From f5721f0cb6009f71fab428e3e335a620fbd2fa37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Thu, 11 Jul 2013 17:42:57 +0200 Subject: [PATCH 01/86] Fix missing ? in dist. --- at.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/at.spec b/at.spec index e1a2a3a..083eed7 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.13 -Release: 12%{dist} +Release: 12%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain From 64f633c84a20381ac8410d3732006d0c5617d02c Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 2 Aug 2013 21:24:31 -0500 Subject: [PATCH 02/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 083eed7..f9316c1 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.13 -Release: 12%{?dist} +Release: 13%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -187,6 +187,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0755,root,root) %{_initrddir}/atd %changelog +* Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Mon Feb 11 2013 Peter Robinson 3.1.13-12 - Fix patch to fix FTBFS with gcc 4.8 From 8bfac11a74d012ba48c5d43ae7d0685d58acb245 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Thu, 19 Sep 2013 16:54:01 +0200 Subject: [PATCH 03/86] Fix dates because rpm is now checking if date exists. Sigh. --- at.spec | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/at.spec b/at.spec index f9316c1..689fb8b 100644 --- a/at.spec +++ b/at.spec @@ -346,7 +346,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Mon Dec 3 2007 Marcela Maslanova - 3.1.10-19 - another problem with permission -* Fri Oct 30 2007 Marcela Maslanova - 3.1.10-18 +* Tue Oct 30 2007 Marcela Maslanova - 3.1.10-18 - Bug 398981: change on correct permissions * Fri Oct 05 2007 Marcela Maslanova - 3.1.10-17 @@ -356,12 +356,12 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - macro with_pam instead of have_pam - license tag is gplv2+ because of license in source files -* Tue Jul 11 2007 Marcela Maslanova - 3.1.10-15 +* Wed Jul 11 2007 Marcela Maslanova - 3.1.10-15 - rewrite init script - add own session - setsid - Resolves: rhbz#247091 -* Tue Jul 9 2007 Marcela Maslanova - 3.1.10-14 +* Mon Jul 9 2007 Marcela Maslanova - 3.1.10-14 - feature: add configuration file - fix -V option - fix init script @@ -378,13 +378,13 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - mistake in pam_atd - rhbz#234120 -* Tue Mar 05 2007 Marcela Maslanova - 3.1.10-10 +* Mon Mar 05 2007 Marcela Maslanova - 3.1.10-10 - rhbz#224597 -* Mon Mar 03 2007 Marcela Maslanova - 3.1.10-9 +* Sat Mar 03 2007 Marcela Maslanova - 3.1.10-9 - review -* Wed Feb 20 2007 Marcela Maslanova - 3.1.10-8 +* Tue Feb 20 2007 Marcela Maslanova - 3.1.10-8 - review - rhbz#225288 @@ -393,7 +393,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - new pam configuration - rhbz#224597 -* Tue Oct 27 2006 Marcela Maslanova - 3.1.10-6 +* Fri Oct 27 2006 Marcela Maslanova - 3.1.10-6 - fix daylight-saving again - fix #214759 - problem with seteuid @@ -403,7 +403,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Tue Oct 24 2006 Marcela Maslanova - 3.1.10-3 - new version from upstream 3.1.10 -* Thu Aug 23 2006 Marcela Maslanova - 3.1.8-82.fc6 +* Wed Aug 23 2006 Marcela Maslanova - 3.1.8-82.fc6 - #176486 don't fork option added (patch from Enrico Scholz) * Wed Jul 12 2006 Jesse Keating - 3.1.8-81.2 @@ -416,7 +416,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - rebuild for new gcc, glibc, glibc-kernheaders - workaround new refusal of /usr/bin/install to chown -* Fri Dec 18 2005 Jason Vas Dias - 3.1.8-80.2 +* Sun Dec 18 2005 Jason Vas Dias - 3.1.8-80.2 - rebuild for new flex * Fri Dec 16 2005 Jesse Keating @@ -556,7 +556,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Wed Nov 27 2002 Tim Powers 3.1.8-32 - remove unpackaged files from the buildroot -* Tue Jul 25 2002 Bill Huang +* Thu Jul 25 2002 Bill Huang - Fixed delaying job execution and missing starting jobs..(bug#69595) (Thanks Bujor D Silaghi for his patch.) @@ -594,7 +594,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Thu Aug 2 2001 Crutcher Dunnavant 3.1.8-20 - updated patch update, still bug #46546 -* Mon Jul 18 2001 Crutcher Dunnavant +* Wed Jul 18 2001 Crutcher Dunnavant - applied enrico.scholz@informatik.tu-chemnitz.de's change to the env patch to - address bug #46546 @@ -614,7 +614,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Fri Feb 2 2001 Trond Eivind Glomsrød - i18nize initscript -* Wed Dec 12 2000 Bill Nottingham +* Tue Dec 12 2000 Bill Nottingham - fix documentation of which shell commands will be run with (#22216) * Wed Aug 23 2000 Crutcher Dunnavant From abcc660cd9ad425e07d4959f53ac8def6280a9de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Thu, 19 Sep 2013 17:25:27 +0200 Subject: [PATCH 04/86] Change makefile to work with latest release. --- at-3.1.14-makefile.patch | 82 ++++++++++++++++++++++++++++++++++++++++ at.spec | 26 ++++++------- 2 files changed, 95 insertions(+), 13 deletions(-) create mode 100644 at-3.1.14-makefile.patch diff --git a/at-3.1.14-makefile.patch b/at-3.1.14-makefile.patch new file mode 100644 index 0000000..2ffb4a8 --- /dev/null +++ b/at-3.1.14-makefile.patch @@ -0,0 +1,82 @@ +diff -up at-3.1.14/Makefile.in.make at-3.1.14/Makefile.in +--- at-3.1.14/Makefile.in.make 2013-09-08 14:43:53.000000000 +0200 ++++ at-3.1.14/Makefile.in 2013-09-19 16:48:03.605192754 +0200 +@@ -67,13 +67,13 @@ LIST = Filelist Filelist.asc + all: at atd atd.service atrun + + at: $(ATOBJECTS) +- $(CC) $(LDFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) ++ $(CC) $(LDFLAGS) -o at pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm + + atd: $(RUNOBJECTS) +- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) ++ $(CC) $(LDFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) + + y.tab.c y.tab.h: parsetime.y + $(YACC) -d parsetime.y +@@ -88,38 +88,41 @@ atrun: atrun.in + configure + + .c.o: +- $(CC) -c $(CFLAGS) $(DEFS) $*.c ++ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c + + install: all +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) +- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) ++ $(INSTALL) root -m 755 -d $(IROOT)$(etcdir) ++ $(INSTALL) root -m 755 -d $(IROOT)$(bindir) ++ $(INSTALL) root -m 755 -d $(IROOT)$(sbindir) ++ $(INSTALL) root -m 755 -d $(IROOT)$(docdir) ++ $(INSTALL) root -m 755 -d $(IROOT)$(atdocdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/ ++ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) ++ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) ++ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) + touch $(IROOT)$(LFILE) + chmod 600 $(IROOT)$(LFILE) + chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) +- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir) ++ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ ++ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd ++ $(INSTALL) -m 4755 at $(IROOT)$(bindir) + $(LN_S) -f at $(IROOT)$(bindir)/atq + $(LN_S) -f at $(IROOT)$(bindir)/atrm +- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) +- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) +- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ ++ $(INSTALL) -m 755 batch $(IROOT)$(bindir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) ++ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) ++ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) ++ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) ++ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ + cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 +- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ ++ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ + sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman +- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 ++ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 + rm -f tmpman +- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/ ++ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/ + cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5 +- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) ++ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) + rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ + $(IROOT)$(mandir)/cat1/atq.1* + rm -f $(IROOT)$(mandir)/cat1/atd.8* diff --git a/at.spec b/at.spec index 689fb8b..fa3823a 100644 --- a/at.spec +++ b/at.spec @@ -2,8 +2,8 @@ Summary: Job spooling tools Name: at -Version: 3.1.13 -Release: 13%{?dist} +Version: 3.1.14 +Release: 1%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -17,7 +17,7 @@ Source2: atd.init Source3: atd.sysconf Source5: atd.systemd -Patch1: at-3.1.13-makefile.patch +Patch1: at-3.1.14-makefile.patch Patch2: at-3.1.12-opt_V.patch Patch3: at-3.1.12-shell.patch Patch4: at-3.1.13-nitpicks.patch @@ -71,16 +71,16 @@ is not used as the system init process. %setup -q cp %{SOURCE1} . %patch1 -p1 -b .make -%patch2 -p1 -b .opt_V -%patch3 -p1 -b .shell -%patch4 -p1 -b .nit -%patch5 -p1 -b .pam -%patch6 -p1 -b .selinux -%patch7 -p1 -b .nowrap -%patch8 -p1 -b .export -%patch9 -p1 -b .mail -%patch10 -p1 -b .posix -%patch11 -p1 -b .help +#%%patch2 -p1 -b .opt_V +#%%patch3 -p1 -b .shell +#%%patch4 -p1 -b .nit +#%%patch5 -p1 -b .pam +#%%patch6 -p1 -b .selinux +#%%patch7 -p1 -b .nowrap +#%%patch8 -p1 -b .export +#%%patch9 -p1 -b .mail +#%%patch10 -p1 -b .posix +#%%patch11 -p1 -b .help %build # patch9 touches configure.in From 6daadbc27894fe306ce38329d24b9eba18b283f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Thu, 26 Sep 2013 14:11:08 +0200 Subject: [PATCH 05/86] Fix missing - in Makefile patch, change specfile to enable only whats needed. --- at-3.1.14-makefile.patch | 2 +- at.spec | 30 +++++++++++++++++++----------- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/at-3.1.14-makefile.patch b/at-3.1.14-makefile.patch index 2ffb4a8..816f335 100644 --- a/at-3.1.14-makefile.patch +++ b/at-3.1.14-makefile.patch @@ -6,7 +6,7 @@ diff -up at-3.1.14/Makefile.in.make at-3.1.14/Makefile.in at: $(ATOBJECTS) - $(CC) $(LDFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(LDFLAGS) -o at pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) ++ $(CC) $(LDFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) rm -f $(CLONES) $(LN_S) -f at atq $(LN_S) -f at atrm diff --git a/at.spec b/at.spec index fa3823a..c27d4af 100644 --- a/at.spec +++ b/at.spec @@ -18,16 +18,18 @@ Source3: atd.sysconf Source5: atd.systemd Patch1: at-3.1.14-makefile.patch -Patch2: at-3.1.12-opt_V.patch -Patch3: at-3.1.12-shell.patch -Patch4: at-3.1.13-nitpicks.patch -Patch5: at-3.1.13-pam.patch -Patch6: at-3.1.13-selinux.patch -Patch7: at-3.1.12-nowrap.patch -Patch8: at-3.1.12-fix_no_export.patch -Patch9: at-3.1.13-mailwithhostname.patch -Patch10: at-3.1.13-usePOSIXtimers.patch -Patch11: at-3.1.13-help.patch +Patch2: at-3.1.14-pam.patch +Patch3: at-3.1.14-selinux.patch +#Patch2: at-3.1.12-opt_V.patch +#Patch3: at-3.1.12-shell.patch +#Patch4: at-3.1.13-nitpicks.patch +#Patch5: at-3.1.13-pam.patch +#Patch6: at-3.1.13-selinux.patch +#Patch7: at-3.1.12-nowrap.patch +#Patch8: at-3.1.12-fix_no_export.patch +#Patch9: at-3.1.13-mailwithhostname.patch +#Patch10: at-3.1.13-usePOSIXtimers.patch +#Patch11: at-3.1.13-help.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -71,6 +73,8 @@ is not used as the system init process. %setup -q cp %{SOURCE1} . %patch1 -p1 -b .make +#%%patch2 -p1 -b .pam +#%%patch3 -p1 -b .selinux #%%patch2 -p1 -b .opt_V #%%patch3 -p1 -b .shell #%%patch4 -p1 -b .nit @@ -187,6 +191,10 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0755,root,root) %{_initrddir}/atd %changelog +* Mon Sep 23 2013 Marcela Mašláňová - 3.1.14-1 +- new release 3.1.14 +- all Fedora specifics backported + * Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild @@ -225,7 +233,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ * Wed Oct 26 2011 Fedora Release Engineering - 3.1.13-4 - Rebuilt for glibc bug#747377 -* Wed Sep 4 2011 Marcela Mašláňová - 3.1.13-3 +* Sun Sep 4 2011 Marcela Mašláňová - 3.1.13-3 - 729742 fix 56atd script for systemd * Mon Aug 15 2011 Marcela Mašláňová - 3.1.13-2 From 00ae67b7754c8a3d37e69d0c04274aeed6b368a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Thu, 26 Sep 2013 16:36:47 +0200 Subject: [PATCH 06/86] Change patch for PAM. --- at-3.1.14-pam.patch | 446 ++++++++++++++++++++++++++++++++++++++++++++ at.spec | 4 +- 2 files changed, 447 insertions(+), 3 deletions(-) create mode 100644 at-3.1.14-pam.patch diff --git a/at-3.1.14-pam.patch b/at-3.1.14-pam.patch new file mode 100644 index 0000000..4550281 --- /dev/null +++ b/at-3.1.14-pam.patch @@ -0,0 +1,446 @@ +diff -up at-3.1.14/at.c.pam at-3.1.14/at.c +--- at-3.1.14/at.c.pam 2013-09-08 14:43:53.000000000 +0200 ++++ at-3.1.14/at.c 2013-09-26 14:28:40.549603545 +0200 +@@ -144,18 +144,14 @@ sigc(int signo) + /* If the user presses ^C, remove the spool file and exit + */ + if (fcreated) { +- /* ++ + PRIV_START +- ++ /* + We need the unprivileged uid here since the file is owned by the real + (not effective) uid. + */ +- setregid(real_gid, effective_gid); +- unlink(atfile); +- setregid(effective_gid, real_gid); +- /* ++ unlink(atfile); + PRIV_END +- */ + } + exit(EXIT_FAILURE); + } +@@ -315,26 +311,19 @@ writefile(time_t runtimer, char queue) + * bit. Yes, this is a kluge. + */ + cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); +- seteuid(real_uid); ++ if ((seteuid(effective_uid)) < 0) ++ perr("Error in seteuid: %s", errno); + if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) + perr("Cannot create atjob file %.500s", atfile); +- seteuid(effective_uid); + + if ((fd2 = dup(fd)) < 0) + perr("Error in dup() of job file"); + +- /* + if (fchown(fd2, real_uid, real_gid) != 0) +- perr("Cannot give away file"); +- */ ++ perr("Cannot give real_uid and real_gid the file"); + + PRIV_END + +- /* We no longer need suid root; now we just need to be able to write +- * to the directory, if necessary. +- */ +- +- REDUCE_PRIV(daemon_uid, daemon_gid) + /* We've successfully created the file; let's set the flag so it + * gets removed in case of an interrupt or error. + */ +@@ -654,7 +643,7 @@ process_jobs(int argc, char **argv, int + We need the unprivileged uid here since the file is owned by the real + (not effective) uid. + */ +- setregid(real_gid, effective_gid); ++ PRIV_START + + if (queue == '=') { + fprintf(stderr, "Warning: deleting running job\n"); +@@ -664,7 +653,7 @@ process_jobs(int argc, char **argv, int + rc = EXIT_FAILURE; + } + +- setregid(effective_gid, real_gid); ++ PRIV_END + done = 1; + + break; +@@ -674,7 +663,7 @@ process_jobs(int argc, char **argv, int + FILE *fp; + int ch; + +- setregid(real_gid, effective_gid); ++ PRIV_START + fp = fopen(dirent->d_name, "r"); + + if (fp) { +@@ -687,7 +676,7 @@ process_jobs(int argc, char **argv, int + perr("Cannot open %.500s", dirent->d_name); + rc = EXIT_FAILURE; + } +- setregid(effective_gid, real_gid); ++ PRIV_END + } + break; + +diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c +--- at-3.1.14/atd.c.pam 2013-09-08 14:43:53.000000000 +0200 ++++ at-3.1.14/atd.c 2013-09-26 15:04:28.762185123 +0200 +@@ -83,6 +83,10 @@ + #include "getloadavg.h" + #endif + ++#ifndef LOG_ATD ++#define LOG_ATD LOG_DAEMON ++#endif ++ + /* Macros */ + + #define BATCH_INTERVAL_DEFAULT 60 +@@ -108,7 +112,7 @@ static int run_as_daemon = 0; + + static volatile sig_atomic_t term_signal = 0; + +-#ifdef HAVE_PAM ++#ifdef WITH_PAM + #include + + static pam_handle_t *pamh = NULL; +@@ -117,15 +121,7 @@ static const struct pam_conv conv = { + NULL + }; + +-#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ +- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ +- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ +- pam_end(pamh, retcode); exit(1); \ +- } +-#define PAM_END { retcode = pam_close_session(pamh,0); \ +- pam_end(pamh,retcode); } +- +-#endif /* HAVE_PAM */ ++#endif /* WITH_PAM */ + + /* Signal handlers */ + RETSIGTYPE +@@ -220,7 +216,7 @@ run_file(const char *filename, uid_t uid + char fmt[64]; + unsigned long jobno; + int rc; +-#ifdef HAVE_PAM ++#ifdef WTIH_PAM + int retcode; + #endif + +@@ -377,17 +373,11 @@ run_file(const char *filename, uid_t uid + fstat(fd_out, &buf); + size = buf.st_size; + +-#ifdef HAVE_PAM +- PRIV_START +- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); +- PAM_FAIL_CHECK; +- retcode = pam_acct_mgmt(pamh, PAM_SILENT); +- PAM_FAIL_CHECK; +- retcode = pam_open_session(pamh, PAM_SILENT); +- PAM_FAIL_CHECK; +- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); +- PAM_FAIL_CHECK; +- PRIV_END ++#ifdef WITH_PAM ++ AT_START_PAM; ++ AT_OPEN_PAM_SESSION; ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); + #endif + + close(STDIN_FILENO); +@@ -401,6 +391,14 @@ run_file(const char *filename, uid_t uid + else if (pid == 0) { + char *nul = NULL; + char **nenvp = &nul; ++ char **pam_envp=0L; ++ ++ PRIV_START ++#ifdef WITH_PAM ++ pam_envp = pam_getenvlist(pamh); ++ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) ++ nenvp = pam_envp; ++#endif + + /* Set up things for the child; we want standard input from the + * input file, and standard output and error sent to our output file. +@@ -420,8 +418,6 @@ run_file(const char *filename, uid_t uid + close(fd_in); + close(fd_out); + +- PRIV_START +- + nice((tolower((int) queue) - 'a' + 1) * 2); + + if (initgroups(pentry->pw_name, pentry->pw_gid)) +@@ -438,6 +434,17 @@ run_file(const char *filename, uid_t uid + if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) + perr("Exec failed for /bin/sh"); + ++#ifdef WITH_PAM ++ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) ++ { ++ for( nenvp = pam_envp; *nenvp != 0L; nenvp++) ++ free(*nenvp); ++ free( pam_envp ); ++ nenvp = &nul; ++ pam_envp=0L; ++ } ++#endif ++ + PRIV_END + } + /* We're the parent. Let's wait. +@@ -450,14 +457,6 @@ run_file(const char *filename, uid_t uid + */ + waitpid(pid, (int *) NULL, 0); + +-#ifdef HAVE_PAM +- PRIV_START +- pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); +- retcode = pam_close_session(pamh, PAM_SILENT); +- pam_end(pamh, retcode); +- PRIV_END +-#endif +- + /* Send mail. Unlink the output file after opening it, so it + * doesn't hang around after the run. + */ +@@ -488,7 +487,20 @@ run_file(const char *filename, uid_t uid + unlink(newname); + free(newname); + ++#ifdef ATD_MAIL_PROGRAM + if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { ++ int mail_pid = -1; ++#ifdef WITH_PAM ++ AT_START_PAM; ++ AT_OPEN_PAM_SESSION; ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); ++#endif ++ ++ mail_pid = fork(); ++ ++ if ( mail_pid == 0 ) ++ { + + PRIV_START + +@@ -511,7 +523,20 @@ run_file(const char *filename, uid_t uid + perr("Exec failed for mail command"); + + PRIV_END ++ else if ( mail_pid == -1 ) { ++ perr("fork of mailer failed"); ++ } ++ else { ++ /* Parent */ ++ waitpid(mail_pid, (int *) NULL, 0); ++ } ++#ifdef WITH_PAM ++ AT_CLOSE_PAM; ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); ++#endif + } ++#endif /* ATD_MAIL_PROGRAM */ + exit(EXIT_SUCCESS); + } + +@@ -727,7 +752,7 @@ main(int argc, char *argv[]) + #define LOG_CRON LOG_DAEMON + #endif + +- openlog("atd", LOG_PID, LOG_CRON); ++ openlog("atd", LOG_PID, LOG_ATD); + + opterr = 0; + errno = 0; +diff -up at-3.1.14/config.h.in.pam at-3.1.14/config.h.in +--- at-3.1.14/config.h.in.pam 2013-09-08 14:43:53.000000000 +0200 ++++ at-3.1.14/config.h.in 2013-09-26 14:28:40.550603546 +0200 +@@ -68,8 +68,8 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_NLIST_H + +-/* Define to 1 for PAM support */ +-#undef HAVE_PAM ++/* Define if you are building with_pam */ ++#undef WITH_PAM + + /* Define to 1 if you have the `pstat_getdynamic' function. */ + #undef HAVE_PSTAT_GETDYNAMIC +diff -up at-3.1.14/configure.ac.pam at-3.1.14/configure.ac +--- at-3.1.14/configure.ac.pam 2013-09-08 14:43:53.000000000 +0200 ++++ at-3.1.14/configure.ac 2013-09-26 14:28:40.550603546 +0200 +@@ -78,7 +78,7 @@ AC_FUNC_GETLOADAVG + AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) + AC_CHECK_HEADERS(security/pam_appl.h, [ + PAMLIB="-lpam" +- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support]) ++ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support]) + ]) + + dnl Checking for programs +@@ -239,6 +239,13 @@ AC_ARG_WITH(daemon_username, + ) + AC_SUBST(DAEMON_USERNAME) + ++AC_ARG_WITH(pam, ++[ --with-pam Define to enable pam support ], ++AC_DEFINE(WITH_PAM), ++) ++AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') ++AC_SUBST(PAMLIB) ++ + AC_MSG_CHECKING(groupname to run under) + AC_ARG_WITH(daemon_groupname, + [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], +diff -up at-3.1.14/perm.c.pam at-3.1.14/perm.c +--- at-3.1.14/perm.c.pam 2013-09-08 14:43:53.000000000 +0200 ++++ at-3.1.14/perm.c 2013-09-26 14:28:40.550603546 +0200 +@@ -51,6 +51,14 @@ + #define PRIV_END while(0) + #endif + ++#ifdef WITH_PAM ++#include ++static pam_handle_t *pamh = NULL; ++static const struct pam_conv conv = { ++ NULL ++}; ++#endif ++ + /* Structures and unions */ + + +@@ -108,18 +116,45 @@ user_in_file(const char *path, const cha + int + check_permission() + { +- uid_t uid = geteuid(); ++ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid(); + struct passwd *pentry; + int allow = 0, deny = 1; + +- if (uid == 0) ++ int retcode = 0; ++ if (euid == 0) + return 1; + +- if ((pentry = getpwuid(uid)) == NULL) { ++ if ((pentry = getpwuid(euid)) == NULL) { + perror("Cannot access user database"); + exit(EXIT_FAILURE); + } + ++#ifdef WITH_PAM ++/* ++ * We must check if the atd daemon userid will be allowed to gain the job owner user's ++ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access. ++ */ ++ if (setreuid(daemon_uid, daemon_uid) != 0) { ++ fprintf(stderr, "cannot set egid: %s", strerror(errno)); ++ exit(1); ++ } ++ if (setregid(daemon_gid, daemon_gid) != 0) { ++ fprintf(stderr, "cannot set euid: %s", strerror(errno)); ++ exit(1); ++ } ++ ++ AT_START_PAM; ++ AT_CLOSE_PAM; ++ if (setregid(gid,egid) != 0) { ++ fprintf(stderr, "cannot set egid: %s", strerror(errno)); ++ exit(1); ++ } ++ if (setreuid(uid,euid) != 0) { ++ fprintf(stderr, "cannot set euid: %s", strerror(errno)); ++ exit(1); ++ } ++#endif ++ + allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); + if (allow==0 || allow==1) + return allow; +diff -up at-3.1.14/privs.h.pam at-3.1.14/privs.h +--- at-3.1.14/privs.h.pam 2013-09-08 14:43:53.000000000 +0200 ++++ at-3.1.14/privs.h 2013-09-26 14:28:40.551603547 +0200 +@@ -144,3 +144,64 @@ extern gid_t real_gid, effective_gid, da + #error "Cannot implement user ID swapping without setreuid or setresuid" + #endif + #endif ++ ++#ifdef WITH_PAM ++int retcode; ++/* PAM failed after session was open. */ ++#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \ ++ pam_close_session(pamh,PAM_SILENT); ++ ++/* syslog will be logging error messages */ ++#ifdef HAVE_UNISTD_H ++#include ++#endif ++ ++/* PAM fail even before opening the session */ ++#define PAM_FAIL_CHECK \ ++ do { if (retcode != PAM_SUCCESS) { \ ++ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \ ++ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ ++ if (pamh) \ ++ pam_end(pamh, retcode); \ ++ if (setregid(getgid(),getegid()) != 0) { \ ++ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \ ++ exit(1); \ ++ } \ ++ if (setreuid(getuid(),geteuid()) != 0) { \ ++ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \ ++ exit(1); \ ++ } \ ++ exit(1); \ ++ } \ ++ } while (0) \ ++ ++static int pam_session_opened = 0; //global for open session ++ ++#define AT_START_PAM { \ ++ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \ ++ PAM_FAIL_CHECK; \ ++} ++ ++#define AT_OPEN_PAM_SESSION { \ ++ retcode = pam_open_session(pamh, PAM_SILENT); \ ++ PAM_FAIL_CHECK; \ ++ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \ ++ PAM_FAIL_CHECK; \ ++ if (retcode == PAM_SUCCESS) \ ++ pam_session_opened = 1; \ ++} ++ ++#define AT_CLOSE_PAM { \ ++ if (pam_session_opened != 0) { \ ++ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); \ ++ pam_close_session(pamh, PAM_SILENT); \ ++ } \ ++ pam_end(pamh, PAM_SUCCESS); \ ++} ++ ++#endif ++ diff --git a/at.spec b/at.spec index c27d4af..e8f807d 100644 --- a/at.spec +++ b/at.spec @@ -73,13 +73,11 @@ is not used as the system init process. %setup -q cp %{SOURCE1} . %patch1 -p1 -b .make -#%%patch2 -p1 -b .pam +%patch2 -p1 -b .pam #%%patch3 -p1 -b .selinux #%%patch2 -p1 -b .opt_V #%%patch3 -p1 -b .shell #%%patch4 -p1 -b .nit -#%%patch5 -p1 -b .pam -#%%patch6 -p1 -b .selinux #%%patch7 -p1 -b .nowrap #%%patch8 -p1 -b .export #%%patch9 -p1 -b .mail From d5e10f209caafe2fdc5e91d82c7f61d1618e1252 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Thu, 26 Sep 2013 16:37:12 +0200 Subject: [PATCH 07/86] Change patch for SElinux. --- at-3.1.14-selinux.patch | 164 ++++++++++++++++++++++++++++++++++++++++ at.spec | 2 +- 2 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 at-3.1.14-selinux.patch diff --git a/at-3.1.14-selinux.patch b/at-3.1.14-selinux.patch new file mode 100644 index 0000000..e8bbc73 --- /dev/null +++ b/at-3.1.14-selinux.patch @@ -0,0 +1,164 @@ +diff -up at-3.1.14/atd.c.selinux at-3.1.14/atd.c +--- at-3.1.14/atd.c.selinux 2013-09-26 15:06:55.177049852 +0200 ++++ at-3.1.14/atd.c 2013-09-26 16:33:23.981355661 +0200 +@@ -87,6 +87,14 @@ + #define LOG_ATD LOG_DAEMON + #endif + ++#ifdef WITH_SELINUX ++#include ++#include ++int selinux_enabled=0; ++#include ++#include ++#endif ++ + /* Macros */ + + #define BATCH_INTERVAL_DEFAULT 60 +@@ -191,6 +199,68 @@ myfork() + #define fork myfork + #endif + ++#ifdef WITH_SELINUX ++static int set_selinux_context(const char *name, const char *filename) { ++ security_context_t user_context=NULL; ++ security_context_t file_context=NULL; ++ struct av_decision avd; ++ int retval=-1; ++ char *seuser=NULL; ++ char *level=NULL; ++ ++ if (getseuserbyname(name, &seuser, &level) == 0) { ++ retval=get_default_context_with_level(seuser, level, NULL, &user_context); ++ free(seuser); ++ free(level); ++ if (retval) { ++ if (security_getenforce()==1) { ++ perr("execle: couldn't get security context for user %s\n", name); ++ } else { ++ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); ++ return -1; ++ } ++ } ++ } ++ ++ /* ++ * Since crontab files are not directly executed, ++ * crond must ensure that the crontab file has ++ * a context that is appropriate for the context of ++ * the user cron job. It performs an entrypoint ++ * permission check for this purpose. ++ */ ++ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) ++ perr("fgetfilecon FAILED %s", filename); ++ ++ retval = security_compute_av(user_context, ++ file_context, ++ SECCLASS_FILE, ++ FILE__ENTRYPOINT, ++ &avd); ++ freecon(file_context); ++ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { ++ if (security_getenforce()==1) { ++ perr("Not allowed to set exec context to %s for user %s\n", user_context,name); ++ } else { ++ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ goto err; ++ } ++ } ++ if (setexeccon(user_context) < 0) { ++ if (security_getenforce()==1) { ++ perr("Could not set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ } else { ++ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); ++ } ++ } ++ err: ++ freecon(user_context); ++ return 0; ++} ++#endif ++ + static void + run_file(const char *filename, uid_t uid, gid_t gid) + { +@@ -431,9 +501,23 @@ run_file(const char *filename, uid_t uid + + chdir("/"); + ++#ifdef WITH_SELINUX ++ if (selinux_enabled > 0) { ++ if (set_selinux_context(pentry->pw_name, filename) < 0) ++ perr("SELinux Failed to set context\n"); ++ } ++#endif ++ + if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) + perr("Exec failed for /bin/sh"); + ++#ifdef WITH_SELINUX ++ if (selinux_enabled>0) ++ if (setexeccon(NULL) < 0) ++ if (security_getenforce()==1) ++ perr("Could not resset exec context for user %s\n", pentry->pw_name); ++#endif ++ + #ifdef WITH_PAM + if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) + { +@@ -732,6 +816,10 @@ main(int argc, char *argv[]) + struct passwd *pwe; + struct group *ge; + ++#ifdef WITH_SELINUX ++ selinux_enabled=is_selinux_enabled(); ++#endif ++ + /* We don't need root privileges all the time; running under uid and gid + * daemon is fine. + */ +diff -up at-3.1.14/config.h.in.selinux at-3.1.14/config.h.in +--- at-3.1.14/config.h.in.selinux 2013-09-26 15:06:55.177049852 +0200 ++++ at-3.1.14/config.h.in 2013-09-26 15:06:55.180049850 +0200 +@@ -71,6 +71,9 @@ + /* Define if you are building with_pam */ + #undef WITH_PAM + ++/* Define if you are building with_selinux */ ++#undef WITH_SELINUX ++ + /* Define to 1 if you have the `pstat_getdynamic' function. */ + #undef HAVE_PSTAT_GETDYNAMIC + +diff -up at-3.1.14/configure.ac.selinux at-3.1.14/configure.ac +--- at-3.1.14/configure.ac.selinux 2013-09-26 15:06:55.178049851 +0200 ++++ at-3.1.14/configure.ac 2013-09-26 15:06:55.180049850 +0200 +@@ -246,6 +246,14 @@ AC_DEFINE(WITH_PAM), + AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') + AC_SUBST(PAMLIB) + ++AC_ARG_WITH(selinux, ++[ --with-selinux Define to run with selinux], ++AC_DEFINE(WITH_SELINUX), ++) ++AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) ++AC_SUBST(SELINUXLIB) ++AC_SUBST(WITH_SELINUX) ++ + AC_MSG_CHECKING(groupname to run under) + AC_ARG_WITH(daemon_groupname, + [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], +diff -up at-3.1.14/Makefile.in.selinux at-3.1.14/Makefile.in +--- at-3.1.14/Makefile.in.selinux 2013-09-26 15:06:55.175049853 +0200 ++++ at-3.1.14/Makefile.in 2013-09-26 15:06:55.180049850 +0200 +@@ -40,6 +40,7 @@ LIBS = @LIBS@ + LIBOBJS = @LIBOBJS@ + INSTALL = @INSTALL@ + PAMLIB = @PAMLIB@ ++SELINUXLIB = @SELINUXLIB@ + + CLONES = atq atrm + ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o diff --git a/at.spec b/at.spec index e8f807d..5853608 100644 --- a/at.spec +++ b/at.spec @@ -74,7 +74,7 @@ is not used as the system init process. cp %{SOURCE1} . %patch1 -p1 -b .make %patch2 -p1 -b .pam -#%%patch3 -p1 -b .selinux +%patch3 -p1 -b .selinux #%%patch2 -p1 -b .opt_V #%%patch3 -p1 -b .shell #%%patch4 -p1 -b .nit From 42434fb9328481f9f0453f0c3f9b4dfb6d2d7169 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Thu, 26 Sep 2013 17:01:11 +0200 Subject: [PATCH 08/86] Option -V and correct shell added. --- at-3.1.14-opt_V.patch | 17 +++++++++++++ at-3.1.14-shell.patch | 56 +++++++++++++++++++++++++++++++++++++++++++ at.spec | 10 ++++---- 3 files changed, 77 insertions(+), 6 deletions(-) create mode 100644 at-3.1.14-opt_V.patch create mode 100644 at-3.1.14-shell.patch diff --git a/at-3.1.14-opt_V.patch b/at-3.1.14-opt_V.patch new file mode 100644 index 0000000..c9c2106 --- /dev/null +++ b/at-3.1.14-opt_V.patch @@ -0,0 +1,17 @@ +diff -up at-3.1.14/at.c.opt at-3.1.14/at.c +--- at-3.1.14/at.c.opt 2013-09-26 16:54:29.920476315 +0200 ++++ at-3.1.14/at.c 2013-09-26 16:55:06.301562646 +0200 +@@ -842,10 +842,9 @@ main(int argc, char **argv) + */ + + if (disp_version) { +- fprintf(stderr, "at version " VERSION "\n" +- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n" +- "or contact the maintainers (at@packages.debian.org).\n"); +- exit(EXIT_SUCCESS); ++ fprintf(stderr, "at version " VERSION "\n"); ++ if (argc == 2) ++ exit(EXIT_SUCCESS); + } + + /* select our program diff --git a/at-3.1.14-shell.patch b/at-3.1.14-shell.patch new file mode 100644 index 0000000..b2401bf --- /dev/null +++ b/at-3.1.14-shell.patch @@ -0,0 +1,56 @@ +diff -up at-3.1.14/at.c.shell at-3.1.14/at.c +--- at-3.1.14/at.c.shell 2013-09-26 16:57:18.126861201 +0200 ++++ at-3.1.14/at.c 2013-09-26 16:59:24.069127357 +0200 +@@ -62,11 +62,8 @@ + #include + #include + +-#ifdef TM_IN_SYS_TIME + #include +-#else + #include +-#endif + + #ifdef HAVE_UNISTD_H + #include +@@ -240,6 +237,12 @@ writefile(time_t runtimer, char queue) + int kill_errno; + int rc; + int mailsize = 128; ++ struct timeval tv; ++ struct timezone tz; ++ long int i; ++ ++ gettimeofday(&tv, &tz); ++ srandom(getpid()+tv.tv_usec); + + /* Install the signal handler for SIGINT; terminate after removing the + * spool file if necessary +@@ -450,6 +453,9 @@ writefile(time_t runtimer, char queue) + fprintf(fp, " || {\n\t echo 'Execution directory " + "inaccessible' >&2\n\t exit 1\n}\n"); + ++ i = random(); ++ fprintf(fp, "${SHELL:-/bin/sh} << \'marcinDELIMITER%08lx\'\n", i); ++ + istty = isatty(fileno(stdin)); + if (istty) { + fprintf(stderr, "at> "); +@@ -465,7 +471,7 @@ writefile(time_t runtimer, char queue) + if (istty) { + fprintf(stderr, "\n"); + } +- fprintf(fp, "\n"); ++ fprintf(fp, "marcinDELIMITER%08lx\n", i); + if (ferror(fp)) + panic("Output error"); + +@@ -915,7 +921,7 @@ main(int argc, char **argv) + It also alows a warning diagnostic to be printed. Because of the + possible variance, we always output the diagnostic. */ + +- fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); ++ /* fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); */ + + writefile(timer, queue); + break; diff --git a/at.spec b/at.spec index 5853608..9ed58f5 100644 --- a/at.spec +++ b/at.spec @@ -20,11 +20,9 @@ Source5: atd.systemd Patch1: at-3.1.14-makefile.patch Patch2: at-3.1.14-pam.patch Patch3: at-3.1.14-selinux.patch -#Patch2: at-3.1.12-opt_V.patch -#Patch3: at-3.1.12-shell.patch +Patch4: at-3.1.14-opt_V.patch +Patch5: at-3.1.14-shell.patch #Patch4: at-3.1.13-nitpicks.patch -#Patch5: at-3.1.13-pam.patch -#Patch6: at-3.1.13-selinux.patch #Patch7: at-3.1.12-nowrap.patch #Patch8: at-3.1.12-fix_no_export.patch #Patch9: at-3.1.13-mailwithhostname.patch @@ -75,8 +73,8 @@ cp %{SOURCE1} . %patch1 -p1 -b .make %patch2 -p1 -b .pam %patch3 -p1 -b .selinux -#%%patch2 -p1 -b .opt_V -#%%patch3 -p1 -b .shell +%patch4 -p1 -b .opt_V +%patch5 -p1 -b .shell #%%patch4 -p1 -b .nit #%%patch7 -p1 -b .nowrap #%%patch8 -p1 -b .export From 8c0170ef175c9c120d928f9d4e4f149f182cfda1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Mon, 2 Dec 2013 10:59:10 +0100 Subject: [PATCH 09/86] Add missing bracket. --- at-3.1.14-pam.patch | 18 ++++++++++-------- at.spec | 13 +++++++------ 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/at-3.1.14-pam.patch b/at-3.1.14-pam.patch index 4550281..bdcec62 100644 --- a/at-3.1.14-pam.patch +++ b/at-3.1.14-pam.patch @@ -1,6 +1,6 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c --- at-3.1.14/at.c.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/at.c 2013-09-26 14:28:40.549603545 +0200 ++++ at-3.1.14/at.c 2013-10-07 14:39:15.670837532 +0200 @@ -144,18 +144,14 @@ sigc(int signo) /* If the user presses ^C, remove the spool file and exit */ @@ -91,7 +91,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c --- at-3.1.14/atd.c.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/atd.c 2013-09-26 15:04:28.762185123 +0200 ++++ at-3.1.14/atd.c 2013-10-07 14:40:22.102988905 +0200 @@ -83,6 +83,10 @@ #include "getloadavg.h" #endif @@ -239,10 +239,12 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c PRIV_START -@@ -511,7 +523,20 @@ run_file(const char *filename, uid_t uid +@@ -511,7 +523,22 @@ run_file(const char *filename, uid_t uid perr("Exec failed for mail command"); PRIV_END ++ ++ } + else if ( mail_pid == -1 ) { + perr("fork of mailer failed"); + } @@ -260,7 +262,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c exit(EXIT_SUCCESS); } -@@ -727,7 +752,7 @@ main(int argc, char *argv[]) +@@ -727,7 +754,7 @@ main(int argc, char *argv[]) #define LOG_CRON LOG_DAEMON #endif @@ -271,7 +273,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c errno = 0; diff -up at-3.1.14/config.h.in.pam at-3.1.14/config.h.in --- at-3.1.14/config.h.in.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/config.h.in 2013-09-26 14:28:40.550603546 +0200 ++++ at-3.1.14/config.h.in 2013-10-07 14:39:15.670837532 +0200 @@ -68,8 +68,8 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NLIST_H @@ -285,7 +287,7 @@ diff -up at-3.1.14/config.h.in.pam at-3.1.14/config.h.in #undef HAVE_PSTAT_GETDYNAMIC diff -up at-3.1.14/configure.ac.pam at-3.1.14/configure.ac --- at-3.1.14/configure.ac.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/configure.ac 2013-09-26 14:28:40.550603546 +0200 ++++ at-3.1.14/configure.ac 2013-10-07 14:39:15.671837535 +0200 @@ -78,7 +78,7 @@ AC_FUNC_GETLOADAVG AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) AC_CHECK_HEADERS(security/pam_appl.h, [ @@ -311,7 +313,7 @@ diff -up at-3.1.14/configure.ac.pam at-3.1.14/configure.ac [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], diff -up at-3.1.14/perm.c.pam at-3.1.14/perm.c --- at-3.1.14/perm.c.