rpms/vixie-cron/devel vixie-cron-4.1-_49-bz178436.patch, NONE, 1.1 vixie-cron-4.1-_50-bz178931.patch, NONE, 1.1 vixie-cron.spec, 1.62, 1.63
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jan 26 19:51:54 UTC 2006
- Previous message (by thread): rpms/gnome-power-manager/devel .cvsignore, 1.8, 1.9 gnome-power-manager.spec, 1.14, 1.15 sources, 1.8, 1.9 gnome-power-manager-0.3.4-left-click.patch, 1.1, NONE
- Next message (by thread): rpms/libbonobo/devel libbonobo-2.13.1-multishlib.patch, 1.2, 1.3 libbonobo.spec, 1.31, 1.32
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jvdias
Update of /cvs/dist/rpms/vixie-cron/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv9770
Modified Files:
vixie-cron.spec
Added Files:
vixie-cron-4.1-_49-bz178436.patch
vixie-cron-4.1-_50-bz178931.patch
Log Message:
- fix bug 178436: prevent per-minute jobs being delayed into next minute
- fix bug 178931: remove pam_unix and pam_krb5 from pam session stack
vixie-cron-4.1-_49-bz178436.patch:
security.c | 31 +++++++++++++++++++++++++++++++
1 files changed, 31 insertions(+)
--- NEW FILE vixie-cron-4.1-_49-bz178436.patch ---
--- vixie-cron-4.1/security.c.bz178436 2006-01-26 14:26:55.000000000 -0500
+++ vixie-cron-4.1/security.c 2006-01-26 14:34:23.000000000 -0500
@@ -32,6 +32,16 @@
int cron_set_job_security_context( entry *e, user *u, char ***jobenv )
{
+ time_t minutely_time = 0;
+ if((e->flags & MIN_STAR)==MIN_STAR)
+ {
+ /* "minute-ly" job: Every minute for given hour/dow/month/dom.
+ * Ensure that these jobs never run in the same minute:
+ */
+ minutely_time = time(0);
+ Debug(DSCH, ("Minute-ly job. Recording time %lu\n", minutely_time))
+ }
+
if ( cron_open_security_session( e->pwd ) != 0 )
{
syslog(LOG_INFO, "CRON (%s) ERROR: failed to open PAM security session: %s",
@@ -57,12 +67,32 @@
*jobenv = build_env( e->envp );
+ log_close();
+ openlog(ProgramName, LOG_PID, LOG_CRON);
+
if ( chdir(env_get("HOME", *jobenv)) == -1 )
{
log_it("CRON", getpid(), "chdir(HOME) failed:", strerror(errno));
return -1;
}
+ time_t job_run_time = time(0L);
+
+ if( (minutely_time > 0)
+ &&((job_run_time / 60) != (minutely_time / 60))
+ )
+ {/* if a per-minute job is delayed into the next minute
+ * (eg. by network authentication method timeouts), skip it.
+ */
+ struct tm tmS, tmN;
+ localtime_r(&job_run_time, &tmN);
+ localtime_r(&minutely_time,&tmS);
+ syslog(LOG_ERR,
+ "(%s) error: Job execution of per-minute job scheduled for "
+ "%.2u:%.2u delayed into subsequent minute %.2u:%.2u. Skipping job run.",
+ e->pwd->pw_name, tmS.tm_hour, tmS.tm_min, tmN.tm_hour, tmN.tm_min);
+ return -1;
+ }
return 0;
}
@@ -96,6 +126,7 @@
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
PAM_FAIL_CHECK;
log_close(); /* PAM has now re-opened our log to auth.info ! */
+ openlog(ProgramName, LOG_PID, LOG_CRON);
#endif
return retcode;
vixie-cron-4.1-_50-bz178931.patch:
crond.pam | 7 +------
1 files changed, 1 insertion(+), 6 deletions(-)
--- NEW FILE vixie-cron-4.1-_50-bz178931.patch ---
--- vixie-cron-4.1/crond.pam.bz178931 2006-01-26 14:26:55.000000000 -0500
+++ vixie-cron-4.1/crond.pam 2006-01-26 14:33:04.000000000 -0500
@@ -7,10 +7,5 @@
auth include system-auth
account required pam_access.so
account include system-auth
-session include system-auth
session required pam_loginuid.so
-# To enable PAM user limits for cron jobs,
-# configure /etc/security/limits.conf and
-# uncomment this line:
-# session required pam_limits.so
-#
+session required pam_limits.so
Index: vixie-cron.spec
===================================================================
RCS file: /cvs/dist/rpms/vixie-cron/devel/vixie-cron.spec,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- vixie-cron.spec 10 Jan 2006 23:25:19 -0000 1.62
+++ vixie-cron.spec 26 Jan 2006 19:51:52 -0000 1.63
@@ -7,7 +7,7 @@
Summary: The Vixie cron daemon for executing specified programs at set times.
Name: vixie-cron
Version: 4.1
-Release: 44.FC5
+Release: 50.FC5
Epoch: 4
License: distributable
Group: System Environment/Base
@@ -63,6 +63,8 @@
Patch46: vixie-cron-4.1-_46-audit.patch
Patch47: vixie-cron-4.1-_47-m_option.patch
Patch48: vixie-cron-4.1-_48-security.patch
+Patch49: vixie-cron-4.1-_49-bz178436.patch
+Patch50: vixie-cron-4.1-_50-bz178931.patch
Buildroot: %{_tmppath}/%{name}-%{version}-root
Requires: syslog, bash >= 2.0
Conflicts: sysklogd < 1.4.1
@@ -142,6 +144,8 @@
%patch46 -p1 -b .audit_deny
%patch47 -p1 -b .-m_option
%patch48 -p1 -b .security
+%patch49 -p1 -b .bz178436
+%patch50 -p1 -b .bz178931
%build
make RPM_OPT_FLAGS="$RPM_OPT_FLAGS -g -DLINT -Dlint -Werror"
@@ -199,6 +203,10 @@
%config(noreplace) /etc/sysconfig/crond
%changelog
+* Thu Jan 26 2006 Jason Vas Dias<jvdias at redhat.com> - 4.1-50.FC5
+- fix bug 178436: prevent per-minute jobs being delayed into next minute
+- fix bug 178931: remove pam_unix and pam_krb5 from pam session stack
+
* Tue Jan 10 2006 Jason Vas Dias<jvdias at redhat.com>
- fix bug 177476: make minder/mailer process run as job user
with user context; re-organize PAM and SELinux code
@@ -209,12 +217,12 @@
* Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>
- rebuilt
-* Sun Nov 13 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-41-FC5
+* Sun Nov 13 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-41.FC5
- patches for IBM LSPP testing:
- Steve Grubb's patch to emit audit log message on crontab denial
- Use of sendmail unacceptable for LSPP: provide -m <mail command> option
-* Tue Oct 18 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-40-FC5
+* Tue Oct 18 2005 Jason Vas Dias <jvdias at redhat.com> - 4.1-40.FC5
- *** NOTE : please do not modify vixie-cron without contacting ***
*** the package maintainer (me at the moment). ***
*** Or at least test it first! ***
- Previous message (by thread): rpms/gnome-power-manager/devel .cvsignore, 1.8, 1.9 gnome-power-manager.spec, 1.14, 1.15 sources, 1.8, 1.9 gnome-power-manager-0.3.4-left-click.patch, 1.1, NONE
- Next message (by thread): rpms/libbonobo/devel libbonobo-2.13.1-multishlib.patch, 1.2, 1.3 libbonobo.spec, 1.31, 1.32
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list