Hello community,
here is the log from the commit of package cronie.1244 for openSUSE:12.2:Update checked in at 2013-01-29 14:51:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.2:Update/cronie.1244 (Old)
and /work/SRC/openSUSE:12.2:Update/.cronie.1244.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cronie.1244", Maintainer is ""
Changes:
--------
New Changes file:
--- /dev/null 2013-01-09 19:40:42.352580873 +0100
+++ /work/SRC/openSUSE:12.2:Update/.cronie.1244.new/cronie.changes 2013-01-29 14:51:09.000000000 +0100
@@ -0,0 +1,1045 @@
+-------------------------------------------------------------------
+Wed Jan 2 14:26:27 UTC 2013 - vdziewiecki@suse.com
+
+-Fix Bug 786096 - VUL-1: cron: does not close file descriptors
+before invocation of commands - bug-786096_cronie-fdleak.diff
+(CVE-2012-6097)
+
+-------------------------------------------------------------------
+Mon Jun 25 10:38:29 UTC 2012 - coolo@suse.com
+
+- the recommends for postfix was from a time when smtp_daemon
+ was required, now that smtp_daemon is recommended, the recommend
+ for postfix is between useless and harmful - so reduce it to a suggests
+
+-------------------------------------------------------------------
+Wed May 30 14:49:41 UTC 2012 - sweet_f_a@gmx.de
+
+- remove useless autmake dependency
+
+-------------------------------------------------------------------
+Tue Apr 10 14:28:34 UTC 2012 - tabraham@novell.com
+
+- added cronie-1.4.8-bug_756197.diff to remove references to anacron
+ in crontab.5
+
+-------------------------------------------------------------------
+Wed Jan 18 15:15:14 UTC 2012 - tabraham@novell.com
+
+- removed cronie-1.4.7-syslog_output.patch deprecated by this update
+
+- Update to 1.4.8
+ + Cron writes job output to syslog incorrectly. When cron is
+ invoked in a way to print job output to syslog, it does print
+ only the first character of the output
+ + Check orphanded crontabs for adoption
+ + Unify logging in case SyslogOutput with the rest of crond
+ + The charset of anacron's mail is always ANSI_X3.4-1968. There
+ are no setlocale in anacron's source
+ + Cronie disables inotify when the /etc/crontab file does not
+ exist at startup. Existance of crontab and directories wasn't
+ controlled before creating inotify watches.
+
+-------------------------------------------------------------------
+Wed Nov 30 14:54:08 UTC 2011 - aj@suse.de
+
+- Add dependency on ypbind and nscd (bnc#732356)
+- Do not install generic INSTALL file.
+- Use set_permissions for newer distros.
+
+-------------------------------------------------------------------
+Wed Nov 30 09:47:40 UTC 2011 - coolo@suse.com
+
+- add automake as buildrequire to avoid implicit dependency
+
+-------------------------------------------------------------------
+Tue Nov 29 17:07:07 UTC 2011 - crrodriguez@opensuse.org
+
+- Cron started before network is up [bnc#733275]
+
+-------------------------------------------------------------------
+Fri Oct 7 12:11:17 UTC 2011 - fcrozat@suse.com
+
+- Ensure service_add_post is called in %post and not verify.
+
+-------------------------------------------------------------------
+Thu Sep 29 09:17:49 UTC 2011 - fcrozat@suse.com
+
+- Use systemd macros to register cron.service.