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/perm.c 2013-09-26 14:28:40.550603546 +0200 ++++ at-3.1.14/perm.c 2013-10-07 14:39:15.671837535 +0200 @@ -51,6 +51,14 @@ #define PRIV_END while(0) #endif @@ -378,7 +380,7 @@ diff -up at-3.1.14/perm.c.pam at-3.1.14/perm.c return allow; diff -up at-3.1.14/privs.h.pam at-3.1.14/privs.h --- at-3.1.14/privs.h.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/privs.h 2013-09-26 14:28:40.551603547 +0200 ++++ at-3.1.14/privs.h 2013-10-07 14:39:15.671837535 +0200 @@ -144,3 +144,64 @@ extern gid_t real_gid, effective_gid, da #error "Cannot implement user ID swapping without setreuid or setresuid" #endif diff --git a/at.spec b/at.spec index 9ed58f5..5847882 100644 --- a/at.spec +++ b/at.spec @@ -22,9 +22,9 @@ Patch2: at-3.1.14-pam.patch Patch3: at-3.1.14-selinux.patch Patch4: at-3.1.14-opt_V.patch Patch5: at-3.1.14-shell.patch -#Patch4: at-3.1.13-nitpicks.patch -#Patch7: at-3.1.12-nowrap.patch -#Patch8: at-3.1.12-fix_no_export.patch +Patch6: at-3.1.14-nitpicks.patch +Patch7: at-3.1.14-nowrap.patch +Patch8: at-3.1.14-fix_no_export.patch #Patch9: at-3.1.13-mailwithhostname.patch #Patch10: at-3.1.13-usePOSIXtimers.patch #Patch11: at-3.1.13-help.patch @@ -75,9 +75,10 @@ cp %{SOURCE1} . %patch3 -p1 -b .selinux %patch4 -p1 -b .opt_V %patch5 -p1 -b .shell -#%%patch4 -p1 -b .nit -#%%patch7 -p1 -b .nowrap -#%%patch8 -p1 -b .export +%patch6 -p1 -b .nit +%patch7 -p1 -b .nowrap +%patch8 -p1 -b .export + #%%patch9 -p1 -b .mail #%%patch10 -p1 -b .posix #%%patch11 -p1 -b .help From 9b663b75a828f508ddc2d66ccc43e56b03670137 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Mon, 2 Dec 2013 11:07:41 +0100 Subject: [PATCH 10/86] Backport mails with hostname. --- at-3.1.14-mailwithhostname.patch | 62 ++++++++++++++++++++++++++++++++ at.spec | 4 +-- 2 files changed, 64 insertions(+), 2 deletions(-) create mode 100644 at-3.1.14-mailwithhostname.patch diff --git a/at-3.1.14-mailwithhostname.patch b/at-3.1.14-mailwithhostname.patch new file mode 100644 index 0000000..a92cfed --- /dev/null +++ b/at-3.1.14-mailwithhostname.patch @@ -0,0 +1,62 @@ +diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c +--- at-3.1.14/atd.c.mail 2013-12-02 10:47:06.000000000 +0100 ++++ at-3.1.14/atd.c 2013-12-02 10:51:23.000000000 +0100 +@@ -100,6 +100,10 @@ int selinux_enabled=0; + #define BATCH_INTERVAL_DEFAULT 60 + #define CHECK_INTERVAL 3600 + ++#ifndef MAXHOSTNAMELEN ++#define MAXHOSTNAMELEN 64 ++#endif ++ + /* Global variables */ + + uid_t real_uid, effective_uid; +@@ -117,6 +121,7 @@ static time_t last_chg; + static int nothing_to_do; + unsigned int batch_interval; + static int run_as_daemon = 0; ++static int mail_with_hostname = 0; + + static volatile sig_atomic_t term_signal = 0; + +@@ -298,6 +303,7 @@ run_file(const char *filename, uid_t uid + char fmt[64]; + unsigned long jobno; + int rc; ++ char hostbuf[MAXHOSTNAMELEN]; + #ifdef WTIH_PAM + int retcode; + #endif +@@ -452,6 +458,11 @@ run_file(const char *filename, uid_t uid + + write_string(fd_out, "Subject: Output from your job "); + write_string(fd_out, jobbuf); ++ if (mail_with_hostname > 0) { ++ gethostname(hostbuf, MAXHOSTNAMELEN-1); ++ write_string(fd_out, " "); ++ write_string(fd_out, hostbuf); ++ } + write_string(fd_out, "\nTo: "); + write_string(fd_out, mailname); + write_string(fd_out, "\n\n"); +@@ -872,7 +883,7 @@ main(int argc, char *argv[]) + run_as_daemon = 1; + batch_interval = BATCH_INTERVAL_DEFAULT; + +- while ((c = getopt(argc, argv, "sdl:b:f")) != EOF) { ++ while ((c = getopt(argc, argv, "sdnl:b:f")) != EOF) { + switch (c) { + case 'l': + if (sscanf(optarg, "%lf", &load_avg) != 1) +@@ -894,6 +905,10 @@ main(int argc, char *argv[]) + daemon_foreground++; + break; + ++ case 'n': ++ mail_with_hostname=1; ++ break; ++ + case 's': + run_as_daemon = 0; + break; diff --git a/at.spec b/at.spec index 5847882..8cd356a 100644 --- a/at.spec +++ b/at.spec @@ -25,7 +25,7 @@ Patch5: at-3.1.14-shell.patch Patch6: at-3.1.14-nitpicks.patch Patch7: at-3.1.14-nowrap.patch Patch8: at-3.1.14-fix_no_export.patch -#Patch9: at-3.1.13-mailwithhostname.patch +Patch9: at-3.1.14-mailwithhostname.patch #Patch10: at-3.1.13-usePOSIXtimers.patch #Patch11: at-3.1.13-help.patch @@ -79,7 +79,7 @@ cp %{SOURCE1} . %patch7 -p1 -b .nowrap %patch8 -p1 -b .export -#%%patch9 -p1 -b .mail +%patch9 -p1 -b .mail #%%patch10 -p1 -b .posix #%%patch11 -p1 -b .help From 5b86b9d85e5dc0c1bb9533b4fb15f9e29e210fa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Mon, 2 Dec 2013 12:33:07 +0100 Subject: [PATCH 11/86] Backport POSIX timers. --- at-3.1.14-usePOSIXtimers.patch | 111 +++++++++++++++++++++++++++++++++ at.spec | 4 +- 2 files changed, 113 insertions(+), 2 deletions(-) create mode 100644 at-3.1.14-usePOSIXtimers.patch diff --git a/at-3.1.14-usePOSIXtimers.patch b/at-3.1.14-usePOSIXtimers.patch new file mode 100644 index 0000000..ebf7d8d --- /dev/null +++ b/at-3.1.14-usePOSIXtimers.patch @@ -0,0 +1,111 @@ +diff -up at-3.1.14/atd.c.timers at-3.1.14/atd.c +--- at-3.1.14/atd.c.timers 2013-12-02 11:03:01.250080057 +0100 ++++ at-3.1.14/atd.c 2013-12-02 11:06:15.560243498 +0100 +@@ -831,6 +831,54 @@ run_loop() + return next_job; + } + ++#ifdef HAVE_CLOCK_GETTIME ++timer_t timer; ++struct itimerspec timeout; ++ ++void timer_setup() ++{ ++ struct sigevent sev; ++ ++ sev.sigev_notify = SIGEV_SIGNAL; ++ sev.sigev_signo = SIGHUP; ++ sev.sigev_value.sival_ptr = &timer; ++ ++ memset(&timeout, 0, sizeof(timeout)); ++ ++ if (timer_create(CLOCK_REALTIME, &sev, &timer) < 0) ++ pabort("unable to create timer"); ++} ++ ++time_t atd_gettime() ++{ ++ struct timespec curtime; ++ ++ clock_gettime(CLOCK_REALTIME, &curtime); ++ ++ return curtime.tv_sec; ++} ++ ++void atd_setalarm(time_t next) ++{ ++ timeout.it_value.tv_sec = next; ++ timer_settime(timer, TIMER_ABSTIME, &timeout, NULL); ++ pause(); ++} ++#else ++void timer_setup() ++{ ++} ++ ++time_t atd_gettime() ++{ ++ return time(NULL); ++} ++ ++void atd_setalarm(time_t next) ++{ ++ sleep(next - atd_gettime()); ++} ++#endif + /* Global functions */ + + int +@@ -936,7 +984,7 @@ main(int argc, char *argv[]) + sigaction(SIGCHLD, &act, NULL); + + if (!run_as_daemon) { +- now = time(NULL); ++ now = atd_gettime(); + run_loop(); + exit(EXIT_SUCCESS); + } +@@ -959,13 +1007,14 @@ main(int argc, char *argv[]) + act.sa_handler = set_term; + sigaction(SIGINT, &act, NULL); + ++ timer_setup(); + daemon_setup(); + + do { +- now = time(NULL); ++ now = atd_gettime(); + next_invocation = run_loop(); + if (next_invocation > now) { +- sleep(next_invocation - now); ++ atd_setalarm(next_invocation); + } + } while (!term_signal); + daemon_cleanup(); +diff -up at-3.1.14/config.h.in.timers at-3.1.14/config.h.in +--- at-3.1.14/config.h.in.timers 2013-12-02 11:00:27.000000000 +0100 ++++ at-3.1.14/config.h.in 2013-12-02 11:02:06.521033976 +0100 +@@ -38,6 +38,9 @@ + /* Define to 1 if you have the `getloadavg' function. */ + #undef HAVE_GETLOADAVG + ++/* Define to 1 if you have the `clock_gettime' function. */ ++#undef HAVE_TIMER_CREATE ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_GETOPT_H + +diff -up at-3.1.14/configure.ac.timers at-3.1.14/configure.ac +--- at-3.1.14/configure.ac.timers 2013-12-02 11:00:27.000000000 +0100 ++++ at-3.1.14/configure.ac 2013-12-02 11:02:45.217066560 +0100 +@@ -254,6 +254,10 @@ AC_CHECK_LIB(selinux, is_selinux_enabled + AC_SUBST(SELINUXLIB) + AC_SUBST(WITH_SELINUX) + ++dnl check for POSIX timer functions ++AC_SEARCH_LIBS([timer_create],[rt]) ++AC_CHECK_FUNCS([timer_create]) ++ + AC_MSG_CHECKING(groupname to run under) + AC_ARG_WITH(daemon_groupname, + [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], diff --git a/at.spec b/at.spec index 8cd356a..e1ed70d 100644 --- a/at.spec +++ b/at.spec @@ -26,7 +26,7 @@ Patch6: at-3.1.14-nitpicks.patch Patch7: at-3.1.14-nowrap.patch Patch8: at-3.1.14-fix_no_export.patch Patch9: at-3.1.14-mailwithhostname.patch -#Patch10: at-3.1.13-usePOSIXtimers.patch +Patch10: at-3.1.14-usePOSIXtimers.patch #Patch11: at-3.1.13-help.patch BuildRequires: fileutils /etc/init.d @@ -80,7 +80,7 @@ cp %{SOURCE1} . %patch8 -p1 -b .export %patch9 -p1 -b .mail -#%%patch10 -p1 -b .posix +%patch10 -p1 -b .posix #%%patch11 -p1 -b .help %build From f1d08b29c2fdd7a0144acd01f9a505c4c77ad6bb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Mon, 2 Dec 2013 13:44:51 +0100 Subject: [PATCH 12/86] Backport help into usage. --- at-3.1.14-help.patch | 11 +++++++++++ at.spec | 4 ++-- 2 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 at-3.1.14-help.patch diff --git a/at-3.1.14-help.patch b/at-3.1.14-help.patch new file mode 100644 index 0000000..2679df0 --- /dev/null +++ b/at-3.1.14-help.patch @@ -0,0 +1,11 @@ +diff -up at-3.1.14/panic.c.help at-3.1.14/panic.c +--- at-3.1.14/panic.c.help 2013-12-02 12:38:46.208231065 +0100 ++++ at-3.1.14/panic.c 2013-12-02 12:39:34.118317528 +0100 +@@ -94,6 +94,7 @@ usage(void) + */ + fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mMlbv] timespec ...\n" + " at [-V] [-q x] [-f file] [-mMlbv] -t time\n" ++ " at [-V] [-q x] [-f file] [-mMlbv] -t time\n" + " at -c job ...\n" + " atq [-V] [-q x]\n" + " at [ -rd ] job ...\n" diff --git a/at.spec b/at.spec index e1ed70d..b6e9e65 100644 --- a/at.spec +++ b/at.spec @@ -27,7 +27,7 @@ Patch7: at-3.1.14-nowrap.patch Patch8: at-3.1.14-fix_no_export.patch Patch9: at-3.1.14-mailwithhostname.patch Patch10: at-3.1.14-usePOSIXtimers.patch -#Patch11: at-3.1.13-help.patch +Patch11: at-3.1.14-help.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -81,7 +81,7 @@ cp %{SOURCE1} . %patch9 -p1 -b .mail %patch10 -p1 -b .posix -#%%patch11 -p1 -b .help +%patch11 -p1 -b .help %build # patch9 touches configure.in From 65700164d93a096fc1dc0aeb295e70c8b2225e07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Mon, 2 Dec 2013 16:34:37 +0100 Subject: [PATCH 13/86] There are two bugs: 1. It looks like the at command does not validate that it has succeeded to write all data before it makes the file executable (i.e on a disk full an empty file might get created). 2. After 60 minutes (run_time + CHECK_INTERVAL <= now), atd (approx line 750) starts to unlink the lockfile and retries the execution of the job, leaving us with this unfortunate loop. Reproducer: ATD_PID=$(ps -C atd -o pid=) QUEUE=a JOBNO=$(printf '%05x' 123) BAD_TIME=$(expr $(date +%s) / 60 - 61) CTM=$(printf '%08x' $BAD_TIME ) FILENAME=/var/spool/at/${QUEUE}${JOBNO}${CTM} touch $FILENAME chmod 0700 $FILENAME kill -HUP ${ATD_PID} sleep 0.5 ls -l $FILENAME rm -f $FILENAME Thanks to: Anders Blomdell --- at-3.1.14-wrong_format.patch | 23 +++++++++++++++++++++++ at.spec | 10 ++++++---- 2 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 at-3.1.14-wrong_format.patch diff --git a/at-3.1.14-wrong_format.patch b/at-3.1.14-wrong_format.patch new file mode 100644 index 0000000..b2a5ef4 --- /dev/null +++ b/at-3.1.14-wrong_format.patch @@ -0,0 +1,23 @@ +diff -up at-3.1.14/atd.c.seg at-3.1.14/atd.c +--- at-3.1.14/atd.c.seg 2013-12-02 14:33:48.650769756 +0100 ++++ at-3.1.14/atd.c 2013-12-02 14:52:49.057437721 +0100 +@@ -752,14 +752,17 @@ run_loop() + /* Is the file already locked? + */ + if (buf.st_nlink > 1) { +- if (run_time + CHECK_INTERVAL <= now) { +- ++ if (buf.st_mtime + CHECK_INTERVAL <= now) { + /* Something went wrong the last time this was executed. + * Let's remove the lockfile and reschedule. ++ * We also change the timestamp to avoid rerunning the job more ++ * than once every CHECK_INTERVAL. + */ + strncpy(lock_name, dirent->d_name, sizeof(lock_name)); + lock_name[sizeof(lock_name)-1] = '\0'; + lock_name[0] = '='; ++ if (utime(lock_name, 0) < 0) ++ syslog(LOG_ERR, "utime couldn't be set for lock file %s\n", lock_name); + unlink(lock_name); + next_job = now; + nothing_to_do = 0; diff --git a/at.spec b/at.spec index b6e9e65..8658a5e 100644 --- a/at.spec +++ b/at.spec @@ -19,7 +19,7 @@ Source5: atd.systemd Patch1: at-3.1.14-makefile.patch Patch2: at-3.1.14-pam.patch -Patch3: at-3.1.14-selinux.patch +Patch3: at-3.1.14-selinux.patch Patch4: at-3.1.14-opt_V.patch Patch5: at-3.1.14-shell.patch Patch6: at-3.1.14-nitpicks.patch @@ -27,7 +27,8 @@ Patch7: at-3.1.14-nowrap.patch Patch8: at-3.1.14-fix_no_export.patch Patch9: at-3.1.14-mailwithhostname.patch Patch10: at-3.1.14-usePOSIXtimers.patch -Patch11: at-3.1.14-help.patch +Patch11: at-3.1.14-help.patch +Patch12: at-3.1.14-wrong_format.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -78,10 +79,10 @@ cp %{SOURCE1} . %patch6 -p1 -b .nit %patch7 -p1 -b .nowrap %patch8 -p1 -b .export - %patch9 -p1 -b .mail %patch10 -p1 -b .posix %patch11 -p1 -b .help +%patch12 -p1 -b .wrong %build # patch9 touches configure.in @@ -188,9 +189,10 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0755,root,root) %{_initrddir}/atd %changelog -* Mon Sep 23 2013 Marcela Mašláňová - 3.1.14-1 +* Mon Dec 2 2013 Marcela Mašláňová - 3.1.14-1 - new release 3.1.14 - all Fedora specifics backported +- 718422 File a0000f0149b7f3 is in wrong format - aborting * Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild From 2d6e674bb51c91a60019bca1264a4510e50ae090 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Tue, 3 Dec 2013 09:45:59 +0100 Subject: [PATCH 14/86] 925041 Does not support aarch64 in f19 and rawhide. --- at-aarch64.patch | 486 +++++++++++++++++++++++++++++++++++++++++++++++ at.spec | 3 + 2 files changed, 489 insertions(+) create mode 100644 at-aarch64.patch diff --git a/at-aarch64.patch b/at-aarch64.patch new file mode 100644 index 0000000..7f8a449 --- /dev/null +++ b/at-aarch64.patch @@ -0,0 +1,486 @@ +diff -urN at-3.1.13/config.guess at-3.1.13-aarch64/config.guess +--- at-3.1.13/config.guess 2011-06-25 07:43:14.000000000 -0500 ++++ at-3.1.13-aarch64/config.guess 2013-03-07 19:22:31.804824167 -0600 +@@ -2,9 +2,9 @@ + # Attempt to guess a canonical system name. + # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, + # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +-# 2011 Free Software Foundation, Inc. ++# 2011, 2012 Free Software Foundation, Inc. + +-timestamp='2011-05-11' ++timestamp='2012-09-25' + + # This file is free software; you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by +@@ -17,9 +17,7 @@ + # General Public License for more details. + # + # You should have received a copy of the GNU General Public License +-# along with this program; if not, write to the Free Software +-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +-# 02110-1301, USA. ++# along with this program; if not, see . + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -57,8 +55,8 @@ + + Originally written by Per Bothner. + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -145,7 +143,7 @@ + case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or +- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, ++ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward +@@ -202,6 +200,10 @@ + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; ++ *:Bitrig:*:*) ++ UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` ++ echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} ++ exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} +@@ -304,7 +306,7 @@ + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; +- arm:riscos:*:*|arm:RISCOS:*:*) ++ arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) +@@ -792,21 +794,26 @@ + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) +- case ${UNAME_MACHINE} in +- pc98) +- echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ UNAME_PROCESSOR=`/usr/bin/uname -p` ++ case ${UNAME_PROCESSOR} in + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) +- echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; ++ echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; ++ *:MINGW64*:*) ++ echo ${UNAME_MACHINE}-pc-mingw64 ++ exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; ++ i*:MSYS*:*) ++ echo ${UNAME_MACHINE}-pc-msys ++ exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 +@@ -861,6 +868,13 @@ + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; ++ aarch64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ aarch64_be:Linux:*:*) ++ UNAME_MACHINE=aarch64_be ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; +@@ -895,13 +909,16 @@ + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + cris:Linux:*:*) +- echo cris-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) +- echo crisv32-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + frv:Linux:*:*) +- echo frv-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ hexagon:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:Linux:*:*) + LIBC=gnu +@@ -943,7 +960,7 @@ + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + or32:Linux:*:*) +- echo or32-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu +@@ -978,13 +995,13 @@ + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + tile*:Linux:*:*) +- echo ${UNAME_MACHINE}-tilera-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; + x86_64:Linux:*:*) +- echo x86_64-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +@@ -1191,6 +1208,9 @@ + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; ++ x86_64:Haiku:*:*) ++ echo x86_64-unknown-haiku ++ exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; +@@ -1246,7 +1266,7 @@ + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; +- NSE-?:NONSTOP_KERNEL:*:*) ++ NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) +@@ -1315,11 +1335,11 @@ + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; ++ x86_64:VMkernel:*:*) ++ echo ${UNAME_MACHINE}-unknown-esx ++ exit ;; + esac + +-#echo '(No uname command or uname output not recognized.)' 1>&2 +-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 +- + eval $set_cc_for_build + cat >$dummy.c <. + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -76,8 +74,8 @@ + GNU config.sub ($timestamp) + + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -125,13 +123,17 @@ + maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ +- linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ ++ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; ++ android-linux) ++ os=-linux-android ++ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ++ ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] +@@ -154,7 +156,7 @@ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ +- -apple | -axis | -knuth | -cray | -microblaze) ++ -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; +@@ -223,6 +225,12 @@ + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; ++ -lynx*178) ++ os=-lynxos178 ++ ;; ++ -lynx*5) ++ os=-lynxos5 ++ ;; + -lynx*) + os=-lynxos + ;; +@@ -247,20 +255,25 @@ + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ ++ | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \ ++ | be32 | be64 \ + | bfin \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ ++ | epiphany \ + | fido | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ ++ | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ ++ | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ +- | maxq | mb | microblaze | mcore | mep | metag \ ++ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ +@@ -291,7 +304,7 @@ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ +- | rx \ ++ | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ +@@ -300,7 +313,7 @@ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ +- | v850 | v850e \ ++ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | we32k \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) +@@ -315,8 +328,7 @@ + c6x) + basic_machine=tic6x-unknown + ;; +- m6811 | m68hc11 | m6812 | m68hc12 | picochip) +- # Motorola 68HC11/12. ++ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; +@@ -329,7 +341,10 @@ + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; +- ++ xgate) ++ basic_machine=$basic_machine-unknown ++ os=-none ++ ;; + xscaleeb) + basic_machine=armeb-unknown + ;; +@@ -352,11 +367,13 @@ + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ ++ | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ ++ | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | clipper-* | craynv-* | cydra-* \ +@@ -365,12 +382,15 @@ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ ++ | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ ++ | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ +- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ ++ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ ++ | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ +@@ -400,7 +420,7 @@ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ +- | romp-* | rs6000-* | rx-* \ ++ | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ +@@ -408,10 +428,11 @@ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ +- | tile-* | tilegx-* \ ++ | tile*-* \ + | tron-* \ + | ubicom32-* \ +- | v850-* | v850e-* | vax-* \ ++ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ ++ | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ +@@ -711,7 +732,6 @@ + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +-# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 +@@ -769,9 +789,13 @@ + basic_machine=ns32k-utek + os=-sysv + ;; +- microblaze) ++ microblaze*) + basic_machine=microblaze-xilinx + ;; ++ mingw64) ++ basic_machine=x86_64-pc ++ os=-mingw64 ++ ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 +@@ -808,10 +832,18 @@ + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; ++ msys) ++ basic_machine=i386-pc ++ os=-msys ++ ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; ++ nacl) ++ basic_machine=le32-unknown ++ os=-nacl ++ ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 +@@ -1120,13 +1152,8 @@ + basic_machine=t90-cray + os=-unicos + ;; +- # This must be matched before tile*. +- tilegx*) +- basic_machine=tilegx-unknown +- os=-linux-gnu +- ;; + tile*) +- basic_machine=tile-unknown ++ basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) +@@ -1330,15 +1357,15 @@ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ +- | -openbsd* | -solidbsd* \ ++ | -bitrig* | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ +- | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ +- | -mingw32* | -linux-gnu* | -linux-android* \ +- | -linux-newlib* | -linux-uclibc* \ ++ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ ++ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ ++ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ +@@ -1521,6 +1548,9 @@ + c4x-* | tic4x-*) + os=-coff + ;; ++ hexagon-*) ++ os=-elf ++ ;; + tic54x-*) + os=-coff + ;; +@@ -1548,9 +1578,6 @@ + ;; + m68000-sun) + os=-sunos3 +- # This also exists in the configure program, but was not the +- # default. +- # os=-sunos4 + ;; + m68*-cisco) + os=-aout diff --git a/at.spec b/at.spec index 8658a5e..87b79b7 100644 --- a/at.spec +++ b/at.spec @@ -17,6 +17,7 @@ Source2: atd.init Source3: atd.sysconf Source5: atd.systemd +Patch0: at-aarch64.patch Patch1: at-3.1.14-makefile.patch Patch2: at-3.1.14-pam.patch Patch3: at-3.1.14-selinux.patch @@ -71,6 +72,7 @@ is not used as the system init process. %prep %setup -q cp %{SOURCE1} . +%patch0 -p1 -b .arm %patch1 -p1 -b .make %patch2 -p1 -b .pam %patch3 -p1 -b .selinux @@ -193,6 +195,7 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ - new release 3.1.14 - all Fedora specifics backported - 718422 File a0000f0149b7f3 is in wrong format - aborting +- 925041 Does not support aarch64 in f19 and rawhide * Sat Aug 03 2013 Fedora Release Engineering - 3.1.13-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild From 6d4186b4e5e9a0987ff6d127e73c63f06b5cf520 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Wed, 4 Dec 2013 11:45:09 +0100 Subject: [PATCH 15/86] Fix patches to apply correctly. PAM and SElinux patches were rewritten to correct way. Thanks to: Tomas Mraz --- at-3.1.13-pam.patch | 426 ------------------------------- at-3.1.13-selinux.patch | 87 ++----- at-3.1.14-fix_no_export.patch | 15 ++ at-3.1.14-mailwithhostname.patch | 10 +- at-3.1.14-nitpicks.patch | 89 +++++++ at-3.1.14-nowrap.patch | 12 + at-3.1.14-pam.patch | 130 ++++------ at-3.1.14-selinux.patch | 128 +++++----- at.spec | 1 + 9 files changed, 251 insertions(+), 647 deletions(-) delete mode 100644 at-3.1.13-pam.patch create mode 100644 at-3.1.14-fix_no_export.patch create mode 100644 at-3.1.14-nitpicks.patch create mode 100644 at-3.1.14-nowrap.patch diff --git a/at-3.1.13-pam.patch b/at-3.1.13-pam.patch deleted file mode 100644 index 0bb3116..0000000 --- a/at-3.1.13-pam.patch +++ /dev/null @@ -1,426 +0,0 @@ -diff -up at-3.1.13/at.c.pam at-3.1.13/at.c ---- at-3.1.13/at.c.pam 2012-04-19 16:50:57.491000001 +0200 -+++ at-3.1.13/at.c 2012-04-19 16:50:57.505000001 +0200 -@@ -141,18 +141,13 @@ sigc(int signo) - /* If the user presses ^C, remove the spool file and exit - */ - if (fcreated) { -- /* - PRIV_START -- -+ /* - We need the unprivileged uid here since the file is owned by the real - (not effective) uid. - */ -- setregid(real_gid, effective_gid); -- unlink(atfile); -- setregid(effective_gid, real_gid); -- /* -+ unlink(atfile); - PRIV_END -- */ - } - exit(EXIT_FAILURE); - } -@@ -318,26 +313,19 @@ writefile(time_t runtimer, char queue) - * bit. Yes, this is a kluge. - */ - cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); -- seteuid(real_uid); -+ if ((seteuid(effective_uid)) < 0) -+ perr("Error in seteuid: %s", errno); - if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) - perr("Cannot create atjob file %.500s", atfile); -- seteuid(effective_uid); - - if ((fd2 = dup(fd)) < 0) - perr("Error in dup() of job file"); - -- /* - if (fchown(fd2, real_uid, real_gid) != 0) -- perr("Cannot give away file"); -- */ -+ perr("Cannot give real_uid and real_gid the file"); - - PRIV_END - -- /* We no longer need suid root; now we just need to be able to write -- * to the directory, if necessary. -- */ -- -- REDUCE_PRIV(daemon_uid, daemon_gid) - /* We've successfully created the file; let's set the flag so it - * gets removed in case of an interrupt or error. - */ -@@ -661,7 +649,7 @@ process_jobs(int argc, char **argv, int - We need the unprivileged uid here since the file is owned by the real - (not effective) uid. - */ -- setregid(real_gid, effective_gid); -+ PRIV_START - - if (queue == '=') { - fprintf(stderr, "Warning: deleting running job\n"); -@@ -670,8 +658,8 @@ process_jobs(int argc, char **argv, int - perr("Cannot unlink %.500s", dirent->d_name); - rc = EXIT_FAILURE; - } -+ PRIV_END - -- setregid(effective_gid, real_gid); - done = 1; - - break; -@@ -681,7 +669,7 @@ process_jobs(int argc, char **argv, int - FILE *fp; - int ch; - -- setregid(real_gid, effective_gid); -+ PRIV_START - fp = fopen(dirent->d_name, "r"); - - if (fp) { -@@ -694,7 +682,7 @@ process_jobs(int argc, char **argv, int - perr("Cannot open %.500s", dirent->d_name); - rc = EXIT_FAILURE; - } -- setregid(effective_gid, real_gid); -+ PRIV_END - } - break; - -diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c ---- at-3.1.13/atd.c.pam 2012-04-19 16:50:57.498000001 +0200 -+++ at-3.1.13/atd.c 2012-04-19 16:52:37.209000138 +0200 -@@ -111,7 +111,7 @@ static int run_as_daemon = 0; - - static volatile sig_atomic_t term_signal = 0; - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - #include - - static pam_handle_t *pamh = NULL; -@@ -120,15 +120,7 @@ static const struct pam_conv conv = { - NULL - }; - --#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ -- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ -- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -- pam_end(pamh, retcode); exit(1); \ -- } --#define PAM_END { retcode = pam_close_session(pamh,0); \ -- pam_end(pamh,retcode); } -- --#endif /* HAVE_PAM */ -+#endif /* WITH_PAM */ - - /* Signal handlers */ - RETSIGTYPE -@@ -235,7 +227,7 @@ run_file(const char *filename, uid_t uid - char fmt[64]; - unsigned long jobno; - int rc; --#ifdef HAVE_PAM -+#ifdef WITH_PAM - int retcode; - #endif - -@@ -395,17 +387,11 @@ run_file(const char *filename, uid_t uid - fstat(fd_out, &buf); - size = buf.st_size; - --#ifdef HAVE_PAM -- PRIV_START -- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); -- PAM_FAIL_CHECK; -- retcode = pam_acct_mgmt(pamh, PAM_SILENT); -- PAM_FAIL_CHECK; -- retcode = pam_open_session(pamh, PAM_SILENT); -- PAM_FAIL_CHECK; -- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); -- PAM_FAIL_CHECK; -- PRIV_END -+#ifdef WITH_PAM -+ AT_START_PAM; -+ AT_OPEN_PAM_SESSION; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); - #endif - - close(STDIN_FILENO); -@@ -419,7 +405,14 @@ run_file(const char *filename, uid_t uid - else if (pid == 0) { - char *nul = NULL; - char **nenvp = &nul; -+ char **pam_envp=0L; - -+ PRIV_START -+#ifdef WITH_PAM -+ pam_envp = pam_getenvlist(pamh); -+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) -+ nenvp = pam_envp; -+#endif - /* Set up things for the child; we want standard input from the - * input file, and standard output and error sent to our output file. - */ -@@ -438,8 +431,6 @@ run_file(const char *filename, uid_t uid - close(fd_in); - close(fd_out); - -- PRIV_START -- - nice((tolower((int) queue) - 'a' + 1) * 2); - - if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -458,7 +449,16 @@ run_file(const char *filename, uid_t uid - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -- -+#ifdef WITH_PAM -+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) -+ { -+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++) -+ free(*nenvp); -+ free( pam_envp ); -+ nenvp = &nul; -+ pam_envp=0L; -+ } -+#endif - PRIV_END - } - /* We're the parent. Let's wait. -@@ -471,14 +471,6 @@ run_file(const char *filename, uid_t uid - */ - waitpid(pid, (int *) NULL, 0); - --#ifdef HAVE_PAM -- PRIV_START -- pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); -- retcode = pam_close_session(pamh, PAM_SILENT); -- pam_end(pamh, retcode); -- PRIV_END --#endif -- - /* Send mail. Unlink the output file after opening it, so it - * doesn't hang around after the run. - */ -@@ -509,8 +501,20 @@ run_file(const char *filename, uid_t uid - unlink(newname); - free(newname); - -+#ifdef ATD_MAIL_PROGRAM - if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { -+ int mail_pid = -1; -+#ifdef WITH_PAM -+ AT_START_PAM; -+ AT_OPEN_PAM_SESSION; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif -+ -+ mail_pid = fork(); - -+ if ( mail_pid == 0 ) -+ { - PRIV_START - - if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -535,7 +539,21 @@ run_file(const char *filename, uid_t uid - perr("Exec failed for mail command"); - - PRIV_END -+ } -+ else if ( mail_pid == -1 ) { -+ perr("fork of mailer failed"); -+ } -+ else { -+ /* Parent */ -+ waitpid(mail_pid, (int *) NULL, 0); -+ } -+#ifdef WITH_PAM -+ AT_CLOSE_PAM; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif - } -+#endif - exit(EXIT_SUCCESS); - } - -diff -up at-3.1.13/config.h.in.pam at-3.1.13/config.h.in ---- at-3.1.13/config.h.in.pam 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/config.h.in 2012-04-19 16:50:57.506000001 +0200 -@@ -68,8 +68,8 @@ - /* Define to 1 if you have the header file. */ - #undef HAVE_NLIST_H - --/* Define to 1 for PAM support */ --#undef HAVE_PAM -+/* Define if you are building with_pam */ -+#undef WITH_PAM - - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC -diff -up at-3.1.13/configure.ac.pam at-3.1.13/configure.ac ---- at-3.1.13/configure.ac.pam 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/configure.ac 2012-04-19 16:50:57.506000001 +0200 -@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG - AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) - AC_CHECK_HEADERS(security/pam_appl.h, [ - PAMLIB="-lpam" -- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support]) -+ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support]) - ]) - - dnl Checking for programs -@@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username, - ) - AC_SUBST(DAEMON_USERNAME) - -+AC_ARG_WITH(pam, -+[ --with-pam Define to enable pam support ], -+AC_DEFINE(WITH_PAM), -+) -+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') -+AC_SUBST(PAMLIB) -+ - AC_MSG_CHECKING(groupname to run under) - AC_ARG_WITH(daemon_groupname, - [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], -diff -up at-3.1.13/perm.c.pam at-3.1.13/perm.c ---- at-3.1.13/perm.c.pam 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/perm.c 2012-04-19 16:53:09.192001742 +0200 -@@ -51,6 +51,14 @@ - #define PRIV_END while(0) - #endif - -+#ifdef WITH_PAM -+#include -+static pam_handle_t *pamh = NULL; -+static const struct pam_conv conv = { -+ NULL -+}; -+#endif -+ - /* Structures and unions */ - - -@@ -108,18 +116,45 @@ user_in_file(const char *path, const cha - int - check_permission() - { -- uid_t uid = geteuid(); -+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid(); - struct passwd *pentry; - int allow = 0, deny = 1; - -- if (uid == 0) -+ int retcode = 0; -+ if (euid == 0) - return 1; - -- if ((pentry = getpwuid(uid)) == NULL) { -+ if ((pentry = getpwuid(euid)) == NULL) { - perror("Cannot access user database"); - exit(EXIT_FAILURE); - } - -+#ifdef WITH_PAM -+/* -+ * We must check if the atd daemon userid will be allowed to gain the job owner user's -+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access. -+ */ -+ if (setreuid(daemon_uid, daemon_uid) != 0) { -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); -+ exit(1); -+ } -+ if (setregid(daemon_gid, daemon_gid) != 0) { -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); -+ exit(1); -+ } -+ -+ AT_START_PAM; -+ AT_CLOSE_PAM; -+ if (setregid(gid,egid) != 0) { -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); -+ exit(1); -+ } -+ if (setreuid(uid,euid) != 0) { -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); -+ exit(1); -+ } -+#endif -+ - allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); - if (allow==0 || allow==1) - return allow; -diff -up at-3.1.13/privs.h.pam at-3.1.13/privs.h ---- at-3.1.13/privs.h.pam 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/privs.h 2012-04-19 16:53:46.296016675 +0200 -@@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da - #error "Cannot implement user ID swapping without setreuid or setresuid" - #endif - #endif -+ -+#ifdef WITH_PAM -+/* PAM failed after session was open. */ -+#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \ -+ pam_close_session(pamh,PAM_SILENT); -+ -+/* syslog will be logging error messages */ -+#ifdef HAVE_UNISTD_H -+#include -+#endif -+ -+/* PAM fail even before opening the session */ -+#define PAM_FAIL_CHECK \ -+ do { if (retcode != PAM_SUCCESS) { \ -+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \ -+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -+ if (pamh) \ -+ pam_end(pamh, retcode); \ -+ if (setregid(getgid(),getegid()) != 0) { \ -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \ -+ exit(1); \ -+ } \ -+ if (setreuid(getuid(),geteuid()) != 0) { \ -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \ -+ exit(1); \ -+ } \ -+ exit(1); \ -+ } \ -+ } while (0) \ -+ -+static int pam_session_opened = 0; //global for open session -+ -+#define AT_START_PAM { \ -+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \ -+ PAM_FAIL_CHECK; \ -+} -+ -+#define AT_OPEN_PAM_SESSION { \ -+ retcode = pam_open_session(pamh, PAM_SILENT); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \ -+ PAM_FAIL_CHECK; \ -+ if (retcode == PAM_SUCCESS) \ -+ pam_session_opened = 1; \ -+} -+ -+#define AT_CLOSE_PAM { \ -+ if (pam_session_opened != 0) { \ -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); \ -+ pam_close_session(pamh, PAM_SILENT); \ -+ } \ -+ pam_end(pamh, PAM_SUCCESS); \ -+} -+ -+#endif -+ diff --git a/at-3.1.13-selinux.patch b/at-3.1.13-selinux.patch index 255fe2b..62ee4ad 100644 --- a/at-3.1.13-selinux.patch +++ b/at-3.1.13-selinux.patch @@ -1,6 +1,6 @@ -diff -up at-3.1.13/atd.c.selinux at-3.1.13/atd.c ---- at-3.1.13/atd.c.selinux 2012-11-01 15:11:21.368772308 +0100 -+++ at-3.1.13/atd.c 2012-11-01 15:13:16.809162818 +0100 +diff -up at-3.1.14/atd.c.selinux2 at-3.1.14/atd.c +--- at-3.1.14/atd.c.selinux2 2013-12-04 11:27:28.729005384 +0100 ++++ at-3.1.14/atd.c 2013-12-04 11:30:17.709091150 +0100 @@ -83,6 +83,14 @@ #include "getloadavg.h" #endif @@ -16,8 +16,8 @@ diff -up at-3.1.13/atd.c.selinux at-3.1.13/atd.c #ifndef LOG_ATD #define LOG_ATD LOG_DAEMON #endif -@@ -202,6 +210,68 @@ myfork() - #define ATD_MAIL_NAME "mailx" +@@ -191,6 +199,68 @@ myfork() + #define fork myfork #endif +#ifdef WITH_SELINUX @@ -85,32 +85,21 @@ diff -up at-3.1.13/atd.c.selinux at-3.1.13/atd.c static void run_file(const char *filename, uid_t uid, gid_t gid) { -@@ -446,9 +516,23 @@ run_file(const char *filename, uid_t uid - perr("Cannot reset signal handler to default"); +@@ -419,6 +489,13 @@ run_file(const char *filename, uid_t uid + + nice((tolower((int) queue) - 'a' + 1) * 2); - chdir("/"); -- +#ifdef WITH_SELINUX -+ if (selinux_enabled > 0) { -+ if (set_selinux_context(pentry->pw_name, filename) < 0) -+ perr("SELinux Failed to set context\n"); -+ } ++ if (selinux_enabled > 0) { ++ if (set_selinux_context(pentry->pw_name, filename) < 0) ++ perr("SELinux Failed to set context\n"); ++ } +#endif - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -+//add for fedora -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) -+ if (setexeccon(NULL) < 0) -+ if (security_getenforce()==1) -+ perr("Could not resset exec context for user %s\n", pentry->pw_name); -+#endif -+//end -+//add for fedora - #ifdef WITH_PAM - if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) - { -@@ -751,6 +835,10 @@ main(int argc, char *argv[]) ++ + if (initgroups(pentry->pw_name, pentry->pw_gid)) + perr("Cannot initialize the supplementary group access list"); + +@@ -712,6 +789,10 @@ main(int argc, char *argv[]) struct passwd *pwe; struct group *ge; @@ -121,45 +110,3 @@ diff -up at-3.1.13/atd.c.selinux at-3.1.13/atd.c /* We don't need root privileges all the time; running under uid and gid * daemon is fine. */ -diff -up at-3.1.13/config.h.in.selinux at-3.1.13/config.h.in ---- at-3.1.13/config.h.in.selinux 2012-11-01 15:11:21.368772308 +0100 -+++ at-3.1.13/config.h.in 2012-11-01 15:11:21.371772392 +0100 -@@ -71,6 +71,9 @@ - /* Define if you are building with_pam */ - #undef WITH_PAM - -+/* Define if you are building with_selinux */ -+#undef WITH_SELINUX -+ - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC - -diff -up at-3.1.13/configure.ac.selinux at-3.1.13/configure.ac ---- at-3.1.13/configure.ac.selinux 2012-11-01 15:11:21.369772335 +0100 -+++ at-3.1.13/configure.ac 2012-11-01 15:11:21.372772420 +0100 -@@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname, - ) - AC_SUBST(DAEMON_GROUPNAME) - -+AC_ARG_WITH(selinux, -+[ --with-selinux Define to run with selinux], -+AC_DEFINE(WITH_SELINUX), -+) -+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) -+AC_SUBST(SELINUXLIB) -+AC_SUBST(WITH_SELINUX) -+ - AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch) - AC_OUTPUT -diff -up at-3.1.13/Makefile.in.selinux at-3.1.13/Makefile.in ---- at-3.1.13/Makefile.in.selinux 2012-11-01 15:11:21.361772115 +0100 -+++ at-3.1.13/Makefile.in 2012-11-01 15:11:21.372772420 +0100 -@@ -39,6 +39,8 @@ LIBS = @LIBS@ - LIBOBJS = @LIBOBJS@ - INSTALL = @INSTALL@ - PAMLIB = @PAMLIB@ -+SELINUXLIB = @SELINUXLIB@ -+ - - CLONES = atq atrm - ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o diff --git a/at-3.1.14-fix_no_export.patch b/at-3.1.14-fix_no_export.patch new file mode 100644 index 0000000..096eed7 --- /dev/null +++ b/at-3.1.14-fix_no_export.patch @@ -0,0 +1,15 @@ +diff -up at-3.1.14/at.c.export at-3.1.14/at.c +--- at-3.1.14/at.c.export 2013-10-07 14:53:59.980521240 +0200 ++++ at-3.1.14/at.c 2013-10-07 14:54:35.722560527 +0200 +@@ -388,8 +388,9 @@ writefile(time_t runtimer, char queue) + unsigned int i; + for (i = 0; i < sizeof(no_export) / sizeof(no_export[0]); i++) { + export = export +- && (strncmp(*atenv, no_export[i], +- (size_t) (eqp - *atenv)) != 0); ++ && ((((size_t) (eqp - *atenv)) != strlen(no_export[i])) ++ ||(strncmp(*atenv, no_export[i],(size_t) (eqp - *atenv)) != 0) ++ ); + } + eqp++; + } diff --git a/at-3.1.14-mailwithhostname.patch b/at-3.1.14-mailwithhostname.patch index a92cfed..a2b3f79 100644 --- a/at-3.1.14-mailwithhostname.patch +++ b/at-3.1.14-mailwithhostname.patch @@ -1,6 +1,6 @@ diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c ---- at-3.1.14/atd.c.mail 2013-12-02 10:47:06.000000000 +0100 -+++ at-3.1.14/atd.c 2013-12-02 10:51:23.000000000 +0100 +--- at-3.1.14/atd.c.mail 2013-12-04 11:39:44.556239282 +0100 ++++ at-3.1.14/atd.c 2013-12-04 11:40:50.544234246 +0100 @@ -100,6 +100,10 @@ int selinux_enabled=0; #define BATCH_INTERVAL_DEFAULT 60 #define CHECK_INTERVAL 3600 @@ -25,7 +25,7 @@ diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c unsigned long jobno; int rc; + char hostbuf[MAXHOSTNAMELEN]; - #ifdef WTIH_PAM + #ifdef WITH_PAM int retcode; #endif @@ -452,6 +458,11 @@ run_file(const char *filename, uid_t uid @@ -40,7 +40,7 @@ diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c write_string(fd_out, "\nTo: "); write_string(fd_out, mailname); write_string(fd_out, "\n\n"); -@@ -872,7 +883,7 @@ main(int argc, char *argv[]) +@@ -843,7 +854,7 @@ main(int argc, char *argv[]) run_as_daemon = 1; batch_interval = BATCH_INTERVAL_DEFAULT; @@ -49,7 +49,7 @@ diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c switch (c) { case 'l': if (sscanf(optarg, "%lf", &load_avg) != 1) -@@ -894,6 +905,10 @@ main(int argc, char *argv[]) +@@ -865,6 +876,10 @@ main(int argc, char *argv[]) daemon_foreground++; break; diff --git a/at-3.1.14-nitpicks.patch b/at-3.1.14-nitpicks.patch new file mode 100644 index 0000000..dc5946f --- /dev/null +++ b/at-3.1.14-nitpicks.patch @@ -0,0 +1,89 @@ +diff -up at-3.1.14/at.1.in.nit at-3.1.14/at.1.in +--- at-3.1.14/at.1.in.nit 2013-09-08 14:43:53.000000000 +0200 ++++ at-3.1.14/at.1.in 2013-12-04 11:36:29.737279969 +0100 +@@ -126,7 +126,7 @@ and to run a job at 1am tomorrow, you wo + .B at 1am tomorrow. + .PP + The definition of the time specification can be found in +-.IR @prefix@/share/doc/at/timespec . ++.IR @prefix@/share/doc/at-@VERSION@/timespec . + .PP + For both + .BR at " and " batch , +@@ -204,7 +204,7 @@ queue for + .BR batch . + Queues with higher letters run with increased niceness. The special + queue "=" is reserved for jobs which are currently running. +-.P ++ + If a job is submitted to a queue designated with an uppercase letter, the + job is treated as if it were submitted to batch at the time of the job. + Once the time is reached, the batch processing rules with respect to load +diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c +--- at-3.1.14/atd.c.nit 2013-12-04 11:36:29.733279967 +0100 ++++ at-3.1.14/atd.c 2013-12-04 11:38:44.551247496 +0100 +@@ -198,6 +198,18 @@ myfork() + + #define fork myfork + #endif ++#undef ATD_MAIL_PROGRAM ++#undef ATD_MAIL_NAME ++#if defined(SENDMAIL) ++#define ATD_MAIL_PROGRAM SENDMAIL ++#define ATD_MAIL_NAME "sendmail" ++#elif defined(MAILC) ++#define ATD_MAIL_PROGRAM MAILC ++#define ATD_MAIL_NAME "mail" ++#elif defined(MAILX) ++#define ATD_MAIL_PROGRAM MAILX ++#define ATD_MAIL_NAME "mailx" ++#endif + + #ifdef WITH_SELINUX + static int set_selinux_context(const char *name, const char *filename) { +@@ -337,6 +349,9 @@ run_file(const char *filename, uid_t uid + free(newname); + return; + } ++ ++ (void) setsid(); /* own session for process */ ++ + /* Let's see who we mail to. Hopefully, we can read it from + * the command file; if not, send it to the owner, or, failing that, + * to root. +@@ -505,6 +520,9 @@ run_file(const char *filename, uid_t uid + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir("/"); + + execle("/bin/sh", "sh", (char *) NULL, nenvp); +@@ -570,6 +588,9 @@ run_file(const char *filename, uid_t uid + if (setuid(uid) < 0) + perr("Cannot set user id"); + ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ perr("Cannot reset signal handler to default"); ++ + chdir ("/"); + + #if defined(SENDMAIL) +@@ -697,6 +718,7 @@ run_loop() + * Let's remove the lockfile and reschedule. + */ + strncpy(lock_name, dirent->d_name, sizeof(lock_name)); ++ lock_name[sizeof(lock_name)-1] = '\0'; + lock_name[0] = '='; + unlink(lock_name); + next_job = now; +@@ -731,6 +753,7 @@ run_loop() + run_batch++; + if (strcmp(batch_name, dirent->d_name) > 0) { + strncpy(batch_name, dirent->d_name, sizeof(batch_name)); ++ batch_name[sizeof(batch_name)-1] = '\0'; + batch_uid = buf.st_uid; + batch_gid = buf.st_gid; + batch_queue = queue; diff --git a/at-3.1.14-nowrap.patch b/at-3.1.14-nowrap.patch new file mode 100644 index 0000000..2b8f3bb --- /dev/null +++ b/at-3.1.14-nowrap.patch @@ -0,0 +1,12 @@ +diff -up at-3.1.14/at.c.wrap at-3.1.14/at.c +--- at-3.1.14/at.c.wrap 2013-12-02 15:42:10.000000000 +0100 ++++ at-3.1.14/at.c 2013-12-02 15:45:42.679092990 +0100 +@@ -304,7 +304,7 @@ writefile(time_t runtimer, char queue) + if (*ap == ' ') + *ap = '0'; + +- if (stat(atfile, &statbuf) != 0) ++ /*if (stat(atfile, &statbuf) != 0) + if (errno != ENOENT) + perr("Cannot access " ATJOB_DIR); + diff --git a/at-3.1.14-pam.patch b/at-3.1.14-pam.patch index bdcec62..aac72e8 100644 --- a/at-3.1.14-pam.patch +++ b/at-3.1.14-pam.patch @@ -1,15 +1,14 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c --- at-3.1.14/at.c.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/at.c 2013-10-07 14:39:15.670837532 +0200 -@@ -144,18 +144,14 @@ sigc(int signo) ++++ at-3.1.14/at.c 2013-12-04 11:09:56.165752053 +0100 +@@ -144,18 +144,13 @@ sigc(int signo) /* If the user presses ^C, remove the spool file and exit */ if (fcreated) { - /* -+ PRIV_START - -+ /* ++ /* We need the unprivileged uid here since the file is owned by the real (not effective) uid. */ @@ -17,19 +16,19 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c - unlink(atfile); - setregid(effective_gid, real_gid); - /* -+ unlink(atfile); ++ unlink(atfile); PRIV_END - */ } exit(EXIT_FAILURE); } -@@ -315,26 +311,19 @@ writefile(time_t runtimer, char queue) +@@ -315,26 +310,19 @@ writefile(time_t runtimer, char queue) * bit. Yes, this is a kluge. */ cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); - seteuid(real_uid); -+ if ((seteuid(effective_uid)) < 0) -+ perr("Error in seteuid: %s", errno); ++ if ((seteuid(effective_uid)) < 0) ++ perr("Error in seteuid: %s", errno); if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) perr("Cannot create atjob file %.500s", atfile); - seteuid(effective_uid); @@ -53,7 +52,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c /* We've successfully created the file; let's set the flag so it * gets removed in case of an interrupt or error. */ -@@ -654,7 +643,7 @@ process_jobs(int argc, char **argv, int +@@ -654,7 +642,7 @@ process_jobs(int argc, char **argv, int We need the unprivileged uid here since the file is owned by the real (not effective) uid. */ @@ -62,16 +61,17 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c if (queue == '=') { fprintf(stderr, "Warning: deleting running job\n"); -@@ -664,7 +653,7 @@ process_jobs(int argc, char **argv, int +@@ -663,8 +651,8 @@ process_jobs(int argc, char **argv, int + perr("Cannot unlink %.500s", dirent->d_name); rc = EXIT_FAILURE; } ++ PRIV_END - setregid(effective_gid, real_gid); -+ PRIV_END done = 1; break; -@@ -674,7 +663,7 @@ process_jobs(int argc, char **argv, int +@@ -674,7 +662,7 @@ process_jobs(int argc, char **argv, int FILE *fp; int ch; @@ -80,7 +80,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c fp = fopen(dirent->d_name, "r"); if (fp) { -@@ -687,7 +676,7 @@ process_jobs(int argc, char **argv, int +@@ -687,7 +675,7 @@ process_jobs(int argc, char **argv, int perr("Cannot open %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -91,7 +91,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c --- at-3.1.14/atd.c.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/atd.c 2013-10-07 14:40:22.102988905 +0200 ++++ at-3.1.14/atd.c 2013-12-04 11:14:31.780617480 +0100 @@ -83,6 +83,10 @@ #include "getloadavg.h" #endif @@ -134,7 +134,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c unsigned long jobno; int rc; -#ifdef HAVE_PAM -+#ifdef WTIH_PAM ++#ifdef WITH_PAM int retcode; #endif @@ -161,22 +161,22 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c #endif close(STDIN_FILENO); -@@ -401,6 +391,14 @@ run_file(const char *filename, uid_t uid +@@ -401,7 +391,14 @@ run_file(const char *filename, uid_t uid else if (pid == 0) { char *nul = NULL; char **nenvp = &nul; + char **pam_envp=0L; -+ + + PRIV_START +#ifdef WITH_PAM + pam_envp = pam_getenvlist(pamh); + if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) + nenvp = pam_envp; +#endif - /* Set up things for the child; we want standard input from the * input file, and standard output and error sent to our output file. -@@ -420,8 +418,6 @@ run_file(const char *filename, uid_t uid + */ +@@ -420,8 +417,6 @@ run_file(const char *filename, uid_t uid close(fd_in); close(fd_out); @@ -185,25 +185,20 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c nice((tolower((int) queue) - 'a' + 1) * 2); if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -438,6 +434,17 @@ run_file(const char *filename, uid_t uid - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); +@@ -435,9 +430,9 @@ run_file(const char *filename, uid_t uid -+#ifdef WITH_PAM -+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) -+ { -+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++) -+ free(*nenvp); -+ free( pam_envp ); -+ nenvp = &nul; -+ pam_envp=0L; -+ } -+#endif -+ + chdir("/"); + +- if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) +- perr("Exec failed for /bin/sh"); +- ++ execle("/bin/sh", "sh", (char *) NULL, nenvp); ++ perr("Exec failed for /bin/sh"); ++ /* perr exits, the PRIV_END is just for nice form */ PRIV_END } /* We're the parent. Let's wait. -@@ -450,14 +457,6 @@ run_file(const char *filename, uid_t uid +@@ -450,14 +445,6 @@ run_file(const char *filename, uid_t uid */ waitpid(pid, (int *) NULL, 0); @@ -218,62 +213,44 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ -@@ -488,7 +487,20 @@ run_file(const char *filename, uid_t uid +@@ -488,8 +475,13 @@ run_file(const char *filename, uid_t uid unlink(newname); free(newname); +#ifdef ATD_MAIL_PROGRAM if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { + int mail_pid = -1; -+#ifdef WITH_PAM -+ AT_START_PAM; -+ AT_OPEN_PAM_SESSION; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif -+ -+ mail_pid = fork(); -+ -+ if ( mail_pid == 0 ) -+ { ++ mail_pid = fork(); ++ ++ if ( mail_pid == 0 ) { PRIV_START -@@ -511,7 +523,22 @@ run_file(const char *filename, uid_t uid + if (initgroups(pentry->pw_name, pentry->pw_gid)) +@@ -511,7 +503,20 @@ run_file(const char *filename, uid_t uid perr("Exec failed for mail command"); PRIV_END -+ -+ } -+ else if ( mail_pid == -1 ) { -+ perr("fork of mailer failed"); -+ } -+ else { -+ /* Parent */ -+ waitpid(mail_pid, (int *) NULL, 0); -+ } -+#ifdef WITH_PAM -+ AT_CLOSE_PAM; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif ++ } ++ else if ( mail_pid == -1 ) { ++ syslog(LOG_ERR, "fork of mailer failed: %m"); ++ } ++ /* Parent */ ++ waitpid(mail_pid, (int *) NULL, 0); } -+#endif /* ATD_MAIL_PROGRAM */ ++ ++#ifdef WITH_PAM ++ AT_CLOSE_PAM; ++ closelog(); ++ openlog("atd", LOG_PID, LOG_ATD); ++#endif ++#endif exit(EXIT_SUCCESS); } -@@ -727,7 +754,7 @@ main(int argc, char *argv[]) - #define LOG_CRON LOG_DAEMON - #endif - -- openlog("atd", LOG_PID, LOG_CRON); -+ openlog("atd", LOG_PID, LOG_ATD); - - opterr = 0; - errno = 0; diff -up at-3.1.14/config.h.in.pam at-3.1.14/config.h.in --- at-3.1.14/config.h.in.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/config.h.in 2013-10-07 14:39:15.670837532 +0200 ++++ at-3.1.14/config.h.in 2013-12-04 11:09:56.165752053 +0100 @@ -68,8 +68,8 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NLIST_H @@ -287,7 +264,7 @@ diff -up at-3.1.14/config.h.in.pam at-3.1.14/config.h.in #undef HAVE_PSTAT_GETDYNAMIC diff -up at-3.1.14/configure.ac.pam at-3.1.14/configure.ac --- at-3.1.14/configure.ac.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/configure.ac 2013-10-07 14:39:15.671837535 +0200 ++++ at-3.1.14/configure.ac 2013-12-04 11:09:56.165752053 +0100 @@ -78,7 +78,7 @@ AC_FUNC_GETLOADAVG AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) AC_CHECK_HEADERS(security/pam_appl.h, [ @@ -313,7 +290,7 @@ diff -up at-3.1.14/configure.ac.pam at-3.1.14/configure.ac [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], diff -up at-3.1.14/perm.c.pam at-3.1.14/perm.c --- at-3.1.14/perm.c.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/perm.c 2013-10-07 14:39:15.671837535 +0200 ++++ at-3.1.14/perm.c 2013-12-04 11:09:56.165752053 +0100 @@ -51,6 +51,14 @@ #define PRIV_END while(0) #endif @@ -380,14 +357,13 @@ diff -up at-3.1.14/perm.c.pam at-3.1.14/perm.c return allow; diff -up at-3.1.14/privs.h.pam at-3.1.14/privs.h --- at-3.1.14/privs.h.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/privs.h 2013-10-07 14:39:15.671837535 +0200 -@@ -144,3 +144,64 @@ extern gid_t real_gid, effective_gid, da ++++ at-3.1.14/privs.h 2013-12-04 11:09:56.166752054 +0100 +@@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da #error "Cannot implement user ID swapping without setreuid or setresuid" #endif #endif + +#ifdef WITH_PAM -+int retcode; +/* PAM failed after session was open. */ +#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \ + pam_close_session(pamh,PAM_SILENT); diff --git a/at-3.1.14-selinux.patch b/at-3.1.14-selinux.patch index e8bbc73..abee8b4 100644 --- a/at-3.1.14-selinux.patch +++ b/at-3.1.14-selinux.patch @@ -1,8 +1,50 @@ -diff -up at-3.1.14/atd.c.selinux at-3.1.14/atd.c ---- at-3.1.14/atd.c.selinux 2013-09-26 15:06:55.177049852 +0200 -+++ at-3.1.14/atd.c 2013-09-26 16:33:23.981355661 +0200 -@@ -87,6 +87,14 @@ - #define LOG_ATD LOG_DAEMON +diff -up at-3.1.14/config.h.in.selinux at-3.1.14/config.h.in +--- at-3.1.14/config.h.in.selinux 2013-09-26 15:06:55.177049852 +0200 ++++ at-3.1.14/config.h.in 2013-09-26 15:06:55.180049850 +0200 +@@ -71,6 +71,9 @@ + /* Define if you are building with_pam */ + #undef WITH_PAM + ++/* Define if you are building with_selinux */ ++#undef WITH_SELINUX ++ + /* Define to 1 if you have the `pstat_getdynamic' function. */ + #undef HAVE_PSTAT_GETDYNAMIC + +diff -up at-3.1.14/configure.ac.selinux at-3.1.14/configure.ac +--- at-3.1.14/configure.ac.selinux 2013-09-26 15:06:55.178049851 +0200 ++++ at-3.1.14/configure.ac 2013-09-26 15:06:55.180049850 +0200 +@@ -246,6 +246,14 @@ AC_DEFINE(WITH_PAM), + AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') + AC_SUBST(PAMLIB) + ++AC_ARG_WITH(selinux, ++[ --with-selinux Define to run with selinux], ++AC_DEFINE(WITH_SELINUX), ++) ++AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) ++AC_SUBST(SELINUXLIB) ++AC_SUBST(WITH_SELINUX) ++ + AC_MSG_CHECKING(groupname to run under) + AC_ARG_WITH(daemon_groupname, + [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], +diff -up at-3.1.14/Makefile.in.selinux at-3.1.14/Makefile.in +--- at-3.1.14/Makefile.in.selinux 2013-09-26 15:06:55.175049853 +0200 ++++ at-3.1.14/Makefile.in 2013-09-26 15:06:55.180049850 +0200 +@@ -40,6 +40,7 @@ LIBS = @LIBS@ + LIBOBJS = @LIBOBJS@ + INSTALL = @INSTALL@ + PAMLIB = @PAMLIB@ ++SELINUXLIB = @SELINUXLIB@ + + CLONES = atq atrm + ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o +diff -up at-3.1.14/atd.c.selinux2 at-3.1.14/atd.c +--- at-3.1.14/atd.c.selinux2 2013-12-04 11:27:28.729005384 +0100 ++++ at-3.1.14/atd.c 2013-12-04 11:30:17.709091150 +0100 +@@ -83,6 +83,14 @@ + #include "getloadavg.h" #endif +#ifdef WITH_SELINUX @@ -13,9 +55,9 @@ diff -up at-3.1.14/atd.c.selinux at-3.1.14/atd.c +#include +#endif + - /* Macros */ - - #define BATCH_INTERVAL_DEFAULT 60 + #ifndef LOG_ATD + #define LOG_ATD LOG_DAEMON + #endif @@ -191,6 +199,68 @@ myfork() #define fork myfork #endif @@ -85,31 +127,21 @@ diff -up at-3.1.14/atd.c.selinux at-3.1.14/atd.c static void run_file(const char *filename, uid_t uid, gid_t gid) { -@@ -431,9 +501,23 @@ run_file(const char *filename, uid_t uid +@@ -419,6 +489,13 @@ run_file(const char *filename, uid_t uid - chdir("/"); + nice((tolower((int) queue) - 'a' + 1) * 2); +#ifdef WITH_SELINUX -+ if (selinux_enabled > 0) { -+ if (set_selinux_context(pentry->pw_name, filename) < 0) -+ perr("SELinux Failed to set context\n"); -+ } ++ if (selinux_enabled > 0) { ++ if (set_selinux_context(pentry->pw_name, filename) < 0) ++ perr("SELinux Failed to set context\n"); ++ } +#endif + - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); + if (initgroups(pentry->pw_name, pentry->pw_gid)) + perr("Cannot initialize the supplementary group access list"); -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) -+ if (setexeccon(NULL) < 0) -+ if (security_getenforce()==1) -+ perr("Could not resset exec context for user %s\n", pentry->pw_name); -+#endif -+ - #ifdef WITH_PAM - if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) - { -@@ -732,6 +816,10 @@ main(int argc, char *argv[]) +@@ -712,6 +789,10 @@ main(int argc, char *argv[]) struct passwd *pwe; struct group *ge; @@ -120,45 +152,3 @@ diff -up at-3.1.14/atd.c.selinux at-3.1.14/atd.c /* We don't need root privileges all the time; running under uid and gid * daemon is fine. */ -diff -up at-3.1.14/config.h.in.selinux at-3.1.14/config.h.in ---- at-3.1.14/config.h.in.selinux 2013-09-26 15:06:55.177049852 +0200 -+++ at-3.1.14/config.h.in 2013-09-26 15:06:55.180049850 +0200 -@@ -71,6 +71,9 @@ - /* Define if you are building with_pam */ - #undef WITH_PAM - -+/* Define if you are building with_selinux */ -+#undef WITH_SELINUX -+ - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC - -diff -up at-3.1.14/configure.ac.selinux at-3.1.14/configure.ac ---- at-3.1.14/configure.ac.selinux 2013-09-26 15:06:55.178049851 +0200 -+++ at-3.1.14/configure.ac 2013-09-26 15:06:55.180049850 +0200 -@@ -246,6 +246,14 @@ AC_DEFINE(WITH_PAM), - AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') - AC_SUBST(PAMLIB) - -+AC_ARG_WITH(selinux, -+[ --with-selinux Define to run with selinux], -+AC_DEFINE(WITH_SELINUX), -+) -+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) -+AC_SUBST(SELINUXLIB) -+AC_SUBST(WITH_SELINUX) -+ - AC_MSG_CHECKING(groupname to run under) - AC_ARG_WITH(daemon_groupname, - [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], -diff -up at-3.1.14/Makefile.in.selinux at-3.1.14/Makefile.in ---- at-3.1.14/Makefile.in.selinux 2013-09-26 15:06:55.175049853 +0200 -+++ at-3.1.14/Makefile.in 2013-09-26 15:06:55.180049850 +0200 -@@ -40,6 +40,7 @@ LIBS = @LIBS@ - LIBOBJS = @LIBOBJS@ - INSTALL = @INSTALL@ - PAMLIB = @PAMLIB@ -+SELINUXLIB = @SELINUXLIB@ - - CLONES = atq atrm - ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o diff --git a/at.spec b/at.spec index 87b79b7..132363b 100644 --- a/at.spec +++ b/at.spec @@ -76,6 +76,7 @@ cp %{SOURCE1} . %patch1 -p1 -b .make %patch2 -p1 -b .pam %patch3 -p1 -b .selinux +%patch100 -p1 -b .selinux2 %patch4 -p1 -b .opt_V %patch5 -p1 -b .shell %patch6 -p1 -b .nit From 9f623ae7d45385b92b1bb3a90f253e9c8ff8a29d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Wed, 4 Dec 2013 11:47:08 +0100 Subject: [PATCH 16/86] Clean specfile. --- at.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/at.spec b/at.spec index 132363b..87b79b7 100644 --- a/at.spec +++ b/at.spec @@ -76,7 +76,6 @@ cp %{SOURCE1} . %patch1 -p1 -b .make %patch2 -p1 -b .pam %patch3 -p1 -b .selinux -%patch100 -p1 -b .selinux2 %patch4 -p1 -b .opt_V %patch5 -p1 -b .shell %patch6 -p1 -b .nit From d24e6d0992fb6f630716d2e759bfc19ff2c9406b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Wed, 4 Dec 2013 12:04:07 +0100 Subject: [PATCH 17/86] Upload new source. --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 4d9f8d7..ca8821f 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ at_3.1.11.orig.tar.gz at_3.1.12.orig.tar.gz pam_atd /at_3.1.13.orig.tar.gz +/at_3.1.14.orig.tar.gz diff --git a/sources b/sources index 9877be7..c01c6e4 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ b117781fd68e393443b2a8e478c7c22f atd.init ac1471fe22f63f666dc7d31173f47ea0 atd.sysconf 000d2f30379d2bf8af09f51416e863ec pam_atd -1da61af6c29e323abaaf13ee1a8dad79 at_3.1.13.orig.tar.gz +d41cfd79033b6e49a8838add59a42ac6 at_3.1.14.orig.tar.gz From bda47c4d326a6241761676cc10de75301e5ca0d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Mon, 6 Jan 2014 18:01:52 +0100 Subject: [PATCH 18/86] The below warning about used shell must be printed out. It's part of POSIX at rules. warning: commands will be executed using /bin/sh --- at-3.1.14-shell.patch | 19 +++++-------------- 1 file changed, 5 insertions(+), 14 deletions(-) diff --git a/at-3.1.14-shell.patch b/at-3.1.14-shell.patch index b2401bf..49f66f1 100644 --- a/at-3.1.14-shell.patch +++ b/at-3.1.14-shell.patch @@ -1,6 +1,6 @@ diff -up at-3.1.14/at.c.shell at-3.1.14/at.c ---- at-3.1.14/at.c.shell 2013-09-26 16:57:18.126861201 +0200 -+++ at-3.1.14/at.c 2013-09-26 16:59:24.069127357 +0200 +--- at-3.1.14/at.c.shell 2014-01-06 17:58:17.555564746 +0100 ++++ at-3.1.14/at.c 2014-01-06 17:59:17.699720002 +0100 @@ -62,11 +62,8 @@ #include #include @@ -13,7 +13,7 @@ diff -up at-3.1.14/at.c.shell at-3.1.14/at.c #ifdef HAVE_UNISTD_H #include -@@ -240,6 +237,12 @@ writefile(time_t runtimer, char queue) +@@ -239,6 +236,12 @@ writefile(time_t runtimer, char queue) int kill_errno; int rc; int mailsize = 128; @@ -26,7 +26,7 @@ diff -up at-3.1.14/at.c.shell at-3.1.14/at.c /* Install the signal handler for SIGINT; terminate after removing the * spool file if necessary -@@ -450,6 +453,9 @@ writefile(time_t runtimer, char queue) +@@ -449,6 +452,9 @@ writefile(time_t runtimer, char queue) fprintf(fp, " || {\n\t echo 'Execution directory " "inaccessible' >&2\n\t exit 1\n}\n"); @@ -36,7 +36,7 @@ diff -up at-3.1.14/at.c.shell at-3.1.14/at.c istty = isatty(fileno(stdin)); if (istty) { fprintf(stderr, "at> "); -@@ -465,7 +471,7 @@ writefile(time_t runtimer, char queue) +@@ -464,7 +470,7 @@ writefile(time_t runtimer, char queue) if (istty) { fprintf(stderr, "\n"); } @@ -45,12 +45,3 @@ diff -up at-3.1.14/at.c.shell at-3.1.14/at.c if (ferror(fp)) panic("Output error"); -@@ -915,7 +921,7 @@ main(int argc, char **argv) - It also alows a warning diagnostic to be printed. Because of the - possible variance, we always output the diagnostic. */ - -- fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); -+ /* fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); */ - - writefile(timer, queue); - break; From 1a66c4d172cd5a556b9f0d4b86e8756e15aedcc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Tue, 28 Jan 2014 12:25:19 +0100 Subject: [PATCH 19/86] remove parallel build -> it fails on secondary arches 1058686 --- at.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/at.spec b/at.spec index 87b79b7..317c390 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.14 -Release: 1%{?dist} +Release: 2%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -100,7 +100,7 @@ rm -f lex.yy.* y.tab.* --with-pam %endif -make %{?_smp_mflags} V=1 +make %install make install \ @@ -191,6 +191,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0755,root,root) %{_initrddir}/atd %changelog +* Tue Jan 28 2014 Marcela Mašláňová - 3.1.14-2 +- remove parallel build -> it fails on secondary arches 1058686 + * Mon Dec 2 2013 Marcela Mašláňová - 3.1.14-1 - new release 3.1.14 - all Fedora specifics backported From 37819ccac578ce6f4a8a85dc1bbbb72daa8db9c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcela=20Ma=C5=A1l=C3=A1=C5=88ov=C3=A1?= Date: Tue, 25 Mar 2014 15:57:33 -0400 Subject: [PATCH 20/86] 1079304 remove part of patch, which is not needed anymore. --- at-3.1.14-nitpicks.patch | 9 --------- at.spec | 5 ++++- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/at-3.1.14-nitpicks.patch b/at-3.1.14-nitpicks.patch index dc5946f..6ad8e7a 100644 --- a/at-3.1.14-nitpicks.patch +++ b/at-3.1.14-nitpicks.patch @@ -1,15 +1,6 @@ diff -up at-3.1.14/at.1.in.nit at-3.1.14/at.1.in --- at-3.1.14/at.1.in.nit 2013-09-08 14:43:53.000000000 +0200 +++ at-3.1.14/at.1.in 2013-12-04 11:36:29.737279969 +0100 -@@ -126,7 +126,7 @@ and to run a job at 1am tomorrow, you wo - .B at 1am tomorrow. - .PP - The definition of the time specification can be found in --.IR @prefix@/share/doc/at/timespec . -+.IR @prefix@/share/doc/at-@VERSION@/timespec . - .PP - For both - .BR at " and " batch , @@ -204,7 +204,7 @@ queue for .BR batch . Queues with higher letters run with increased niceness. The special diff --git a/at.spec b/at.spec index 317c390..299af28 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.14 -Release: 2%{?dist} +Release: 3%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -191,6 +191,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0755,root,root) %{_initrddir}/atd %changelog +* Tue Mar 25 2014 Marcela Mašláňová - 3.1.14-3 +- 1079304 remove part of patch, which is not needed anymore + * Tue Jan 28 2014 Marcela Mašláňová - 3.1.14-2 - remove parallel build -> it fails on secondary arches 1058686 From 216c8b3054ed7f2a29d563ee2f78787ac434d869 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 6 Jun 2014 20:53:54 -0500 Subject: [PATCH 21/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 299af28..4b5a88b 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.14 -Release: 3%{?dist} +Release: 4%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -191,6 +191,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0755,root,root) %{_initrddir}/atd %changelog +* Sat Jun 07 2014 Fedora Release Engineering - 3.1.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + * Tue Mar 25 2014 Marcela Mašláňová - 3.1.14-3 - 1079304 remove part of patch, which is not needed anymore From 107aa1f03b85bc2263706ae563a7202ef76d0da4 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Fri, 15 Aug 2014 21:34:28 +0000 Subject: [PATCH 22/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 4b5a88b..9c8e185 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.14 -Release: 4%{?dist} +Release: 5%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -191,6 +191,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0755,root,root) %{_initrddir}/atd %changelog +* Fri Aug 15 2014 Fedora Release Engineering - 3.1.14-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + * Sat Jun 07 2014 Fedora Release Engineering - 3.1.14-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild From ad609f98fc39efa25a6fdcc71ff341e19966e525 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 2 Oct 2014 11:10:27 +0200 Subject: [PATCH 23/86] new upstream release fixing regression from security fix in bash - drop sysvinit subpackage --- .gitignore | 4 +- 56atd | 18 -- at-3.1.11-pam.patch | 12 - at-3.1.12-fix.patch | 69 ----- at-3.1.12-fix_no_export.patch | 15 -- at-3.1.12-makefile.patch | 83 ------ at-3.1.12-nitpicks.patch | 121 --------- at-3.1.12-nowrap.patch | 19 -- at-3.1.12-opt_V.patch | 17 -- at-3.1.12-pam.patch | 430 ------------------------------- at-3.1.12-selinux.patch | 152 ----------- at-3.1.12-shell.patch | 55 ---- at-3.1.13-help.patch | 15 -- at-3.1.13-mailwithhostname.patch | 62 ----- at-3.1.13-makefile.patch | 82 ------ at-3.1.13-nitpicks.patch | 121 --------- at-3.1.13-selinux.patch | 112 -------- at-3.1.13-usePOSIXtimers.patch | 119 --------- at.spec | 27 +- atd.init | 111 -------- pam_atd | 9 + sources | 5 +- 22 files changed, 17 insertions(+), 1641 deletions(-) delete mode 100644 56atd delete mode 100644 at-3.1.11-pam.patch delete mode 100644 at-3.1.12-fix.patch delete mode 100644 at-3.1.12-fix_no_export.patch delete mode 100644 at-3.1.12-makefile.patch delete mode 100644 at-3.1.12-nitpicks.patch delete mode 100644 at-3.1.12-nowrap.patch delete mode 100644 at-3.1.12-opt_V.patch delete mode 100644 at-3.1.12-pam.patch delete mode 100644 at-3.1.12-selinux.patch delete mode 100644 at-3.1.12-shell.patch delete mode 100644 at-3.1.13-help.patch delete mode 100644 at-3.1.13-mailwithhostname.patch delete mode 100644 at-3.1.13-makefile.patch delete mode 100644 at-3.1.13-nitpicks.patch delete mode 100644 at-3.1.13-selinux.patch delete mode 100644 at-3.1.13-usePOSIXtimers.patch delete mode 100755 atd.init create mode 100644 pam_atd diff --git a/.gitignore b/.gitignore index ca8821f..c4d8252 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,7 @@ at_3.1.10.tar.gz -atd.init -atd.sysconf test.pl at_3.1.11.orig.tar.gz at_3.1.12.orig.tar.gz -pam_atd /at_3.1.13.orig.tar.gz /at_3.1.14.orig.tar.gz +/at_3.1.16.orig.tar.gz diff --git a/56atd b/56atd deleted file mode 100644 index 86989e1..0000000 --- a/56atd +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -# - -. "${PM_FUNCTIONS}" - -case "$1" in - hibernate|suspend) - ;; - thaw|resume) - if [ -f /etc/init.d/atd ]; then - /etc/init.d/atd restart - else - systemctl try-restart atd.service - fi - ;; - *) exit $NA - ;; -esac diff --git a/at-3.1.11-pam.patch b/at-3.1.11-pam.patch deleted file mode 100644 index 87a115c..0000000 --- a/at-3.1.11-pam.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- at-3.1.10/pam_atd.pam 2007-07-03 13:29:24.000000000 +0200 -+++ at-3.1.10/pam_atd 2007-07-03 13:29:24.000000000 +0200 -@@ -0,0 +1,9 @@ -+# The PAM configuration file for the at daemon -+# -+# -+auth required pam_env.so -+auth include password-auth -+account required pam_access.so -+account include password-auth -+session required pam_loginuid.so -+session include password-auth diff --git a/at-3.1.12-fix.patch b/at-3.1.12-fix.patch deleted file mode 100644 index 28d118d..0000000 --- a/at-3.1.12-fix.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff -up at-3.1.12/atd.c.fix at-3.1.12/atd.c ---- at-3.1.12/atd.c.fix 2010-01-18 14:22:19.364913059 +0100 -+++ at-3.1.12/atd.c 2010-01-18 14:20:17.867912485 +0100 -@@ -458,11 +458,9 @@ run_file(const char *filename, uid_t uid - size = buf.st_size; - - #ifdef WITH_PAM -- PRIV_START -- PAM_HANDLING; -+ PAM_HANDLING; - closelog(); - openlog("atd", LOG_PID, LOG_ATD); -- PRIV_END - #endif - - close(STDIN_FILENO); -@@ -484,7 +482,6 @@ run_file(const char *filename, uid_t uid - if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) - nenvp = pam_envp; - #endif -- PRIV_END - /* Set up things for the child; we want standard input from the - * input file, and standard output and error sent to our output file. - */ -@@ -505,8 +502,6 @@ run_file(const char *filename, uid_t uid - if (chdir(ATJOB_DIR) < 0) - perr("Cannot chdir to " ATJOB_DIR); - -- PRIV_START -- - nice((tolower((int) queue) - 'a' + 1) * 2); - - if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -531,6 +526,17 @@ run_file(const char *filename, uid_t uid - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -+ -+//add for fedora -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) -+ if (setexeccon(NULL) < 0) -+ if (security_getenforce()==1) -+ perr("Could not resset exec context for user %s\n", pentry->pw_name); -+ -+#endif -+//end -+//add for fedora - #ifdef WITH_PAM - if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) - { -@@ -553,7 +559,7 @@ run_file(const char *filename, uid_t uid - return with an ECHILD error. - */ - waitpid(pid, (int *) NULL, 0); -- -+/* - #ifdef WITH_PAM - PRIV_START - pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); -@@ -561,7 +567,7 @@ run_file(const char *filename, uid_t uid - pam_end(pamh, retcode); - PRIV_END - #endif -- -+*/ - /* Send mail. Unlink the output file after opening it, so it - * doesn't hang around after the run. - */ diff --git a/at-3.1.12-fix_no_export.patch b/at-3.1.12-fix_no_export.patch deleted file mode 100644 index 60e093a..0000000 --- a/at-3.1.12-fix_no_export.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up at-3.1.12/at.c.noexport at-3.1.12/at.c ---- at-3.1.12/at.c.noexport 2011-06-10 14:21:04.000000000 +0200 -+++ at-3.1.12/at.c 2011-06-10 14:22:54.247712577 +0200 -@@ -391,8 +391,9 @@ writefile(time_t runtimer, char queue) - unsigned int i; - for (i = 0; i < sizeof(no_export) / sizeof(no_export[0]); i++) { - export = export -- && (strncmp(*atenv, no_export[i], -- (size_t) (eqp - *atenv)) != 0); -+ && ((((size_t) (eqp - *atenv)) != strlen(no_export[i])) -+ ||(strncmp(*atenv, no_export[i],(size_t) (eqp - *atenv)) != 0) -+ ); - } - eqp++; - } diff --git a/at-3.1.12-makefile.patch b/at-3.1.12-makefile.patch deleted file mode 100644 index 871166b..0000000 --- a/at-3.1.12-makefile.