diff --git a/SOURCES/cronie-1.4.11-anacron-mailto.patch b/SOURCES/cronie-1.4.11-anacron-mailto.patch new file mode 100644 index 0000000..12078d0 --- /dev/null +++ b/SOURCES/cronie-1.4.11-anacron-mailto.patch @@ -0,0 +1,90 @@ +diff -up cronie-1.4.11/anacron/runjob.c.mailto cronie-1.4.11/anacron/runjob.c +--- cronie-1.4.11/anacron/runjob.c.mailto 2013-07-18 14:27:08.000000000 +0200 ++++ cronie-1.4.11/anacron/runjob.c 2017-03-07 14:00:06.968348389 +0100 +@@ -88,10 +88,18 @@ static char * + username(void) + { + struct passwd *ps; ++ static char *user; ++ ++ if (user) ++ return user; + + ps = getpwuid(geteuid()); +- if (ps == NULL) die_e("getpwuid() error"); +- return ps->pw_name; ++ if (ps == NULL || ps->pw_name == NULL) die_e("getpwuid() error"); ++ ++ user = strdup(ps->pw_name); ++ if (user == NULL) die_e("memory allocation error"); ++ ++ return user; + } + + static void +@@ -167,6 +175,12 @@ launch_mailer(job_rec *jr) + pid_t pid; + struct stat buf; + ++ if (jr->mailto == NULL) ++ { ++ explain("Empty MAILTO set, not mailing output"); ++ return; ++ } ++ + /* Check that we have a way of sending mail. */ + if(stat(SENDMAIL, &buf)) + { +@@ -245,14 +259,12 @@ launch_job(job_rec *jr) + } + + setup_env(jr); +- ++ + /* Get the destination email address if set, or current user otherwise */ + mailto = getenv("MAILTO"); + +- if (mailto) +- jr->mailto = mailto; +- else +- jr->mailto = username (); ++ if (mailto == NULL) ++ mailto = username(); + + /* create temporary file for stdout and stderr of the job */ + temp_file(jr); fd = jr->output_fd; +@@ -262,11 +274,7 @@ launch_job(job_rec *jr) + xwrite(fd, username()); + xwrite(fd, ">\n"); + xwrite(fd, "To: "); +- if (mailto) { +- xwrite(fd, mailto); +- } else { +- xwrite(fd, username()); +- } ++ xwrite(fd, mailto); + xwrite(fd, "\n"); + xwrite(fd, "Content-Type: text/plain; charset=\""); + xwrite(fd, nl_langinfo(CODESET)); +@@ -277,6 +285,12 @@ launch_job(job_rec *jr) + xwrite(fd, hostname); + xwrite(fd, "\n\n"); + ++ if (*mailto == '\0') ++ jr->mailto = NULL; ++ else ++ /* ugly but works without strdup() */ ++ jr->mailto = mailto; ++ + jr->mail_header_size = file_size(fd); + + pid = xfork(); +@@ -305,7 +319,7 @@ tend_job(job_rec *jr, int status) + if (file_size(jr->output_fd) > jr->mail_header_size) mail_output = 1; + else mail_output = 0; + +- m = mail_output ? " (mailing output)" : ""; ++ m = mail_output ? " (produced output)" : ""; + if (WIFEXITED(status) && WEXITSTATUS(status) == 0) + explain("Job `%s' terminated%s", jr->ident, m); + else if (WIFEXITED(status)) diff --git a/SOURCES/cronie-1.4.11-crontab-root.patch b/SOURCES/cronie-1.4.11-crontab-root.patch new file mode 100644 index 0000000..5002eec --- /dev/null +++ b/SOURCES/cronie-1.4.11-crontab-root.patch @@ -0,0 +1,12 @@ +diff -up cronie-1.4.11/src/crontab.c.root cronie-1.4.11/src/crontab.c +--- cronie-1.4.11/src/crontab.c.root 2017-03-07 13:52:23.000000000 +0100 ++++ cronie-1.4.11/src/crontab.c 2017-03-07 13:53:40.491278915 +0100 +@@ -170,7 +170,7 @@ int main(int argc, char *argv[]) { + } + + #if defined(WITH_PAM) +- if (cron_start_pam(pw) != PAM_SUCCESS) { ++ if (getuid() != 0 && cron_start_pam(pw) != PAM_SUCCESS) { + fprintf(stderr, + "You (%s) are not allowed to access to (%s) because of pam configuration.\n", + User, ProgramName); diff --git a/SOURCES/cronie-1.4.11-man-file.patch b/SOURCES/cronie-1.4.11-man-file.patch new file mode 100644 index 0000000..6309a68 --- /dev/null +++ b/SOURCES/cronie-1.4.11-man-file.patch @@ -0,0 +1,15 @@ +diff -up cronie-1.4.11/man/crontab.1.man-file cronie-1.4.11/man/crontab.1 +--- cronie-1.4.11/man/crontab.1.man-file 2013-07-18 14:27:08.000000000 +0200 ++++ cronie-1.4.11/man/crontab.1 2017-03-07 13:56:19.650013901 +0100 +@@ -44,8 +44,9 @@ crontab \- maintains crontab files for i + .BR -c + .SH DESCRIPTION + .I Crontab +-is the program used to install, remove or list the tables used to