rpms/vixie-cron/FC-3 vixie-cron-4.1-_33-fix_selinux_segfault.patch, NONE, 1.1 vixie-cron-4.1-_34-pam_fail_close_session.patch, NONE, 1.1 vixie-cron-4.1-_35-crontab-job-control.patch, NONE, 1.1 vixie-cron-4.1-_36-pam_close_fork_fail.patch, NONE, 1.1 vixie-cron-4.1-_37-limits.patch, NONE, 1.1 vixie-cron-4.1-_38-CAN-2005-1038.patch, NONE, 1.1 vixie-cron.spec, 1.42, 1.43
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Apr 14 23:38:56 UTC 2005
- Previous message (by thread): rpms/vixie-cron/devel vixie-cron-4.1-_37-limits.patch, NONE, 1.1 vixie-cron-4.1-_38-CAN-2005-1038.patch, NONE, 1.1 vixie-cron.spec, 1.47, 1.48
- Next message (by thread): rpms/at/FC-3 at-3.1.8-pam_delete_cred.patch, NONE, 1.1 at-3.1.8-pam_fail_close_session.patch, NONE, 1.1 at.spec, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/dist/rpms/vixie-cron/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv13779
Modified Files:
vixie-cron.spec
Added Files:
vixie-cron-4.1-_33-fix_selinux_segfault.patch
vixie-cron-4.1-_34-pam_fail_close_session.patch
vixie-cron-4.1-_35-crontab-job-control.patch
vixie-cron-4.1-_36-pam_close_fork_fail.patch
vixie-cron-4.1-_37-limits.patch
vixie-cron-4.1-_38-CAN-2005-1038.patch
Log Message:
fix bugs 154575 and 154922(CAN-2005-1038)
vixie-cron-4.1-_33-fix_selinux_segfault.patch:
do_command.c | 2 +-
user.c | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
--- NEW FILE vixie-cron-4.1-_33-fix_selinux_segfault.patch ---
--- vixie-cron-4.1/user.c.fix_selinux_segfault 2005-03-15 08:34:08.143412000 -0500
+++ vixie-cron-4.1/user.c 2005-03-15 08:40:22.616563000 -0500
@@ -40,7 +40,7 @@
int crontab_fd,
security_context_t *rcontext,
const char *tabname) {
- security_context_t scontext;
+ security_context_t scontext=NULL;
security_context_t file_context=NULL;
struct av_decision avd;
int retval=0;
@@ -51,6 +51,7 @@
return -1;
} else {
log_it(name, getpid(), "No security context but SELinux in permissive mode, continuing",tabname);
+ return 0;
}
}
--- vixie-cron-4.1/do_command.c.fix_selinux_segfault 2005-03-15 08:34:08.720833000 -0500
+++ vixie-cron-4.1/do_command.c 2005-03-15 08:41:23.167952000 -0500
@@ -330,7 +330,7 @@
# endif /*DEBUGGING*/
#ifdef WITH_SELINUX
- if (is_selinux_enabled() >0 ) {
+ if ((is_selinux_enabled() >0) && (u->scontext != 0L)) {
if (setexeccon(u->scontext) < 0) {
if (security_getenforce() > 0) {
fprintf(stderr,
vixie-cron-4.1-_34-pam_fail_close_session.patch:
do_command.c | 1 +
1 files changed, 1 insertion(+)
--- NEW FILE vixie-cron-4.1-_34-pam_fail_close_session.patch ---
--- vixie-cron-4.1/do_command.c.pam_fail_close_session 2005-04-05 10:40:13.138078000 -0400
+++ vixie-cron-4.1/do_command.c 2005-04-05 10:44:42.008938000 -0400
@@ -33,6 +33,7 @@
#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ pam_close_session(pamh, PAM_SILENT); \
pam_end(pamh, retcode); exit(1); \
}
#endif
vixie-cron-4.1-_35-crontab-job-control.patch:
crontab.c | 4 +---
1 files changed, 1 insertion(+), 3 deletions(-)
--- NEW FILE vixie-cron-4.1-_35-crontab-job-control.patch ---
--- vixie-cron-4.1/crontab.c.job_control 2005-04-05 11:45:07.000000000 -0400
+++ vixie-cron-4.1/crontab.c 2005-04-07 13:07:42.851421000 -0400
@@ -463,7 +463,7 @@
/* parent */
for (;;) {
- xpid = waitpid(pid, &waiter, WUNTRACED);
+ xpid = waitpid(pid, &waiter, 0);
if (xpid == -1) {
if (errno != EINTR)
fprintf(stderr, "%s: waitpid() failed waiting for PID %ld from \"%s\": %s\n",
@@ -472,8 +472,6 @@
fprintf(stderr, "%s: wrong PID (%ld != %ld) from \"%s\"\n",