+
+-------------------------------------------------------------------
+Sun Sep 18 00:00:19 UTC 2011 - jengelh@medozas.de
+
+- Remove redundant tags/sections from specfile
+
+-------------------------------------------------------------------
+Mon Jul 11 10:28:40 UTC 2011 - vcizek@novell.com
+
+- changed run-parts to run-crons in anacron (bnc#689494)
+
+-------------------------------------------------------------------
+Mon Jun 6 08:51:11 UTC 2011 - vcizek@novell.com
+
+- mention possibility of disabling logging to syslog in the crontab
+ manual
+- to keep compatibility with 11.3, execute the command despite
+ an unprivileged user tries to disable logging (bnc#698549)
+
+-------------------------------------------------------------------
+Wed May 11 08:27:14 UTC 2011 - vcizek@novell.com
+
+- corrected job output via syslog (bnc#692871)
+
+-------------------------------------------------------------------
+Wed Apr 27 16:56:21 UTC 2011 - vcizek@novell.com
+
+- update to 1.4.7
+ many bugs fixed (including bnc#690166)
+
+-------------------------------------------------------------------
+Thu Feb 24 12:33:31 UTC 2011 - vcizek@novell.com
+
+- bnc#662433 again:
+ added quiet option to pam config, in order to avoid logging,
+ when /etc/cron.allow is missing
+
+-------------------------------------------------------------------
+Thu Jan 6 15:25:44 UTC 2011 - vcizek@novell.com
+
+- fix for bnc#662433 :
+ Accounts with disabled user login, but listed in /etc/cron.allow
+ were unable to run cron jobs
+
+-------------------------------------------------------------------
+Fri Dec 10 12:46:12 UTC 2010 - aj@suse.de
+
+- cron.service needs to be after mta.
+
+-------------------------------------------------------------------
+Tue Dec 7 21:16:31 UTC 2010 - coolo@novell.com
+
+- prereq init script syslog
+
+-------------------------------------------------------------------
+Tue Nov 9 15:38:33 UTC 2010 - cristian.rodriguez@opensuse.org
+
+- use full RELRO here.
+
+-------------------------------------------------------------------
+Mon Nov 8 13:15:59 UTC 2010 - aj@suse.de
+
+- Fix rpm group of cronie-anacron
+
+-------------------------------------------------------------------
+Mon Nov 8 12:52:17 UTC 2010 - aj@suse.de
+
+- Fix package list.
+
+-------------------------------------------------------------------
+Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de
+
+- Use %_smp_mflags
+
+-------------------------------------------------------------------
+Wed Oct 27 09:04:54 UTC 2010 - aj@suse.de
+
+- Add cron.service for systemd.
+
+-------------------------------------------------------------------
+Wed Oct 27 08:31:19 UTC 2010 - mseben@gmail.com
+
+- Update to cronie 1.4.6
+ * man/anacron.8, man/anacrontab.5, man/cron.8, man/crontab.1,
+ man/crontab.5: Rewrite of man pages & correction
+ * man/bitstring.3: Remove useless man page
+ * Check clustering before un/watch function
+ * Remove cluster support from inotify_database
+ * The crontab command uses "-c" and "-n" instead of "-h"
+
+-------------------------------------------------------------------
+Mon Oct 25 11:08:38 UTC 2010 - coolo@novell.com
+
+- use cronie_version not cron's version for anacron
+
+-------------------------------------------------------------------
+Thu Oct 21 19:32:39 UTC 2010 - cristian.rodriguez@opensuse.org
+
+- Update to cronie 1.4.5_git201010210619
+ * Fix broken ifdef HAS_FCHOWN
+ * Cronie supports "clustering" now.
+
+-------------------------------------------------------------------
+Wed Oct 13 17:42:15 UTC 2010 - mseben@gmail.com
+
+- added scriptlets and subpackage cron for propper update
+
+-------------------------------------------------------------------
+Thu Aug 26 01:34:34 UTC 2010 - cristian.rodriguez@opensuse.org
+
+- Update to cronie 1.4.5
+- drop upstreamed patches in particular minuslog and pam_conv.
+- cronie can work without sendmail now, if absent syslog is used.
+
+-------------------------------------------------------------------
+Wed Apr 7 18:50:23 UTC 2010 - mseben@novell.com
+
+- added crond_pid.diff to finaly fix cron.pid issue which breaks
+ init script
+
+-------------------------------------------------------------------
+Thu Mar 25 14:28:30 UTC 2010 - mseben@novell.com
+
+- updated to version 1.4.4
+ * src/crontab.c: CVE-2010-0424 -- crontab -e crontab file timestamp
+ race condition
+ * configure.ac: Dynamic shared libraries -laudit There is need to
+ add -laudit into gcc options because now it's no found automatically.
+ * man/anacrontab.5: Make man page more readable based on #564206.