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff -up at-3.1.12/Makefile.in.make at-3.1.12/Makefile.in ---- at-3.1.12/Makefile.in.make 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/Makefile.in 2009-12-03 13:23:08.794258910 +0100 -@@ -65,13 +65,13 @@ LIST = Filelist Filelist.asc - all: at atd atrun - - at: $(ATOBJECTS) -- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) - rm -f $(CLONES) - $(LN_S) -f at atq - $(LN_S) -f at atrm - - atd: $(RUNOBJECTS) -- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) -+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) - - y.tab.c y.tab.h: parsetime.y - $(YACC) -d parsetime.y -@@ -83,38 +83,42 @@ atrun: atrun.in - configure - - .c.o: -- $(CC) -c $(CFLAGS) $(DEFS) $*.c -+ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c - - install: all -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(bindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(docdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d -+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) -+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) -+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) - touch $(IROOT)$(LFILE) - chmod 600 $(IROOT)$(LFILE) - chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) -- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 -s at $(IROOT)$(bindir) -+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ -+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd -+ $(INSTALL) -m 4755 at $(IROOT)$(bindir) - $(LN_S) -f at $(IROOT)$(bindir)/atq - $(LN_S) -f at $(IROOT)$(bindir)/atrm -- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) -- $(INSTALL) -g root -o root -m 755 -s atd $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ -+ $(INSTALL) -m 755 batch $(IROOT)$(bindir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) -+ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) -+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ - cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 -- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ -+ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ - sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman -- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 -+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 - rm -f tmpman -- $(INSTALL) -g root -o root -m 644 at_allow.5 $(IROOT)$(man5dir)/ -+ $(INSTALL) -m 644 at_allow.5 $(IROOT)$(man5dir)/ - cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5 -- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) -+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) - rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ - $(IROOT)$(mandir)/cat1/atq.1* - rm -f $(IROOT)$(mandir)/cat1/atd.8* diff --git a/at-3.1.12-nitpicks.patch b/at-3.1.12-nitpicks.patch deleted file mode 100644 index 845c707..0000000 --- a/at-3.1.12-nitpicks.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff -up at-3.1.12/at.1.in.nit at-3.1.12/at.1.in ---- at-3.1.12/at.1.in.nit 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/at.1.in 2010-01-18 14:43:58.287163082 +0100 -@@ -121,7 +121,7 @@ and to run a job at 1am tomorrow, you wo - .B at 1am tomorrow. - .PP - The exact definition of the time specification can be found in --.IR @prefix@/share/doc/at/timespec . -+.IR @prefix@/share/doc/at-@VERSION@/timespec . - .PP - For both - .BR at " and " batch , -@@ -216,7 +216,7 @@ queue for - .BR batch . - Queues with higher letters run with increased niceness. The special - queue "=" is reserved for jobs which are currently running. --.P -+ - If a job is submitted to a queue designated with an uppercase letter, the - job is treated as if it were submitted to batch at the time of the job. - Once the time is reached, the batch processing rules with respect to load -@@ -253,7 +253,7 @@ is an alias for - .TP - .B \-v - Shows the time the job will be executed before reading the job. --.P -+ - Times displayed will be in the format "Thu Feb 20 14:50:00 1997". - .TP - .B -diff -up at-3.1.12/atd.c.nit at-3.1.12/atd.c ---- at-3.1.12/atd.c.nit 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/atd.c 2010-01-18 14:42:58.024161433 +0100 -@@ -83,6 +83,9 @@ - #include "getloadavg.h" - #endif - -+#ifndef LOG_ATD -+#define LOG_ATD LOG_DAEMON -+#endif - /* Macros */ - - #define BATCH_INTERVAL_DEFAULT 60 -@@ -194,6 +197,18 @@ myfork() - - #define fork myfork - #endif -+#undef ATD_MAIL_PROGRAM -+#undef ATD_MAIL_NAME -+#if defined(SENDMAIL) -+#define ATD_MAIL_PROGRAM SENDMAIL -+#define ATD_MAIL_NAME "sendmail" -+#elif defined(MAILC) -+#define ATD_MAIL_PROGRAM MAILC -+#define ATD_MAIL_NAME "mail" -+#elif defined(MAILX) -+#define ATD_MAIL_PROGRAM MAILX -+#define ATD_MAIL_NAME "mailx" -+#endif - - static void - run_file(const char *filename, uid_t uid, gid_t gid) -@@ -276,6 +291,9 @@ run_file(const char *filename, uid_t uid - free(newname); - return; - } -+ -+ (void) setsid(); //own session for process -+ - /* Let's see who we mail to. Hopefully, we can read it from - * the command file; if not, send it to the owner, or, failing that, - * to root. -@@ -435,6 +453,9 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); - -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) -+ perr("Cannot reset signal handler to default"); -+ - chdir("/"); - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) -@@ -503,6 +524,9 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); - -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) -+ perr("Cannot reset signal handler to default"); -+ - chdir ("/"); - - #if defined(SENDMAIL) -@@ -617,6 +641,7 @@ run_loop() - * Let's remove the lockfile and reschedule. - */ - strncpy(lock_name, dirent->d_name, sizeof(lock_name)); -+ lock_name[sizeof(lock_name)-1] = '\0'; - lock_name[0] = '='; - unlink(lock_name); - next_job = now; -@@ -651,6 +676,7 @@ run_loop() - run_batch++; - if (strcmp(batch_name, dirent->d_name) > 0) { - strncpy(batch_name, dirent->d_name, sizeof(batch_name)); -+ batch_name[sizeof(batch_name)-1] = '\0'; - batch_uid = buf.st_uid; - batch_gid = buf.st_gid; - batch_queue = queue; -@@ -725,11 +751,7 @@ main(int argc, char *argv[]) - - RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) - --#ifndef LOG_CRON --#define LOG_CRON LOG_DAEMON --#endif -- -- openlog("atd", LOG_PID, LOG_CRON); -+ openlog("atd", LOG_PID, LOG_ATD); - - opterr = 0; - errno = 0; diff --git a/at-3.1.12-nowrap.patch b/at-3.1.12-nowrap.patch deleted file mode 100644 index f18167b..0000000 --- a/at-3.1.12-nowrap.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -up at-3.1.12/at.c.nowrap at-3.1.12/at.c ---- at-3.1.12/at.c.nowrap 2010-02-18 14:39:50.125518422 +0100 -+++ at-3.1.12/at.c 2010-02-22 13:20:03.817150406 +0100 -@@ -308,10 +308,13 @@ writefile(time_t runtimer, char queue) - if (*ap == ' ') - *ap = '0'; - -- if (stat(atfile, &statbuf) != 0) -+ /*if (stat(atfile, &statbuf) != 0) { - if (errno != ENOENT) - perr("Cannot access " ATJOB_DIR); -- -+ } else { -+ perr("atjob file already exists; bailing"); -+ } -+ */ - /* Create the file. The x bit is only going to be set after it has - * been completely written out, to make sure it is not executed in the - * meantime. To make sure they do not get deleted, turn off their r diff --git a/at-3.1.12-opt_V.patch b/at-3.1.12-opt_V.patch deleted file mode 100644 index d25148d..0000000 --- a/at-3.1.12-opt_V.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up at-3.1.12/at.c.opt_V at-3.1.12/at.c ---- at-3.1.12/at.c.opt_V 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/at.c 2009-12-02 13:20:29.770215516 +0100 -@@ -853,10 +853,9 @@ main(int argc, char **argv) - */ - - if (disp_version) { -- fprintf(stderr, "at version " VERSION "\n" -- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n" -- "or contact the maintainers (at@packages.debian.org).\n"); -- exit(EXIT_SUCCESS); -+ fprintf(stderr, "at version " VERSION "\n"); -+ if (argc == 2) -+ exit(EXIT_SUCCESS); - } - - /* select our program diff --git a/at-3.1.12-pam.patch b/at-3.1.12-pam.patch deleted file mode 100644 index 3030ce5..0000000 --- a/at-3.1.12-pam.patch +++ /dev/null @@ -1,430 +0,0 @@ -diff -up at-3.1.12/at.c.pam at-3.1.12/at.c ---- at-3.1.12/at.c.pam 2010-03-15 09:57:27.043438000 +0100 -+++ at-3.1.12/at.c 2010-03-15 09:58:12.426689166 +0100 -@@ -141,18 +141,13 @@ sigc(int signo) - /* If the user presses ^C, remove the spool file and exit - */ - if (fcreated) { -- /* - PRIV_START -- -+ /* - We need the unprivileged uid here since the file is owned by the real - (not effective) uid. - */ -- setregid(real_gid, effective_gid); -- unlink(atfile); -- setregid(effective_gid, real_gid); -- /* -+ unlink(atfile); - PRIV_END -- */ - } - exit(EXIT_FAILURE); - } -@@ -318,26 +313,19 @@ writefile(time_t runtimer, char queue) - * bit. Yes, this is a kluge. - */ - cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); -- seteuid(real_uid); -+ if ((seteuid(effective_uid)) < 0) -+ perr("Error in seteuid: %s", errno); - if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) - perr("Cannot create atjob file %.500s", atfile); -- seteuid(effective_uid); - - if ((fd2 = dup(fd)) < 0) - perr("Error in dup() of job file"); - -- /* - if (fchown(fd2, real_uid, real_gid) != 0) -- perr("Cannot give away file"); -- */ -+ perr("Cannot give real_uid and real_gid the file"); - - PRIV_END - -- /* We no longer need suid root; now we just need to be able to write -- * to the directory, if necessary. -- */ -- -- REDUCE_PRIV(daemon_uid, daemon_gid) - /* We've successfully created the file; let's set the flag so it - * gets removed in case of an interrupt or error. - */ -@@ -661,7 +649,7 @@ process_jobs(int argc, char **argv, int - We need the unprivileged uid here since the file is owned by the real - (not effective) uid. - */ -- setregid(real_gid, effective_gid); -+ PRIV_START - - if (queue == '=') { - fprintf(stderr, "Warning: deleting running job\n"); -@@ -670,8 +658,8 @@ process_jobs(int argc, char **argv, int - perr("Cannot unlink %.500s", dirent->d_name); - rc = EXIT_FAILURE; - } -+ PRIV_END - -- setregid(effective_gid, real_gid); - done = 1; - - break; -@@ -681,7 +669,7 @@ process_jobs(int argc, char **argv, int - FILE *fp; - int ch; - -- setregid(real_gid, effective_gid); -+ PRIV_START - fp = fopen(dirent->d_name, "r"); - - if (fp) { -@@ -694,7 +682,7 @@ process_jobs(int argc, char **argv, int - perr("Cannot open %.500s", dirent->d_name); - rc = EXIT_FAILURE; - } -- setregid(effective_gid, real_gid); -+ PRIV_END - } - break; - -diff -up at-3.1.12/atd.c.pam at-3.1.12/atd.c ---- at-3.1.12/atd.c.pam 2010-03-15 09:57:27.047513895 +0100 -+++ at-3.1.12/atd.c 2010-03-15 09:57:27.053437466 +0100 -@@ -111,7 +111,7 @@ static int run_as_daemon = 0; - - static volatile sig_atomic_t term_signal = 0; - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - #include - - static pam_handle_t *pamh = NULL; -@@ -120,15 +120,7 @@ static const struct pam_conv conv = { - NULL - }; - --#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ -- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ -- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -- pam_end(pamh, retcode); exit(1); \ -- } --#define PAM_END { retcode = pam_close_session(pamh,0); \ -- pam_end(pamh,retcode); } -- --#endif /* HAVE_PAM */ -+#endif /* WITH_PAM */ - - /* Signal handlers */ - RETSIGTYPE -@@ -234,7 +226,7 @@ run_file(const char *filename, uid_t uid - char queue; - char fmt[64]; - unsigned long jobno; --#ifdef HAVE_PAM -+#ifdef WITH_PAM - int retcode; - #endif - -@@ -395,16 +387,11 @@ run_file(const char *filename, uid_t uid - fstat(fd_out, &buf); - size = buf.st_size; - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - PRIV_START -- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); -- PAM_FAIL_CHECK; -- retcode = pam_acct_mgmt(pamh, PAM_SILENT); -- PAM_FAIL_CHECK; -- retcode = pam_open_session(pamh, PAM_SILENT); -- PAM_FAIL_CHECK; -- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); -- PAM_FAIL_CHECK; -+ PAM_HANDLING; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); - PRIV_END - #endif - -@@ -419,7 +406,15 @@ run_file(const char *filename, uid_t uid - else if (pid == 0) { - char *nul = NULL; - char **nenvp = &nul; -+ char **pam_envp=0L; - -+ PRIV_START -+#ifdef WITH_PAM -+ pam_envp = pam_getenvlist(pamh); -+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) ) -+ nenvp = pam_envp; -+#endif -+ PRIV_END - /* Set up things for the child; we want standard input from the - * input file, and standard output and error sent to our output file. - */ -@@ -460,7 +455,16 @@ run_file(const char *filename, uid_t uid - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -- -+#ifdef WITH_PAM -+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) -+ { -+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++) -+ free(*nenvp); -+ free( pam_envp ); -+ nenvp = &nul; -+ pam_envp=0L; -+ } -+#endif - PRIV_END - } - /* We're the parent. Let's wait. -@@ -474,7 +478,7 @@ run_file(const char *filename, uid_t uid - */ - waitpid(pid, (int *) NULL, 0); - --#ifdef HAVE_PAM -+#ifdef WITH_PAM - PRIV_START - pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); - retcode = pam_close_session(pamh, PAM_SILENT); -@@ -503,6 +507,14 @@ run_file(const char *filename, uid_t uid - if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO) - close(fd_in); - -+#ifdef WITH_PAM -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); -+ pam_close_session(pamh, PAM_SILENT); -+ pam_end(pamh, PAM_ABORT); -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif -+ - unlink(filename); - - /* The job is now finished. We can delete its input file. -@@ -511,8 +523,19 @@ run_file(const char *filename, uid_t uid - unlink(newname); - free(newname); - -+#ifdef ATD_MAIL_PROGRAM - if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { -+ int mail_pid = -1; -+#ifdef WITH_PAM -+ PAM_HANDLING; -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif -+ -+ mail_pid = fork(); - -+ if ( mail_pid == 0 ) -+ { - PRIV_START - - if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -537,7 +560,23 @@ run_file(const char *filename, uid_t uid - perr("Exec failed for mail command"); - - PRIV_END -+ } -+ else if ( mail_pid == -1 ) { -+ perr("fork of mailer failed"); -+ } -+ else { -+ /* Parent */ -+ waitpid(mail_pid, (int *) NULL, 0); -+ } -+#ifdef WITH_PAM -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); -+ pam_close_session(pamh, PAM_SILENT); -+ pam_end(pamh, PAM_ABORT); -+ closelog(); -+ openlog("atd", LOG_PID, LOG_ATD); -+#endif - } -+#endif - exit(EXIT_SUCCESS); - } - -diff -up at-3.1.12/config.h.in.pam at-3.1.12/config.h.in ---- at-3.1.12/config.h.in.pam 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/config.h.in 2010-03-15 09:57:27.054437183 +0100 -@@ -68,8 +68,8 @@ - /* Define to 1 if you have the header file. */ - #undef HAVE_NLIST_H - --/* Define to 1 for PAM support */ --#undef HAVE_PAM -+/* Define if you are building with_pam */ -+#undef WITH_PAM - - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC -diff -up at-3.1.12/configure.ac.pam at-3.1.12/configure.ac ---- at-3.1.12/configure.ac.pam 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/configure.ac 2010-03-15 09:57:27.055443883 +0100 -@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG - AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) - AC_CHECK_HEADERS(security/pam_appl.h, [ - PAMLIB="-lpam" -- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support]) -+ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support]) - ]) - - dnl Checking for programs -@@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username, - ) - AC_SUBST(DAEMON_USERNAME) - -+AC_ARG_WITH(pam, -+[ --with-pam Define to enable pam support ], -+AC_DEFINE(WITH_PAM), -+) -+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') -+AC_SUBST(PAMLIB) -+ - AC_MSG_CHECKING(groupname to run under) - AC_ARG_WITH(daemon_groupname, - [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], -diff -up at-3.1.12/perm.c.pam at-3.1.12/perm.c ---- at-3.1.12/perm.c.pam 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/perm.c 2010-03-15 09:57:27.055443883 +0100 -@@ -51,6 +51,14 @@ - #define PRIV_END while(0) - #endif - -+#ifdef WITH_PAM -+#include -+static pam_handle_t *pamh = NULL; -+static const struct pam_conv conv = { -+ NULL -+}; -+#endif -+ - /* Structures and unions */ - - -@@ -108,18 +116,51 @@ user_in_file(const char *path, const cha - int - check_permission() - { -- uid_t uid = geteuid(); -+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid(); - struct passwd *pentry; - int allow = 0, deny = 1; - -- if (uid == 0) -+ int retcode = 0; -+ if (euid == 0) - return 1; - -- if ((pentry = getpwuid(uid)) == NULL) { -+ if ((pentry = getpwuid(euid)) == NULL) { - perror("Cannot access user database"); - exit(EXIT_FAILURE); - } - -+#ifdef WITH_PAM -+/* -+ * We must check if the atd daemon userid will be allowed to gain the job owner user's -+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access. -+ */ -+ if (setreuid(daemon_uid, daemon_uid) != 0) { -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); -+ exit(1); -+ } -+ if (setregid(daemon_gid, daemon_gid) != 0) { -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); -+ exit(1); -+ } -+ -+ pam_close_session(pamh,PAM_SILENT); -+ -+ PAM_HANDLING; -+ -+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); -+ pam_close_session(pamh,PAM_SILENT); -+ pam_end(pamh, PAM_ABORT); -+ -+ if (setregid(gid,egid) != 0) { -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); -+ exit(1); -+ } -+ if (setreuid(uid,euid) != 0) { -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); -+ exit(1); -+ } -+#endif -+ - allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); - if (allow==0 || allow==1) - return allow; -diff -up at-3.1.12/privs.h.pam at-3.1.12/privs.h ---- at-3.1.12/privs.h.pam 2009-11-23 16:11:52.000000000 +0100 -+++ at-3.1.12/privs.h 2010-03-15 09:57:27.060442603 +0100 -@@ -144,3 +144,61 @@ extern gid_t real_gid, effective_gid, da - #error "Cannot implement user ID swapping without setreuid or setresuid" - #endif - #endif -+ -+#ifdef WITH_PAM -+/* PAM failed after session was open. */ -+#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \ -+ pam_close_session(pamh,PAM_SILENT); -+ -+/* syslog will be logging error messages */ -+#ifdef HAVE_UNISTD_H -+#include -+#endif -+ -+/* PAM fail even before opening the session */ -+#define PAM_FAIL_CHECK \ -+ do { if (retcode != PAM_SUCCESS) { \ -+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \ -+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -+ if (pamh) \ -+ pam_end(pamh, retcode); \ -+ if (setregid(getgid(),getegid()) != 0) { \ -+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \ -+ exit(1); \ -+ } \ -+ if (setreuid(getuid(),geteuid()) != 0) { \ -+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \ -+ exit(1); \ -+ } \ -+ exit(1); \ -+ } \ -+ } while (0) \ -+ -+/* PAM - check after every operation whether they passed */ -+#define PAM_HANDLING \ -+ do { pamh = NULL; \ -+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_open_session(pamh, PAM_SILENT); \ -+ PAM_FAIL_CHECK; \ -+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \ -+ PAM_SESSION_FAIL; \ -+ PAM_FAIL_CHECK; \ -+ } while (0) -+ -+/* OLD FAIL_CHECK ONLY FOR perm.c -+ * define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ -+ * fprintf(stderr,"\nPAM failure %s\n",pam_strerror(pamh, retcode)); \ -+ * syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -+ * if (pamh) \ -+ * pam_end(pamh, retcode); \ -+ * exit(1); \ -+ * } -+ */ -+ -+#endif -+ diff --git a/at-3.1.12-selinux.patch b/at-3.1.12-selinux.patch deleted file mode 100644 index 8290bc1..0000000 --- a/at-3.1.12-selinux.patch +++ /dev/null @@ -1,152 +0,0 @@ -diff -up at-3.1.12/config.h.in.selinux at-3.1.12/config.h.in ---- at-3.1.12/config.h.in.selinux 2009-12-02 16:32:19.469228959 +0100 -+++ at-3.1.12/config.h.in 2009-12-02 16:32:57.706966488 +0100 -@@ -71,6 +71,9 @@ - /* Define if you are building with_pam */ - #undef WITH_PAM - -+/* Define if you are building with_selinux */ -+#undef WITH_SELINUX -+ - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC - -diff -up at-3.1.12/configure.ac.selinux at-3.1.12/configure.ac ---- at-3.1.12/configure.ac.selinux 2009-12-02 16:31:15.323246019 +0100 -+++ at-3.1.12/configure.ac 2009-12-02 16:32:01.425966844 +0100 -@@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname, - ) - AC_SUBST(DAEMON_GROUPNAME) - -+AC_ARG_WITH(selinux, -+[ --with-selinux Define to run with selinux], -+AC_DEFINE(WITH_SELINUX), -+) -+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) -+AC_SUBST(SELINUXLIB) -+AC_SUBST(WITH_SELINUX) -+ - AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch) - AC_OUTPUT -diff -up at-3.1.12/Makefile.in.selinux at-3.1.12/Makefile.in ---- at-3.1.12/Makefile.in.selinux 2009-12-02 16:30:11.923216529 +0100 -+++ at-3.1.12/Makefile.in 2009-12-02 16:30:57.949215706 +0100 -@@ -39,6 +39,7 @@ LIBS = @LIBS@ - LIBOBJS = @LIBOBJS@ - INSTALL = @INSTALL@ - PAMLIB = @PAMLIB@ -+SELINUXLIB = @SELINUXLIB@ - - CLONES = atq atrm - ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o -diff -up at-3.1.12/atd.c.selinux at-3.1.12/atd.c ---- at-3.1.12/atd.c.selinux 2009-12-03 13:03:57.182284669 +0100 -+++ at-3.1.12/atd.c 2009-12-03 13:07:20.542272874 +0100 -@@ -83,6 +83,14 @@ - #include "getloadavg.h" - #endif - -+#ifdef WITH_SELINUX -+#include -+#include -+int selinux_enabled=0; -+#include -+#include -+#endif -+ - #ifndef LOG_ATD - #define LOG_ATD LOG_DAEMON - #endif -@@ -202,6 +210,68 @@ myfork() - #define ATD_MAIL_NAME "mailx" - #endif - -+#ifdef WITH_SELINUX -+static int set_selinux_context(const char *name, const char *filename) { -+ security_context_t user_context=NULL; -+ security_context_t file_context=NULL; -+ struct av_decision avd; -+ int retval=-1; -+ char *seuser=NULL; -+ char *level=NULL; -+ -+ if (getseuserbyname(name, &seuser, &level) == 0) { -+ retval=get_default_context_with_level(seuser, level, NULL, &user_context); -+ free(seuser); -+ free(level); -+ if (retval) { -+ if (security_getenforce()==1) { -+ perr("execle: couldn't get security context for user %s\n", name); -+ } else { -+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); -+ return -1; -+ } -+ } -+ } -+ -+ /* -+ * Since crontab files are not directly executed, -+ * crond must ensure that the crontab file has -+ * a context that is appropriate for the context of -+ * the user cron job. It performs an entrypoint -+ * permission check for this purpose. -+ */ -+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) -+ perr("fgetfilecon FAILED %s", filename); -+ -+ retval = security_compute_av(user_context, -+ file_context, -+ SECCLASS_FILE, -+ FILE__ENTRYPOINT, -+ &avd); -+ freecon(file_context); -+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { -+ if (security_getenforce()==1) { -+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name); -+ } else { -+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ goto err; -+ } -+ } -+ if (setexeccon(user_context) < 0) { -+ if (security_getenforce()==1) { -+ perr("Could not set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ } else { -+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); -+ } -+ } -+ err: -+ freecon(user_context); -+ return 0; -+} -+#endif -+ - static void - run_file(const char *filename, uid_t uid, gid_t gid) - { -@@ -452,6 +522,12 @@ run_file(const char *filename, uid_t uid - perr("Cannot reset signal handler to default"); - - chdir("/"); -+#ifdef WITH_SELINUX -+ if (selinux_enabled > 0) { -+ if (set_selinux_context(pentry->pw_name, filename) < 0) -+ perr("SELinux Failed to set context\n"); -+ } -+#endif - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); -@@ -774,6 +850,10 @@ main(int argc, char *argv[]) - struct passwd *pwe; - struct group *ge; - -+#ifdef WITH_SELINUX -+ selinux_enabled=is_selinux_enabled(); -+#endif -+ - /* We don't need root privileges all the time; running under uid and gid - * daemon is fine. - */ diff --git a/at-3.1.12-shell.patch b/at-3.1.12-shell.patch deleted file mode 100644 index 617b8f9..0000000 --- a/at-3.1.12-shell.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff -up at-3.1.12/at.c.shell at-3.1.12/at.c ---- at-3.1.12/at.c.shell 2009-12-02 13:25:12.706989310 +0100 -+++ at-3.1.12/at.c 2009-12-02 13:26:01.991966200 +0100 -@@ -62,11 +62,8 @@ - #include - #include - --#ifdef TM_IN_SYS_TIME - #include --#else - #include --#endif - - #ifdef HAVE_UNISTD_H - #include -@@ -244,6 +241,12 @@ writefile(time_t runtimer, char queue) - int kill_errno; - int rc; - int mailsize = 128; -+ struct timeval tv; -+ struct timezone tz; -+ long int i; -+ -+ gettimeofday(&tv, &tz); -+ srandom(getpid()+tv.tv_usec); - - /* Install the signal handler for SIGINT; terminate after removing the - * spool file if necessary -@@ -461,6 +464,9 @@ writefile(time_t runtimer, char queue) - fprintf(fp, " || {\n\t echo 'Execution directory " - "inaccessible' >&2\n\t exit 1\n}\n"); - -+ i = random(); -+ fprintf(fp, "${SHELL:-/bin/sh} << \'marcinDELIMITER%08lx\'\n", i); -+ - istty = isatty(fileno(stdin)); - if (istty) { - fprintf(stderr, "at> "); -@@ -477,6 +483,7 @@ writefile(time_t runtimer, char queue) - fprintf(stderr, "\n"); - } - fprintf(fp, "\n"); -+ fprintf(fp, "marcinDELIMITER%08lx\n", i); - if (ferror(fp)) - panic("Output error"); - -@@ -926,7 +933,7 @@ main(int argc, char **argv) - It also alows a warning diagnostic to be printed. Because of the - possible variance, we always output the diagnostic. */ - -- fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); -+ //fprintf(stderr, "warning: commands will be executed using /bin/sh\n"); - - writefile(timer, queue); - break; diff --git a/at-3.1.13-help.patch b/at-3.1.13-help.patch deleted file mode 100644 index 8014526..0000000 --- a/at-3.1.13-help.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up at-3.1.13/at.c.add at-3.1.13/at.c -diff -up at-3.1.13/panic.c.add at-3.1.13/panic.c ---- at-3.1.13/panic.c.add 2012-01-27 13:54:46.216466452 +0100 -+++ at-3.1.13/panic.c 2012-01-27 13:57:35.123747498 +0100 -@@ -92,8 +92,8 @@ usage(void) - { - /* Print usage and exit. - */ -- fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mlbv] timespec ...\n" -- " at [-V] [-q x] [-f file] [-mlbv] -t time\n" -+ fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mMlbv] timespec ...\n" -+ " at [-V] [-q x] [-f file] [-mMlbv] -t time\n" - " at -c job ...\n" - " atq [-V] [-q x]\n" - " at [ -rd ] job ...\n" diff --git a/at-3.1.13-mailwithhostname.patch b/at-3.1.13-mailwithhostname.patch deleted file mode 100644 index a3e5933..0000000 --- a/at-3.1.13-mailwithhostname.patch +++ /dev/null @@ -1,62 +0,0 @@ -diff -up at-3.1.13/atd.c.hostname at-3.1.13/atd.c ---- at-3.1.13/atd.c.hostname 2012-01-12 18:19:36.000000000 +0100 -+++ at-3.1.13/atd.c 2012-01-12 18:52:34.000000000 +0100 -@@ -99,6 +99,10 @@ int selinux_enabled=0; - #define BATCH_INTERVAL_DEFAULT 60 - #define CHECK_INTERVAL 3600 - -+#ifndef MAXHOSTNAMELEN -+#define MAXHOSTNAMELEN 64 -+#endif -+ - /* Global variables */ - - uid_t real_uid, effective_uid; -@@ -116,6 +120,7 @@ static time_t last_chg; - static int nothing_to_do; - unsigned int batch_interval; - static int run_as_daemon = 0; -+static int mail_with_hostname = 0; - - static volatile sig_atomic_t term_signal = 0; - -@@ -297,6 +302,7 @@ run_file(const char *filename, uid_t uid - char fmt[64]; - unsigned long jobno; - int rc; -+ char hostbuf[MAXHOSTNAMELEN]; - #ifdef WITH_PAM - int retcode; - #endif -@@ -451,6 +457,11 @@ run_file(const char *filename, uid_t uid - - write_string(fd_out, "Subject: Output from your job "); - write_string(fd_out, jobbuf); -+ if (mail_with_hostname > 0) { -+ gethostname(hostbuf, MAXHOSTNAMELEN-1); -+ write_string(fd_out, " "); -+ write_string(fd_out, hostbuf); -+ } - write_string(fd_out, "\nTo: "); - write_string(fd_out, mailname); - write_string(fd_out, "\n\n"); -@@ -910,7 +921,7 @@ main(int argc, char *argv[]) - run_as_daemon = 1; - batch_interval = BATCH_INTERVAL_DEFAULT; - -- while ((c = getopt(argc, argv, "sdl:b:f")) != EOF) { -+ while ((c = getopt(argc, argv, "sdnl:b:f")) != EOF) { - switch (c) { - case 'l': - if (sscanf(optarg, "%lf", &load_avg) != 1) -@@ -932,6 +943,10 @@ main(int argc, char *argv[]) - daemon_foreground++; - break; - -+ case 'n': -+ mail_with_hostname=1; -+ break; -+ - case 's': - run_as_daemon = 0; - break; diff --git a/at-3.1.13-makefile.patch b/at-3.1.13-makefile.patch deleted file mode 100644 index e429719..0000000 --- a/at-3.1.13-makefile.patch +++ /dev/null @@ -1,82 +0,0 @@ -diff -up at-3.1.13/Makefile.in.make at-3.1.13/Makefile.in ---- at-3.1.13/Makefile.in.make 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/Makefile.in 2011-07-29 08:06:28.317600053 +0200 -@@ -65,13 +65,13 @@ LIST = Filelist Filelist.asc - all: at atd atrun - - at: $(ATOBJECTS) -- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) - rm -f $(CLONES) - $(LN_S) -f at atq - $(LN_S) -f at atrm - - atd: $(RUNOBJECTS) -- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) -+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) - - y.tab.c y.tab.h: parsetime.y - $(YACC) -d parsetime.y -@@ -83,38 +83,41 @@ atrun: atrun.in - configure - - .c.o: -- $(CC) -c $(CFLAGS) $(DEFS) $*.c -+ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c - - install: all -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(bindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(docdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/ -+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) -+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) -+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) - touch $(IROOT)$(LFILE) - chmod 600 $(IROOT)$(LFILE) - chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) -- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir) -+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ -+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd -+ $(INSTALL) -m 4755 at $(IROOT)$(bindir) - $(LN_S) -f at $(IROOT)$(bindir)/atq - $(LN_S) -f at $(IROOT)$(bindir)/atrm -- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) -- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ -+ $(INSTALL) -m 755 batch $(IROOT)$(bindir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) -+ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) -+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ - cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 -- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ -+ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ - sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman -- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 -+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 - rm -f tmpman -- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/ -+ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/ - cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5 -- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) -+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) - rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ - $(IROOT)$(mandir)/cat1/atq.1* - rm -f $(IROOT)$(mandir)/cat1/atd.8* diff --git a/at-3.1.13-nitpicks.patch b/at-3.1.13-nitpicks.patch deleted file mode 100644 index 3582593..0000000 --- a/at-3.1.13-nitpicks.patch +++ /dev/null @@ -1,121 +0,0 @@ -diff -up at-3.1.13/at.1.in.nit at-3.1.13/at.1.in ---- at-3.1.13/at.1.in.nit 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/at.1.in 2011-07-28 13:04:41.398174737 +0200 -@@ -126,7 +126,7 @@ and to run a job at 1am tomorrow, you wo - .B at 1am tomorrow. - .PP - The definition of the time specification can be found in --.IR @prefix@/share/doc/at/timespec . -+.IR @prefix@/share/doc/at-@VERSION@/timespec . - .PP - For both - .BR at " and " batch , -@@ -204,7 +204,7 @@ queue for - .BR batch . - Queues with higher letters run with increased niceness. The special - queue "=" is reserved for jobs which are currently running. --.P -+ - If a job is submitted to a queue designated with an uppercase letter, the - job is treated as if it were submitted to batch at the time of the job. - Once the time is reached, the batch processing rules with respect to load -@@ -248,7 +248,7 @@ is an alias for - .TP - .B \-v - Shows the time the job will be executed before reading the job. --.P -+ - Times displayed will be in the format "Thu Feb 20 14:50:00 1997". - .TP - .B -diff -up at-3.1.13/atd.c.nit at-3.1.13/atd.c ---- at-3.1.13/atd.c.nit 2011-06-25 14:43:14.000000000 +0200 -+++ at-3.1.13/atd.c 2011-07-28 13:01:31.577967025 +0200 -@@ -83,6 +83,9 @@ - #include "getloadavg.h" - #endif - -+#ifndef LOG_ATD -+#define LOG_ATD LOG_DAEMON -+#endif - /* Macros */ - - #define BATCH_INTERVAL_DEFAULT 60 -@@ -194,6 +197,18 @@ myfork() - - #define fork myfork - #endif -+#undef ATD_MAIL_PROGRAM -+#undef ATD_MAIL_NAME -+#if defined(SENDMAIL) -+#define ATD_MAIL_PROGRAM SENDMAIL -+#define ATD_MAIL_NAME "sendmail" -+#elif defined(MAILC) -+#define ATD_MAIL_PROGRAM MAILC -+#define ATD_MAIL_NAME "mail" -+#elif defined(MAILX) -+#define ATD_MAIL_PROGRAM MAILX -+#define ATD_MAIL_NAME "mailx" -+#endif - - static void - run_file(const char *filename, uid_t uid, gid_t gid) -@@ -271,6 +286,9 @@ run_file(const char *filename, uid_t uid - free(newname); - return; - } -+ -+ (void) setsid(); //own session for process -+ - /* Let's see who we mail to. Hopefully, we can read it from - * the command file; if not, send it to the owner, or, failing that, - * to root. -@@ -433,6 +451,9 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); - -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) -+ perr("Cannot reset signal handler to default"); -+ - chdir("/"); - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) -@@ -501,6 +522,9 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); - -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) -+ perr("Cannot reset signal handler to default"); -+ - chdir ("/"); - - #if defined(SENDMAIL) -@@ -615,6 +639,7 @@ run_loop() - * Let's remove the lockfile and reschedule. - */ - strncpy(lock_name, dirent->d_name, sizeof(lock_name)); -+ lock_name[sizeof(lock_name)-1] = '\0'; - lock_name[0] = '='; - unlink(lock_name); - next_job = now; -@@ -649,6 +674,7 @@ run_loop() - run_batch++; - if (strcmp(batch_name, dirent->d_name) > 0) { - strncpy(batch_name, dirent->d_name, sizeof(batch_name)); -+ batch_name[sizeof(batch_name)-1] = '\0'; - batch_uid = buf.st_uid; - batch_gid = buf.st_gid; - batch_queue = queue; -@@ -723,11 +749,7 @@ main(int argc, char *argv[]) - - RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) - --#ifndef LOG_CRON --#define LOG_CRON LOG_DAEMON --#endif -- -- openlog("atd", LOG_PID, LOG_CRON); -+ openlog("atd", LOG_PID, LOG_ATD); - - opterr = 0; - errno = 0; diff --git a/at-3.1.13-selinux.patch b/at-3.1.13-selinux.patch deleted file mode 100644 index 62ee4ad..0000000 --- a/at-3.1.13-selinux.patch +++ /dev/null @@ -1,112 +0,0 @@ -diff -up at-3.1.14/atd.c.selinux2 at-3.1.14/atd.c ---- at-3.1.14/atd.c.selinux2 2013-12-04 11:27:28.729005384 +0100 -+++ at-3.1.14/atd.c 2013-12-04 11:30:17.709091150 +0100 -@@ -83,6 +83,14 @@ - #include "getloadavg.h" - #endif - -+#ifdef WITH_SELINUX -+#include -+#include -+int selinux_enabled=0; -+#include -+#include -+#endif -+ - #ifndef LOG_ATD - #define LOG_ATD LOG_DAEMON - #endif -@@ -191,6 +199,68 @@ myfork() - #define fork myfork - #endif - -+#ifdef WITH_SELINUX -+static int set_selinux_context(const char *name, const char *filename) { -+ security_context_t user_context=NULL; -+ security_context_t file_context=NULL; -+ struct av_decision avd; -+ int retval=-1; -+ char *seuser=NULL; -+ char *level=NULL; -+ -+ if (getseuserbyname(name, &seuser, &level) == 0) { -+ retval=get_default_context_with_level(seuser, level, NULL, &user_context); -+ free(seuser); -+ free(level); -+ if (retval) { -+ if (security_getenforce()==1) { -+ perr("execle: couldn't get security context for user %s\n", name); -+ } else { -+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); -+ return -1; -+ } -+ } -+ } -+ -+ /* -+ * Since crontab files are not directly executed, -+ * crond must ensure that the crontab file has -+ * a context that is appropriate for the context of -+ * the user cron job. It performs an entrypoint -+ * permission check for this purpose. -+ */ -+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) -+ perr("fgetfilecon FAILED %s", filename); -+ -+ retval = security_compute_av(user_context, -+ file_context, -+ SECCLASS_FILE, -+ FILE__ENTRYPOINT, -+ &avd); -+ freecon(file_context); -+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { -+ if (security_getenforce()==1) { -+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name); -+ } else { -+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ goto err; -+ } -+ } -+ if (setexeccon(user_context) < 0) { -+ if (security_getenforce()==1) { -+ perr("Could not set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ } else { -+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); -+ } -+ } -+ err: -+ freecon(user_context); -+ return 0; -+} -+#endif -+ - static void - run_file(const char *filename, uid_t uid, gid_t gid) - { -@@ -419,6 +489,13 @@ run_file(const char *filename, uid_t uid - - nice((tolower((int) queue) - 'a' + 1) * 2); - -+#ifdef WITH_SELINUX -+ if (selinux_enabled > 0) { -+ if (set_selinux_context(pentry->pw_name, filename) < 0) -+ perr("SELinux Failed to set context\n"); -+ } -+#endif -+ - if (initgroups(pentry->pw_name, pentry->pw_gid)) - perr("Cannot initialize the supplementary group access list"); - -@@ -712,6 +789,10 @@ main(int argc, char *argv[]) - struct passwd *pwe; - struct group *ge; - -+#ifdef WITH_SELINUX -+ selinux_enabled=is_selinux_enabled(); -+#endif -+ - /* We don't need root privileges all the time; running under uid and gid - * daemon is fine. - */ diff --git a/at-3.1.13-usePOSIXtimers.patch b/at-3.1.13-usePOSIXtimers.patch deleted file mode 100644 index 018bae2..0000000 --- a/at-3.1.13-usePOSIXtimers.