serve +-the ++is the program used to install a crontab table ++.IR file , ++remove or list the existing tables used to serve the + .BR cron (8) + daemon. Each user can have their own crontab, and though these are files + in diff --git a/SOURCES/cronie-1.4.11-selinux-user.patch b/SOURCES/cronie-1.4.11-selinux-user.patch new file mode 100644 index 0000000..d2db9ec --- /dev/null +++ b/SOURCES/cronie-1.4.11-selinux-user.patch @@ -0,0 +1,55 @@ +diff -up cronie-1.4.11/src/security.c.selinux-user cronie-1.4.11/src/security.c +--- cronie-1.4.11/src/security.c.selinux-user 2017-03-07 13:52:23.076462218 +0100 ++++ cronie-1.4.11/src/security.c 2017-03-07 14:47:32.957371610 +0100 +@@ -41,8 +41,6 @@ + #ifdef WITH_SELINUX + # include + # include +-# include +-# include + # include + #endif + +@@ -476,7 +474,9 @@ get_security_context(const char *name, i + security_context_t scontext = NULL; + security_context_t file_context = NULL; + security_context_t rawcontext=NULL; +- int retval = 0; ++ context_t current_context = NULL; ++ int retval; ++ char *current_context_str = NULL; + char *seuser = NULL; + char *level = NULL; + +@@ -490,10 +490,29 @@ get_security_context(const char *name, i + log_it(name, getpid(), "getseuserbyname FAILED", name, 0); + return (security_getenforce() > 0); + } ++ ++ retval = get_default_context_with_level(seuser, level, NULL, &scontext); ++ } ++ else { ++ if (getcon(¤t_context_str) < 0) { ++ log_it(name, getpid(), "getcon FAILED", "", 0); ++ return (security_getenforce() > 0); ++ } ++ ++ current_context = context_new(current_context_str); ++ if (current_context == NULL) { ++ log_it(name, getpid(), "context_new FAILED", current_context_str, 0); ++ freecon(current_context_str); ++ return (security_getenforce() > 0); ++ } ++ ++ const char *current_user = context_user_get(current_context); ++ retval = get_default_context_with_level(current_user, level, NULL, &scontext); ++ ++ freecon(current_context_str); ++ context_free(current_context); + } + +- retval = get_default_context_with_level(name == NULL ? "system_u" : seuser, +- level, NULL, &scontext); + if (selinux_trans_to_raw_context(scontext, &rawcontext) == 0) { + freecon(scontext); + scontext = rawcontext; diff --git a/SPECS/cronie.spec b/SPECS/cronie.spec index b5dbdfd..8508969 100644 --- a/SPECS/cronie.spec +++ b/SPECS/cronie.spec @@ -6,7 +6,7 @@ Summary: Cron daemon for executing programs at set times Name: cronie Version: 1.4.11 -Release: 14%{?dist}.1 +Release: 17%{?dist} License: MIT and BSD and ISC and GPLv2+ Group: System Environment/Base URL: https://fedorahosted.org/cronie @@ -20,6 +20,10 @@ Patch5: cronie-unitfile.patch Patch6: cronie-1.4.11-refresh-users.patch Patch7: cronie-1.4.11-shutdown-msg.patch Patch8: cronie-1.4.11-temp-name.patch +Patch9: cronie-1.4.11-anacron-mailto.patch +Patch10: cronie-1.4.11-crontab-root.patch +Patch11: cronie-1.4.11-man-file.patch +Patch12: cronie-1.4.11-selinux-user.patch Requires: dailyjobs @@ -93,6 +97,10 @@ extra features. %patch6 -p1 -b .refresh-users %patch7 -p1 -b .shutdown-msg %patch8 -p1 -b .temp-name +%patch9 -p1 -b .mailto +%patch10 -p1 -b .root +%patch11 -p1 -b .man-file +%patch12 -p1 -b .selinux-user %build %configure \ @@ -217,7 +225,18 @@ exit 0 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs %changelog -* Tue Jan 23 2016 Tomáš Mráz - 1.4.11-14.1 +* Wed Mar 29 2017 Tomáš Mráz - 1.4.11-18 +- make anacron not to contradict itself in syslog + (job output does not have to be necessarily mailed) + +* Tue Mar 7 2017 Tomáš Mráz - 1.4.11-16 +- disable mail from anacron with empty MAILTO +- crontab: do not block access with PAM when running as root +- improve the crontab man page +- do not hardcode system_u selinux user but use the user from + the current context + +* Tue Feb 23 2016 Tomáš Mráz - 1.4.11-15 - crontab: use temporary filename properly ignored by crond * Tue Apr 21 2015 Tomáš Mráz - 1.4.11-14