++++ 848 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.2:Update/.cronie.1244.new/cronie.changes
New:
----
bug-786096_cronie-fdleak.diff
cron.init
cron.service
cron.xml
cron_to_cronie.README
cronie-1.4.7-disable_logging.patch
cronie-1.4.8-bug_756197.diff
cronie-1.4.8.tar.gz
cronie-anacron-1.4.7-run-crons.patch
cronie-crond_pid.diff
cronie-nheader_lines.diff
cronie-pam_config.diff
cronie-rpmlintrc
cronie.changes
cronie.spec
deny.sample
run-crons
sample.root
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cronie.spec ++++++
#
# spec file for package cronie
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# 3 : we don't need to do something with /etc/sysconfig/cron for now
%define cron_configs \{/etc/init.d/cron,/etc/pam.d/crond,/etc/crontab,/etc/cron.deny,/etc/omc/srvinfo.d/cron.xml\}
Name: cronie
BuildRequires: audit-devel
BuildRequires: libselinux-devel
BuildRequires: pam-devel
BuildRequires: systemd
Url: https://fedorahosted.org/cronie/
Recommends: smtp_daemon
Suggests: postfix
PreReq: permissions %fillup_prereq %insserv_prereq cron sysvinit(syslog)
%{?systemd_requires}
Version: 1.4.8
Release: 0
%{expand: %%define cronie_version %version}
Summary: Cron Daemon
License: BSD-3-Clause and GPL-2.0 and MIT
Group: System/Daemons
Source0: %name-%version.tar.gz
Source1: cron.init
Source2: run-crons
Source3: sample.root
Source4: deny.sample
Source5: cron.xml
Source6: cronie-rpmlintrc
Source7: cron_to_cronie.README
Source8: cron.service
# PATCH-FEATURE-OPENSUSE cronie-pam_config.diff added pam config file from old cron
Patch3: %name-pam_config.diff
# openSUSE set NHEADER_LINES to 3 - old openSUSE cron put three lines of comments
# in top of crontab file, so we want to hide this junk comments if user edit
# crontab file with crontab -e command, patch grabbed from old openSUSE cron
Patch4: %name-nheader_lines.diff
# we use cron.pid instead of crond.pid
Patch5: %name-crond_pid.diff
# PATCH-FIX-UPSTREAM mention logging disabling for a command in man
Patch7: cronie-1.4.7-disable_logging.patch
# PATCH-FIX-UPSTREAM use run-crons instead of run-parts for anacron (bnc#689494)
Patch8: cronie-anacron-1.4.7-run-crons.patch
Patch9: cronie-1.4.8-bug_756197.diff
# PATCH-FIX-UPSTREAM bnc#786096
Patch10: bug-786096_cronie-fdleak.diff
Conflicts: cron <= 4.1
# When finish update protection of sles11 we could uncomment line bellow and drop all
# ugly hacks with subpackage cron needed for proper update proces
# Obsoletes: cron <=4.x
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
cron automatically starts programs at specific times. Add new entries
with "crontab -e". (See "man 5 crontab" and "man 1 crontab" for
documentation.)
Under /etc, find the directories cron.hourly, cron.daily, cron.weekly,
and cron.monthly. Scripts and programs that are located there are
started automatically.
%package -n cron
Version: 4.2
Release: 0
Summary: Auxiliary package
Group: System/Daemons
Requires: %{name} = %{cronie_version}-%{release}
%description -n cron
Auxiliary package, needed for proper update from vixie-cron 4.1 to cronie 1.4.4
%package anacron
Summary: Utility for running regular jobs
Group: System/Base
Requires: %{name} = %{cronie_version}
%description anacron
Anacron becames part of cronie. Anacron is used only for running regular jobs.
The default settings execute regular jobs by anacron, however this could be
overloaded in settings.