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff -ur -x configure at-3.1.13.orig/atd.c at-3.1.13/atd.c ---- at-3.1.13.orig/atd.c 2011-11-16 11:30:22.424764253 -0500 -+++ at-3.1.13/atd.c 2011-11-16 16:41:12.102831656 -0500 -@@ -815,6 +815,54 @@ - return next_job; - } - -+#ifdef HAVE_CLOCK_GETTIME -+timer_t timer; -+struct itimerspec timeout; -+ -+void timer_setup() -+{ -+ struct sigevent sev; -+ -+ sev.sigev_notify = SIGEV_SIGNAL; -+ sev.sigev_signo = SIGHUP; -+ sev.sigev_value.sival_ptr = &timer; -+ -+ memset(&timeout, 0, sizeof(timeout)); -+ -+ if (timer_create(CLOCK_REALTIME, &sev, &timer) < 0) -+ pabort("unable to create timer"); -+} -+ -+time_t atd_gettime() -+{ -+ struct timespec curtime; -+ -+ clock_gettime(CLOCK_REALTIME, &curtime); -+ -+ return curtime.tv_sec; -+} -+ -+void atd_setalarm(time_t next) -+{ -+ timeout.it_value.tv_sec = next; -+ timer_settime(timer, TIMER_ABSTIME, &timeout, NULL); -+ pause(); -+} -+#else -+void timer_setup() -+{ -+} -+ -+time_t atd_gettime() -+{ -+ return time(NULL); -+} -+ -+void atd_setalarm(time_t next) -+{ -+ sleep(next - atd_gettime()); -+} -+#endif - /* Global functions */ - - int -@@ -835,7 +883,6 @@ - struct sigaction act; - struct passwd *pwe; - struct group *ge; -- - #ifdef WITH_SELINUX - selinux_enabled=is_selinux_enabled(); - #endif -@@ -912,7 +959,7 @@ - sigaction(SIGCHLD, &act, NULL); - - if (!run_as_daemon) { -- now = time(NULL); -+ now = atd_gettime(); - run_loop(); - exit(EXIT_SUCCESS); - } -@@ -935,13 +982,15 @@ - act.sa_handler = set_term; - sigaction(SIGINT, &act, NULL); - -+ timer_setup(); -+ - daemon_setup(); - - do { -- now = time(NULL); -+ now = atd_gettime(); - next_invocation = run_loop(); - if (next_invocation > now) { -- sleep(next_invocation - now); -+ atd_setalarm(next_invocation); - } - } while (!term_signal); - daemon_cleanup(); -diff -ur -x configure at-3.1.13.orig/config.h.in at-3.1.13/config.h.in ---- at-3.1.13.orig/config.h.in 2011-11-16 11:30:22.424764253 -0500 -+++ at-3.1.13/config.h.in 2011-11-16 16:32:44.485426754 -0500 -@@ -38,6 +38,9 @@ - /* Define to 1 if you have the `getloadavg' function. */ - #undef HAVE_GETLOADAVG - -+/* Define to 1 if you have the `clock_gettime' function. */ -+#undef HAVE_TIMER_CREATE -+ - /* Define to 1 if you have the header file. */ - #undef HAVE_GETOPT_H - -diff -ur -x configure at-3.1.13.orig/configure.ac at-3.1.13/configure.ac ---- at-3.1.13.orig/configure.ac 2011-11-16 11:30:22.425764254 -0500 -+++ at-3.1.13/configure.ac 2011-11-16 16:31:29.791561747 -0500 -@@ -274,5 +274,9 @@ - AC_SUBST(SELINUXLIB) - AC_SUBST(WITH_SELINUX) - -+dnl check for POSIX timer functions -+AC_SEARCH_LIBS([timer_create],[rt]) -+AC_CHECK_FUNCS([timer_create]) -+ - AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch) - AC_OUTPUT diff --git a/at.spec b/at.spec index 9c8e185..27d68d1 100644 --- a/at.spec +++ b/at.spec @@ -2,8 +2,8 @@ Summary: Job spooling tools Name: at -Version: 3.1.14 -Release: 5%{?dist} +Version: 3.1.16 +Release: 1%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -59,16 +59,6 @@ time-oriented job control. Note: If it is a recurring job that will need to be repeated at the same time every day/week, etc. you should use crontab instead. -%package sysvinit -Summary: SysV init script for at -Group: System Environment/Base -Requires: %{name} = %{version}-%{release} -Requires(post): /sbin/chkconfig - -%description sysvinit -SysV style init script for at. It needs to be installed only if systemd -is not used as the system init process. - %prep %setup -q cp %{SOURCE1} . @@ -126,9 +116,6 @@ cp %{buildroot}/%{_prefix}/doc/at/* docs/ mkdir -p %{buildroot}%{_sysconfdir}/pam.d install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/atd -mkdir -p %{buildroot}%{_sysconfdir}/rc.d/init.d -install -m 755 %{SOURCE2} %{buildroot}%{_sysconfdir}/rc.d/init.d/atd - mkdir -p %{buildroot}/etc/sysconfig install -m 644 %{SOURCE3} %{buildroot}/etc/sysconfig/atd @@ -167,9 +154,6 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ /bin/systemctl try-restart atd.service >/dev/null 2>&1 || : /bin/systemctl daemon-reload >/dev/null 2>&1 || : -%triggerpostun -n at-sysvinit -- at < 3.1.12-9 -/sbin/chkconfig --add atd >/dev/null 2>&1 || : - %files %doc docs/* %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny @@ -187,10 +171,11 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(4755,root,root) %{_bindir}/at %attr(0644,root,root) /%{_unitdir}/atd.service -%files sysvinit -%attr(0755,root,root) %{_initrddir}/atd - %changelog +* Thu Oct 2 2014 Tomáš Mráz - 3.1.16-1 +- new upstream release fixing regression from security fix in bash +- drop sysvinit subpackage + * Fri Aug 15 2014 Fedora Release Engineering - 3.1.14-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild diff --git a/atd.init b/atd.init deleted file mode 100755 index 2f3fd20..0000000 --- a/atd.init +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh -# -# atd Starts/stop the "at" daemon -# -# chkconfig: 345 95 5 -# description: Runs commands scheduled by the "at" command at the time \ -# specified when "at" was run, and runs batch commands when the load \ -# average is low enough. - -### BEGIN INIT INFO -# Provides: atd at batch -# Required-Start: $local_fs -# Required-Stop: $local_fs -# Default-Start: 345 -# Default-Stop: 95 -# Short-Description: Starts/stop the "at" daemon -# Description: Runs commands scheduled by the "at" command at the time -# specified when "at" was run, and runs batch commands when the load -# average is low enough. -### END INIT INFO - -# Source function library. -. /etc/rc.d/init.d/functions - -exec=/usr/sbin/atd -prog="atd" -config=/etc/sysconfig/atd - -[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog - -lockfile=/var/lock/subsys/$prog - -start() { - [ -x $exec ] || exit 5 - [ -f $config ] || exit 6 - echo -n $"Starting $prog: " - daemon $exec $OPTS && success || failure - retval=$? - echo - [ $retval -eq 0 ] && touch $lockfile - return $retval -} - -stop() { - echo -n $"Stopping $prog: " - if [ -n "`pidfileofproc $exec`" ] ; then - killproc $exec - RETVAL=3 - else - failure $"Stopping $prog" - fi - retval=$? - echo - [ $retval -eq 0 ] && rm -f $lockfile - return $retval -} - -restart() { - stop - start -} - -reload() { - restart -} - -force_reload() { - restart -} - -rh_status() { - # run checks to determine if the service is running or use generic status - status $prog -} - -rh_status_q() { - rh_status >/dev/null 2>&1 -} - - -case "$1" in - start) - rh_status_q && exit 0 - $1 - ;; - stop) - rh_status_q || exit 0 - $1 - ;; - restart) - $1 - ;; - reload) - rh_status_q || exit 7 - $1 - ;; - force-reload) - force_reload - ;; - status) - rh_status - ;; - condrestart|try-restart) - rh_status_q || exit 0 - restart - ;; - *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" - exit 2 -esac -exit $? diff --git a/pam_atd b/pam_atd new file mode 100644 index 0000000..1fd529e --- /dev/null +++ b/pam_atd @@ -0,0 +1,9 @@ +# The PAM configuration file for the at daemon +# +# +auth required pam_env.so +auth include password-auth +account required pam_access.so +account include password-auth +session required pam_loginuid.so +session include password-auth diff --git a/sources b/sources index c01c6e4..117a254 100644 --- a/sources +++ b/sources @@ -1,4 +1 @@ -b117781fd68e393443b2a8e478c7c22f atd.init -ac1471fe22f63f666dc7d31173f47ea0 atd.sysconf -000d2f30379d2bf8af09f51416e863ec pam_atd -d41cfd79033b6e49a8838add59a42ac6 at_3.1.14.orig.tar.gz +d05da75d9b75d93917ffb16ab48b1e19 at_3.1.16.orig.tar.gz From fc356ce3043d756a60a9eac4adc8f4b90398db0c Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 2 Oct 2014 11:26:17 +0200 Subject: [PATCH 24/86] atd.init is no longer needed --- at.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/at.spec b/at.spec index 27d68d1..bc4366c 100644 --- a/at.spec +++ b/at.spec @@ -13,7 +13,6 @@ URL: http://ftp.debian.org/debian/pool/main/a/at Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz # git upstream source git://git.debian.org/git/collab-maint/at.git Source1: pam_atd -Source2: atd.init Source3: atd.sysconf Source5: atd.systemd From 831ee27011e3d6cd79c111aa1ba2d5517c8ea3c6 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 10 Oct 2014 16:58:48 +0200 Subject: [PATCH 25/86] add proper Obsoletes for the sysvinit subpackage --- at.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index bc4366c..57bb3a9 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.16 -Release: 1%{?dist} +Release: 2%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -47,6 +47,9 @@ Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units +# at-sysvinit subpackage dropped +Obsoletes: at-sysvinit < 3.1.16-1 + %description At and batch read commands from standard input or from a specified file. At allows you to specify that a command will be run at a @@ -171,6 +174,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Fri Oct 10 2014 Tomáš Mráz - 3.1.16-2 +- add proper Obsoletes for the sysvinit subpackage + * Thu Oct 2 2014 Tomáš Mráz - 3.1.16-1 - new upstream release fixing regression from security fix in bash - drop sysvinit subpackage From 7ca7f064c8034ce1d20e6ce008bbe9a3f8d46129 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 6 Nov 2014 16:16:42 +0100 Subject: [PATCH 26/86] make atd less abort prone --- at-3.1.16-noabort.patch | 157 ++++++++++++++++++++++++++++++++++++++++ at.spec | 7 +- 2 files changed, 163 insertions(+), 1 deletion(-) create mode 100644 at-3.1.16-noabort.patch diff --git a/at-3.1.16-noabort.patch b/at-3.1.16-noabort.patch new file mode 100644 index 0000000..58ffdd2 --- /dev/null +++ b/at-3.1.16-noabort.patch @@ -0,0 +1,157 @@ +diff -up at-3.1.16/atd.c.noabort at-3.1.16/atd.c +--- at-3.1.16/atd.c.noabort 2014-10-02 11:08:26.000000000 +0200 ++++ at-3.1.16/atd.c 2014-11-06 16:07:54.851652541 +0100 +@@ -221,7 +221,7 @@ static int set_selinux_context(const cha + security_context_t user_context=NULL; + security_context_t file_context=NULL; + struct av_decision avd; +- int retval=-1; ++ int retval=0; + char *seuser=NULL; + char *level=NULL; + +@@ -230,12 +230,9 @@ static int set_selinux_context(const cha + free(seuser); + free(level); + if (retval) { +- if (security_getenforce()==1) { +- perr("execle: couldn't get security context for user %s\n", name); +- } else { +- syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); +- return -1; +- } ++ lerr("execle: couldn't get security context for user %s\n", name); ++ retval = -1; ++ goto err; + } + } + +@@ -246,8 +243,11 @@ static int set_selinux_context(const cha + * the user cron job. It performs an entrypoint + * permission check for this purpose. + */ +- if (fgetfilecon(STDIN_FILENO, &file_context) < 0) +- perr("fgetfilecon FAILED %s", filename); ++ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) { ++ lerr("fgetfilecon FAILED %s", filename); ++ retval = -1; ++ goto err; ++ } + + retval = security_compute_av(user_context, + file_context, +@@ -256,25 +256,21 @@ static int set_selinux_context(const cha + &avd); + freecon(file_context); + if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { +- if (security_getenforce()==1) { +- perr("Not allowed to set exec context to %s for user %s\n", user_context,name); +- } else { +- syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); +- retval = -1; +- goto err; +- } ++ lerr("Not allowed to set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ goto err; + } + if (setexeccon(user_context) < 0) { +- if (security_getenforce()==1) { +- perr("Could not set exec context to %s for user %s\n", user_context,name); +- retval = -1; +- } else { +- syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); +- } ++ lerr("Could not set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ goto err; + } + err: +- freecon(user_context); +- return 0; ++ if (retval < 0 && security_getenforce() != 1) ++ retval = 0; ++ if (user_context) ++ freecon(user_context); ++ return retval; + } + #endif + +@@ -347,9 +343,12 @@ run_file(const char *filename, uid_t uid + */ + + pid = fork(); +- if (pid == -1) +- perr("Cannot fork"); +- ++ if (pid == -1) { ++ lerr("Cannot fork for job execution"); ++ free(mailname); ++ free(newname); ++ return; ++ } + else if (pid != 0) { + free(mailname); + free(newname); +@@ -667,15 +666,19 @@ run_loop() + * up. + */ + +- if (stat(".", &buf) == -1) +- perr("Cannot stat " ATJOB_DIR); ++ if (stat(".", &buf) == -1) { ++ lerr("Cannot stat " ATJOB_DIR); ++ return next_job; ++ } + + if (nothing_to_do && buf.st_mtime <= last_chg) + return next_job; + last_chg = buf.st_mtime; + +- if ((spool = opendir(".")) == NULL) +- perr("Cannot read " ATJOB_DIR); ++ if ((spool = opendir(".")) == NULL) { ++ lerr("Cannot read " ATJOB_DIR); ++ return next_job; ++ } + + run_batch = 0; + nothing_to_do = 1; +diff -up at-3.1.16/daemon.c.noabort at-3.1.16/daemon.c +--- at-3.1.16/daemon.c.noabort 2014-09-30 08:29:02.000000000 +0200 ++++ at-3.1.16/daemon.c 2014-11-06 15:37:22.109277583 +0100 +@@ -83,6 +83,22 @@ perr(const char *fmt,...) + } + + void ++lerr(const char *fmt,...) ++{ ++ char buf[1024]; ++ va_list args; ++ ++ va_start(args, fmt); ++ vsnprintf(buf, sizeof(buf), fmt, args); ++ va_end(args); ++ ++ if (daemon_debug) { ++ perror(buf); ++ } else ++ syslog(LOG_ERR, "%s: %m", buf); ++} ++ ++void + pabort(const char *fmt,...) + { + char buf[1024]; +diff -up at-3.1.16/daemon.h.noabort at-3.1.16/daemon.h +--- at-3.1.16/daemon.h.noabort 2014-09-30 08:29:02.000000000 +0200 ++++ at-3.1.16/daemon.h 2014-11-06 15:36:10.461660104 +0100 +@@ -13,5 +13,8 @@ __attribute__((noreturn)) + #endif + perr (const char *fmt, ...); + ++void ++lerr (const char *fmt, ...); ++ + extern int daemon_debug; + extern int daemon_foreground; diff --git a/at.spec b/at.spec index 57bb3a9..012ecc6 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.16 -Release: 2%{?dist} +Release: 3%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -29,6 +29,7 @@ Patch9: at-3.1.14-mailwithhostname.patch Patch10: at-3.1.14-usePOSIXtimers.patch Patch11: at-3.1.14-help.patch Patch12: at-3.1.14-wrong_format.patch +Patch13: at-3.1.16-noabort.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -77,6 +78,7 @@ cp %{SOURCE1} . %patch10 -p1 -b .posix %patch11 -p1 -b .help %patch12 -p1 -b .wrong +%patch13 -p1 -b .noabort %build # patch9 touches configure.in @@ -174,6 +176,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Nov 6 2014 Tomáš Mráz - 3.1.16-3 +- make atd less abort prone + * Fri Oct 10 2014 Tomáš Mráz - 3.1.16-2 - add proper Obsoletes for the sysvinit subpackage From 4fe15d5740188a3ac3f1dafed3a26e2165ececd4 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 24 Nov 2014 15:35:59 +0100 Subject: [PATCH 27/86] test for write error on fclose (#1166882) - also drop unnecessary and broken nowrap patch --- at-3.1.14-nowrap.patch | 12 ------------ at-3.1.16-fclose-error.patch | 26 ++++++++++++++++++++++++++ at.spec | 9 ++++++--- 3 files changed, 32 insertions(+), 15 deletions(-) delete mode 100644 at-3.1.14-nowrap.patch create mode 100644 at-3.1.16-fclose-error.patch diff --git a/at-3.1.14-nowrap.patch b/at-3.1.14-nowrap.patch deleted file mode 100644 index 2b8f3bb..0000000 --- a/at-3.1.14-nowrap.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up at-3.1.14/at.c.wrap at-3.1.14/at.c ---- at-3.1.14/at.c.wrap 2013-12-02 15:42:10.000000000 +0100 -+++ at-3.1.14/at.c 2013-12-02 15:45:42.679092990 +0100 -@@ -304,7 +304,7 @@ writefile(time_t runtimer, char queue) - if (*ap == ' ') - *ap = '0'; - -- if (stat(atfile, &statbuf) != 0) -+ /*if (stat(atfile, &statbuf) != 0) - if (errno != ENOENT) - perr("Cannot access " ATJOB_DIR); - diff --git a/at-3.1.16-fclose-error.patch b/at-3.1.16-fclose-error.patch new file mode 100644 index 0000000..5006d68 --- /dev/null +++ b/at-3.1.16-fclose-error.patch @@ -0,0 +1,26 @@ +diff -up at-3.1.16/at.c.fclose at-3.1.16/at.c +--- at-3.1.16/at.c.fclose 2014-11-06 16:11:28.000000000 +0100 ++++ at-3.1.16/at.c 2014-11-24 15:30:12.704502966 +0100 +@@ -209,7 +209,11 @@ nextjob() + jobno = (1 + jobno) % 0xfffff; /* 2^20 jobs enough? */ + fprintf(fid, "%05lx\n", jobno); + +- fclose(fid); ++ if (ferror(fid)) ++ jobno = EOF; ++ ++ if (fclose(fid) != 0) ++ jobno = EOF; + return jobno; + } + +@@ -494,7 +498,8 @@ writefile(time_t runtimer, char queue) + if (ferror(stdin)) + panic("Input error"); + +- fclose(fp); ++ if (fclose(fp) != 0) ++ panic("Output error"); + + /* Set the x bit so that we're ready to start executing + */ diff --git a/at.spec b/at.spec index 012ecc6..14f02c4 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.16 -Release: 3%{?dist} +Release: 4%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -23,13 +23,13 @@ Patch3: at-3.1.14-selinux.patch Patch4: at-3.1.14-opt_V.patch Patch5: at-3.1.14-shell.patch Patch6: at-3.1.14-nitpicks.patch -Patch7: at-3.1.14-nowrap.patch Patch8: at-3.1.14-fix_no_export.patch Patch9: at-3.1.14-mailwithhostname.patch Patch10: at-3.1.14-usePOSIXtimers.patch Patch11: at-3.1.14-help.patch Patch12: at-3.1.14-wrong_format.patch Patch13: at-3.1.16-noabort.patch +Patch14: at-3.1.16-fclose-error.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -72,13 +72,13 @@ cp %{SOURCE1} . %patch4 -p1 -b .opt_V %patch5 -p1 -b .shell %patch6 -p1 -b .nit -%patch7 -p1 -b .nowrap %patch8 -p1 -b .export %patch9 -p1 -b .mail %patch10 -p1 -b .posix %patch11 -p1 -b .help %patch12 -p1 -b .wrong %patch13 -p1 -b .noabort +%patch14 -p1 -b .fclose %build # patch9 touches configure.in @@ -176,6 +176,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Mon Nov 24 2014 Tomáš Mráz - 3.1.16-4 +- test for write error on fclose (#1166882) + * Thu Nov 6 2014 Tomáš Mráz - 3.1.16-3 - make atd less abort prone From aadd9920c69c673d2f6438a0afc2e81e8bfc1f3e Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 28 Nov 2014 10:09:34 +0100 Subject: [PATCH 28/86] superfluous patch dropped --- at-3.1.14-help.patch | 11 ----------- at.spec | 7 ++++--- 2 files changed, 4 insertions(+), 14 deletions(-) delete mode 100644 at-3.1.14-help.patch diff --git a/at-3.1.14-help.patch b/at-3.1.14-help.patch deleted file mode 100644 index 2679df0..0000000 --- a/at-3.1.14-help.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up at-3.1.14/panic.c.help at-3.1.14/panic.c ---- at-3.1.14/panic.c.help 2013-12-02 12:38:46.208231065 +0100 -+++ at-3.1.14/panic.c 2013-12-02 12:39:34.118317528 +0100 -@@ -94,6 +94,7 @@ usage(void) - */ - fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mMlbv] timespec ...\n" - " at [-V] [-q x] [-f file] [-mMlbv] -t time\n" -+ " at [-V] [-q x] [-f file] [-mMlbv] -t time\n" - " at -c job ...\n" - " atq [-V] [-q x]\n" - " at [ -rd ] job ...\n" diff --git a/at.spec b/at.spec index 14f02c4..79105ab 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.16 -Release: 4%{?dist} +Release: 5%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -26,7 +26,6 @@ Patch6: at-3.1.14-nitpicks.patch Patch8: at-3.1.14-fix_no_export.patch Patch9: at-3.1.14-mailwithhostname.patch Patch10: at-3.1.14-usePOSIXtimers.patch -Patch11: at-3.1.14-help.patch Patch12: at-3.1.14-wrong_format.patch Patch13: at-3.1.16-noabort.patch Patch14: at-3.1.16-fclose-error.patch @@ -75,7 +74,6 @@ cp %{SOURCE1} . %patch8 -p1 -b .export %patch9 -p1 -b .mail %patch10 -p1 -b .posix -%patch11 -p1 -b .help %patch12 -p1 -b .wrong %patch13 -p1 -b .noabort %patch14 -p1 -b .fclose @@ -176,6 +174,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Fri Nov 28 2014 Tomáš Mráz - 3.1.16-5 +- superfluous patch dropped + * Mon Nov 24 2014 Tomáš Mráz - 3.1.16-4 - test for write error on fclose (#1166882) From 1aae4dded4748152c5f953392b2cba17a7f9c555 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 17 Jun 2015 01:13:39 +0000 Subject: [PATCH 29/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 79105ab..a541dc6 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.16 -Release: 5%{?dist} +Release: 6%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -174,6 +174,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jun 17 2015 Fedora Release Engineering - 3.1.16-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + * Fri Nov 28 2014 Tomáš Mráz - 3.1.16-5 - superfluous patch dropped From c65246e094527163ee0b2003041ff6c942e14e47 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 9 Sep 2015 14:07:23 +0200 Subject: [PATCH 30/86] clear non-job files from at dir --- at-3.1.16-clear-nonjobs.patch | 42 +++++++++++++++++++++++++++++++++++ at.spec | 7 +++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 at-3.1.16-clear-nonjobs.patch diff --git a/at-3.1.16-clear-nonjobs.patch b/at-3.1.16-clear-nonjobs.patch new file mode 100644 index 0000000..05fc2c2 --- /dev/null +++ b/at-3.1.16-clear-nonjobs.patch @@ -0,0 +1,42 @@ +diff -up at-3.1.16/atd.c.clear-nonjobs at-3.1.16/atd.c +--- at-3.1.16/atd.c.clear-nonjobs 2014-12-11 10:32:24.000000000 +0100 ++++ at-3.1.16/atd.c 2015-09-09 11:40:22.544679351 +0200 +@@ -414,10 +414,22 @@ run_file(const char *filename, uid_t uid + sprintf(fmt, "#!/bin/sh\n# atrun uid=%%d gid=%%d\n# mail %%%ds %%d", + mailsize ); + ++ /* Unlink the file unless there was an error reading it (perhaps ++ * temporary). ++ * If the file has a bogus format there is no reason in trying ++ * to run it again and again. ++ */ + if (fscanf(stream, fmt, +- &nuid, &ngid, mailname, &send_mail) != 4) +- pabort("File %.500s is in wrong format - aborting", +- filename); ++ &nuid, &ngid, mailname, &send_mail) != 4) { ++ if (ferror(stream)) ++ perr("Error reading the job file"); ++ ++ unlink(filename); ++ pabort("File %.500s is in wrong format - aborting", ++ filename); ++ } ++ ++ unlink(filename); + + if (mailname[0] == '-') + pabort("illegal mail name %.300s in job %8lu (%.300s)", mailname, +@@ -427,12 +439,6 @@ run_file(const char *filename, uid_t uid + pabort("Job %8lu (%.500s) - userid %d does not match file uid %d", + jobno, filename, nuid, uid); + +- /* We are now committed to executing this script. Unlink the +- * original. +- */ +- +- unlink(filename); +- + fclose(stream); + if (chdir(ATSPOOL_DIR) < 0) + perr("Cannot chdir to " ATSPOOL_DIR); diff --git a/at.spec b/at.spec index a541dc6..694999b 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.16 -Release: 6%{?dist} +Release: 7%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -29,6 +29,7 @@ Patch10: at-3.1.14-usePOSIXtimers.patch Patch12: at-3.1.14-wrong_format.patch Patch13: at-3.1.16-noabort.patch Patch14: at-3.1.16-fclose-error.patch +Patch15: at-3.1.16-clear-nonjobs.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -77,6 +78,7 @@ cp %{SOURCE1} . %patch12 -p1 -b .wrong %patch13 -p1 -b .noabort %patch14 -p1 -b .fclose +%patch15 -p1 -b .clear-nojobs %build # patch9 touches configure.in @@ -174,6 +176,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Sep 9 2015 Tomáš Mráz - 3.1.16-7 +- clear non-job files from at dir + * Wed Jun 17 2015 Fedora Release Engineering - 3.1.16-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild From 2f9ec0f8690c102a3d7198e5bfe763b6f7cedd89 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 3 Feb 2016 16:37:52 +0000 Subject: [PATCH 31/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 694999b..985d45c 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.16 -Release: 7%{?dist} +Release: 8%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -176,6 +176,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Feb 03 2016 Fedora Release Engineering - 3.1.16-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + * Wed Sep 9 2015 Tomáš Mráz - 3.1.16-7 - clear non-job files from at dir From 4e99767fd323c7775ae7c396e8c44b38c739d666 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 23 Mar 2016 15:24:03 +0100 Subject: [PATCH 32/86] new upstream release - correct the DST correction when using UTC time specification (#1320322) --- .gitignore | 1 + at-3.1.14-selinux.patch | 154 ----------------- at-3.1.16-noabort.patch | 157 ------------------ ....14-makefile.patch => at-3.1.18-make.patch | 26 +-- ...nitpicks.patch => at-3.1.18-nitpicks.patch | 44 ++--- at-3.1.18-noabort.patch | 43 +++++ at-3.1.14-pam.patch => at-3.1.18-pam.patch | 94 ++++++----- at-3.1.18-utc-dst.patch | 24 +++ at.spec | 22 ++- sources | 2 +- 10 files changed, 170 insertions(+), 397 deletions(-) delete mode 100644 at-3.1.14-selinux.patch delete mode 100644 at-3.1.16-noabort.patch rename at-3.1.14-makefile.patch => at-3.1.18-make.patch (82%) rename at-3.1.14-nitpicks.patch => at-3.1.18-nitpicks.patch (72%) create mode 100644 at-3.1.18-noabort.patch rename at-3.1.14-pam.patch => at-3.1.18-pam.patch (79%) create mode 100644 at-3.1.18-utc-dst.patch diff --git a/.gitignore b/.gitignore index c4d8252..f2cb27c 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ at_3.1.12.orig.tar.gz /at_3.1.13.orig.tar.gz /at_3.1.14.orig.tar.gz /at_3.1.16.orig.tar.gz +/at_3.1.18.orig.tar.gz diff --git a/at-3.1.14-selinux.patch b/at-3.1.14-selinux.patch deleted file mode 100644 index abee8b4..0000000 --- a/at-3.1.14-selinux.patch +++ /dev/null @@ -1,154 +0,0 @@ -diff -up at-3.1.14/config.h.in.selinux at-3.1.14/config.h.in ---- at-3.1.14/config.h.in.selinux 2013-09-26 15:06:55.177049852 +0200 -+++ at-3.1.14/config.h.in 2013-09-26 15:06:55.180049850 +0200 -@@ -71,6 +71,9 @@ - /* Define if you are building with_pam */ - #undef WITH_PAM - -+/* Define if you are building with_selinux */ -+#undef WITH_SELINUX -+ - /* Define to 1 if you have the `pstat_getdynamic' function. */ - #undef HAVE_PSTAT_GETDYNAMIC - -diff -up at-3.1.14/configure.ac.selinux at-3.1.14/configure.ac ---- at-3.1.14/configure.ac.selinux 2013-09-26 15:06:55.178049851 +0200 -+++ at-3.1.14/configure.ac 2013-09-26 15:06:55.180049850 +0200 -@@ -246,6 +246,14 @@ AC_DEFINE(WITH_PAM), - AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') - AC_SUBST(PAMLIB) - -+AC_ARG_WITH(selinux, -+[ --with-selinux Define to run with selinux], -+AC_DEFINE(WITH_SELINUX), -+) -+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) -+AC_SUBST(SELINUXLIB) -+AC_SUBST(WITH_SELINUX) -+ - AC_MSG_CHECKING(groupname to run under) - AC_ARG_WITH(daemon_groupname, - [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], -diff -up at-3.1.14/Makefile.in.selinux at-3.1.14/Makefile.in ---- at-3.1.14/Makefile.in.selinux 2013-09-26 15:06:55.175049853 +0200 -+++ at-3.1.14/Makefile.in 2013-09-26 15:06:55.180049850 +0200 -@@ -40,6 +40,7 @@ LIBS = @LIBS@ - LIBOBJS = @LIBOBJS@ - INSTALL = @INSTALL@ - PAMLIB = @PAMLIB@ -+SELINUXLIB = @SELINUXLIB@ - - CLONES = atq atrm - ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o -diff -up at-3.1.14/atd.c.selinux2 at-3.1.14/atd.c ---- at-3.1.14/atd.c.selinux2 2013-12-04 11:27:28.729005384 +0100 -+++ at-3.1.14/atd.c 2013-12-04 11:30:17.709091150 +0100 -@@ -83,6 +83,14 @@ - #include "getloadavg.h" - #endif - -+#ifdef WITH_SELINUX -+#include -+#include -+int selinux_enabled=0; -+#include -+#include -+#endif -+ - #ifndef LOG_ATD - #define LOG_ATD LOG_DAEMON - #endif -@@ -191,6 +199,68 @@ myfork() - #define fork myfork - #endif - -+#ifdef WITH_SELINUX -+static int set_selinux_context(const char *name, const char *filename) { -+ security_context_t user_context=NULL; -+ security_context_t file_context=NULL; -+ struct av_decision avd; -+ int retval=-1; -+ char *seuser=NULL; -+ char *level=NULL; -+ -+ if (getseuserbyname(name, &seuser, &level) == 0) { -+ retval=get_default_context_with_level(seuser, level, NULL, &user_context); -+ free(seuser); -+ free(level); -+ if (retval) { -+ if (security_getenforce()==1) { -+ perr("execle: couldn't get security context for user %s\n", name); -+ } else { -+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); -+ return -1; -+ } -+ } -+ } -+ -+ /* -+ * Since crontab files are not directly executed, -+ * crond must ensure that the crontab file has -+ * a context that is appropriate for the context of -+ * the user cron job. It performs an entrypoint -+ * permission check for this purpose. -+ */ -+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) -+ perr("fgetfilecon FAILED %s", filename); -+ -+ retval = security_compute_av(user_context, -+ file_context, -+ SECCLASS_FILE, -+ FILE__ENTRYPOINT, -+ &avd); -+ freecon(file_context); -+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { -+ if (security_getenforce()==1) { -+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name); -+ } else { -+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ goto err; -+ } -+ } -+ if (setexeccon(user_context) < 0) { -+ if (security_getenforce()==1) { -+ perr("Could not set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ } else { -+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); -+ } -+ } -+ err: -+ freecon(user_context); -+ return 0; -+} -+#endif -+ - static void - run_file(const char *filename, uid_t uid, gid_t gid) - { -@@ -419,6 +489,13 @@ run_file(const char *filename, uid_t uid - - nice((tolower((int) queue) - 'a' + 1) * 2); - -+#ifdef WITH_SELINUX -+ if (selinux_enabled > 0) { -+ if (set_selinux_context(pentry->pw_name, filename) < 0) -+ perr("SELinux Failed to set context\n"); -+ } -+#endif -+ - if (initgroups(pentry->pw_name, pentry->pw_gid)) - perr("Cannot initialize the supplementary group access list"); - -@@ -712,6 +789,10 @@ main(int argc, char *argv[]) - struct passwd *pwe; - struct group *ge; - -+#ifdef WITH_SELINUX -+ selinux_enabled=is_selinux_enabled(); -+#endif -+ - /* We don't need root privileges all the time; running under uid and gid - * daemon is fine. - */ diff --git a/at-3.1.16-noabort.patch b/at-3.1.16-noabort.patch deleted file mode 100644 index 58ffdd2..0000000 --- a/at-3.1.16-noabort.patch +++ /dev/null @@ -1,157 +0,0 @@ -diff -up at-3.1.16/atd.c.noabort at-3.1.16/atd.c ---- at-3.1.16/atd.c.noabort 2014-10-02 11:08:26.000000000 +0200 -+++ at-3.1.16/atd.c 2014-11-06 16:07:54.851652541 +0100 -@@ -221,7 +221,7 @@ static int set_selinux_context(const cha - security_context_t user_context=NULL; - security_context_t file_context=NULL; - struct av_decision avd; -- int retval=-1; -+ int retval=0; - char *seuser=NULL; - char *level=NULL; - -@@ -230,12 +230,9 @@ static int set_selinux_context(const cha - free(seuser); - free(level); - if (retval) { -- if (security_getenforce()==1) { -- perr("execle: couldn't get security context for user %s\n", name); -- } else { -- syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); -- return -1; -- } -+ lerr("execle: couldn't get security context for user %s\n", name); -+ retval = -1; -+ goto err; - } - } - -@@ -246,8 +243,11 @@ static int set_selinux_context(const cha - * the user cron job. It performs an entrypoint - * permission check for this purpose. - */ -- if (fgetfilecon(STDIN_FILENO, &file_context) < 0) -- perr("fgetfilecon FAILED %s", filename); -+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) { -+ lerr("fgetfilecon FAILED %s", filename); -+ retval = -1; -+ goto err; -+ } - - retval = security_compute_av(user_context, - file_context, -@@ -256,25 +256,21 @@ static int set_selinux_context(const cha - &avd); - freecon(file_context); - if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { -- if (security_getenforce()==1) { -- perr("Not allowed to set exec context to %s for user %s\n", user_context,name); -- } else { -- syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); -- retval = -1; -- goto err; -- } -+ lerr("Not allowed to set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ goto err; - } - if (setexeccon(user_context) < 0) { -- if (security_getenforce()==1) { -- perr("Could not set exec context to %s for user %s\n", user_context,name); -- retval = -1; -- } else { -- syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); -- } -+ lerr("Could not set exec context to %s for user %s\n", user_context,name); -+ retval = -1; -+ goto err; - } - err: -- freecon(user_context); -- return 0; -+ if (retval < 0 && security_getenforce() != 1) -+ retval = 0; -+ if (user_context) -+ freecon(user_context); -+ return retval; - } - #endif - -@@ -347,9 +343,12 @@ run_file(const char *filename, uid_t uid - */ - - pid = fork(); -- if (pid == -1) -- perr("Cannot fork"); -- -+ if (pid == -1) { -+ lerr("Cannot fork for job execution"); -+ free(mailname); -+ free(newname); -+ return; -+ } - else if (pid != 0) { - free(mailname); - free(newname); -@@ -667,15 +666,19 @@ run_loop() - * up. - */ - -- if (stat(".", &buf) == -1) -- perr("Cannot stat " ATJOB_DIR); -+ if (stat(".", &buf) == -1) { -+ lerr("Cannot stat " ATJOB_DIR); -+ return next_job; -+ } - - if (nothing_to_do && buf.st_mtime <= last_chg) - return next_job; - last_chg = buf.st_mtime; - -- if ((spool = opendir(".")) == NULL) -- perr("Cannot read " ATJOB_DIR); -+ if ((spool = opendir(".")) == NULL) { -+ lerr("Cannot read " ATJOB_DIR); -+ return next_job; -+ } - - run_batch = 0; - nothing_to_do = 1; -diff -up at-3.1.16/daemon.c.noabort at-3.1.16/daemon.c ---- at-3.1.16/daemon.c.noabort 2014-09-30 08:29:02.000000000 +0200 -+++ at-3.1.16/daemon.c 2014-11-06 15:37:22.109277583 +0100 -@@ -83,6 +83,22 @@ perr(const char *fmt,...) - } - - void -+lerr(const char *fmt,...) -+{ -+ char buf[1024]; -+ va_list args; -+ -+ va_start(args, fmt); -+ vsnprintf(buf, sizeof(buf), fmt, args); -+ va_end(args); -+ -+ if (daemon_debug) { -+ perror(buf); -+ } else -+ syslog(LOG_ERR, "%s: %m", buf); -+} -+ -+void - pabort(const char *fmt,...) - { - char buf[1024]; -diff -up at-3.1.16/daemon.h.noabort at-3.1.16/daemon.h ---- at-3.1.16/daemon.h.noabort 2014-09-30 08:29:02.000000000 +0200 -+++ at-3.1.16/daemon.h 2014-11-06 15:36:10.461660104 +0100 -@@ -13,5 +13,8 @@ __attribute__((noreturn)) - #endif - perr (const char *fmt, ...); - -+void -+lerr (const char *fmt, ...); -+ - extern int daemon_debug; - extern int daemon_foreground; diff --git a/at-3.1.14-makefile.patch b/at-3.1.18-make.patch similarity index 82% rename from at-3.1.14-makefile.patch rename to at-3.1.18-make.patch index 816f335..171b63c 100644 --- a/at-3.1.14-makefile.patch +++ b/at-3.1.18-make.patch @@ -1,23 +1,23 @@ -diff -up at-3.1.14/Makefile.in.make at-3.1.14/Makefile.in ---- at-3.1.14/Makefile.in.make 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/Makefile.in 2013-09-19 16:48:03.605192754 +0200 -@@ -67,13 +67,13 @@ LIST = Filelist Filelist.asc +diff -up at-3.1.18/Makefile.in.make at-3.1.18/Makefile.in +--- at-3.1.18/Makefile.in.make 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/Makefile.in 2016-03-23 12:38:15.652898579 +0100 +@@ -68,13 +68,13 @@ LIST = Filelist Filelist.asc all: at atd atd.service atrun at: $(ATOBJECTS) - $(CC) $(LDFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(LDFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB) ++ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) rm -f $(CLONES) $(LN_S) -f at atq $(LN_S) -f at atrm atd: $(RUNOBJECTS) -- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) -+ $(CC) $(LDFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) +- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) ++ $(CC) $(LDFLAGS) -pie -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) y.tab.c y.tab.h: parsetime.y $(YACC) -d parsetime.y -@@ -88,38 +88,41 @@ atrun: atrun.in +@@ -89,38 +89,41 @@ atrun: atrun.in configure .c.o: @@ -32,11 +32,11 @@ diff -up at-3.1.14/Makefile.in.make at-3.1.14/Makefile.in - $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) - $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) - chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) root -m 755 -d $(IROOT)$(etcdir) -+ $(INSTALL) root -m 755 -d $(IROOT)$(bindir) -+ $(INSTALL) root -m 755 -d $(IROOT)$(sbindir) -+ $(INSTALL) root -m 755 -d $(IROOT)$(docdir) -+ $(INSTALL) root -m 755 -d $(IROOT)$(atdocdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(bindir) ++ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) ++ $(INSTALL) -m 755 -d $(IROOT)$(docdir) ++ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) + $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/ + $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) + chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) diff --git a/at-3.1.14-nitpicks.patch b/at-3.1.18-nitpicks.patch similarity index 72% rename from at-3.1.14-nitpicks.patch rename to at-3.1.18-nitpicks.patch index 6ad8e7a..2bcaebb 100644 --- a/at-3.1.14-nitpicks.patch +++ b/at-3.1.18-nitpicks.patch @@ -1,19 +1,7 @@ -diff -up at-3.1.14/at.1.in.nit at-3.1.14/at.1.in ---- at-3.1.14/at.1.in.nit 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/at.1.in 2013-12-04 11:36:29.737279969 +0100 -@@ -204,7 +204,7 @@ queue for - .BR batch . - Queues with higher letters run with increased niceness. The special - queue "=" is reserved for jobs which are currently running. --.P -+ - If a job is submitted to a queue designated with an uppercase letter, the - job is treated as if it were submitted to batch at the time of the job. - Once the time is reached, the batch processing rules with respect to load -diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c ---- at-3.1.14/atd.c.nit 2013-12-04 11:36:29.733279967 +0100 -+++ at-3.1.14/atd.c 2013-12-04 11:38:44.551247496 +0100 -@@ -198,6 +198,18 @@ myfork() +diff -up at-3.1.18/atd.c.nit at-3.1.18/atd.c +--- at-3.1.18/atd.c.nit 2016-03-23 12:46:49.222277787 +0100 ++++ at-3.1.18/atd.c 2016-03-23 12:47:50.521639804 +0100 +@@ -196,6 +196,18 @@ myfork() #define fork myfork #endif @@ -31,8 +19,8 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c +#endif #ifdef WITH_SELINUX - static int set_selinux_context(const char *name, const char *filename) { -@@ -337,6 +349,9 @@ run_file(const char *filename, uid_t uid + static int +@@ -339,6 +351,9 @@ run_file(const char *filename, uid_t uid free(newname); return; } @@ -42,7 +30,7 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c /* Let's see who we mail to. Hopefully, we can read it from * the command file; if not, send it to the owner, or, failing that, * to root. -@@ -505,6 +520,9 @@ run_file(const char *filename, uid_t uid +@@ -507,6 +522,9 @@ run_file(const char *filename, uid_t uid if (setuid(uid) < 0) perr("Cannot set user id"); @@ -52,7 +40,7 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c chdir("/"); execle("/bin/sh", "sh", (char *) NULL, nenvp); -@@ -570,6 +588,9 @@ run_file(const char *filename, uid_t uid +@@ -572,6 +590,9 @@ run_file(const char *filename, uid_t uid if (setuid(uid) < 0) perr("Cannot set user id"); @@ -62,7 +50,7 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c chdir ("/"); #if defined(SENDMAIL) -@@ -697,6 +718,7 @@ run_loop() +@@ -699,6 +720,7 @@ run_loop() * Let's remove the lockfile and reschedule. */ strncpy(lock_name, dirent->d_name, sizeof(lock_name)); @@ -70,7 +58,7 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c lock_name[0] = '='; unlink(lock_name); next_job = now; -@@ -731,6 +753,7 @@ run_loop() +@@ -733,6 +755,7 @@ run_loop() run_batch++; if (strcmp(batch_name, dirent->d_name) > 0) { strncpy(batch_name, dirent->d_name, sizeof(batch_name)); @@ -78,3 +66,15 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c batch_uid = buf.st_uid; batch_gid = buf.st_gid; batch_queue = queue; +diff -up at-3.1.18/at.1.in.nit at-3.1.18/at.1.in +--- at-3.1.18/at.1.in.nit 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/at.1.in 2016-03-23 12:46:49.226277876 +0100 +@@ -210,7 +210,7 @@ queue for + .BR batch . + Queues with higher letters run with increased niceness. The special + queue "=" is reserved for jobs which are currently running. +-.P ++ + If a job is submitted to a queue designated with an uppercase letter, the + job is treated as if it were submitted to batch at the time of the job. + Once the time is reached, the batch processing rules with respect to load diff --git a/at-3.1.18-noabort.patch b/at-3.1.18-noabort.patch new file mode 100644 index 0000000..1154fb9 --- /dev/null +++ b/at-3.1.18-noabort.patch @@ -0,0 +1,43 @@ +diff -up at-3.1.18/atd.c.noabort at-3.1.18/atd.c +--- at-3.1.18/atd.c.noabort 2016-03-23 12:49:15.147520116 +0100 ++++ at-3.1.18/atd.c 2016-03-23 12:49:15.148520138 +0100 +@@ -349,9 +349,12 @@ run_file(const char *filename, uid_t uid + */ + + pid = fork(); +- if (pid == -1) +- perr("Cannot fork"); +- ++ if (pid == -1) { ++ lerr("Cannot fork for job execution"); ++ free(mailname); ++ free(newname); ++ return; ++ } + else if (pid != 0) { + free(mailname); + free(newname); +@@ -669,15 +672,19 @@ run_loop() + * up. + */ + +- if (stat(".", &buf) == -1) +- perr("Cannot stat " ATJOB_DIR); ++ if (stat(".", &buf) == -1) { ++ lerr("Cannot stat " ATJOB_DIR); ++ return next_job; ++ } + + if (nothing_to_do && buf.st_mtime <= last_chg) + return next_job; + last_chg = buf.st_mtime; + +- if ((spool = opendir(".")) == NULL) +- perr("Cannot read " ATJOB_DIR); ++ if ((spool = opendir(".")) == NULL) { ++ lerr("Cannot read " ATJOB_DIR); ++ return next_job; ++ } + + run_batch = 0; + nothing_to_do = 1; diff --git a/at-3.1.14-pam.patch b/at-3.1.18-pam.patch similarity index 79% rename from at-3.1.14-pam.patch rename to at-3.1.18-pam.patch index aac72e8..7658767 100644 --- a/at-3.1.14-pam.patch +++ b/at-3.1.18-pam.patch @@ -1,6 +1,6 @@ -diff -up at-3.1.14/at.c.pam at-3.1.14/at.c ---- at-3.1.14/at.c.