endif %preun server +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%systemd_preun pbs-server.service +%else if [ $1 -eq 0 ]; then - /sbin/service pbs_server stop >/dev/null 2>&1 - /sbin/chkconfig --del pbs_server + /sbin/service pbs-server stop >/dev/null 2>&1 + /sbin/chkconfig --del pbs-server fi +%endif %files %defattr(-, root, root, -) @@ -577,6 +622,7 @@ fi %doc CHANGELOG PBS_License.txt README.Fedora contrib/PBS_License_2.3.txt %dir %{torquehomedir} %dir %{torquehomedir}/aux +%attr (1777,root,root,-) %{torquehomedir}/spool %dir %{torquehomedir}/spool %dir %{torquehomedir}/undelivered %{torquehomedir}/checkpoint @@ -720,9 +766,6 @@ fi %{_mandir}/man3/pbs_gpumode.3.gz %{_mandir}/man3/pbs_gpureset.3.gz %{_mandir}/man3/tm.3.* -%{_mandir}/man3/pbs_gpumode.3.gz -%{_mandir}/man3/pbs_gpureset.3.gz - %files mom %defattr(-, root, root, -) @@ -730,7 +773,11 @@ fi %{_sbindir}/qnoded %{_sbindir}/pbs_demux %{_bindir}/pbs_track -%{_initrddir}/pbs_mom +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%{_unitdir}/pbs-mom.service +%else +%{_initrddir}/pbs-mom +%endif %if %{use_rcp} %attr(4755, root, root) %{_sbindir}/pbs_rcp %endif @@ -752,7 +799,11 @@ fi %defattr(-, root, root, -) %attr(0755, root, root) %{_sbindir}/pbs_sched %{_sbindir}/qschedd -%{_initrddir}/pbs_sched +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%{_unitdir}/pbs-sched.service +%else +%{_initrddir}/pbs-sched +%endif %dir %{torquehomedir}/sched_priv %config(noreplace) %{torquehomedir}/sched_priv/* %{torquehomedir}/sched_logs @@ -773,7 +824,13 @@ fi %attr(0755, root, root) %{_sbindir}/momctl %attr(0755, root, root) %{_sbindir}/trqauthd %{_sbindir}/qserverd -%{_initrddir}/pbs_server +%if 0%{?rhel} >= 7 || 0%{?fedora} > 0 +%{_unitdir}/pbs-server.service +%{_unitdir}/trqauthd.service +%else +%{_initrddir}/pbs-server +%{_initrddir}/trqauthd +%endif %dir %{_var}/log/torque/server_logs %{torquehomedir}/server_logs %{torquehomedir}/server_priv @@ -791,25 +848,27 @@ fi %{_mandir}/man3/compat.h.3.* %{_mandir}/man3/drmaa.3.* %{_mandir}/man3/drmaa.h.3.* +%if 0%{?rhel}%{?fedora} >= 6 %{_mandir}/man3/drmaa_attr_names_s.3.* %{_mandir}/man3/drmaa_attr_values_s.3.* %{_mandir}/man3/drmaa_attrib.3.* %{_mandir}/man3/drmaa_attrib_info_s.3.* -%{_mandir}/man3/drmaa_def_attr_s.3.* +%{_mandir}/man3/drmaa_submission_context_s.3.* %{_mandir}/man3/drmaa_job_ids_s.3.* +%{_mandir}/man3/drmaa_def_attr_s.3.* +%{_mandir}/man3/pbs_attrib.3.* +%endif +%{_mandir}/man3/drmaa_viter.3.* %{_mandir}/man3/drmaa_job_iter_s.3.* %{_mandir}/man3/drmaa_job_s.3.* %{_mandir}/man3/drmaa_job_template_s.3.* %{_mandir}/man3/drmaa_jobt.3.* %{_mandir}/man3/drmaa_session.3.* %{_mandir}/man3/drmaa_session_s.3.* -%{_mandir}/man3/drmaa_submission_context_s.3.* -%{_mandir}/man3/drmaa_viter.3.* %{_mandir}/man3/error.h.3.* %{_mandir}/man3/jobs.3.* %{_mandir}/man3/jobs.h.3.* %{_mandir}/man3/lookup3.h.3.* -%{_mandir}/man3/pbs_attrib.3.* %endif %changelog @@ -829,6 +888,12 @@ fi - merged fedora latest into epel - This breaks old configs and should be treated carefully +* Wed Oct 01 2014 Haïkel Guémar - 3.0.4-6 +- Fix CVE-2013-4319 (RHBZ #1005918, #1005919) + +* Fri Sep 05 2014 Haïkel Guémar - 3.0.4-5 +- Fix CVE-2013-4495 (RHBZ #1029752) + * Mon Sep 01 2014 Haïkel Guémar - 4.2.8-1 - upstream 4.2.8 diff --git a/trqauthd.service b/trqauthd.service new file mode 100644 index 0000000..c581da3 --- /dev/null +++ b/trqauthd.service @@ -0,0 +1,10 @@ +[Unit] +Description=trqauthd +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/usr/sbin/trqauthd + +[Install] +WantedBy=multi-user.target