%prep
%setup -q
%patch3 -p1
%patch4
%patch5 -p1
%patch7 -p1
%patch8 -p1
%patch9
%patch10 -p1
cp %{S:7} ./cron_to_cronie.README
%build
# fill macro CRON_VERSION it is used in top three lines of crontab file,should be reworked
export CFLAGS="$RPM_OPT_FLAGS -DCRON_VERSION=\\\"%{version}\\\""
export LDFLAGS="-Wl,-z,relro,-z,now,-z,defs"
%configure --with-audit --enable-anacron --with-pam --with-selinux --with-inotify --enable-pie SPOOL_DIR="/var/spool/cron/tabs"
%{__make} %{?_smp_mflags}
%install
%makeinstall
%{__mkdir_p} -v %{buildroot}%{_localstatedir}/spool/cron/{tabs,lastrun}
%{__mkdir_p} -v %{buildroot}%{_sysconfdir}/cron.{d,hourly,daily,weekly,monthly}
%{__install} -v -m 600 %{SOURCE3} %{buildroot}/etc/crontab
%{__install} -v -m 600 %{SOURCE4} %{buildroot}/etc/cron.deny
%{__install} -v -d %{buildroot}/usr/lib/cron
%{__install} -v %{SOURCE2} %{buildroot}/usr/lib/cron
%{__install} -v -d %{buildroot}%{_sysconfdir}/init.d/
%{__install} -v -m744 %{SOURCE1} %{buildroot}%{_sysconfdir}/init.d/cron
%{__ln_s} -f ../../etc/init.d/cron %{buildroot}/usr/sbin/rccron
%{__install} -v -d %{buildroot}/%{_unitdir}
%{__install} -v -m 644 %{SOURCE8} %{buildroot}/%{_unitdir}
%{__install} -m 644 contrib/anacrontab $RPM_BUILD_ROOT%{_sysconfdir}/anacrontab
%{__install} -c -m755 contrib/0anacron $RPM_BUILD_ROOT%{_sysconfdir}/cron.hourly/0anacron
%{__mkdir_p} $RPM_BUILD_ROOT/var/spool/anacron
%{__mv} %{buildroot}%{_sbindir}/crond %{buildroot}%{_sbindir}/cron
touch $RPM_BUILD_ROOT/var/spool/anacron/cron.daily
touch $RPM_BUILD_ROOT/var/spool/anacron/cron.weekly
touch $RPM_BUILD_ROOT/var/spool/anacron/cron.monthly
# service xml
%{__install} -v -d %{buildroot}%{_sysconfdir}/omc/srvinfo.d/
%{__install} -v -m644 %{S:5} %{buildroot}%{_sysconfdir}/omc/srvinfo.d/
%pre -n cron
# check if we are doing "ugly" update from old 4.1 vixie-cron
check_cron_mail_feature=`/usr/sbin/cron --help 2>&1 | /usr/bin/grep mail`
# vixie-cron 4.1 doesn't contain mail fature
if [ -e /usr/sbin/cron -a "${check_cron_mail_feature}" == "" ]; then
# save configs for cronie post-install phase
touch /var/run/update_from_old_cron
echo $1
for conf in %{cron_configs}
do
%__mv "$conf" "$conf.bk" ||:
done
fi
%pre
if [ -e /var/run/update_from_old_cron ]; then
# restore configs
for conf in %{cron_configs}
do
%__mv "$conf.bk" "$conf" ||:
done
fi
%service_add_pre cron.service
%post
# when we are doing rename then we pretend update with set 2
if [ -e /var/run/update_from_old_cron ]; then
set 2
%restart_on_update cron
# in %%postun restart_on_update call try-restart but we don't have init script in this phase when
# we are doing "ugly" update, but don't panic, it produces only warning to stderr
echo "Please ignore message about missing init script(from postun) - when occurs, we will install init script later with cronie package"
%__mv /etc/init.d/cron /etc/init.d/cron.bk ||:
%__ln_s /bin/true /etc/init.d/cron
fi
%{fillup_and_insserv -y cron}
%if 0%{?suse_version} >= 1140
%set_permissions /etc/crontab /usr/bin/crontab
%else
%run_permissions
%endif
%service_add_post cron.service
%verifyscript
%verify_permissions -e /etc/crontab -e /usr/bin/crontab