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/at.c 2013-12-04 11:09:56.165752053 +0100 +diff -up at-3.1.18/at.c.pam at-3.1.18/at.c +--- at-3.1.18/at.c.pam 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/at.c 2016-03-23 12:40:10.694447117 +0100 @@ -144,18 +144,13 @@ sigc(int signo) /* If the user presses ^C, remove the spool file and exit */ @@ -52,7 +52,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c /* We've successfully created the file; let's set the flag so it * gets removed in case of an interrupt or error. */ -@@ -654,7 +642,7 @@ process_jobs(int argc, char **argv, int +@@ -670,7 +658,7 @@ process_jobs(int argc, char **argv, int We need the unprivileged uid here since the file is owned by the real (not effective) uid. */ @@ -61,7 +61,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c if (queue == '=') { fprintf(stderr, "Warning: deleting running job\n"); -@@ -663,8 +651,8 @@ process_jobs(int argc, char **argv, int +@@ -679,8 +667,8 @@ process_jobs(int argc, char **argv, int perr("Cannot unlink %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -71,7 +71,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c done = 1; break; -@@ -674,7 +662,7 @@ process_jobs(int argc, char **argv, int +@@ -690,7 +678,7 @@ process_jobs(int argc, char **argv, int FILE *fp; int ch; @@ -80,7 +80,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c fp = fopen(dirent->d_name, "r"); if (fp) { -@@ -687,7 +675,7 @@ process_jobs(int argc, char **argv, int +@@ -703,7 +691,7 @@ process_jobs(int argc, char **argv, int perr("Cannot open %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -89,21 +89,21 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c } break; -diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c ---- at-3.1.14/atd.c.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/atd.c 2013-12-04 11:14:31.780617480 +0100 -@@ -83,6 +83,10 @@ - #include "getloadavg.h" - #endif +diff -up at-3.1.18/atd.c.pam at-3.1.18/atd.c +--- at-3.1.18/atd.c.pam 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/atd.c 2016-03-23 12:43:31.990906478 +0100 +@@ -91,6 +91,10 @@ int selinux_enabled = 0; + + /* Macros */ +#ifndef LOG_ATD +#define LOG_ATD LOG_DAEMON +#endif + - /* Macros */ - #define BATCH_INTERVAL_DEFAULT 60 -@@ -108,7 +112,7 @@ static int run_as_daemon = 0; + #define CHECK_INTERVAL 3600 + +@@ -114,7 +118,7 @@ static int run_as_daemon = 0; static volatile sig_atomic_t term_signal = 0; @@ -112,7 +112,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c #include static pam_handle_t *pamh = NULL; -@@ -117,15 +121,7 @@ static const struct pam_conv conv = { +@@ -123,15 +127,7 @@ static const struct pam_conv conv = { NULL }; @@ -129,7 +129,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c /* Signal handlers */ RETSIGTYPE -@@ -220,7 +216,7 @@ run_file(const char *filename, uid_t uid +@@ -292,7 +288,7 @@ run_file(const char *filename, uid_t uid char fmt[64]; unsigned long jobno; int rc; @@ -138,7 +138,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c int retcode; #endif -@@ -377,17 +373,11 @@ run_file(const char *filename, uid_t uid +@@ -449,17 +445,11 @@ run_file(const char *filename, uid_t uid fstat(fd_out, &buf); size = buf.st_size; @@ -161,7 +161,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c #endif close(STDIN_FILENO); -@@ -401,7 +391,14 @@ run_file(const char *filename, uid_t uid +@@ -473,7 +463,14 @@ run_file(const char *filename, uid_t uid else if (pid == 0) { char *nul = NULL; char **nenvp = &nul; @@ -176,7 +176,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c /* Set up things for the child; we want standard input from the * input file, and standard output and error sent to our output file. */ -@@ -420,8 +417,6 @@ run_file(const char *filename, uid_t uid +@@ -492,8 +489,6 @@ run_file(const char *filename, uid_t uid close(fd_in); close(fd_out); @@ -184,8 +184,8 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c - nice((tolower((int) queue) - 'a' + 1) * 2); - if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -435,9 +430,9 @@ run_file(const char *filename, uid_t uid + #ifdef WITH_SELINUX +@@ -514,9 +509,9 @@ run_file(const char *filename, uid_t uid chdir("/"); @@ -198,7 +198,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c PRIV_END } /* We're the parent. Let's wait. -@@ -450,14 +445,6 @@ run_file(const char *filename, uid_t uid +@@ -529,14 +524,6 @@ run_file(const char *filename, uid_t uid */ waitpid(pid, (int *) NULL, 0); @@ -213,7 +213,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ -@@ -488,8 +475,13 @@ run_file(const char *filename, uid_t uid +@@ -567,8 +554,13 @@ run_file(const char *filename, uid_t uid unlink(newname); free(newname); @@ -227,7 +227,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c PRIV_START if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -511,7 +503,20 @@ run_file(const char *filename, uid_t uid +@@ -590,7 +582,20 @@ run_file(const char *filename, uid_t uid perr("Exec failed for mail command"); PRIV_END @@ -248,9 +248,9 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c exit(EXIT_SUCCESS); } -diff -up at-3.1.14/config.h.in.pam at-3.1.14/config.h.in ---- at-3.1.14/config.h.in.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/config.h.in 2013-12-04 11:09:56.165752053 +0100 +diff -up at-3.1.18/config.h.in.pam at-3.1.18/config.h.in +--- at-3.1.18/config.h.in.pam 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/config.h.in 2016-03-23 12:40:10.695447139 +0100 @@ -68,8 +68,8 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NLIST_H @@ -262,9 +262,9 @@ diff -up at-3.1.14/config.h.in.pam at-3.1.14/config.h.in /* Define to 1 if you have the `pstat_getdynamic' function. */ #undef HAVE_PSTAT_GETDYNAMIC -diff -up at-3.1.14/configure.ac.pam at-3.1.14/configure.ac ---- at-3.1.14/configure.ac.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/configure.ac 2013-12-04 11:09:56.165752053 +0100 +diff -up at-3.1.18/configure.ac.pam at-3.1.18/configure.ac +--- at-3.1.18/configure.ac.pam 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/configure.ac 2016-03-23 12:45:27.885473913 +0100 @@ -78,7 +78,7 @@ AC_FUNC_GETLOADAVG AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) AC_CHECK_HEADERS(security/pam_appl.h, [ @@ -285,12 +285,24 @@ diff -up at-3.1.14/configure.ac.pam at-3.1.14/configure.ac +AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') +AC_SUBST(PAMLIB) + - AC_MSG_CHECKING(groupname to run under) - AC_ARG_WITH(daemon_groupname, - [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], -diff -up at-3.1.14/perm.c.pam at-3.1.14/perm.c ---- at-3.1.14/perm.c.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/perm.c 2013-12-04 11:09:56.165752053 +0100 + AC_ARG_WITH(selinux, + [ --with-selinux Define to run with selinux], + AC_DEFINE(WITH_SELINUX, 1, [Define if you are building with_selinux]), +diff -up at-3.1.18/Makefile.in.pam at-3.1.18/Makefile.in +--- at-3.1.18/Makefile.in.pam 2016-03-23 12:55:30.000000000 +0100 ++++ at-3.1.18/Makefile.in 2016-03-23 12:57:58.347145148 +0100 +@@ -68,7 +68,7 @@ LIST = Filelist Filelist.asc + all: at atd atd.service atrun + + at: $(ATOBJECTS) +- $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) ++ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) $(PAMLIB) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm +diff -up at-3.1.18/perm.c.pam at-3.1.18/perm.c +--- at-3.1.18/perm.c.pam 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/perm.c 2016-03-23 12:40:10.695447139 +0100 @@ -51,6 +51,14 @@ #define PRIV_END while(0) #endif @@ -355,9 +367,9 @@ diff -up at-3.1.14/perm.c.pam at-3.1.14/perm.c allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); if (allow==0 || allow==1) return allow; -diff -up at-3.1.14/privs.h.pam at-3.1.14/privs.h ---- at-3.1.14/privs.h.pam 2013-09-08 14:43:53.000000000 +0200 -+++ at-3.1.14/privs.h 2013-12-04 11:09:56.166752054 +0100 +diff -up at-3.1.18/privs.h.pam at-3.1.18/privs.h +--- at-3.1.18/privs.h.pam 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/privs.h 2016-03-23 12:40:10.695447139 +0100 @@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da #error "Cannot implement user ID swapping without setreuid or setresuid" #endif diff --git a/at-3.1.18-utc-dst.patch b/at-3.1.18-utc-dst.patch new file mode 100644 index 0000000..3a2a40b --- /dev/null +++ b/at-3.1.18-utc-dst.patch @@ -0,0 +1,24 @@ +diff -up at-3.1.18/parsetime.y.dst at-3.1.18/parsetime.y +--- at-3.1.18/parsetime.y.dst 2015-12-06 16:45:10.000000000 +0100 ++++ at-3.1.18/parsetime.y 2015-07-01 13:53:14.088881926 +0200 +@@ -476,8 +476,8 @@ parsetime(time_t currtime, int argc, cha + exectm = *localtime(&currtime); + currtime -= exectm.tm_sec; + exectm.tm_sec = 0; +- exectm.tm_isdst = -1; + memcpy(&currtm,&exectm,sizeof(currtm)); ++ exectm.tm_isdst = -1; + time_only = 0; + yearspec = 0; + +@@ -503,8 +503,8 @@ parsetime(time_t currtime, int argc, cha + return 0; + if (isgmt) { + exectime -= timezone; +- if (currtm.tm_isdst && !exectm.tm_isdst) +- exectime -= 3600; ++ if (exectm.tm_isdst) ++ exectime += 3600; + } + if (exectime < currtime) + panic("refusing to create job destined in the past"); diff --git a/at.spec b/at.spec index 985d45c..33a5152 100644 --- a/at.spec +++ b/at.spec @@ -2,8 +2,8 @@ Summary: Job spooling tools Name: at -Version: 3.1.16 -Release: 8%{?dist} +Version: 3.1.18 +Release: 1%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -17,19 +17,19 @@ Source3: atd.sysconf Source5: atd.systemd Patch0: at-aarch64.patch -Patch1: at-3.1.14-makefile.patch -Patch2: at-3.1.14-pam.patch -Patch3: at-3.1.14-selinux.patch +Patch1: at-3.1.18-make.patch +Patch2: at-3.1.18-pam.patch Patch4: at-3.1.14-opt_V.patch Patch5: at-3.1.14-shell.patch -Patch6: at-3.1.14-nitpicks.patch +Patch6: at-3.1.18-nitpicks.patch Patch8: at-3.1.14-fix_no_export.patch Patch9: at-3.1.14-mailwithhostname.patch Patch10: at-3.1.14-usePOSIXtimers.patch Patch12: at-3.1.14-wrong_format.patch -Patch13: at-3.1.16-noabort.patch +Patch13: at-3.1.18-noabort.patch Patch14: at-3.1.16-fclose-error.patch Patch15: at-3.1.16-clear-nonjobs.patch +Patch16: at-3.1.18-utc-dst.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -63,12 +63,11 @@ need to be repeated at the same time every day/week, etc. you should use crontab instead. %prep -%setup -q +%setup -c -q cp %{SOURCE1} . %patch0 -p1 -b .arm %patch1 -p1 -b .make %patch2 -p1 -b .pam -%patch3 -p1 -b .selinux %patch4 -p1 -b .opt_V %patch5 -p1 -b .shell %patch6 -p1 -b .nit @@ -79,6 +78,7 @@ cp %{SOURCE1} . %patch13 -p1 -b .noabort %patch14 -p1 -b .fclose %patch15 -p1 -b .clear-nojobs +%patch16 -p1 -b .dst %build # patch9 touches configure.in @@ -176,6 +176,10 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Mar 23 2016 Tomáš Mráz - 3.1.18-1 +- new upstream release +- correct the DST correction when using UTC time specification (#1320322) + * Wed Feb 03 2016 Fedora Release Engineering - 3.1.16-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild diff --git a/sources b/sources index 117a254..16baf64 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d05da75d9b75d93917ffb16ab48b1e19 at_3.1.16.orig.tar.gz +f67a7aab557cd5b4a1311079a08acebe at_3.1.18.orig.tar.gz From 4516f77e69cd8737070dab97ab552ca3c2e4dcd5 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 23 May 2016 14:51:40 +0200 Subject: [PATCH 33/86] SIGPIPE should not be ignored in atd (#1338039) --- at.spec | 5 ++++- atd.systemd | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 33a5152..a0dcb74 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.18 -Release: 1%{?dist} +Release: 2%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -176,6 +176,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Mon May 23 2016 Tomáš Mráz - 3.1.18-2 +- SIGPIPE should not be ignored in atd (#1338039) + * Wed Mar 23 2016 Tomáš Mráz - 3.1.18-1 - new upstream release - correct the DST correction when using UTC time specification (#1320322) diff --git a/atd.systemd b/atd.systemd index 7bdf82c..abe24c1 100644 --- a/atd.systemd +++ b/atd.systemd @@ -5,6 +5,7 @@ After=syslog.target systemd-user-sessions.service [Service] EnvironmentFile=/etc/sysconfig/atd ExecStart=/usr/sbin/atd -f $OPTS +IgnoreSIGPIPE=no [Install] WantedBy=multi-user.target From aa74292e24a20f8f3f8ab49bc338233b2bc7542f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 1 Jul 2016 10:43:48 +0200 Subject: [PATCH 34/86] new upstream release - properly lock the lock files to be able to safely remove stale ones --- .gitignore | 1 + at-3.1.20-lock-locks.patch | 108 ++++++++++++++++++ at-3.1.18-pam.patch => at-3.1.20-pam.patch | 54 ++++----- ....1.14-shell.patch => at-3.1.20-shell.patch | 12 +- at.spec | 17 ++- sources | 2 +- 6 files changed, 155 insertions(+), 39 deletions(-) create mode 100644 at-3.1.20-lock-locks.patch rename at-3.1.18-pam.patch => at-3.1.20-pam.patch (87%) rename at-3.1.14-shell.patch => at-3.1.20-shell.patch (76%) diff --git a/.gitignore b/.gitignore index f2cb27c..89de2f8 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ at_3.1.12.orig.tar.gz /at_3.1.14.orig.tar.gz /at_3.1.16.orig.tar.gz /at_3.1.18.orig.tar.gz +/at_3.1.20.orig.tar.gz diff --git a/at-3.1.20-lock-locks.patch b/at-3.1.20-lock-locks.patch new file mode 100644 index 0000000..17d6ad4 --- /dev/null +++ b/at-3.1.20-lock-locks.patch @@ -0,0 +1,108 @@ +diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c +--- at-3.1.20/atd.c.lock-locks 2016-07-01 10:41:50.640867692 +0200 ++++ at-3.1.20/atd.c 2016-07-01 10:42:32.345844967 +0200 +@@ -74,6 +74,9 @@ + #include + #endif + ++#include ++#include ++ + /* Local headers */ + + #include "privs.h" +@@ -288,7 +291,7 @@ run_file(const char *filename, uid_t uid + * mail to the user. + */ + pid_t pid; +- int fd_out, fd_in; ++ int fd_out, fd_in, fd_std; + char jobbuf[9]; + char *mailname = NULL; + int mailsize = 128; +@@ -410,6 +413,10 @@ run_file(const char *filename, uid_t uid + + fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); + ++ if (flock(fd_in, LOCK_EX | LOCK_NB) != 0) ++ perr("Somebody already locked the job %8lu (%.500s) - " ++ "aborting", jobno, filename); ++ + /* + * If the spool directory is mounted via NFS `atd' isn't able to + * read from the job file and will bump out here. The file is +@@ -553,10 +560,7 @@ run_file(const char *filename, uid_t uid + PRIV_END + } + /* We're the parent. Let's wait. +- */ +- close(fd_in); +- +- /* We inherited the master's SIGCHLD handler, which does a ++ We inherited the master's SIGCHLD handler, which does a + non-blocking waitpid. So this blocking one will eventually + return with an ECHILD error. + */ +@@ -573,14 +577,14 @@ run_file(const char *filename, uid_t uid + /* some sendmail implementations are confused if stdout, stderr are + * not available, so let them point to /dev/null + */ +- if ((fd_in = open("/dev/null", O_WRONLY)) < 0) ++ if ((fd_std = open("/dev/null", O_WRONLY)) < 0) + perr("Could not open /dev/null."); +- if (dup2(fd_in, STDOUT_FILENO) < 0) ++ if (dup2(fd_std, STDOUT_FILENO) < 0) + perr("Could not use /dev/null as standard output."); +- if (dup2(fd_in, STDERR_FILENO) < 0) ++ if (dup2(fd_std, STDERR_FILENO) < 0) + perr("Could not use /dev/null as standard error."); +- if (fd_in != STDOUT_FILENO && fd_in != STDERR_FILENO) +- close(fd_in); ++ if (fd_std != STDOUT_FILENO && fd_std != STDERR_FILENO) ++ close(fd_std); + + if (unlink(filename) == -1) + syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s", +@@ -588,7 +592,12 @@ run_file(const char *filename, uid_t uid + + /* The job is now finished. We can delete its input file. + */ +- chdir(ATJOB_DIR); ++ if (chdir(ATJOB_DIR) != 0) ++ perr("Somebody removed %s directory from under us.", ATJOB_DIR); ++ ++ /* This also removes the flock */ ++ (void)close(fd_in); ++ + unlink(newname); + free(newname); + +@@ -723,16 +732,18 @@ run_loop() + + /* Skip lock files */ + if (queue == '=') { +- /* FIXME: calhariz */ +- /* I think the following code is broken, but commenting +- may haven unknow side effects. Make a release and see +- in the wild how it works. For more information see: +- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818508/* +- +- /* if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { */ +- /* /\* Remove stale lockfile FIXME: lock the lockfile, if you fail, it's still in use. *\/ */ +- /* unlink(dirent->d_name); */ +- /* } */ ++ if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { ++ int fd; ++ ++ fd = open(dirent->d_name, O_RDONLY); ++ if (fd != -1) { ++ if (flock(fd, LOCK_EX | LOCK_NB) == 0) { ++ unlink(dirent->d_name); ++ syslog(LOG_NOTICE, "removing stale lock file %s\n", dirent->d_name); ++ } ++ (void)close(fd); ++ } ++ } + continue; + } + /* Skip any other file types which may have been invented in diff --git a/at-3.1.18-pam.patch b/at-3.1.20-pam.patch similarity index 87% rename from at-3.1.18-pam.patch rename to at-3.1.20-pam.patch index 7658767..418fa84 100644 --- a/at-3.1.18-pam.patch +++ b/at-3.1.20-pam.patch @@ -1,6 +1,6 @@ -diff -up at-3.1.18/at.c.pam at-3.1.18/at.c ---- at-3.1.18/at.c.pam 2015-12-06 16:45:10.000000000 +0100 -+++ at-3.1.18/at.c 2016-03-23 12:40:10.694447117 +0100 +diff -up at-3.1.20/at.c.pam at-3.1.20/at.c +--- at-3.1.20/at.c.pam 2016-06-28 22:18:00.000000000 +0200 ++++ at-3.1.20/at.c 2016-07-01 09:44:22.251683924 +0200 @@ -144,18 +144,13 @@ sigc(int signo) /* If the user presses ^C, remove the spool file and exit */ @@ -52,7 +52,7 @@ diff -up at-3.1.18/at.c.pam at-3.1.18/at.c /* We've successfully created the file; let's set the flag so it * gets removed in case of an interrupt or error. */ -@@ -670,7 +658,7 @@ process_jobs(int argc, char **argv, int +@@ -673,7 +661,7 @@ process_jobs(int argc, char **argv, int We need the unprivileged uid here since the file is owned by the real (not effective) uid. */ @@ -61,7 +61,7 @@ diff -up at-3.1.18/at.c.pam at-3.1.18/at.c if (queue == '=') { fprintf(stderr, "Warning: deleting running job\n"); -@@ -679,8 +667,8 @@ process_jobs(int argc, char **argv, int +@@ -682,8 +670,8 @@ process_jobs(int argc, char **argv, int perr("Cannot unlink %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -71,7 +71,7 @@ diff -up at-3.1.18/at.c.pam at-3.1.18/at.c done = 1; break; -@@ -690,7 +678,7 @@ process_jobs(int argc, char **argv, int +@@ -693,7 +681,7 @@ process_jobs(int argc, char **argv, int FILE *fp; int ch; @@ -80,7 +80,7 @@ diff -up at-3.1.18/at.c.pam at-3.1.18/at.c fp = fopen(dirent->d_name, "r"); if (fp) { -@@ -703,7 +691,7 @@ process_jobs(int argc, char **argv, int +@@ -706,7 +694,7 @@ process_jobs(int argc, char **argv, int perr("Cannot open %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -89,9 +89,9 @@ diff -up at-3.1.18/at.c.pam at-3.1.18/at.c } break; -diff -up at-3.1.18/atd.c.pam at-3.1.18/atd.c ---- at-3.1.18/atd.c.pam 2015-12-06 16:45:10.000000000 +0100 -+++ at-3.1.18/atd.c 2016-03-23 12:43:31.990906478 +0100 +diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c +--- at-3.1.20/atd.c.pam 2016-06-28 22:14:39.000000000 +0200 ++++ at-3.1.20/atd.c 2016-07-01 09:44:22.251683924 +0200 @@ -91,6 +91,10 @@ int selinux_enabled = 0; /* Macros */ @@ -248,9 +248,9 @@ diff -up at-3.1.18/atd.c.pam at-3.1.18/atd.c exit(EXIT_SUCCESS); } -diff -up at-3.1.18/config.h.in.pam at-3.1.18/config.h.in ---- at-3.1.18/config.h.in.pam 2015-12-06 16:45:10.000000000 +0100 -+++ at-3.1.18/config.h.in 2016-03-23 12:40:10.695447139 +0100 +diff -up at-3.1.20/config.h.in.pam at-3.1.20/config.h.in +--- at-3.1.20/config.h.in.pam 2015-12-18 21:29:24.000000000 +0100 ++++ at-3.1.20/config.h.in 2016-07-01 09:44:22.251683924 +0200 @@ -68,8 +68,8 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NLIST_H @@ -262,9 +262,9 @@ diff -up at-3.1.18/config.h.in.pam at-3.1.18/config.h.in /* Define to 1 if you have the `pstat_getdynamic' function. */ #undef HAVE_PSTAT_GETDYNAMIC -diff -up at-3.1.18/configure.ac.pam at-3.1.18/configure.ac ---- at-3.1.18/configure.ac.pam 2015-12-06 16:45:10.000000000 +0100 -+++ at-3.1.18/configure.ac 2016-03-23 12:45:27.885473913 +0100 +diff -up at-3.1.20/configure.ac.pam at-3.1.20/configure.ac +--- at-3.1.20/configure.ac.pam 2016-06-28 22:55:52.000000000 +0200 ++++ at-3.1.20/configure.ac 2016-07-01 09:45:23.268092527 +0200 @@ -78,7 +78,7 @@ AC_FUNC_GETLOADAVG AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) AC_CHECK_HEADERS(security/pam_appl.h, [ @@ -286,11 +286,11 @@ diff -up at-3.1.18/configure.ac.pam at-3.1.18/configure.ac +AC_SUBST(PAMLIB) + AC_ARG_WITH(selinux, - [ --with-selinux Define to run with selinux], - AC_DEFINE(WITH_SELINUX, 1, [Define if you are building with_selinux]), -diff -up at-3.1.18/Makefile.in.pam at-3.1.18/Makefile.in ---- at-3.1.18/Makefile.in.pam 2016-03-23 12:55:30.000000000 +0100 -+++ at-3.1.18/Makefile.in 2016-03-23 12:57:58.347145148 +0100 + [ --with-selinux Define to run with selinux (default=check)], + [], +diff -up at-3.1.20/Makefile.in.pam at-3.1.20/Makefile.in +--- at-3.1.20/Makefile.in.pam 2016-07-01 09:44:22.250683901 +0200 ++++ at-3.1.20/Makefile.in 2016-07-01 09:44:22.252683947 +0200 @@ -68,7 +68,7 @@ LIST = Filelist Filelist.asc all: at atd atd.service atrun @@ -300,9 +300,9 @@ diff -up at-3.1.18/Makefile.in.pam at-3.1.18/Makefile.in rm -f $(CLONES) $(LN_S) -f at atq $(LN_S) -f at atrm -diff -up at-3.1.18/perm.c.pam at-3.1.18/perm.c ---- at-3.1.18/perm.c.pam 2015-12-06 16:45:10.000000000 +0100 -+++ at-3.1.18/perm.c 2016-03-23 12:40:10.695447139 +0100 +diff -up at-3.1.20/perm.c.pam at-3.1.20/perm.c +--- at-3.1.20/perm.c.pam 2015-08-22 00:09:22.000000000 +0200 ++++ at-3.1.20/perm.c 2016-07-01 09:44:22.252683947 +0200 @@ -51,6 +51,14 @@ #define PRIV_END while(0) #endif @@ -367,9 +367,9 @@ diff -up at-3.1.18/perm.c.pam at-3.1.18/perm.c allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); if (allow==0 || allow==1) return allow; -diff -up at-3.1.18/privs.h.pam at-3.1.18/privs.h ---- at-3.1.18/privs.h.pam 2015-12-06 16:45:10.000000000 +0100 -+++ at-3.1.18/privs.h 2016-03-23 12:40:10.695447139 +0100 +diff -up at-3.1.20/privs.h.pam at-3.1.20/privs.h +--- at-3.1.20/privs.h.pam 2015-08-22 00:09:22.000000000 +0200 ++++ at-3.1.20/privs.h 2016-07-01 09:44:22.252683947 +0200 @@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da #error "Cannot implement user ID swapping without setreuid or setresuid" #endif diff --git a/at-3.1.14-shell.patch b/at-3.1.20-shell.patch similarity index 76% rename from at-3.1.14-shell.patch rename to at-3.1.20-shell.patch index 49f66f1..ac9586c 100644 --- a/at-3.1.14-shell.patch +++ b/at-3.1.20-shell.patch @@ -1,6 +1,6 @@ -diff -up at-3.1.14/at.c.shell at-3.1.14/at.c ---- at-3.1.14/at.c.shell 2014-01-06 17:58:17.555564746 +0100 -+++ at-3.1.14/at.c 2014-01-06 17:59:17.699720002 +0100 +diff -up at-3.1.20/at.c.shell at-3.1.20/at.c +--- at-3.1.20/at.c.shell 2016-07-01 09:47:13.392684445 +0200 ++++ at-3.1.20/at.c 2016-07-01 09:48:47.679931959 +0200 @@ -62,11 +62,8 @@ #include #include @@ -26,7 +26,7 @@ diff -up at-3.1.14/at.c.shell at-3.1.14/at.c /* Install the signal handler for SIGINT; terminate after removing the * spool file if necessary -@@ -449,6 +452,9 @@ writefile(time_t runtimer, char queue) +@@ -465,6 +468,9 @@ writefile(time_t runtimer, char queue) fprintf(fp, " || {\n\t echo 'Execution directory " "inaccessible' >&2\n\t exit 1\n}\n"); @@ -36,7 +36,7 @@ diff -up at-3.1.14/at.c.shell at-3.1.14/at.c istty = isatty(fileno(stdin)); if (istty) { fprintf(stderr, "at> "); -@@ -464,7 +470,7 @@ writefile(time_t runtimer, char queue) +@@ -480,7 +486,7 @@ writefile(time_t runtimer, char queue) if (istty) { fprintf(stderr, "\n"); } @@ -44,4 +44,4 @@ diff -up at-3.1.14/at.c.shell at-3.1.14/at.c + fprintf(fp, "marcinDELIMITER%08lx\n", i); if (ferror(fp)) panic("Output error"); - + fflush(fp); diff --git a/at.spec b/at.spec index a0dcb74..560bea0 100644 --- a/at.spec +++ b/at.spec @@ -2,8 +2,8 @@ Summary: Job spooling tools Name: at -Version: 3.1.18 -Release: 2%{?dist} +Version: 3.1.20 +Release: 1%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -18,9 +18,9 @@ Source5: atd.systemd Patch0: at-aarch64.patch Patch1: at-3.1.18-make.patch -Patch2: at-3.1.18-pam.patch +Patch2: at-3.1.20-pam.patch Patch4: at-3.1.14-opt_V.patch -Patch5: at-3.1.14-shell.patch +Patch5: at-3.1.20-shell.patch Patch6: at-3.1.18-nitpicks.patch Patch8: at-3.1.14-fix_no_export.patch Patch9: at-3.1.14-mailwithhostname.patch @@ -30,6 +30,7 @@ Patch13: at-3.1.18-noabort.patch Patch14: at-3.1.16-fclose-error.patch Patch15: at-3.1.16-clear-nonjobs.patch Patch16: at-3.1.18-utc-dst.patch +Patch17: at-3.1.20-lock-locks.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -63,7 +64,7 @@ need to be repeated at the same time every day/week, etc. you should use crontab instead. %prep -%setup -c -q +%setup -q cp %{SOURCE1} . %patch0 -p1 -b .arm %patch1 -p1 -b .make @@ -79,6 +80,7 @@ cp %{SOURCE1} . %patch14 -p1 -b .fclose %patch15 -p1 -b .clear-nojobs %patch16 -p1 -b .dst +%patch17 -p1 -b .lock-locks %build # patch9 touches configure.in @@ -176,6 +178,11 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Fri Jul 1 2016 Tomáš Mráz - 3.1.20-1 +- new upstream release +- properly lock the lock files to be able to safely remove + stale ones + * Mon May 23 2016 Tomáš Mráz - 3.1.18-2 - SIGPIPE should not be ignored in atd (#1338039) diff --git a/sources b/sources index 16baf64..67f3292 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f67a7aab557cd5b4a1311079a08acebe at_3.1.18.orig.tar.gz +e7bd7b785b2cbb17e133d6bdc0fb099e at_3.1.20.orig.tar.gz From 0f7125cd4579effaf492e325dc90ca941abe8530 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 2 Feb 2017 15:10:19 +0100 Subject: [PATCH 35/86] properly include the license files --- at.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/at.spec b/at.spec index 560bea0..04b8236 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 1%{?dist} +Release: 2%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -161,7 +161,8 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ /bin/systemctl daemon-reload >/dev/null 2>&1 || : %files -%doc docs/* +%license Copyright COPYING +%doc README timespec ChangeLog %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd %attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at @@ -178,6 +179,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Feb 2 2017 Tomáš Mráz - 3.1.20-2 +- properly include the license files + * Fri Jul 1 2016 Tomáš Mráz - 3.1.20-1 - new upstream release - properly lock the lock files to be able to safely remove From c90eeec20af10ac0bb6cd01b7b38b99d7a04420e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 10 Feb 2017 06:28:12 +0000 Subject: [PATCH 36/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 04b8236..0f0047c 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 2%{?dist} +Release: 3%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -179,6 +179,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Fri Feb 10 2017 Fedora Release Engineering - 3.1.20-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + * Thu Feb 2 2017 Tomáš Mráz - 3.1.20-2 - properly include the license files From c5dcedc7c3dbfbfdbb9c5e6bba2eec35abb0a313 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Tue, 28 Mar 2017 10:03:29 +0200 Subject: [PATCH 37/86] fix the POSIX timers support (#1436523) --- at-3.1.14-usePOSIXtimers.patch | 4 ++-- at.spec | 5 ++++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/at-3.1.14-usePOSIXtimers.patch b/at-3.1.14-usePOSIXtimers.patch index ebf7d8d..89c5614 100644 --- a/at-3.1.14-usePOSIXtimers.patch +++ b/at-3.1.14-usePOSIXtimers.patch @@ -5,7 +5,7 @@ diff -up at-3.1.14/atd.c.timers at-3.1.14/atd.c return next_job; } -+#ifdef HAVE_CLOCK_GETTIME ++#ifdef HAVE_TIMER_CREATE +timer_t timer; +struct itimerspec timeout; + @@ -89,7 +89,7 @@ diff -up at-3.1.14/config.h.in.timers at-3.1.14/config.h.in /* Define to 1 if you have the `getloadavg' function. */ #undef HAVE_GETLOADAVG -+/* Define to 1 if you have the `clock_gettime' function. */ ++/* Define to 1 if you have the `timer_create' function. */ +#undef HAVE_TIMER_CREATE + /* Define to 1 if you have the header file. */ diff --git a/at.spec b/at.spec index 0f0047c..1691768 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 3%{?dist} +Release: 4%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -179,6 +179,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Tue Mar 28 2017 Tomáš Mráz - 3.1.20-4 +- fix the POSIX timers support (#1436523) + * Fri Feb 10 2017 Fedora Release Engineering - 3.1.20-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild From 78569dfe5bb04ae253c6c2cb4bfbaedcedc68b38 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 26 Jul 2017 03:27:13 +0000 Subject: [PATCH 38/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 1691768..842ea03 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 4%{?dist} +Release: 5%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -179,6 +179,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jul 26 2017 Fedora Release Engineering - 3.1.20-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Tue Mar 28 2017 Tomáš Mráz - 3.1.20-4 - fix the POSIX timers support (#1436523) From 32eca464c696051286e25e68899b3abbe2b11841 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 2 Aug 2017 17:54:06 +0000 Subject: [PATCH 39/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 842ea03..fc7d67e 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 5%{?dist} +Release: 6%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -179,6 +179,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Aug 02 2017 Fedora Release Engineering - 3.1.20-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + * Wed Jul 26 2017 Fedora Release Engineering - 3.1.20-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From f2ac390859a593015e5a1b10c011514483df4011 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 14 Sep 2017 14:56:09 +0200 Subject: [PATCH 40/86] the ownership of the spool directory should be root (at is configured with daemon username root) - document the -n option --- at-3.1.20-document-n.patch | 22 ++++++++++++++++++++++ at.spec | 17 ++++++++++++----- 2 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 at-3.1.20-document-n.patch diff --git a/at-3.1.20-document-n.patch b/at-3.1.20-document-n.patch new file mode 100644 index 0000000..c4d929a --- /dev/null +++ b/at-3.1.20-document-n.patch @@ -0,0 +1,22 @@ +diff -up at-3.1.20/atd.8.in.document-n at-3.1.20/atd.8.in +--- at-3.1.20/atd.8.in.document-n 2015-08-22 00:09:22.000000000 +0200 ++++ at-3.1.20/atd.8.in 2017-09-14 14:17:04.922086349 +0200 +@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi + .IR batch_interval ] + .RB [ -d ] + .RB [ -f ] ++.RB [ -n ] + .RB [ -s ] + .SH DESCRIPTION + .B atd +@@ -40,6 +41,10 @@ Run + .BR atd + in the foreground. + .TP 8 ++.B -n ++Append the hostname of the system to the subject of the e-mails sent by ++.BR atd . ++.TP 8 + .B -s + Process the at/batch queue only once. + This is primarily of use for compatibility with old versions of diff --git a/at.spec b/at.spec index fc7d67e..d8e77f9 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 6%{?dist} +Release: 7%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -31,6 +31,7 @@ Patch14: at-3.1.16-fclose-error.patch Patch15: at-3.1.16-clear-nonjobs.patch Patch16: at-3.1.18-utc-dst.patch Patch17: at-3.1.20-lock-locks.patch +Patch18: at-3.1.20-document-n.patch BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf @@ -81,6 +82,7 @@ cp %{SOURCE1} . %patch15 -p1 -b .clear-nojobs %patch16 -p1 -b .dst %patch17 -p1 -b .lock-locks +%patch18 -p1 -b .document-n %build # patch9 touches configure.in @@ -138,7 +140,7 @@ make