From 8d663c7142248a048147670d90544ac7435dd4b1 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Jan 11 2022 09:06:30 +0000
Subject: import cronie-1.4.11-24.el7_9


---

diff --git a/SOURCES/cronie-1.4.11-getdtablesize-in-containers.patch b/SOURCES/cronie-1.4.11-getdtablesize-in-containers.patch
new file mode 100644
index 0000000..374c1a8
--- /dev/null
+++ b/SOURCES/cronie-1.4.11-getdtablesize-in-containers.patch
@@ -0,0 +1,69 @@
+From 049e5728ad3e8b48c521467fb7c3f98fb073ab54 Mon Sep 17 00:00:00 2001
+From: Flos Qi Guo <qguo@redhat.com>
+Date: Fri, 26 Nov 2021 03:32:11 +0000
+Subject: [PATCH] Avoid allocating huge arrays by maxing the fd number to
+ MAX_CLOSE_FD
+
+ - Partially backport patch from rhbz#1723106
+
+diff --git a/src/database.c b/src/database.c
+index e1ec309..73da572 100644
+--- a/src/database.c
++++ b/src/database.c
+@@ -47,9 +47,6 @@
+ #include "globals.h"
+ #include "pathnames.h"
+ 
+-#define TMAX(a,b) ((a)>(b)?(a):(b))
+-#define TMIN(a,b) ((a)<(b)?(a):(b))
+-
+ /* size of the event structure, not counting name */
+ #define EVENT_SIZE  (sizeof (struct inotify_event))
+ 
+diff --git a/src/macros.h b/src/macros.h
+index 6c7ca6d..238012a 100644
+--- a/src/macros.h
++++ b/src/macros.h
+@@ -58,6 +58,7 @@
+ #define	MAX_UNAME	256	/* max length of username  */
+ #define	ROOT_UID	0	/* don't change this, it really must be root */
+ #define	ROOT_USER	"root"	/* ditto */
++#define	MAX_CLOSE_FD	10000	/* max fd num to close when spawning a child process */
+ 
+ 				/* NOTE: these correspond to DebugFlagNames,
+ 				 *	defined below.
+@@ -126,6 +127,9 @@
+ #define	LAST_DOW	7
+ #define	DOW_COUNT	(LAST_DOW - FIRST_DOW + 1)
+ 
++#define TMAX(a,b) ((a)>(b)?(a):(b))
++#define TMIN(a,b) ((a)<(b)?(a):(b))
++
+ /*
+  * Because crontab/at files may be owned by their respective users we
+  * take extreme care in opening them.  If the OS lacks the O_NOFOLLOW
+diff --git a/src/popen.c b/src/popen.c
+index aa36ff7..6262d8c 100644
+--- a/src/popen.c
++++ b/src/popen.c
+@@ -80,12 +80,19 @@ FILE *cron_popen(char *program, const char *type, struct passwd *pw) {
+ 	if (!pids) {
+ 		if ((fds = getdtablesize()) <= 0)
+ 			return (NULL);
++		if (fds > MAX_CLOSE_FD)
++			fds = MAX_CLOSE_FD; /* avoid allocating too much memory */
+ 		if (!(pids = (PID_T *) malloc((u_int) (fds * sizeof (PID_T)))))
+ 			return (NULL);
+-		memset((char *) pids, 0, fds * sizeof (PID_T));
++		memset((char *) pids, 0, (u_int)(fds * sizeof (PID_T)));
+ 	}
+ 	if (pipe(pdes) < 0)
+ 		return (NULL);
++	if (pdes[0] >= fds || pdes[1] >= fds) {
++		(void) close(pdes[0]);
++		(void) close(pdes[1]);
++		return NULL;
++	}
+ 
+ 	/* break up string into pieces */
+ 	for (argc = 0, cp = program; argc < MAX_ARGS; cp = NULL)
diff --git a/SPECS/cronie.spec b/SPECS/cronie.spec
index 99168de..fe20e29 100644
--- a/SPECS/cronie.spec
+++ b/SPECS/cronie.spec
@@ -6,7 +6,7 @@
 Summary:   Cron daemon for executing programs at set times
 Name:      cronie
 Version:   1.4.11
-Release:   23%{?dist}
+Release:   24%{?dist}
 License:   MIT and BSD and ISC and GPLv2+
 Group:     System Environment/Base
 URL:       https://github.com/cronie-crond/cronie
@@ -31,6 +31,7 @@ Patch15:   cronie-1.4.11-race-on-crontab-modification.patch
 Patch16:   cronie-1.4.11-inherit-path.patch
 Patch17:   cronie-1.4.11-smartcard-auth.patch
 Patch18:   cronie-1.4.11-restart-on-failure.patch
+Patch19:   cronie-1.4.11-getdtablesize-in-containers.patch
 
 Requires:  dailyjobs
 
@@ -114,6 +115,7 @@ extra features.
 %patch16 -p1 -b .inherit-path
 %patch17 -p1 -b .smartcard-auth
 %patch18 -p1 -b .restart
+%patch19 -p1 -b .getdtablesize
 
 %build
 %configure \
@@ -238,6 +240,11 @@ exit 0
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs
 
 %changelog
+* Mon Nov 29 2021 Jan Staněk <jstanek@redhat.com> - 1.4.11-24
+- Limit memory allocated for file descriptors
+  Backports https://github.com/cronie-crond/cronie/commit/584911514ce6aa2f16e1d79431bac816ea62cb2c
+  Resolves: rhbz#2026289
+
 * Wed Feb 13 2019 Marcel Plch <mplch@redhat.com> - 1.4.11-23
 - Make cronie restart on failure
 - Resolves: rhbz#1651730
@@ -313,7 +320,7 @@ exit 0
 - Mass rebuild 2013-12-27
 
 * Tue Oct 15 2013 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.11-5
-- Cronie doesn't work when is executed as stand alone without systemd (for 
+- Cronie doesn't work when is executed as stand alone without systemd (for
   debuging issues)
 - Fix another permission, hopefully all now.
 - Resolves: rhbz#1012420, rhbz#1015567
@@ -433,7 +440,7 @@ exit 0
 - update to 1.4.6
 
 * Fri Aug 13 2010 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.5-4
-- 623908 fix fd leak in anacron, which caused denail of prelink 
+- 623908 fix fd leak in anacron, which caused denail of prelink
   and others
 
 * Mon Aug  9 2010 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.5-2
@@ -509,7 +516,7 @@ exit 0
 - add sendmail file into requirement, cause it's needed some MTA
 
 * Thu Sep 18 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.2-2
-- 462252  /etc/sysconfig/crond does not need to be executable 
+- 462252  /etc/sysconfig/crond does not need to be executable
 
 * Thu Jun 26 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.2-1
 - update to 1.2
@@ -536,7 +543,7 @@ exit 0
 - 431366 after reboot wasn't cron in chkconfig
 
 * Tue Feb  5 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.0-3
-- 431366 trigger part => after update from vixie-cron on cronie will 
+- 431366 trigger part => after update from vixie-cron on cronie will
 	be daemon running.
 
 * Wed Jan 30 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.0-2