Hello community,
here is the log from the commit of package cron
checked in at Wed Feb 7 00:26:17 CET 2007.
--------
--- cron/cron.changes 2006-09-28 10:23:26.000000000 +0200
+++ /mounts/work_src_done/STABLE/cron/cron.changes 2007-02-06 17:01:04.000000000 +0100
@@ -1,0 +2,5 @@
+Tue Feb 6 17:00:40 CET 2007 - mkoenig@suse.de
+
+- set PAM_TTY [#242586]
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cron.spec ++++++
--- /var/tmp/diff_new_pack.BH3616/_old 2007-02-07 00:25:52.000000000 +0100
+++ /var/tmp/diff_new_pack.BH3616/_new 2007-02-07 00:25:52.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package cron (Version 4.1)
#
-# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -12,29 +12,29 @@
Name: cron
BuildRequires: pam-devel
URL: ftp://ftp.isc.org/isc/cron/
-License: FSR, Other License(s), see package
+License: Freely Redistributable Software (FSR)
Group: System/Daemons
Requires: smtp_daemon
Autoreqprov: on
PreReq: permissions
Version: 4.1
-Release: 53
+Release: 72
Summary: cron Daemon
Source0: vixie-%name-%version.tar.bz2
Source1: %name.init
Source2: run-crons
Source3: sample.root
Source4: deny.sample
-Patch0: vixie-%name-%version-Makefile.diff
-Patch1: vixie-%name-%version-pathnames.diff
-Patch3: vixie-%name-%version-vfork_sigchld.diff
-Patch4: vixie-%name-%version-sprintf_misc.diff
-Patch5: vixie-%name-%version-syscrondir.diff
-Patch6: vixie-%name-%version-root-allowed.diff
-Patch7: vixie-%name-%version-manpages.diff
-Patch8: vixie-%name-%version-crontab-permissions.diff
-Patch9: vixie-%name-%version-swapuids.diff
-Patch10: vixie-%name-%version-minuslog.diff
+Patch0: vixie-cron-4.1-Makefile.diff
+Patch1: vixie-cron-4.1-pathnames.diff
+Patch3: vixie-cron-4.1-vfork_sigchld.diff
+Patch4: vixie-cron-4.1-sprintf_misc.diff
+Patch5: vixie-cron-4.1-syscrondir.diff
+Patch6: vixie-cron-4.1-root-allowed.diff
+Patch7: vixie-cron-4.1-manpages.diff
+Patch8: vixie-cron-4.1-crontab-permissions.diff
+Patch9: vixie-cron-4.1-swapuids.diff
+Patch10: vixie-cron-4.1-minuslog.diff
Patch11: vixie-cron-4.1-pam.diff
Patch12: vixie-cron-4.1-sendasuser.diff
Patch13: vixie-cron-4.1-stat-no-fstat.diff
@@ -133,6 +133,8 @@
/usr/lib/cron
%changelog -n cron
+* Tue Feb 06 2007 - mkoenig@suse.de
+- set PAM_TTY [#242586]
* Wed Sep 27 2006 - mkoenig@suse.de
- relax requirements on crontab permissions [#207645]
* Fri Sep 01 2006 - kukuk@suse.de
++++++ vixie-cron-4.1-pam.diff ++++++
--- /var/tmp/diff_new_pack.BH3616/_old 2007-02-07 00:25:52.000000000 +0100
+++ /var/tmp/diff_new_pack.BH3616/_new 2007-02-07 00:25:52.000000000 +0100
@@ -1,11 +1,13 @@
---- vixie-cron-4.1/cron.8
+Index: vixie-cron-4.1/cron.8
+===================================================================
+--- vixie-cron-4.1.orig/cron.8
+++ vixie-cron-4.1/cron.8
-@@ -76,6 +76,12 @@
+@@ -76,6 +76,12 @@ jobs twice.
.PP
Time changes of more than 3 hours are considered to be corrections to
the clock or timezone, and the new time is used immediately.
+.SS PAM Access Control
-+On SUSE LINUX systems, crond now supports access control with PAM - see
++On SUSE LINUX systems, crond now supports access control with PAM - see
+.IR pam (8) .
+A PAM configuration file for crond is installed in /etc/pam.d/crond .