test %post touch %{_localstatedir}/spool/at/.SEQ chmod 600 %{_localstatedir}/spool/at/.SEQ -chown daemon:daemon %{_localstatedir}/spool/at/.SEQ +chown root:root %{_localstatedir}/spool/at/.SEQ %systemd_post atd.service %preun @@ -165,9 +167,9 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %doc README timespec ChangeLog %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd -%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at -%attr(0600,daemon,daemon) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ -%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at/spool +%attr(0700,root,root) %dir %{_localstatedir}/spool/at +%attr(0600,root,root) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ +%attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd %{_sbindir}/atrun %attr(0755,root,root) %{_sbindir}/atd @@ -179,6 +181,11 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Sep 14 2017 Tomáš Mráz - 3.1.20-7 +- the ownership of the spool directory should be root as at is configured + with daemon username root +- document the -n option + * Wed Aug 02 2017 Fedora Release Engineering - 3.1.20-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From 5dfacd58d8fd7db306b56371868ad5c94f56a42f Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 14 Sep 2017 15:54:13 +0200 Subject: [PATCH 41/86] improve the wrong_format patch, also rename it to correct name --- ...rmat.patch => at-3.1.20-aborted-jobs.patch | 19 +++++++++---------- at.spec | 9 ++++++--- 2 files changed, 15 insertions(+), 13 deletions(-) rename at-3.1.14-wrong_format.patch => at-3.1.20-aborted-jobs.patch (61%) diff --git a/at-3.1.14-wrong_format.patch b/at-3.1.20-aborted-jobs.patch similarity index 61% rename from at-3.1.14-wrong_format.patch rename to at-3.1.20-aborted-jobs.patch index b2a5ef4..78a196f 100644 --- a/at-3.1.14-wrong_format.patch +++ b/at-3.1.20-aborted-jobs.patch @@ -1,23 +1,22 @@ -diff -up at-3.1.14/atd.c.seg at-3.1.14/atd.c ---- at-3.1.14/atd.c.seg 2013-12-02 14:33:48.650769756 +0100 -+++ at-3.1.14/atd.c 2013-12-02 14:52:49.057437721 +0100 -@@ -752,14 +752,17 @@ run_loop() +diff -up at-3.1.20/atd.c.aborted at-3.1.20/atd.c +--- at-3.1.20/atd.c.aborted 2017-09-14 15:31:47.971486148 +0200 ++++ at-3.1.20/atd.c 2017-09-14 15:43:53.506567281 +0200 +@@ -731,12 +731,17 @@ run_loop() /* Is the file already locked? */ if (buf.st_nlink > 1) { -- if (run_time + CHECK_INTERVAL <= now) { ++ if (run_time < buf.st_mtime) ++ run_time = buf.st_mtime; + if (run_time + CHECK_INTERVAL <= now) { - -+ if (buf.st_mtime + CHECK_INTERVAL <= now) { /* Something went wrong the last time this was executed. * Let's remove the lockfile and reschedule. + * We also change the timestamp to avoid rerunning the job more + * than once every CHECK_INTERVAL. */ strncpy(lock_name, dirent->d_name, sizeof(lock_name)); - lock_name[sizeof(lock_name)-1] = '\0'; - lock_name[0] = '='; + if (utime(lock_name, 0) < 0) + syslog(LOG_ERR, "utime couldn't be set for lock file %s\n", lock_name); + lock_name[sizeof(lock_name)-1] = '\0'; + lock_name[0] = '='; unlink(lock_name); - next_job = now; - nothing_to_do = 0; diff --git a/at.spec b/at.spec index d8e77f9..c616b87 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 7%{?dist} +Release: 8%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -25,7 +25,7 @@ Patch6: at-3.1.18-nitpicks.patch Patch8: at-3.1.14-fix_no_export.patch Patch9: at-3.1.14-mailwithhostname.patch Patch10: at-3.1.14-usePOSIXtimers.patch -Patch12: at-3.1.14-wrong_format.patch +Patch12: at-3.1.20-aborted-jobs.patch Patch13: at-3.1.18-noabort.patch Patch14: at-3.1.16-fclose-error.patch Patch15: at-3.1.16-clear-nonjobs.patch @@ -76,7 +76,7 @@ cp %{SOURCE1} . %patch8 -p1 -b .export %patch9 -p1 -b .mail %patch10 -p1 -b .posix -%patch12 -p1 -b .wrong +%patch12 -p1 -b .aborted %patch13 -p1 -b .noabort %patch14 -p1 -b .fclose %patch15 -p1 -b .clear-nojobs @@ -181,6 +181,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Sep 14 2017 Tomáš Mráz - 3.1.20-8 +- improve the wrong_format patch, also rename it to correct name + * Thu Sep 14 2017 Tomáš Mráz - 3.1.20-7 - the ownership of the spool directory should be root as at is configured with daemon username root From 41ca4b77ae41982a1293b27f44add7abb961b59f Mon Sep 17 00:00:00 2001 From: Andrei Stepanov Date: Mon, 2 Oct 2017 17:54:34 +0000 Subject: [PATCH 42/86] Add CI tests using the standard test interface Adds tests according to the CI wiki [0] specifically the standard test interface in the spec [1]. [0] https://fedoraproject.org/wiki/CI [1] https://fedoraproject.org/wiki/Changes/InvokingTests --- tests/initscript/Makefile | 64 +++++++++++++++++++++++++++ tests/initscript/PURPOSE | 3 ++ tests/initscript/runtest.sh | 88 +++++++++++++++++++++++++++++++++++++ tests/tests.yml | 11 +++++ 4 files changed, 166 insertions(+) create mode 100644 tests/initscript/Makefile create mode 100644 tests/initscript/PURPOSE create mode 100755 tests/initscript/runtest.sh create mode 100644 tests/tests.yml diff --git a/tests/initscript/Makefile b/tests/initscript/Makefile new file mode 100644 index 0000000..106ee79 --- /dev/null +++ b/tests/initscript/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/at/Sanity/initscript +# Description: Initscript sanity +# Author: Radek Biba +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2009 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/at/Sanity/initscript +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Radek Biba " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Initscript sanity" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "Releases: -RHEL3 -RHEL4 -RHELServer5 -RHELClient5 -RedHatEnterpriseLinux3 -RedHatEnterpriseLinux4 -RedHatEnterpriseLinuxClient5 -RedHatEnterpriseLinuxServer5" >> $(METADATA) + @echo "RunFor: at" >> $(METADATA) + @echo "Requires: at" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/initscript/PURPOSE b/tests/initscript/PURPOSE new file mode 100644 index 0000000..7845ec7 --- /dev/null +++ b/tests/initscript/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/at/Sanity/initscript +Description: Initscript sanity +Author: Radek Biba diff --git a/tests/initscript/runtest.sh b/tests/initscript/runtest.sh new file mode 100755 index 0000000..b56556d --- /dev/null +++ b/tests/initscript/runtest.sh @@ -0,0 +1,88 @@ +#!/bin/bash +# vim: dict=/usr/share/rhts-library/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/at/Sanity/initscript +# Description: Initscript sanity +# Author: Radek Biba +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2009 Red Hat, Inc. All rights reserved. +# +# This copyrighted material is made available to anyone wishing +# to use, modify, copy, or redistribute it subject to the terms +# and conditions of the GNU General Public License version 2. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public +# License along with this program; if not, write to the Free +# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301, USA. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include rhts environment +. /usr/bin/rhts-environment.sh +. /usr/share/rhts-library/rhtslib.sh + +PACKAGE="at" +SERVICE="atd" + +rlJournalStart + rlPhaseStartSetup "Prepare" + rlServiceStop $SERVICE + rlPhaseEnd + if rlIsRHEL "<7"; then + rlPhaseStartTest "Mandatory actions" + for ACTION in "start" "stop" "restart" "force-reload" "status" ; do + rlRun "grep -i \"usage.*$ACTION\" /etc/init.d/$SERVICE" + done + rlPhaseEnd + fi + rlPhaseStartTest "Start" + rlRun "service $SERVICE start" 0 + rlRun "service $SERVICE status" 0 + rlRun "service $SERVICE start" 0 + rlRun "service $SERVICE status" 0 + rlRun "service $SERVICE restart" 0 + rlRun "service $SERVICE status" 0 + rlRun "service $SERVICE force-reload" 0 + rlRun "service $SERVICE status" 0 + rlRun "service $SERVICE try-restart" 0 + rlRun "service $SERVICE status" 0 + rlPhaseEnd + rlPhaseStartTest "Stop" + rlRun "service $SERVICE stop" 0 + rlRun "service $SERVICE status" 3 + rlRun "service $SERVICE stop" 0 + rlRun "service $SERVICE status" 3 + rlRun "service $SERVICE try-restart" 0 + rlRun "service $SERVICE status" 3 + rlPhaseEnd + rlPhaseStartTest "Dead service" + rlRun "touch /var/lock/subsys/$SERVICE" + rlRun "service $SERVICE status" $( + if rlIsRHEL "<7"; then + echo 2; + else + echo 3; + fi + ) + rlRun "service $SERVICE start" 0 + rlRun "service $SERVICE status" 0 + rlPhaseEnd + rlPhaseStartTest "Invalid arguments" + rlRun "service $SERVICE" 2 + rlRun "service $SERVICE fubar" 2 + rlPhaseEnd + + rlPhaseStartCleanup "Restore" + rlServiceRestore $SERVICE + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..7c14ca2 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,11 @@ +--- +# This first play always runs on the local staging system +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + tests: + - initscript + required_packages: + - at # Required to run initscript From 3fecac9bc1d4e754ceec87c490049000a223c068 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 7 Feb 2018 03:10:01 +0000 Subject: [PATCH 43/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index c616b87..e35e3a4 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 8%{?dist} +Release: 9%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -181,6 +181,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Feb 07 2018 Fedora Release Engineering - 3.1.20-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Thu Sep 14 2017 Tomáš Mráz - 3.1.20-8 - improve the wrong_format patch, also rename it to correct name From b2639042fe6eaa660b2620edac3f0f892f1e1a3a Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Sun, 25 Feb 2018 11:49:54 +0100 Subject: [PATCH 44/86] Drop "BuildRequires: fileutils /etc/init.d" --- at.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/at.spec b/at.spec index e35e3a4..9cbedb1 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 9%{?dist} +Release: 10%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -33,7 +33,6 @@ Patch16: at-3.1.18-utc-dst.patch Patch17: at-3.1.20-lock-locks.patch Patch18: at-3.1.20-document-n.patch -BuildRequires: fileutils /etc/init.d BuildRequires: flex flex-static bison autoconf BuildRequires: libselinux-devel >= 1.27.9 BuildRequires: perl(Test::Harness) @@ -181,6 +180,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Sun Feb 25 2018 Florian Weimer - 3.1.20-10 +- Drop "BuildRequires: fileutils /etc/init.d" + * Wed Feb 07 2018 Fedora Release Engineering - 3.1.20-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From c93dd9d5bf23330289b010ca6169d8f5f39711f9 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Thu, 8 Mar 2018 11:20:31 +0100 Subject: [PATCH 45/86] Add gcc to BuildRequires --- at.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/at.spec b/at.spec index 9cbedb1..2c1c6a5 100644 --- a/at.spec +++ b/at.spec @@ -33,6 +33,7 @@ Patch16: at-3.1.18-utc-dst.patch Patch17: at-3.1.20-lock-locks.patch Patch18: at-3.1.20-document-n.patch +BuildRequires: gcc BuildRequires: flex flex-static bison autoconf BuildRequires: libselinux-devel >= 1.27.9 BuildRequires: perl(Test::Harness) From 563c667dd6fc5ad162d7089eccc6338c28435ce2 Mon Sep 17 00:00:00 2001 From: Serhii Turivnyi Date: Thu, 12 Apr 2018 14:40:44 +0300 Subject: [PATCH 46/86] Add CI tests for Atomic Host using the standard test interface --- tests/at | 1 + tests/initscript/Makefile | 3 --- tests/initscript/runtest.sh | 1 - tests/tests.yml | 2 ++ 4 files changed, 3 insertions(+), 4 deletions(-) create mode 160000 tests/at diff --git a/tests/at b/tests/at new file mode 160000 index 0000000..30cccc8 --- /dev/null +++ b/tests/at @@ -0,0 +1 @@ +Subproject commit 30cccc88a2064eb05018a09d65164a26972cd5b5 diff --git a/tests/initscript/Makefile b/tests/initscript/Makefile index 106ee79..9b15af0 100644 --- a/tests/initscript/Makefile +++ b/tests/initscript/Makefile @@ -42,9 +42,6 @@ build: $(BUILT_FILES) clean: rm -f *~ $(BUILT_FILES) - -include /usr/share/rhts/lib/rhts-make.include - $(METADATA): Makefile @echo "Owner: Radek Biba " > $(METADATA) @echo "Name: $(TEST)" >> $(METADATA) diff --git a/tests/initscript/runtest.sh b/tests/initscript/runtest.sh index b56556d..a84aecb 100755 --- a/tests/initscript/runtest.sh +++ b/tests/initscript/runtest.sh @@ -27,7 +27,6 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include rhts environment -. /usr/bin/rhts-environment.sh . /usr/share/rhts-library/rhtslib.sh PACKAGE="at" diff --git a/tests/tests.yml b/tests/tests.yml index 7c14ca2..751a586 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -5,6 +5,8 @@ - role: standard-test-beakerlib tags: - classic + - container + - atomic tests: - initscript required_packages: From d5d9dba94b2d6d230e7e94545df3d728934177ef Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 23 May 2018 15:24:02 +0200 Subject: [PATCH 47/86] log the jobs being run --- at-3.1.20-log-jobs.patch | 14 ++++++++++++++ at.spec | 7 ++++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 at-3.1.20-log-jobs.patch diff --git a/at-3.1.20-log-jobs.patch b/at-3.1.20-log-jobs.patch new file mode 100644 index 0000000..44cc7d3 --- /dev/null +++ b/at-3.1.20-log-jobs.patch @@ -0,0 +1,14 @@ +diff -up at-3.1.20/atd.c.log-jobs at-3.1.20/atd.c +--- at-3.1.20/atd.c.log-jobs 2018-05-23 15:09:35.158362293 +0200 ++++ at-3.1.20/atd.c 2018-05-23 15:18:39.153965582 +0200 +@@ -376,6 +376,10 @@ run_file(const char *filename, uid_t uid + pabort("Userid %lu not found - aborting job %8lu (%.500s)", + (unsigned long) uid, jobno, filename); + } ++ ++ syslog(LOG_INFO, "Starting job %lu (%.500s) for user '%s' (%lu)", ++ jobno, filename, pentry->pw_name, (unsigned long) uid); ++ + PRIV_START + + stream = fopen(filename, "r"); diff --git a/at.spec b/at.spec index 2c1c6a5..87ddb24 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 10%{?dist} +Release: 11%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -32,6 +32,7 @@ Patch15: at-3.1.16-clear-nonjobs.patch Patch16: at-3.1.18-utc-dst.patch Patch17: at-3.1.20-lock-locks.patch Patch18: at-3.1.20-document-n.patch +Patch19: at-3.1.20-log-jobs.patch BuildRequires: gcc BuildRequires: flex flex-static bison autoconf @@ -83,6 +84,7 @@ cp %{SOURCE1} . %patch16 -p1 -b .dst %patch17 -p1 -b .lock-locks %patch18 -p1 -b .document-n +%patch19 -p1 -b .log-jobs %build # patch9 touches configure.in @@ -181,6 +183,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed May 23 2018 Tomáš Mráz - 3.1.20-11 +- log the jobs being run + * Sun Feb 25 2018 Florian Weimer - 3.1.20-10 - Drop "BuildRequires: fileutils /etc/init.d" From ef5feb2beb23e1f1407c1ebc25c1f389b9a18b01 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 12 Jul 2018 20:42:19 +0000 Subject: [PATCH 48/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 87ddb24..643d070 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.20 -Release: 11%{?dist} +Release: 12%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -183,6 +183,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Jul 12 2018 Fedora Release Engineering - 3.1.20-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Wed May 23 2018 Tomáš Mráz - 3.1.20-11 - log the jobs being run From cf4aac12135bbceb54016f4c046f6aaf5028a6f9 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 27 Aug 2018 15:05:24 +0200 Subject: [PATCH 49/86] new upstream release 3.1.23 --- .gitignore | 2 ++ at-3.1.20-document-n.patch | 22 ---------------------- at-3.1.23-document-n.patch | 22 ++++++++++++++++++++++ at.spec | 9 ++++++--- atd.systemd | 4 +++- sources | 3 ++- 6 files changed, 35 insertions(+), 27 deletions(-) delete mode 100644 at-3.1.20-document-n.patch create mode 100644 at-3.1.23-document-n.patch diff --git a/.gitignore b/.gitignore index 89de2f8..67ec311 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ at_3.1.12.orig.tar.gz /at_3.1.16.orig.tar.gz /at_3.1.18.orig.tar.gz /at_3.1.20.orig.tar.gz +/at_3.1.23.orig.tar.gz +/at_3.1.23.orig.tar.gz.asc diff --git a/at-3.1.20-document-n.patch b/at-3.1.20-document-n.patch deleted file mode 100644 index c4d929a..0000000 --- a/at-3.1.20-document-n.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up at-3.1.20/atd.8.in.document-n at-3.1.20/atd.8.in ---- at-3.1.20/atd.8.in.document-n 2015-08-22 00:09:22.000000000 +0200 -+++ at-3.1.20/atd.8.in 2017-09-14 14:17:04.922086349 +0200 -@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi - .IR batch_interval ] - .RB [ -d ] - .RB [ -f ] -+.RB [ -n ] - .RB [ -s ] - .SH DESCRIPTION - .B atd -@@ -40,6 +41,10 @@ Run - .BR atd - in the foreground. - .TP 8 -+.B -n -+Append the hostname of the system to the subject of the e-mails sent by -+.BR atd . -+.TP 8 - .B -s - Process the at/batch queue only once. - This is primarily of use for compatibility with old versions of diff --git a/at-3.1.23-document-n.patch b/at-3.1.23-document-n.patch new file mode 100644 index 0000000..7028300 --- /dev/null +++ b/at-3.1.23-document-n.patch @@ -0,0 +1,22 @@ +diff -up at-3.1.23/atd.8.in.document-n at-3.1.23/atd.8.in +--- at-3.1.23/atd.8.in.document-n 2018-08-27 14:49:09.824182482 +0200 ++++ at-3.1.23/atd.8.in 2018-08-27 14:50:34.625518639 +0200 +@@ -9,6 +9,7 @@ atd \- run jobs queued for later executi + .IR batch_interval ] + .RB [ \-d ] + .RB [ \-f ] ++.RB [ \-n ] + .RB [ \-s ] + .SH DESCRIPTION + .B atd +@@ -44,6 +45,10 @@ in the foreground. + Process the at/batch queue only once. + This is primarily of use for compatibility with old versions of + .BR at ; ++.B \-n ++Append the hostname of the system to the subject of the e-mails sent by ++.BR atd . ++.TP 8 + .B "atd \-s" + is equivalent to the old + .B atrun diff --git a/at.spec b/at.spec index 643d070..afd3be0 100644 --- a/at.spec +++ b/at.spec @@ -2,8 +2,8 @@ Summary: Job spooling tools Name: at -Version: 3.1.20 -Release: 12%{?dist} +Version: 3.1.23 +Release: 1%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -31,7 +31,7 @@ Patch14: at-3.1.16-fclose-error.patch Patch15: at-3.1.16-clear-nonjobs.patch Patch16: at-3.1.18-utc-dst.patch Patch17: at-3.1.20-lock-locks.patch -Patch18: at-3.1.20-document-n.patch +Patch18: at-3.1.23-document-n.patch Patch19: at-3.1.20-log-jobs.patch BuildRequires: gcc @@ -183,6 +183,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Mon Aug 27 2018 Tomáš Mráz - 3.1.23-1 +- new upstream release + * Thu Jul 12 2018 Fedora Release Engineering - 3.1.20-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild diff --git a/atd.systemd b/atd.systemd index abe24c1..962b0d0 100644 --- a/atd.systemd +++ b/atd.systemd @@ -1,11 +1,13 @@ [Unit] -Description=Job spooling tools +Description=Deferred execution scheduler +Documentation=man:atd(8) After=syslog.target systemd-user-sessions.service [Service] EnvironmentFile=/etc/sysconfig/atd ExecStart=/usr/sbin/atd -f $OPTS IgnoreSIGPIPE=no +KillMode=process [Install] WantedBy=multi-user.target diff --git a/sources b/sources index 67f3292..c8bc7c4 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -e7bd7b785b2cbb17e133d6bdc0fb099e at_3.1.20.orig.tar.gz +SHA512 (at_3.1.23.orig.tar.gz) = ee5cf5abf32cf1e89746e427d1cc20005ef49fad47db55512c90042a77e86b2c15f5de029c79573bc86ce4aead6ed2d561b89812510aadbc5763f9288b467cfd +SHA512 (at_3.1.23.orig.tar.gz.asc) = ccc32753d31cccd6257c25acfda3f407c3cab52ca9b6c120eca852207cb00e143daa78b81bc65cc2703c5f94cf5d7fae08d301cfc57541e1ebd31df6ae2121bb From 2fbbe3c5ef10df880d50b85c55d1dcc90c327347 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:17:39 +0100 Subject: [PATCH 50/86] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- at.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/at.spec b/at.spec index afd3be0..a94310e 100644 --- a/at.spec +++ b/at.spec @@ -7,7 +7,6 @@ Release: 1%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain -Group: System Environment/Daemons URL: http://ftp.debian.org/debian/pool/main/a/at Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz From 86570c254553b515481cea3207e15136871a7429 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 31 Jan 2019 14:02:43 +0000 Subject: [PATCH 51/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index a94310e..ad6e3e7 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.23 -Release: 1%{?dist} +Release: 2%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -182,6 +182,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Jan 31 2019 Fedora Release Engineering - 3.1.23-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Mon Aug 27 2018 Tomáš Mráz - 3.1.23-1 - new upstream release From 2cdc6cfebe0edc79e68ee28a5c3a59baf5be6c8e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 24 Jul 2019 18:41:12 +0000 Subject: [PATCH 52/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index ad6e3e7..0859922 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.23 -Release: 2%{?dist} +Release: 3%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -182,6 +182,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jul 24 2019 Fedora Release Engineering - 3.1.23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Thu Jan 31 2019 Fedora Release Engineering - 3.1.23-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From ec80856746c088a43f782a4f82282adaa360423e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jan 2020 12:20:23 +0000 Subject: [PATCH 53/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 0859922..72a0767 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.23 -Release: 3%{?dist} +Release: 4%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -182,6 +182,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Tue Jan 28 2020 Fedora Release Engineering - 3.1.23-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Wed Jul 24 2019 Fedora Release Engineering - 3.1.23-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild From 4bce1dc99fc097b5f9eb8080a50ecd88bd4268f2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 27 Jul 2020 12:37:17 +0000 Subject: [PATCH 54/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 72a0767..c6032fd 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.23 -Release: 4%{?dist} +Release: 5%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -182,6 +182,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Mon Jul 27 2020 Fedora Release Engineering - 3.1.23-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Tue Jan 28 2020 Fedora Release Engineering - 3.1.23-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 9cac67c57818611555d6bfa607ff85029035684e Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Wed, 16 Dec 2020 23:58:00 +0000 Subject: [PATCH 55/86] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- at.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/at.spec b/at.spec index c6032fd..065296f 100644 --- a/at.spec +++ b/at.spec @@ -45,6 +45,7 @@ BuildRequires: pam-devel Conflicts: crontabs <= 1.5 # No, I'm not kidding BuildRequires: smtpdaemon +BuildRequires: make Requires(post): systemd-units Requires(preun): systemd-units From 69ccde92705fda395721c96de181a71a0983a487 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 26 Jan 2021 00:39:06 +0000 Subject: [PATCH 56/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 065296f..d9312c9 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.23 -Release: 5%{?dist} +Release: 6%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -183,6 +183,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Tue Jan 26 2021 Fedora Release Engineering - 3.1.23-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Mon Jul 27 2020 Fedora Release Engineering - 3.1.23-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 0b0cc322e56581560ac5891231af0dd589b3144b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 2 Mar 2021 16:14:09 +0100 Subject: [PATCH 57/86] Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. --- at.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index d9312c9..ff2f07b 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.23 -Release: 6%{?dist} +Release: 7%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -183,6 +183,10 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.1.23-7 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + * Tue Jan 26 2021 Fedora Release Engineering - 3.1.23-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From 888e351a6c74ab0104efc838773029ad46b2ab44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= Date: Fri, 16 Apr 2021 13:12:31 +0200 Subject: [PATCH 58/86] Modernize and clean spec file - Unify spaces/tabs to spaces - Use autosetup/autopatch, get rid of explicit patch numbers --- at.spec | 157 +++++++++++++++++++++++++------------------------------- 1 file changed, 70 insertions(+), 87 deletions(-) diff --git a/at.spec b/at.spec index ff2f07b..8239867 100644 --- a/at.spec +++ b/at.spec @@ -1,37 +1,37 @@ %bcond_without pam -Summary: Job spooling tools -Name: at -Version: 3.1.23 -Release: 7%{?dist} +Summary: Job spooling tools +Name: at +Version: 3.1.23 +Release: 7%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain -License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain -URL: http://ftp.debian.org/debian/pool/main/a/at +License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain +URL: http://ftp.debian.org/debian/pool/main/a/at -Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz +Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz # git upstream source git://git.debian.org/git/collab-maint/at.git -Source1: pam_atd -Source3: atd.sysconf -Source5: atd.systemd +Source1: pam_atd +Source3: atd.sysconf +Source5: atd.systemd -Patch0: at-aarch64.patch -Patch1: at-3.1.18-make.patch -Patch2: at-3.1.20-pam.patch -Patch4: at-3.1.14-opt_V.patch -Patch5: at-3.1.20-shell.patch -Patch6: at-3.1.18-nitpicks.patch -Patch8: at-3.1.14-fix_no_export.patch -Patch9: at-3.1.14-mailwithhostname.patch -Patch10: at-3.1.14-usePOSIXtimers.patch -Patch12: at-3.1.20-aborted-jobs.patch -Patch13: at-3.1.18-noabort.patch -Patch14: at-3.1.16-fclose-error.patch -Patch15: at-3.1.16-clear-nonjobs.patch -Patch16: at-3.1.18-utc-dst.patch -Patch17: at-3.1.20-lock-locks.patch -Patch18: at-3.1.23-document-n.patch -Patch19: at-3.1.20-log-jobs.patch +Patch: at-aarch64.patch +Patch: at-3.1.18-make.patch +Patch: at-3.1.20-pam.patch +Patch: at-3.1.14-opt_V.patch +Patch: at-3.1.20-shell.patch +Patch: at-3.1.18-nitpicks.patch +Patch: at-3.1.14-fix_no_export.patch +Patch: at-3.1.14-mailwithhostname.patch +Patch: at-3.1.14-usePOSIXtimers.patch +Patch: at-3.1.20-aborted-jobs.patch +Patch: at-3.1.18-noabort.patch +Patch: at-3.1.16-fclose-error.patch +Patch: at-3.1.16-clear-nonjobs.patch +Patch: at-3.1.18-utc-dst.patch +Patch: at-3.1.20-lock-locks.patch +Patch: at-3.1.23-document-n.patch +Patch: at-3.1.20-log-jobs.patch BuildRequires: gcc BuildRequires: flex flex-static bison autoconf @@ -66,58 +66,41 @@ need to be repeated at the same time every day/week, etc. you should use crontab instead. %prep -%setup -q +%autosetup -N cp %{SOURCE1} . -%patch0 -p1 -b .arm -%patch1 -p1 -b .make -%patch2 -p1 -b .pam -%patch4 -p1 -b .opt_V -%patch5 -p1 -b .shell -%patch6 -p1 -b .nit -%patch8 -p1 -b .export -%patch9 -p1 -b .mail -%patch10 -p1 -b .posix -%patch12 -p1 -b .aborted -%patch13 -p1 -b .noabort -%patch14 -p1 -b .fclose -%patch15 -p1 -b .clear-nojobs -%patch16 -p1 -b .dst -%patch17 -p1 -b .lock-locks -%patch18 -p1 -b .document-n -%patch19 -p1 -b .log-jobs +%autopatch -p1 %build -# patch9 touches configure.in +# at-3.1.14-usePOSIXtimers.patch touches configure.in autoconf # uselles files rm -f lex.yy.* y.tab.* + %configure --with-atspool=%{_localstatedir}/spool/at/spool \ - --with-jobdir=%{_localstatedir}/spool/at \ - --with-daemon_username=root \ - --with-daemon_groupname=root \ - --with-selinux \ -%if %{with pam} - --with-pam -%endif + --with-jobdir=%{_localstatedir}/spool/at \ + --with-daemon_username=root \ + --with-daemon_groupname=root \ + --with-selinux \ + %{?with_pam:--with-pam} make %install make install \ - DAEMON_USERNAME=`id -nu`\ - DAEMON_GROUPNAME=`id -ng` \ - DESTDIR=%{buildroot}\ - sbindir=%{buildroot}%{_prefix}/sbin\ - bindir=%{buildroot}%{_bindir}\ - prefix=%{buildroot}%{_prefix}\ - exec_prefix=%{buildroot}%{_prefix}\ - docdir=%{buildroot}/usr/doc\ - mandir=%{buildroot}%{_mandir}\ - etcdir=%{buildroot}%{_sysconfdir} \ - ATJOB_DIR=%{buildroot}%{_localstatedir}/spool/at \ - ATSPOOL_DIR=%{buildroot}%{_localstatedir}/spool/at/spool \ - INSTALL_ROOT_USER=`id -nu` \ - INSTALL_ROOT_GROUP=`id -nu`; + DAEMON_USERNAME=`id -nu`\ + DAEMON_GROUPNAME=`id -ng` \ + DESTDIR=%{buildroot}\ + sbindir=%{buildroot}%{_prefix}/sbin\ + bindir=%{buildroot}%{_bindir}\ + prefix=%{buildroot}%{_prefix}\ + exec_prefix=%{buildroot}%{_prefix}\ + docdir=%{buildroot}/usr/doc\ + mandir=%{buildroot}%{_mandir}\ + etcdir=%{buildroot}%{_sysconfdir} \ + ATJOB_DIR=%{buildroot}%{_localstatedir}/spool/at \ + ATSPOOL_DIR=%{buildroot}%{_localstatedir}/spool/at/spool \ + INSTALL_ROOT_USER=`id -nu` \ + INSTALL_ROOT_GROUP=`id -nu`; echo > %{buildroot}%{_sysconfdir}/at.deny mkdir docs @@ -167,20 +150,20 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %files %license Copyright COPYING %doc README timespec ChangeLog -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd -%attr(0700,root,root) %dir %{_localstatedir}/spool/at -%attr(0600,root,root) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ -%attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd +%attr(0700,root,root) %dir %{_localstatedir}/spool/at +%attr(0600,root,root) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ +%attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd %{_sbindir}/atrun -%attr(0755,root,root) %{_sbindir}/atd +%attr(0755,root,root) %{_sbindir}/atd %{_mandir}/man*/* %{_bindir}/batch %{_bindir}/atrm %{_bindir}/atq -%attr(4755,root,root) %{_bindir}/at -%attr(0644,root,root) /%{_unitdir}/atd.service +%attr(4755,root,root) %{_bindir}/at +%attr(0644,root,root) /%{_unitdir}/atd.service %changelog * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.1.23-7 @@ -325,7 +308,7 @@ chown root:root %{_localstatedir}/spool/at/.SEQ - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Mon Nov 14 2011 Marcela Mašláňová - 3.1.13-5 -- 754156 fix typo in script +- 754156 fix typo in script * Mon Nov 14 2011 Marcela Mašláňová - 3.1.13-5 - fix incorrect option in test in 56atd @@ -367,7 +350,7 @@ chown root:root %{_localstatedir}/spool/at/.SEQ - 617320 systemd init script replacement * Mon Mar 15 2010 Marcela Mašláňová - 3.1.12-5 -- 568222 interrupted 'at' job creates empty job for non-root +- 568222 interrupted 'at' job creates empty job for non-root * Mon Mar 1 2010 Marcela Mašláňová - 3.1.12-4 - 568779 atd is alway runnig after suspend/resume @@ -424,8 +407,8 @@ chown root:root %{_localstatedir}/spool/at/.SEQ - 486227 add hyphen date into manual page. * Wed Dec 3 2008 Marcela Mašláňová - 3.1.10-27 -- 464393 add script into pm-utils, because daemon wasn't taking all jobs - after suspend/hibernate +- 464393 add script into pm-utils, because daemon wasn't taking all jobs + after suspend/hibernate * Fri Oct 24 2008 Marcela Mašláňová - 3.1.10-26 - update init script according to SysVInitScript @@ -502,7 +485,7 @@ chown root:root %{_localstatedir}/spool/at/.SEQ - rhbz#224597 * Fri Oct 27 2006 Marcela Maslanova - 3.1.10-6 -- fix daylight-saving again +- fix daylight-saving again - fix #214759 - problem with seteuid * Wed Oct 25 2006 Marcela Maslanova - 3.1.10-5 @@ -537,11 +520,11 @@ chown root:root %{_localstatedir}/spool/at/.SEQ - use include instead of pam_stack in pam config * Fri Jun 03 2005 Jason Vas Dias 3.1.8-78 -- fix bug 159220: add pam_loginuid to pam session stack in /etc/pam.d/atd +- fix bug 159220: add pam_loginuid to pam session stack in /etc/pam.d/atd - fix bug 102341: add '-r' synonym for '-d' / atrm for POSIX / SuS conformance * Fri Apr 08 2005 Jason Vas Dias 3.1.8-77 -- always call pam_setcred(pamh, PAM_DELETE_CRED) before session +- always call pam_setcred(pamh, PAM_DELETE_CRED) before session - close * Tue Apr 05 2005 Jason Vas Dias 3.1.8-70 @@ -552,7 +535,7 @@ chown root:root %{_localstatedir}/spool/at/.SEQ - user can know when using at(1) if PAM permission is denied. * Tue Mar 08 2005 Jason Vas Dias 3.1.8-67 -- better fix for bug 150131: change DAEMON_USERNAME and +- better fix for bug 150131: change DAEMON_USERNAME and - DAEMON_GROUPNAME to 'root' . * Mon Mar 07 2005 Jason Vas Dias 3.1.8-66 @@ -570,7 +553,7 @@ chown root:root %{_localstatedir}/spool/at/.SEQ - details of blacklisted variables. * Tue Sep 28 2004 Rik van Riel 3.1.8-58 -- fix typo in man page, bug 112303 +- fix typo in man page, bug 112303 - (regenerated at-3.1.8-man-timespec-path.patch with fix) * Tue Aug 03 2004 Jason Vas Dias @@ -703,7 +686,7 @@ chown root:root %{_localstatedir}/spool/at/.SEQ - updated patch update, still bug #46546 * Wed Jul 18 2001 Crutcher Dunnavant -- applied enrico.scholz@informatik.tu-chemnitz.de's change to the env patch to +- applied enrico.scholz@informatik.tu-chemnitz.de's change to the env patch to - address bug #46546 * Mon Jun 25 2001 Crutcher Dunnavant @@ -786,7 +769,7 @@ chown root:root %{_localstatedir}/spool/at/.SEQ * Mon May 24 1999 Jeff Johnson - reset SIGCHLD before exec (#3016). -* Sun Mar 21 1999 Cristian Gafton +* Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 8) * Thu Mar 18 1999 Cristian Gafton From c6984163ba5d0d2f467bfe3eec2c01a5df13b46e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= Date: Fri, 16 Apr 2021 13:20:26 +0200 Subject: [PATCH 59/86] Patch issues found by coverity (rhbz#1938678) --- at-3.2.23-coverity-fix.patch | 115 +++++++++++++++++++++++++++++++++++ at.spec | 6 +- 2 files changed, 120 insertions(+), 1 deletion(-) create mode 100644 at-3.2.23-coverity-fix.patch diff --git a/at-3.2.23-coverity-fix.patch b/at-3.2.23-coverity-fix.patch new file mode 100644 index 0000000..119f2d5 --- /dev/null +++ b/at-3.2.23-coverity-fix.patch @@ -0,0 +1,115 @@ +From 4be4813262b3b57a95a5f3ce909d30741aa3ac72 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= +Date: Fri, 9 Apr 2021 16:47:33 +0200 +Subject: [PATCH] Address issues raised by static analysis +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jan Staněk +--- + at.c | 22 ++++++++++++++++++---- + daemon.c | 21 ++++++++++++++------- + 2 files changed, 32 insertions(+), 11 deletions(-) + +diff --git a/at.c b/at.c +index df55dc9..0c74e2e 100644 +--- a/at.c ++++ b/at.c +@@ -545,17 +545,27 @@ writefile(time_t runtimer, char queue) + return; + } + +- if (fstat(fd, &statbuf) == -1) ++ if (fstat(fd, &statbuf) == -1) { ++ close(fd); + return; ++ } + if ((statbuf.st_uid != 0) || !S_ISREG(statbuf.st_mode) || +- (statbuf.st_mode & (S_IWGRP | S_IWOTH))) ++ (statbuf.st_mode & (S_IWGRP | S_IWOTH))) { ++ close(fd); + return; ++ } + + fp = fdopen(fd, "r"); +- if (fp == NULL) ++ if (fp == NULL) { ++ close(fd); + return; +- if (fscanf(fp, "%d", &pid) != 1) ++ } ++ if (fscanf(fp, "%d", &pid) != 1) { ++ fclose(fp); + return; ++ } else { ++ fclose(fp); ++ } + + kill_errno = 0; + +@@ -640,6 +650,8 @@ list_jobs(void) + else + printf("%ld\t%s %c\n", jobno, timestr, queue); + } ++ closedir(spool); ++ + PRIV_END + } + +@@ -722,6 +734,8 @@ process_jobs(int argc, char **argv, int what) + putchar(ch); + } + done = 1; ++ fclose(fp); ++ fp = NULL; + } + else { + perr("Cannot open %.500s", dirent->d_name); +diff --git a/daemon.c b/daemon.c +index 4003b56..bc8191e 100644 +--- a/daemon.c ++++ b/daemon.c +@@ -122,18 +122,23 @@ daemon_setup() + /* Set up standard daemon environment */ + pid_t pid; + mode_t old_umask; +- int fd; ++ int fd, devnull; + FILE *fp; + + if (!daemon_debug) { +- close(0); +- close(1); +- close(2); +- if ((open("/dev/null", O_RDWR) != 0) || +- (open("/dev/null", O_RDWR) != 1) || +- (open("/dev/null", O_RDWR) != 2)) { ++ devnull = open("/dev/null", O_RDWR); ++ if (devnull == -1) { + perr("Error redirecting I/O"); + } ++ ++ if ((dup2(devnull, 0) == -1) || ++ (dup2(devnull, 1) == -1) || ++ (dup2(devnull, 2) == -1)) { ++ close(devnull); ++ perr("Error redirecting I/O"); ++ } else { ++ close(devnull); ++ } + } + + if (daemon_foreground) +@@ -208,6 +213,8 @@ daemon_setup() + fcntl(fd, F_SETFD, FD_CLOEXEC); + PRIV_END + ++ /* See the above comment. */ ++ /* coverity[leaked_storage: FALSE] */ + return; + } + +-- +2.31.1 + diff --git a/at.spec b/at.spec index 8239867..a20f3c0 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.1.23 -Release: 7%{?dist} +Release: 8%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -32,6 +32,7 @@ Patch: at-3.1.18-utc-dst.patch Patch: at-3.1.20-lock-locks.patch Patch: at-3.1.23-document-n.patch Patch: at-3.1.20-log-jobs.patch +Patch: at-3.2.23-coverity-fix.patch BuildRequires: gcc BuildRequires: flex flex-static bison autoconf @@ -166,6 +167,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Fri Apr 16 2021 Jan Staněk - 3.1.23-8 +- Patch issues found by coverity (rhbz#1938678) + * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3.1.23-7 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. From e046bce8125d6828b52d7f90737f0044aaeb21e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Thu, 20 May 2021 17:05:51 +0200 Subject: [PATCH 60/86] Update to new upstream release --- .gitignore | 4 + at-3.1.18-utc-dst.patch | 24 ----- ...k-locks.patch => at-3.2.2-lock-locks.patch | 44 ++++---- at-3.1.18-make.patch => at-3.2.2-make.patch | 12 ++- at-3.1.20-pam.patch => at-3.2.2-pam.patch | 101 +++++++++--------- at-3.1.20-shell.patch => at-3.2.2-shell.patch | 15 +-- at.spec | 18 ++-- sources | 4 +- 8 files changed, 103 insertions(+), 119 deletions(-) delete mode 100644 at-3.1.18-utc-dst.patch rename at-3.1.20-lock-locks.patch => at-3.2.2-lock-locks.patch (76%) rename at-3.1.18-make.patch => at-3.2.2-make.patch (92%) rename at-3.1.20-pam.patch => at-3.2.2-pam.patch (79%) rename at-3.1.20-shell.patch => at-3.2.2-shell.patch (71%) diff --git a/.gitignore b/.gitignore index 67ec311..75aa953 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,7 @@ at_3.1.12.orig.tar.gz /at_3.1.20.orig.tar.gz /at_3.1.23.orig.tar.gz /at_3.1.23.orig.tar.gz.asc +/at_3.2.1.orig.tar.gz +/at_3.2.1.orig.tar.gz.asc +/at_3.2.2.orig.tar.gz +/at_3.2.2.orig.tar.gz.asc diff --git a/at-3.1.18-utc-dst.patch b/at-3.1.18-utc-dst.patch deleted file mode 100644 index 3a2a40b..0000000 --- a/at-3.1.18-utc-dst.