ProgramName, (long)xpid, (long)pid, editor);
goto fatal;
- } else if (WIFSTOPPED(waiter)) {
- kill(getpid(), WSTOPSIG(waiter));
} else if (WIFEXITED(waiter) && WEXITSTATUS(waiter)) {
fprintf(stderr, "%s: \"%s\" exited with status %d\n",
ProgramName, editor, WEXITSTATUS(waiter));
vixie-cron-4.1-_36-pam_close_fork_fail.patch:
do_command.c | 5 +++++
1 files changed, 5 insertions(+)
--- NEW FILE vixie-cron-4.1-_36-pam_close_fork_fail.patch ---
--- vixie-cron-4.1/do_command.c.pam_close_fork_fail 2005-04-07 13:19:38.000000000 -0400
+++ vixie-cron-4.1/do_command.c 2005-04-08 12:13:45.354702000 -0400
@@ -196,6 +196,11 @@
switch (fork()) {
case -1:
log_it("CRON", getpid(), "error", "can't fork");
+#ifdef WITH_PAM
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
+ pam_close_session(pamh, PAM_SILENT);
+ pam_end(pamh, PAM_ABORT);
+#endif
exit(ERROR_EXIT);
/*NOTREACHED*/
case 0:
vixie-cron-4.1-_37-limits.patch:
macros.h | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
--- NEW FILE vixie-cron-4.1-_37-limits.patch ---
--- vixie-cron-4.1/macros.h.limits 2004-07-21 09:31:55.000000000 -0400
+++ vixie-cron-4.1/macros.h 2005-04-14 18:11:35.475147000 -0400
@@ -44,11 +44,11 @@
#define STDERR 2 /* stderr's? */
#define ERROR_EXIT 1 /* exit() with this will scare the shell */
#define OK_EXIT 0 /* exit() with this is considered 'normal' */
-#define MAX_FNAME 100 /* max length of internally generated fn */
-#define MAX_COMMAND 1000 /* max length of internally generated cmd */
-#define MAX_ENVSTR 1000 /* max length of envvar=value\0 strings */
-#define MAX_TEMPSTR 100 /* obvious */
-#define MAX_UNAME 33 /* max length of username, should be overkill */
+#define MAX_FNAME PATH_MAX/* max length of internally generated fn */
+#define MAX_COMMAND 131072 /* max length of internally generated cmd (max sh cmd line length) */
+#define MAX_ENVSTR 131072 /* max length of envvar=value\0 strings */
+#define MAX_TEMPSTR 131072 /* obvious */
+#define MAX_UNAME 256 /* max length of username */
#define ROOT_UID 0 /* don't change this, it really must be root */
#define ROOT_USER "root" /* ditto */
vixie-cron-4.1-_38-CAN-2005-1038.patch:
crontab.c | 17 ++++++++++++++++-
1 files changed, 16 insertions(+), 1 deletion(-)
--- NEW FILE vixie-cron-4.1-_38-CAN-2005-1038.patch ---
--- vixie-cron-4.1/crontab.c.CAN-2005-1038 2005-04-14 18:39:04.356618000 -0400
+++ vixie-cron-4.1/crontab.c 2005-04-14 18:43:50.262425000 -0400
@@ -488,7 +488,7 @@
(void)signal(SIGHUP, SIG_DFL);
(void)signal(SIGINT, SIG_DFL);
(void)signal(SIGQUIT, SIG_DFL);
- if (stat(Filename, &statbuf) < 0) {
+ if (lstat(Filename, &statbuf) < 0) {
perror("fstat");
goto fatal;
}
@@ -497,6 +497,21 @@
ProgramName);
goto remove;
}
+
+ if ( (!S_ISREG(statbuf.st_mode))
+ ||(S_ISLNK(statbuf.st_mode))
+ ||(S_ISDIR(statbuf.st_mode))
+ ||(S_ISCHR(statbuf.st_mode))
+ ||(S_ISBLK(statbuf.st_mode))
+ ||(S_ISFIFO(statbuf.st_mode))
+ ||(S_ISSOCK(statbuf.st_mode))
+ )
+ {
+ fprintf(stderr, "%s: illegal crontab\n",
+ ProgramName);
+ goto remove;
+ }
+
fprintf(stderr, "%s: installing new crontab\n", ProgramName);
fclose(NewCrontab);
NewCrontab=fopen(Filename,"r+");
Index: vixie-cron.spec
===================================================================
RCS file: /cvs/dist/rpms/vixie-cron/FC-3/vixie-cron.spec,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- vixie-cron.spec 25 Feb 2005 18:49:14 -0000 1.42
+++ vixie-cron.spec 14 Apr 2005 23:38:54 -0000 1.43
@@ -7,7 +7,7 @@
Summary: The Vixie cron daemon for executing specified programs at set times.