%preun
%stop_on_removal cron
%service_del_preun cron.service
%postun
%restart_on_update cron
%insserv_cleanup
%service_del_postun cron.service
%posttrans
if [ -e /var/run/update_from_old_cron ]; then
%{__rm} /var/run/update_from_old_cron ||:
%__mv /etc/init.d/cron.bk /etc/init.d/cron ||:
fi
%post anacron
[ -e /var/spool/anacron/cron.daily ] || touch /var/spool/anacron/cron.daily
[ -e /var/spool/anacron/cron.weekly ] || touch /var/spool/anacron/cron.weekly
[ -e /var/spool/anacron/cron.monthly ] || touch /var/spool/anacron/cron.monthly
%files
%defattr(-,root,root)
%doc AUTHORS COPYING README ChangeLog
%dir %attr(700,root,root) /var/spool/cron
%dir %attr(700,root,root) /var/spool/cron/tabs
%dir /var/spool/cron/lastrun
%config /etc/init.d/cron
%config /etc/pam.d/crond
%verify(not mode) %config(noreplace) /etc/crontab
%config(noreplace) /etc/cron.deny
%{_mandir}/man1/crontab.1.gz
%{_mandir}/man5/crontab.5.gz
%{_mandir}/man8/cron.8.gz
%{_mandir}/man8/crond.8.gz
%verify(not mode) %attr (4750,root,trusted) /usr/bin/crontab
%attr (755,root,root) %{_sbindir}/cron
%{_sbindir}/rccron
/usr/lib/cron
%config %{_sysconfdir}/omc/srvinfo.d/cron.xml
%dir %{_sysconfdir}/omc/srvinfo.d/
%dir %{_sysconfdir}/omc/
%{_unitdir}/cron.service
%files anacron
%defattr(-,root,root,-)
%{_sbindir}/anacron
%attr(0755,root,root) %{_sysconfdir}/cron.hourly/0anacron
%config(noreplace) %{_sysconfdir}/anacrontab
%dir /var/spool/anacron
%ghost %verify(not md5 size mtime) /var/spool/anacron/cron.daily
%ghost %verify(not md5 size mtime) /var/spool/anacron/cron.weekly
%ghost %verify(not md5 size mtime) /var/spool/anacron/cron.monthly
%{_mandir}/man5/anacrontab.*
%{_mandir}/man8/anacron.*
%files -n cron
%defattr(-,root,root,-)
%doc cron_to_cronie.README
%changelog
++++++ bug-786096_cronie-fdleak.diff ++++++
diff --git a/src/cron.c b/src/cron.c
index 7dc2958..69261c1 100644
--- a/src/cron.c
+++ b/src/cron.c
@@ -87,22 +87,21 @@ void set_cron_watched(int fd) {
for (i = 0; i < sizeof (wd) / sizeof (wd[0]); ++i) {
int w;
- if (open(watchpaths[i], O_RDONLY | O_NONBLOCK, 0) != -1) {
- w = inotify_add_watch(fd, watchpaths[i],
- IN_CREATE | IN_CLOSE_WRITE | IN_ATTRIB | IN_MODIFY | IN_MOVED_TO |
- IN_MOVED_FROM | IN_MOVE_SELF | IN_DELETE | IN_DELETE_SELF);
- if (w < 0) {
- if (wd[i] != -1) {
- log_it("CRON", pid, "This directory or file can't be watched",
- watchpaths[i], errno);
- log_it("CRON", pid, "INFO", "running without inotify support", 0);
- }
- inotify_enabled = 0;
- set_cron_unwatched(fd);
- return;
+ w = inotify_add_watch(fd, watchpaths[i],
+ IN_CREATE | IN_CLOSE_WRITE | IN_ATTRIB | IN_MODIFY | IN_MOVED_TO |
+ IN_MOVED_FROM | IN_MOVE_SELF | IN_DELETE | IN_DELETE_SELF);
+ if (w < 0) {
+ if (wd[i] != -1) {
+ log_it("CRON", pid, "This directory or file can't be watched",
+ watchpaths[i], errno);
+ log_it("CRON", pid, "INFO", "running without inotify support",
+ 0);
}
- wd[i] = w;
+ inotify_enabled = 0;
+ set_cron_unwatched(fd);
+ return;
}
+ wd[i] = w;
}
if (!inotify_enabled) {
++++++ cron.init ++++++
#! /bin/sh
# Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany.
#
# Author: Werner Fink