+crond loads the PAM environment from the pam_env module, but these
@@ -13,7 +15,7 @@
.SH SIGNALS
On receipt of a \s-2SIGHUP\s+2, the cron daemon will close and reopen its
log file. This is useful in scripts which rotate and age log files.
-@@ -90,7 +96,8 @@
+@@ -90,7 +96,8 @@ No crontab files may be executable, or b
other than their owner.
.SH "SEE ALSO"
.IR crontab (1),
@@ -23,7 +25,9 @@
.SH AUTHOR
.nf
Paul Vixie
---- vixie-cron-4.1/crond.pam
+Index: vixie-cron-4.1/crond.pam
+===================================================================
+--- /dev/null
+++ vixie-cron-4.1/crond.pam
@@ -0,0 +1,10 @@
+#
@@ -36,7 +40,9 @@
+password include common-password
+session required pam_loginuid.so
+session include common-session
---- vixie-cron-4.1/cron.h
+Index: vixie-cron-4.1/cron.h
+===================================================================
+--- vixie-cron-4.1.orig/cron.h
+++ vixie-cron-4.1/cron.h
@@ -31,6 +31,9 @@
#define CRON_VERSION "V5.0"
@@ -48,9 +54,11 @@
#include "pathnames.h"
#include "macros.h"
#include "structs.h"
---- vixie-cron-4.1/do_command.c
+Index: vixie-cron-4.1/do_command.c
+===================================================================
+--- vixie-cron-4.1.orig/do_command.c
+++ vixie-cron-4.1/do_command.c
-@@ -25,9 +25,47 @@
+@@ -25,9 +25,47 @@ static char rcsid[] = "$Id: do_command.c
#include "cron.h"
@@ -98,12 +106,10 @@
void
do_command(entry *e, user *u) {
Debug(DPROC, ("[%ld] do_command(%s, (%s,%ld,%ld))\n",
-@@ -64,7 +102,11 @@
- child_process(entry *e, user *u) {
+@@ -65,6 +103,10 @@ child_process(entry *e, user *u) {
int stdin_pipe[2], stdout_pipe[2];
char *input_data, *usernm, *mailto;
-- int children = 0;
-+ int children = 0;
+ int children = 0;
+#if defined(WITH_PAM)
+ int retcode = 0;
+#endif
@@ -111,13 +117,15 @@
Debug(DPROC, ("[%ld] child_process('%s')\n", (long)getpid(), e->cmd))
-@@ -134,6 +176,17 @@
+@@ -134,6 +176,19 @@ child_process(entry *e, user *u) {
*p = '\0';
}
+#if defined(WITH_PAM)
+ retcode = pam_start("crond", usernm, &conv, &pamh);
+ PAM_FAIL_CHECK;
++ retcode = pam_set_item(pamh, PAM_TTY, "cron");
++ PAM_FAIL_CHECK;
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
@@ -129,7 +137,7 @@
/* fork again, this time so we can exec the user's command.
*/
switch (fork()) {
-@@ -514,6 +567,12 @@
+@@ -514,6 +569,12 @@ child_process(entry *e, user *u) {
Debug(DPROC, (", dumped core"))
Debug(DPROC, ("\n"))
}
@@ -142,9 +150,11 @@
}
static int
---- vixie-cron-4.1/Makefile
+Index: vixie-cron-4.1/Makefile
+===================================================================
+--- vixie-cron-4.1.orig/Makefile
+++ vixie-cron-4.1/Makefile
-@@ -55,11 +55,12 @@
+@@ -55,11 +55,12 @@ DESTROOT = $(DESTDIR)/usr
DESTSBIN = $(DESTROOT)/sbin
DESTBIN = $(DESTROOT)/bin
DESTMAN = $(DESTROOT)/share/man
@@ -158,7 +168,7 @@
#<>
#CDEBUG = -O
CDEBUG = -O2 -pipe
-@@ -68,7 +69,7 @@
+@@ -68,7 +69,7 @@ LINTFLAGS = -hbxa $(INCLUDE) $(DEBUGGING
#<>
CC = gcc -Wall -Wno-unused -Wno-comment
#<<manifest defines>>
@@ -167,7 +177,7 @@
#(SGI IRIX systems need this)
#DEFS = -D_BSD_SIGNALS -Dconst=
#<<the name of the BSD-like install program>>
-@@ -114,6 +115,7 @@
+@@ -114,6 +115,7 @@ install : all