Name: vixie-cron
Version: 4.1
-Release: 24_FC3
+Release: 33_FC3
Epoch: 1
License: distributable
Group: System Environment/Base
@@ -47,6 +47,12 @@
Patch30: vixie-cron-4.1-_30-uninitialized.patch
Patch31: vixie-cron-4.1-_31-allow_pam_access.patch
Patch32: vixie-cron-4.1-_32-no_mail_rcpt_safe_p.patch
+Patch33: vixie-cron-4.1-_33-fix_selinux_segfault.patch
+Patch34: vixie-cron-4.1-_34-pam_fail_close_session.patch
+Patch35: vixie-cron-4.1-_35-crontab-job-control.patch
+Patch36: vixie-cron-4.1-_36-pam_close_fork_fail.patch
+Patch37: vixie-cron-4.1-_37-limits.patch
+Patch38: vixie-cron-4.1-_38-CAN-2005-1038.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root
Requires: sysklogd >= 1.3.33-6, bash >= 2.0
@@ -110,6 +116,12 @@
%patch30 -p1 -b .uninitialized
%patch31 -p1 -b .allow_pam_access
%patch32 -p1 -b .no_mail_rcpt_safe_p.patch
+%patch33 -p1 -b .fix_selinux_segfault
+%patch34 -p1 -b .pam_fail_close_session
+%patch35 -p1 -b .job_control
+%patch36 -p1 -b .pam_close_fork_fail
+%patch37 -p1 -b .limits
+%patch38 -p1 -b .CAN-2005-1038
%build
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS"
@@ -167,6 +179,32 @@
%config(noreplace) /etc/sysconfig/crond
%changelog
+* Thu Apr 14 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-33_FC3
+- fix bug 154922 / CAN-2005-1038: check that new crontab is
+ regular file after editor session ends.
+- fix bug 154575: use PATH_MAX (4096) as max filename length; also make
+ limits on command line and env.var. lengths sensible (131072).
+
+* Fri Apr 08 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-33_FC3
+- do pam_close_session and pam_setcred(pamh, PAM_DELETE_CRED)
+- if fork fails
+
+* Thu Apr 07 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-33_FC3
+- fix bug 154065: crontab's job control broken: by
+- xpid = waitpid(pid,&waiter,WUNTRACED);...
+- if( WIFSTOPPED(waiter) )... kill(getpid(),WSTOPSIG(waiter));
+- crontab should not kill itself with SIGSTOP if its child
+- gets SIGSTOP; hence it does not need the waitpid WUNTRACED flag.
+
+* Tue Apr 05 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-33_FC3
+- Required for EAL Audit certification:
+- If pam_setcred should fail, the pam_session could fail to be
+- closed, leaving autofs user directories still mounted.
+
+* Tue Mar 15 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-33_FC3
+- fix bug 151145: segfault if cronjob runs without any SELinux user
+- security context (eg. in a broken chroot environment)
+
* Fri Feb 25 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-24_FC3
- Add an /etc/sysconfig/crond file for containing CRONDARGS and
- settings like CRON_VALIDATE_MAILRCPTS .
- Previous message (by thread): rpms/vixie-cron/devel vixie-cron-4.1-_37-limits.patch, NONE, 1.1 vixie-cron-4.1-_38-CAN-2005-1038.patch, NONE, 1.1 vixie-cron.spec, 1.47, 1.48
- Next message (by thread): rpms/at/FC-3 at-3.1.8-pam_delete_cred.patch, NONE, 1.1 at-3.1.8-pam_fail_close_session.patch, NONE, 1.1 at.spec, 1.21, 1.22
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list