$(INSTALL) -c -m 4111 -o root crontab $(DESTBIN)/
# $(INSTALL) -c -m 111 -o root -g crontab cron $(DESTSBIN)/
# $(INSTALL) -c -m 2111 -o root -g crontab crontab $(DESTBIN)/
++++++ vixie-cron-4.1-privilege_escalation.patch ++++++
--- /var/tmp/diff_new_pack.BH3616/_old 2007-02-07 00:25:52.000000000 +0100
+++ /var/tmp/diff_new_pack.BH3616/_new 2007-02-07 00:25:52.000000000 +0100
@@ -1,29 +1,31 @@
---- vixie-cron-4.1/do_command.c.orig 2006-05-29 16:45:32.000000000 +0200
-+++ vixie-cron-4.1/do_command.c 2006-05-29 16:48:28.000000000 +0200
-@@ -300,12 +300,24 @@
+Index: vixie-cron-4.1/do_command.c
+===================================================================
+--- vixie-cron-4.1.orig/do_command.c
++++ vixie-cron-4.1/do_command.c
+@@ -302,12 +302,24 @@ child_process(entry *e, user *u) {
}
}
#else
- setgid(e->pwd->pw_gid);
-+
++
initgroups(usernm, e->pwd->pw_gid);
#if (defined(BSD)) && (BSD >= 199103)
setlogin(usernm);
#endif /* BSD */
- setuid(e->pwd->pw_uid); /* we aren't root after this... */
-+
++
+ if ( setgid(e->pwd->pw_gid) == -1 ) {
+ fprintf(stderr,"can't set gid for %s\n", e->pwd->pw_name);
+ _exit(1);
+ }
-+
++
+ if ( setuid(e->pwd->pw_uid) == -1 ) {
+ fprintf(stderr,"can't set uid for %s\n", e->pwd->pw_name);
+ _exit(1);
+ }
+
+ /* we aren't root after this... */
-+
++
#endif /* LOGIN_CAP */
chdir(env_get("HOME", e->envp));
++++++ vixie-cron-4.1-segfault.patch ++++++
--- /var/tmp/diff_new_pack.BH3616/_old 2007-02-07 00:25:53.000000000 +0100
+++ /var/tmp/diff_new_pack.BH3616/_new 2007-02-07 00:25:53.000000000 +0100
@@ -1,6 +1,8 @@
---- do_command.c
+Index: do_command.c
+===================================================================
+--- do_command.c.orig
+++ do_command.c
-@@ -510,24 +510,13 @@
+@@ -512,24 +512,13 @@ child_process(entry *e, user *u) {
/* this was the first char from the pipe
*/
putc(ch, mail);
@@ -28,7 +30,7 @@
Debug(DPROC, ("[%ld] closing pipe to mail\n",
(long)getpid()))
/* Note: the pclose will probably see
-@@ -537,20 +526,28 @@
+@@ -539,20 +528,28 @@ child_process(entry *e, user *u) {
* after closing its stdout.
*/
status = cron_pclose(mail);
@@ -70,7 +72,7 @@
}
} /*if data from grandchild*/
-@@ -593,7 +590,7 @@
+@@ -595,7 +592,7 @@ child_process(entry *e, user *u) {
static int
safe_p(const char *usernm, const char *s) {
++++++ vixie-cron-4.1-sendasuser.diff ++++++
--- /var/tmp/diff_new_pack.BH3616/_old 2007-02-07 00:25:53.000000000 +0100
+++ /var/tmp/diff_new_pack.BH3616/_new 2007-02-07 00:25:53.000000000 +0100
@@ -1,4 +1,6 @@
---- config.h
+Index: config.h
+===================================================================
+--- config.h.orig
+++ config.h
@@ -65,6 +65,11 @@
* generate the Date: header.
@@ -12,9 +14,11 @@
/* if you want to use syslog(3) instead of appending
* to CRONDIR/LOG_FILE (/var/cron/log, e.g.), define
* SYSLOG here. Note that quite a bit of logging
---- do_command.c
+Index: do_command.c
+===================================================================
+--- do_command.c.orig
+++ do_command.c
-@@ -417,7 +417,11 @@
+@@ -479,7 +479,11 @@ child_process(entry *e, user *u) {
perror(mailcmd);
(void) _exit(ERROR_EXIT);
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org