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up at-3.1.18/parsetime.y.dst at-3.1.18/parsetime.y ---- at-3.1.18/parsetime.y.dst 2015-12-06 16:45:10.000000000 +0100 -+++ at-3.1.18/parsetime.y 2015-07-01 13:53:14.088881926 +0200 -@@ -476,8 +476,8 @@ parsetime(time_t currtime, int argc, cha - exectm = *localtime(&currtime); - currtime -= exectm.tm_sec; - exectm.tm_sec = 0; -- exectm.tm_isdst = -1; - memcpy(&currtm,&exectm,sizeof(currtm)); -+ exectm.tm_isdst = -1; - time_only = 0; - yearspec = 0; - -@@ -503,8 +503,8 @@ parsetime(time_t currtime, int argc, cha - return 0; - if (isgmt) { - exectime -= timezone; -- if (currtm.tm_isdst && !exectm.tm_isdst) -- exectime -= 3600; -+ if (exectm.tm_isdst) -+ exectime += 3600; - } - if (exectime < currtime) - panic("refusing to create job destined in the past"); diff --git a/at-3.1.20-lock-locks.patch b/at-3.2.2-lock-locks.patch similarity index 76% rename from at-3.1.20-lock-locks.patch rename to at-3.2.2-lock-locks.patch index 17d6ad4..6d97c82 100644 --- a/at-3.1.20-lock-locks.patch +++ b/at-3.2.2-lock-locks.patch @@ -1,6 +1,6 @@ -diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c ---- at-3.1.20/atd.c.lock-locks 2016-07-01 10:41:50.640867692 +0200 -+++ at-3.1.20/atd.c 2016-07-01 10:42:32.345844967 +0200 +diff -ur b/atd.c a/atd.c +--- b/atd.c 2021-04-25 03:31:30.000000000 +0200 ++++ a/atd.c 2021-05-21 13:00:45.135020670 +0200 @@ -74,6 +74,9 @@ #include #endif @@ -11,7 +11,7 @@ diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c /* Local headers */ #include "privs.h" -@@ -288,7 +291,7 @@ run_file(const char *filename, uid_t uid +@@ -275,7 +278,7 @@ * mail to the user. */ pid_t pid; @@ -20,7 +20,7 @@ diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c char jobbuf[9]; char *mailname = NULL; int mailsize = 128; -@@ -410,6 +413,10 @@ run_file(const char *filename, uid_t uid +@@ -390,6 +393,10 @@ fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); @@ -31,7 +31,7 @@ diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c /* * If the spool directory is mounted via NFS `atd' isn't able to * read from the job file and will bump out here. The file is -@@ -553,10 +560,7 @@ run_file(const char *filename, uid_t uid +@@ -520,10 +527,7 @@ PRIV_END } /* We're the parent. Let's wait. @@ -43,7 +43,7 @@ diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c non-blocking waitpid. So this blocking one will eventually return with an ECHILD error. */ -@@ -573,14 +577,14 @@ run_file(const char *filename, uid_t uid +@@ -548,14 +552,14 @@ /* some sendmail implementations are confused if stdout, stderr are * not available, so let them point to /dev/null */ @@ -63,7 +63,7 @@ diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c if (unlink(filename) == -1) syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s", -@@ -588,7 +592,12 @@ run_file(const char *filename, uid_t uid +@@ -563,7 +567,12 @@ /* The job is now finished. We can delete its input file. */ @@ -77,31 +77,31 @@ diff -up at-3.1.20/atd.c.lock-locks at-3.1.20/atd.c unlink(newname); free(newname); -@@ -723,16 +732,18 @@ run_loop() +@@ -673,16 +682,18 @@ /* Skip lock files */ if (queue == '=') { - /* FIXME: calhariz */ -- /* I think the following code is broken, but commenting -- may haven unknow side effects. Make a release and see +- /* I think the following code is broken, but commenting it +- may cause unknow side effects. Make a release and see - in the wild how it works. For more information see: -- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818508/* +- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818508 */ - - /* if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { */ - /* /\* Remove stale lockfile FIXME: lock the lockfile, if you fail, it's still in use. *\/ */ - /* unlink(dirent->d_name); */ - /* } */ -+ if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { -+ int fd; ++ if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { ++ int fd; + -+ fd = open(dirent->d_name, O_RDONLY); -+ if (fd != -1) { -+ if (flock(fd, LOCK_EX | LOCK_NB) == 0) { -+ unlink(dirent->d_name); -+ syslog(LOG_NOTICE, "removing stale lock file %s\n", dirent->d_name); -+ } -+ (void)close(fd); -+ } ++ fd = open(dirent->d_name, O_RDONLY); ++ if (fd != -1) { ++ if (flock(fd, LOCK_EX | LOCK_NB) == 0) { ++ unlink(dirent->d_name); ++ syslog(LOG_NOTICE, "removing stale lock file %s\n", dirent->d_name); ++ } ++ (void)close(fd); ++ } + } continue; } diff --git a/at-3.1.18-make.patch b/at-3.2.2-make.patch similarity index 92% rename from at-3.1.18-make.patch rename to at-3.2.2-make.patch index 171b63c..dca750f 100644 --- a/at-3.1.18-make.patch +++ b/at-3.2.2-make.patch @@ -1,7 +1,7 @@ -diff -up at-3.1.18/Makefile.in.make at-3.1.18/Makefile.in ---- at-3.1.18/Makefile.in.make 2015-12-06 16:45:10.000000000 +0100 -+++ at-3.1.18/Makefile.in 2016-03-23 12:38:15.652898579 +0100 -@@ -68,13 +68,13 @@ LIST = Filelist Filelist.asc +diff -ur b/Makefile.in a/Makefile.in +--- b/Makefile.in 2021-04-25 03:31:30.000000000 +0200 ++++ a/Makefile.in 2021-05-20 17:44:24.477236293 +0200 +@@ -71,13 +71,13 @@ all: at atd atd.service atrun at: $(ATOBJECTS) @@ -17,7 +17,7 @@ diff -up at-3.1.18/Makefile.in.make at-3.1.18/Makefile.in y.tab.c y.tab.h: parsetime.y $(YACC) -d parsetime.y -@@ -89,38 +89,41 @@ atrun: atrun.in +@@ -92,40 +92,41 @@ configure .c.o: @@ -28,6 +28,7 @@ diff -up at-3.1.18/Makefile.in.make at-3.1.18/Makefile.in - $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) - $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) - $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdatadir) - $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) - $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) - $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) @@ -52,6 +53,7 @@ diff -up at-3.1.18/Makefile.in.make at-3.1.18/Makefile.in $(LN_S) -f at $(IROOT)$(bindir)/atq $(LN_S) -f at $(IROOT)$(bindir)/atrm - $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) +- $(INSTALL) -g root -o root -m 755 batch-job $(IROOT)$(atdatadir) - $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) - $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) - $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) diff --git a/at-3.1.20-pam.patch b/at-3.2.2-pam.patch similarity index 79% rename from at-3.1.20-pam.patch rename to at-3.2.2-pam.patch index 418fa84..df1435e 100644 --- a/at-3.1.20-pam.patch +++ b/at-3.2.2-pam.patch @@ -1,7 +1,7 @@ -diff -up at-3.1.20/at.c.pam at-3.1.20/at.c ---- at-3.1.20/at.c.pam 2016-06-28 22:18:00.000000000 +0200 -+++ at-3.1.20/at.c 2016-07-01 09:44:22.251683924 +0200 -@@ -144,18 +144,13 @@ sigc(int signo) +diff -ur b/at.c a/at.c +--- b/at.c 2021-04-25 03:31:30.000000000 +0200 ++++ a/at.c 2021-05-20 17:57:36.909775361 +0200 +@@ -145,18 +145,12 @@ /* If the user presses ^C, remove the spool file and exit */ if (fcreated) { @@ -16,13 +16,12 @@ diff -up at-3.1.20/at.c.pam at-3.1.20/at.c - unlink(atfile); - setregid(effective_gid, real_gid); - /* -+ unlink(atfile); PRIV_END - */ } exit(EXIT_FAILURE); } -@@ -315,26 +310,19 @@ writefile(time_t runtimer, char queue) +@@ -316,26 +310,19 @@ * bit. Yes, this is a kluge. */ cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); @@ -52,7 +51,7 @@ diff -up at-3.1.20/at.c.pam at-3.1.20/at.c /* We've successfully created the file; let's set the flag so it * gets removed in case of an interrupt or error. */ -@@ -673,7 +661,7 @@ process_jobs(int argc, char **argv, int +@@ -694,7 +681,7 @@ We need the unprivileged uid here since the file is owned by the real (not effective) uid. */ @@ -61,7 +60,7 @@ diff -up at-3.1.20/at.c.pam at-3.1.20/at.c if (queue == '=') { fprintf(stderr, "Warning: deleting running job\n"); -@@ -682,8 +670,8 @@ process_jobs(int argc, char **argv, int +@@ -703,8 +690,8 @@ perr("Cannot unlink %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -71,7 +70,7 @@ diff -up at-3.1.20/at.c.pam at-3.1.20/at.c done = 1; break; -@@ -693,7 +681,7 @@ process_jobs(int argc, char **argv, int +@@ -714,7 +701,7 @@ FILE *fp; int ch; @@ -80,7 +79,7 @@ diff -up at-3.1.20/at.c.pam at-3.1.20/at.c fp = fopen(dirent->d_name, "r"); if (fp) { -@@ -706,7 +694,7 @@ process_jobs(int argc, char **argv, int +@@ -727,7 +714,7 @@ perr("Cannot open %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -89,10 +88,10 @@ diff -up at-3.1.20/at.c.pam at-3.1.20/at.c } break; -diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c ---- at-3.1.20/atd.c.pam 2016-06-28 22:14:39.000000000 +0200 -+++ at-3.1.20/atd.c 2016-07-01 09:44:22.251683924 +0200 -@@ -91,6 +91,10 @@ int selinux_enabled = 0; +diff -ur b/atd.c a/atd.c +--- b/atd.c 2021-04-25 03:31:30.000000000 +0200 ++++ a/atd.c 2021-05-20 17:57:35.005776469 +0200 +@@ -91,6 +91,10 @@ /* Macros */ @@ -103,7 +102,7 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c #define BATCH_INTERVAL_DEFAULT 60 #define CHECK_INTERVAL 3600 -@@ -114,7 +118,7 @@ static int run_as_daemon = 0; +@@ -114,7 +118,7 @@ static volatile sig_atomic_t term_signal = 0; @@ -112,7 +111,7 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c #include static pam_handle_t *pamh = NULL; -@@ -123,15 +127,7 @@ static const struct pam_conv conv = { +@@ -123,15 +127,7 @@ NULL }; @@ -129,7 +128,7 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c /* Signal handlers */ RETSIGTYPE -@@ -292,7 +288,7 @@ run_file(const char *filename, uid_t uid +@@ -292,7 +288,7 @@ char fmt[64]; unsigned long jobno; int rc; @@ -138,7 +137,7 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c int retcode; #endif -@@ -449,17 +445,11 @@ run_file(const char *filename, uid_t uid +@@ -449,17 +445,11 @@ fstat(fd_out, &buf); size = buf.st_size; @@ -161,12 +160,13 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c #endif close(STDIN_FILENO); -@@ -473,7 +463,14 @@ run_file(const char *filename, uid_t uid +@@ -473,7 +463,14 @@ else if (pid == 0) { char *nul = NULL; char **nenvp = &nul; +- + char **pam_envp=0L; - ++ + PRIV_START +#ifdef WITH_PAM + pam_envp = pam_getenvlist(pamh); @@ -176,16 +176,16 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c /* Set up things for the child; we want standard input from the * input file, and standard output and error sent to our output file. */ -@@ -492,8 +489,6 @@ run_file(const char *filename, uid_t uid +@@ -492,8 +489,6 @@ close(fd_in); close(fd_out); - PRIV_START - - nice((tolower((int) queue) - 'a' + 1) * 2); + nice((tolower((int) queue) - 'a') * 2); #ifdef WITH_SELINUX -@@ -514,9 +509,9 @@ run_file(const char *filename, uid_t uid +@@ -514,9 +509,9 @@ chdir("/"); @@ -198,7 +198,7 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c PRIV_END } /* We're the parent. Let's wait. -@@ -529,14 +524,6 @@ run_file(const char *filename, uid_t uid +@@ -529,14 +524,6 @@ */ waitpid(pid, (int *) NULL, 0); @@ -213,21 +213,21 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ -@@ -567,8 +554,13 @@ run_file(const char *filename, uid_t uid +@@ -567,8 +554,13 @@ unlink(newname); free(newname); +#ifdef ATD_MAIL_PROGRAM if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { + int mail_pid = -1; - ++ + mail_pid = fork(); -+ + + if ( mail_pid == 0 ) { PRIV_START if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -590,7 +582,20 @@ run_file(const char *filename, uid_t uid +@@ -590,7 +582,20 @@ perr("Exec failed for mail command"); PRIV_END @@ -236,7 +236,7 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c + syslog(LOG_ERR, "fork of mailer failed: %m"); + } + /* Parent */ -+ waitpid(mail_pid, (int *) NULL, 0); ++ waitpid(mail_pid, (int *) NULL, 0); } + +#ifdef WITH_PAM @@ -248,10 +248,10 @@ diff -up at-3.1.20/atd.c.pam at-3.1.20/atd.c exit(EXIT_SUCCESS); } -diff -up at-3.1.20/config.h.in.pam at-3.1.20/config.h.in ---- at-3.1.20/config.h.in.pam 2015-12-18 21:29:24.000000000 +0100 -+++ at-3.1.20/config.h.in 2016-07-01 09:44:22.251683924 +0200 -@@ -68,8 +68,8 @@ +diff -ur b/config.h.in a/config.h.in +--- b/config.h.in 2021-04-25 03:31:30.000000000 +0200 ++++ a/config.h.in 2021-05-20 17:59:32.127708342 +0200 +@@ -71,8 +71,8 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NLIST_H @@ -262,10 +262,10 @@ diff -up at-3.1.20/config.h.in.pam at-3.1.20/config.h.in /* Define to 1 if you have the `pstat_getdynamic' function. */ #undef HAVE_PSTAT_GETDYNAMIC -diff -up at-3.1.20/configure.ac.pam at-3.1.20/configure.ac ---- at-3.1.20/configure.ac.pam 2016-06-28 22:55:52.000000000 +0200 -+++ at-3.1.20/configure.ac 2016-07-01 09:45:23.268092527 +0200 -@@ -78,7 +78,7 @@ AC_FUNC_GETLOADAVG +diff -ur b/configure.ac a/configure.ac +--- b/configure.ac 2021-04-25 03:31:30.000000000 +0200 ++++ a/configure.ac 2021-05-20 17:59:29.088710109 +0200 +@@ -96,7 +96,7 @@ AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) AC_CHECK_HEADERS(security/pam_appl.h, [ PAMLIB="-lpam" @@ -274,7 +274,7 @@ diff -up at-3.1.20/configure.ac.pam at-3.1.20/configure.ac ]) dnl Checking for programs -@@ -239,6 +239,13 @@ AC_ARG_WITH(daemon_username, +@@ -257,6 +257,13 @@ ) AC_SUBST(DAEMON_USERNAME) @@ -288,10 +288,10 @@ diff -up at-3.1.20/configure.ac.pam at-3.1.20/configure.ac AC_ARG_WITH(selinux, [ --with-selinux Define to run with selinux (default=check)], [], -diff -up at-3.1.20/Makefile.in.pam at-3.1.20/Makefile.in ---- at-3.1.20/Makefile.in.pam 2016-07-01 09:44:22.250683901 +0200 -+++ at-3.1.20/Makefile.in 2016-07-01 09:44:22.252683947 +0200 -@@ -68,7 +68,7 @@ LIST = Filelist Filelist.asc +diff -ur b/Makefile.in a/Makefile.in +--- b/Makefile.in 2021-04-25 03:31:30.000000000 +0200 ++++ a/Makefile.in 2021-05-20 18:00:04.874689294 +0200 +@@ -71,7 +71,7 @@ all: at atd atd.service atrun at: $(ATOBJECTS) @@ -300,9 +300,9 @@ diff -up at-3.1.20/Makefile.in.pam at-3.1.20/Makefile.in rm -f $(CLONES) $(LN_S) -f at atq $(LN_S) -f at atrm -diff -up at-3.1.20/perm.c.pam at-3.1.20/perm.c ---- at-3.1.20/perm.c.pam 2015-08-22 00:09:22.000000000 +0200 -+++ at-3.1.20/perm.c 2016-07-01 09:44:22.252683947 +0200 +diff -ur b/perm.c a/perm.c +--- b/perm.c 2021-04-25 03:31:30.000000000 +0200 ++++ a/perm.c 2021-05-20 18:01:58.689621839 +0200 @@ -51,6 +51,14 @@ #define PRIV_END while(0) #endif @@ -318,7 +318,7 @@ diff -up at-3.1.20/perm.c.pam at-3.1.20/perm.c /* Structures and unions */ -@@ -108,18 +116,45 @@ user_in_file(const char *path, const cha +@@ -108,18 +116,45 @@ int check_permission() { @@ -367,10 +367,10 @@ diff -up at-3.1.20/perm.c.pam at-3.1.20/perm.c allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); if (allow==0 || allow==1) return allow; -diff -up at-3.1.20/privs.h.pam at-3.1.20/privs.h ---- at-3.1.20/privs.h.pam 2015-08-22 00:09:22.000000000 +0200 -+++ at-3.1.20/privs.h 2016-07-01 09:44:22.252683947 +0200 -@@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da +diff -ur b/privs.h a/privs.h +--- b/privs.h 2021-04-25 03:31:30.000000000 +0200 ++++ a/privs.h 2021-05-20 18:02:51.847589692 +0200 +@@ -144,3 +144,62 @@ #error "Cannot implement user ID swapping without setreuid or setresuid" #endif #endif @@ -433,4 +433,3 @@ diff -up at-3.1.20/privs.h.pam at-3.1.20/privs.h +} + +#endif -+ diff --git a/at-3.1.20-shell.patch b/at-3.2.2-shell.patch similarity index 71% rename from at-3.1.20-shell.patch rename to at-3.2.2-shell.patch index ac9586c..16c55f8 100644 --- a/at-3.1.20-shell.patch +++ b/at-3.2.2-shell.patch @@ -1,6 +1,6 @@ -diff -up at-3.1.20/at.c.shell at-3.1.20/at.c ---- at-3.1.20/at.c.shell 2016-07-01 09:47:13.392684445 +0200 -+++ at-3.1.20/at.c 2016-07-01 09:48:47.679931959 +0200 +diff -ur b/at.c a/at.c +--- b/at.c 2021-04-25 03:31:30.000000000 +0200 ++++ a/at.c 2021-05-21 12:51:48.123335137 +0200 @@ -62,11 +62,8 @@ #include #include @@ -13,7 +13,7 @@ diff -up at-3.1.20/at.c.shell at-3.1.20/at.c #ifdef HAVE_UNISTD_H #include -@@ -239,6 +236,12 @@ writefile(time_t runtimer, char queue) +@@ -245,6 +242,12 @@ int kill_errno; int rc; int mailsize = 128; @@ -26,7 +26,7 @@ diff -up at-3.1.20/at.c.shell at-3.1.20/at.c /* Install the signal handler for SIGINT; terminate after removing the * spool file if necessary -@@ -465,6 +468,9 @@ writefile(time_t runtimer, char queue) +@@ -492,6 +495,9 @@ fprintf(fp, " || {\n\t echo 'Execution directory " "inaccessible' >&2\n\t exit 1\n}\n"); @@ -35,8 +35,8 @@ diff -up at-3.1.20/at.c.shell at-3.1.20/at.c + istty = isatty(fileno(stdin)); if (istty) { - fprintf(stderr, "at> "); -@@ -480,7 +486,7 @@ writefile(time_t runtimer, char queue) + runtime = localtime(&runtimer); +@@ -512,7 +518,7 @@ if (istty) { fprintf(stderr, "\n"); } @@ -45,3 +45,4 @@ diff -up at-3.1.20/at.c.shell at-3.1.20/at.c if (ferror(fp)) panic("Output error"); fflush(fp); +Only in a: .vscode diff --git a/at.spec b/at.spec index a20f3c0..b80c8ca 100644 --- a/at.spec +++ b/at.spec @@ -2,24 +2,24 @@ Summary: Job spooling tools Name: at -Version: 3.1.23 -Release: 8%{?dist} +Version: 3.2.2 +Release: 1%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain URL: http://ftp.debian.org/debian/pool/main/a/at -Source: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz +Source: http://software.calhariz.com/at/at_%{version}.orig.tar.gz # git upstream source git://git.debian.org/git/collab-maint/at.git Source1: pam_atd Source3: atd.sysconf Source5: atd.systemd Patch: at-aarch64.patch -Patch: at-3.1.18-make.patch -Patch: at-3.1.20-pam.patch +Patch: at-3.2.2-make.patch +Patch: at-3.2.2-pam.patch Patch: at-3.1.14-opt_V.patch -Patch: at-3.1.20-shell.patch +Patch: at-3.2.2-shell.patch Patch: at-3.1.18-nitpicks.patch Patch: at-3.1.14-fix_no_export.patch Patch: at-3.1.14-mailwithhostname.patch @@ -28,8 +28,7 @@ Patch: at-3.1.20-aborted-jobs.patch Patch: at-3.1.18-noabort.patch Patch: at-3.1.16-fclose-error.patch Patch: at-3.1.16-clear-nonjobs.patch -Patch: at-3.1.18-utc-dst.patch -Patch: at-3.1.20-lock-locks.patch +Patch: at-3.2.2-lock-locks.patch Patch: at-3.1.23-document-n.patch Patch: at-3.1.20-log-jobs.patch Patch: at-3.2.23-coverity-fix.patch @@ -167,6 +166,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Fri May 21 2021 Ondřej Pohořelský - 3.2.2-1 +- Update to new upstream release + * Fri Apr 16 2021 Jan Staněk - 3.1.23-8 - Patch issues found by coverity (rhbz#1938678) diff --git a/sources b/sources index c8bc7c4..c11e3f8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (at_3.1.23.orig.tar.gz) = ee5cf5abf32cf1e89746e427d1cc20005ef49fad47db55512c90042a77e86b2c15f5de029c79573bc86ce4aead6ed2d561b89812510aadbc5763f9288b467cfd -SHA512 (at_3.1.23.orig.tar.gz.asc) = ccc32753d31cccd6257c25acfda3f407c3cab52ca9b6c120eca852207cb00e143daa78b81bc65cc2703c5f94cf5d7fae08d301cfc57541e1ebd31df6ae2121bb +SHA512 (at_3.2.2.orig.tar.gz) = e6f5aeddd89438aadff627d654ebc821a0b0e1a600ebaacc8a5fd3ec2c7c716f593757d00501311736d28f6d4276899667d6901d70836af208ff7d181b5b680f +SHA512 (at_3.2.2.orig.tar.gz.asc) = 54716fef56436c352a08c4bba5b0693a3dd7e187c320dc1ebf4e840b9175f024f3eb11b0a1f5dd428cfb3f2d59de8ab45b394576d71c033f99291a7bee3c1005 From ab6730cc6e77ce6b1fb8a377e223ff18d1baa12f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 13:11:24 +0000 Subject: [PATCH 61/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering From 0cb09c570790bb09bee64887a0d9a3e53356d185 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 21 Jul 2021 18:07:24 +0000 Subject: [PATCH 62/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index b80c8ca..7eb8906 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.2 -Release: 1%{?dist} +Release: 2%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -166,6 +166,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jul 21 2021 Fedora Release Engineering - 3.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Fri May 21 2021 Ondřej Pohořelský - 3.2.2-1 - Update to new upstream release From 0bf03454683e47368699cfe75168d68da566518f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jan 2022 21:50:23 +0000 Subject: [PATCH 63/86] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 7eb8906..54ecf9a 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.2 -Release: 2%{?dist} +Release: 3%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -166,6 +166,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Wed Jul 21 2021 Fedora Release Engineering - 3.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 61a47903a516c8256b0cf1ac0bb6050af71af9e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 22 Feb 2022 17:01:05 +0100 Subject: [PATCH 64/86] Update to new upstream release - Removed at-3.1.14-usePOSIXtimers.patch and at-3.2.23-coverity-fix.patch, because upstream implemented them - Defined folder paths without %%{buildroot} in order to make them work with latest Makefile changes - Resolves: rhbz#2048132 --- .gitignore | 4 + at-3.1.14-usePOSIXtimers.patch | 111 ----------------- at-3.2.2-make.patch | 84 ------------- at-3.2.23-coverity-fix.patch | 115 ------------------ ...-jobs.patch => at-3.2.5-aborted-jobs.patch | 12 +- ...e.patch => at-3.2.5-mailwithhostname.patch | 24 ++-- at-3.2.5-make.patch | 84 +++++++++++++ ...-nitpicks.patch => at-3.2.5-nitpicks.patch | 50 ++++---- ...18-noabort.patch => at-3.2.5-noabort.patch | 13 +- at-3.2.2-pam.patch => at-3.2.5-pam.patch | 82 ++++++------- at.spec | 52 ++++---- sources | 4 +- 12 files changed, 208 insertions(+), 427 deletions(-) delete mode 100644 at-3.1.14-usePOSIXtimers.patch delete mode 100644 at-3.2.2-make.patch delete mode 100644 at-3.2.23-coverity-fix.patch rename at-3.1.20-aborted-jobs.patch => at-3.2.5-aborted-jobs.patch (71%) rename at-3.1.14-mailwithhostname.patch => at-3.2.5-mailwithhostname.patch (68%) create mode 100644 at-3.2.5-make.patch rename at-3.1.18-nitpicks.patch => at-3.2.5-nitpicks.patch (68%) rename at-3.1.18-noabort.patch => at-3.2.5-noabort.patch (69%) rename at-3.2.2-pam.patch => at-3.2.5-pam.patch (88%) diff --git a/.gitignore b/.gitignore index 75aa953..f334ce1 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,7 @@ at_3.1.12.orig.tar.gz /at_3.2.1.orig.tar.gz.asc /at_3.2.2.orig.tar.gz /at_3.2.2.orig.tar.gz.asc +/at_3.2.4.orig.tar.gz +/at_3.2.4.orig.tar.gz.asc +/at_3.2.5.orig.tar.gz +/at_3.2.5.orig.tar.gz.sig diff --git a/at-3.1.14-usePOSIXtimers.patch b/at-3.1.14-usePOSIXtimers.patch deleted file mode 100644 index 89c5614..0000000 --- a/at-3.1.14-usePOSIXtimers.patch +++ /dev/null @@ -1,111 +0,0 @@ -diff -up at-3.1.14/atd.c.timers at-3.1.14/atd.c ---- at-3.1.14/atd.c.timers 2013-12-02 11:03:01.250080057 +0100 -+++ at-3.1.14/atd.c 2013-12-02 11:06:15.560243498 +0100 -@@ -831,6 +831,54 @@ run_loop() - return next_job; - } - -+#ifdef HAVE_TIMER_CREATE -+timer_t timer; -+struct itimerspec timeout; -+ -+void timer_setup() -+{ -+ struct sigevent sev; -+ -+ sev.sigev_notify = SIGEV_SIGNAL; -+ sev.sigev_signo = SIGHUP; -+ sev.sigev_value.sival_ptr = &timer; -+ -+ memset(&timeout, 0, sizeof(timeout)); -+ -+ if (timer_create(CLOCK_REALTIME, &sev, &timer) < 0) -+ pabort("unable to create timer"); -+} -+ -+time_t atd_gettime() -+{ -+ struct timespec curtime; -+ -+ clock_gettime(CLOCK_REALTIME, &curtime); -+ -+ return curtime.tv_sec; -+} -+ -+void atd_setalarm(time_t next) -+{ -+ timeout.it_value.tv_sec = next; -+ timer_settime(timer, TIMER_ABSTIME, &timeout, NULL); -+ pause(); -+} -+#else -+void timer_setup() -+{ -+} -+ -+time_t atd_gettime() -+{ -+ return time(NULL); -+} -+ -+void atd_setalarm(time_t next) -+{ -+ sleep(next - atd_gettime()); -+} -+#endif - /* Global functions */ - - int -@@ -936,7 +984,7 @@ main(int argc, char *argv[]) - sigaction(SIGCHLD, &act, NULL); - - if (!run_as_daemon) { -- now = time(NULL); -+ now = atd_gettime(); - run_loop(); - exit(EXIT_SUCCESS); - } -@@ -959,13 +1007,14 @@ main(int argc, char *argv[]) - act.sa_handler = set_term; - sigaction(SIGINT, &act, NULL); - -+ timer_setup(); - daemon_setup(); - - do { -- now = time(NULL); -+ now = atd_gettime(); - next_invocation = run_loop(); - if (next_invocation > now) { -- sleep(next_invocation - now); -+ atd_setalarm(next_invocation); - } - } while (!term_signal); - daemon_cleanup(); -diff -up at-3.1.14/config.h.in.timers at-3.1.14/config.h.in ---- at-3.1.14/config.h.in.timers 2013-12-02 11:00:27.000000000 +0100 -+++ at-3.1.14/config.h.in 2013-12-02 11:02:06.521033976 +0100 -@@ -38,6 +38,9 @@ - /* Define to 1 if you have the `getloadavg' function. */ - #undef HAVE_GETLOADAVG - -+/* Define to 1 if you have the `timer_create' function. */ -+#undef HAVE_TIMER_CREATE -+ - /* Define to 1 if you have the header file. */ - #undef HAVE_GETOPT_H - -diff -up at-3.1.14/configure.ac.timers at-3.1.14/configure.ac ---- at-3.1.14/configure.ac.timers 2013-12-02 11:00:27.000000000 +0100 -+++ at-3.1.14/configure.ac 2013-12-02 11:02:45.217066560 +0100 -@@ -254,6 +254,10 @@ AC_CHECK_LIB(selinux, is_selinux_enabled - AC_SUBST(SELINUXLIB) - AC_SUBST(WITH_SELINUX) - -+dnl check for POSIX timer functions -+AC_SEARCH_LIBS([timer_create],[rt]) -+AC_CHECK_FUNCS([timer_create]) -+ - AC_MSG_CHECKING(groupname to run under) - AC_ARG_WITH(daemon_groupname, - [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ], diff --git a/at-3.2.2-make.patch b/at-3.2.2-make.patch deleted file mode 100644 index dca750f..0000000 --- a/at-3.2.2-make.patch +++ /dev/null @@ -1,84 +0,0 @@ -diff -ur b/Makefile.in a/Makefile.in ---- b/Makefile.in 2021-04-25 03:31:30.000000000 +0200 -+++ a/Makefile.in 2021-05-20 17:44:24.477236293 +0200 -@@ -71,13 +71,13 @@ - all: at atd atd.service atrun - - at: $(ATOBJECTS) -- $(CC) $(LDFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) - rm -f $(CLONES) - $(LN_S) -f at atq - $(LN_S) -f at atrm - - atd: $(RUNOBJECTS) -- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) -+ $(CC) $(LDFLAGS) -pie -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) - - y.tab.c y.tab.h: parsetime.y - $(YACC) -d parsetime.y -@@ -92,40 +92,41 @@ - configure - - .c.o: -- $(CC) -c $(CFLAGS) $(DEFS) $*.c -+ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c - - install: all -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdatadir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) -- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(bindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 -d $(IROOT)$(docdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) -+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/ -+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) -+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) -+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) - touch $(IROOT)$(LFILE) - chmod 600 $(IROOT)$(LFILE) - chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) -- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir) -+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ -+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd -+ $(INSTALL) -m 4755 at $(IROOT)$(bindir) - $(LN_S) -f at $(IROOT)$(bindir)/atq - $(LN_S) -f at $(IROOT)$(bindir)/atrm -- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) -- $(INSTALL) -g root -o root -m 755 batch-job $(IROOT)$(atdatadir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) -- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) -- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) -- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ -+ $(INSTALL) -m 755 batch $(IROOT)$(bindir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man1dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man5dir) -+ $(INSTALL) -d -m 755 $(IROOT)$(man8dir) -+ $(INSTALL) -m 755 atd $(IROOT)$(sbindir) -+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir) -+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/ - cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 -- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/ -+ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/ - sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman -- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 -+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 - rm -f tmpman -- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/ -+ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/ - cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5 -- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) -+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir) - rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ - $(IROOT)$(mandir)/cat1/atq.1* - rm -f $(IROOT)$(mandir)/cat1/atd.8* diff --git a/at-3.2.23-coverity-fix.patch b/at-3.2.23-coverity-fix.patch deleted file mode 100644 index 119f2d5..0000000 --- a/at-3.2.23-coverity-fix.patch +++ /dev/null @@ -1,115 +0,0 @@ -From 4be4813262b3b57a95a5f3ce909d30741aa3ac72 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= -Date: Fri, 9 Apr 2021 16:47:33 +0200 -Subject: [PATCH] Address issues raised by static analysis -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Jan Staněk ---- - at.c | 22 ++++++++++++++++++---- - daemon.c | 21 ++++++++++++++------- - 2 files changed, 32 insertions(+), 11 deletions(-) - -diff --git a/at.c b/at.c -index df55dc9..0c74e2e 100644 ---- a/at.c -+++ b/at.c -@@ -545,17 +545,27 @@ writefile(time_t runtimer, char queue) - return; - } - -- if (fstat(fd, &statbuf) == -1) -+ if (fstat(fd, &statbuf) == -1) { -+ close(fd); - return; -+ } - if ((statbuf.st_uid != 0) || !S_ISREG(statbuf.st_mode) || -- (statbuf.st_mode & (S_IWGRP | S_IWOTH))) -+ (statbuf.st_mode & (S_IWGRP | S_IWOTH))) { -+ close(fd); - return; -+ } - - fp = fdopen(fd, "r"); -- if (fp == NULL) -+ if (fp == NULL) { -+ close(fd); - return; -- if (fscanf(fp, "%d", &pid) != 1) -+ } -+ if (fscanf(fp, "%d", &pid) != 1) { -+ fclose(fp); - return; -+ } else { -+ fclose(fp); -+ } - - kill_errno = 0; - -@@ -640,6 +650,8 @@ list_jobs(void) - else - printf("%ld\t%s %c\n", jobno, timestr, queue); - } -+ closedir(spool); -+ - PRIV_END - } - -@@ -722,6 +734,8 @@ process_jobs(int argc, char **argv, int what) - putchar(ch); - } - done = 1; -+ fclose(fp); -+ fp = NULL; - } - else { - perr("Cannot open %.500s", dirent->d_name); -diff --git a/daemon.c b/daemon.c -index 4003b56..bc8191e 100644 ---- a/daemon.c -+++ b/daemon.c -@@ -122,18 +122,23 @@ daemon_setup() - /* Set up standard daemon environment */ - pid_t pid; - mode_t old_umask; -- int fd; -+ int fd, devnull; - FILE *fp; - - if (!daemon_debug) { -- close(0); -- close(1); -- close(2); -- if ((open("/dev/null", O_RDWR) != 0) || -- (open("/dev/null", O_RDWR) != 1) || -- (open("/dev/null", O_RDWR) != 2)) { -+ devnull = open("/dev/null", O_RDWR); -+ if (devnull == -1) { - perr("Error redirecting I/O"); - } -+ -+ if ((dup2(devnull, 0) == -1) || -+ (dup2(devnull, 1) == -1) || -+ (dup2(devnull, 2) == -1)) { -+ close(devnull); -+ perr("Error redirecting I/O"); -+ } else { -+ close(devnull); -+ } - } - - if (daemon_foreground) -@@ -208,6 +213,8 @@ daemon_setup() - fcntl(fd, F_SETFD, FD_CLOEXEC); - PRIV_END - -+ /* See the above comment. */ -+ /* coverity[leaked_storage: FALSE] */ - return; - } - --- -2.31.1 - diff --git a/at-3.1.20-aborted-jobs.patch b/at-3.2.5-aborted-jobs.patch similarity index 71% rename from at-3.1.20-aborted-jobs.patch rename to at-3.2.5-aborted-jobs.patch index 78a196f..568ef4b 100644 --- a/at-3.1.20-aborted-jobs.patch +++ b/at-3.2.5-aborted-jobs.patch @@ -1,14 +1,14 @@ -diff -up at-3.1.20/atd.c.aborted at-3.1.20/atd.c ---- at-3.1.20/atd.c.aborted 2017-09-14 15:31:47.971486148 +0200 -+++ at-3.1.20/atd.c 2017-09-14 15:43:53.506567281 +0200 -@@ -731,12 +731,17 @@ run_loop() +diff -ur b/atd.c a/atd.c +--- b/atd.c 2022-02-22 15:55:28.745663105 +0100 ++++ a/atd.c 2022-02-22 16:07:26.416578085 +0100 +@@ -722,12 +722,18 @@ /* Is the file already locked? */ if (buf.st_nlink > 1) { + if (run_time < buf.st_mtime) + run_time = buf.st_mtime; if (run_time + CHECK_INTERVAL <= now) { -- + /* Something went wrong the last time this was executed. * Let's remove the lockfile and reschedule. + * We also change the timestamp to avoid rerunning the job more @@ -17,6 +17,6 @@ diff -up at-3.1.20/atd.c.aborted at-3.1.20/atd.c strncpy(lock_name, dirent->d_name, sizeof(lock_name)); + if (utime(lock_name, 0) < 0) + syslog(LOG_ERR, "utime couldn't be set for lock file %s\n", lock_name); - lock_name[sizeof(lock_name)-1] = '\0'; + lock_name[sizeof(lock_name)-1] = '\0'; lock_name[0] = '='; unlink(lock_name); diff --git a/at-3.1.14-mailwithhostname.patch b/at-3.2.5-mailwithhostname.patch similarity index 68% rename from at-3.1.14-mailwithhostname.patch rename to at-3.2.5-mailwithhostname.patch index a2b3f79..cebfb76 100644 --- a/at-3.1.14-mailwithhostname.patch +++ b/at-3.2.5-mailwithhostname.patch @@ -1,7 +1,7 @@ -diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c ---- at-3.1.14/atd.c.mail 2013-12-04 11:39:44.556239282 +0100 -+++ at-3.1.14/atd.c 2013-12-04 11:40:50.544234246 +0100 -@@ -100,6 +100,10 @@ int selinux_enabled=0; +diff -ur b/atd.c a/atd.c +--- b/atd.c 2022-02-22 15:21:06.649147600 +0100 ++++ a/atd.c 2022-02-22 15:49:13.640184845 +0100 +@@ -98,6 +98,10 @@ #define BATCH_INTERVAL_DEFAULT 60 #define CHECK_INTERVAL 3600 @@ -12,15 +12,15 @@ diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c /* Global variables */ uid_t real_uid, effective_uid; -@@ -117,6 +121,7 @@ static time_t last_chg; - static int nothing_to_do; +@@ -115,6 +119,7 @@ + static int nothing_to_do = 0; unsigned int batch_interval; static int run_as_daemon = 0; +static int mail_with_hostname = 0; + static int hupped = 0; static volatile sig_atomic_t term_signal = 0; - -@@ -298,6 +303,7 @@ run_file(const char *filename, uid_t uid +@@ -301,6 +306,7 @@ char fmt[64]; unsigned long jobno; int rc; @@ -28,19 +28,19 @@ diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c #ifdef WITH_PAM int retcode; #endif -@@ -452,6 +458,11 @@ run_file(const char *filename, uid_t uid +@@ -455,6 +461,11 @@ write_string(fd_out, "Subject: Output from your job "); write_string(fd_out, jobbuf); + if (mail_with_hostname > 0) { -+ gethostname(hostbuf, MAXHOSTNAMELEN-1); ++ gethostname(hostbuf, MAXHOSTNAMELEN-1); + write_string(fd_out, " "); + write_string(fd_out, hostbuf); + } write_string(fd_out, "\nTo: "); write_string(fd_out, mailname); write_string(fd_out, "\n\n"); -@@ -843,7 +854,7 @@ main(int argc, char *argv[]) +@@ -905,7 +916,7 @@ run_as_daemon = 1; batch_interval = BATCH_INTERVAL_DEFAULT; @@ -49,7 +49,7 @@ diff -up at-3.1.14/atd.c.mail at-3.1.14/atd.c switch (c) { case 'l': if (sscanf(optarg, "%lf", &load_avg) != 1) -@@ -865,6 +876,10 @@ main(int argc, char *argv[]) +@@ -927,6 +938,10 @@ daemon_foreground++; break; diff --git a/at-3.2.5-make.patch b/at-3.2.5-make.patch new file mode 100644 index 0000000..ebed90f --- /dev/null +++ b/at-3.2.5-make.patch @@ -0,0 +1,84 @@ +diff -ur b/Makefile.in a/Makefile.in +--- b/Makefile.in 2022-01-29 17:42:19.000000000 +0100 ++++ a/Makefile.in 2022-02-22 13:22:45.060320153 +0100 +@@ -76,13 +76,13 @@ + all: at atd atd.service atrun + + at: $(ATOBJECTS) +- $(CC) $(LDFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) ++ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm + + atd: $(RUNOBJECTS) +- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) ++ $(CC) $(LDFLAGS) -pie -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) + + y.tab.c y.tab.h: parsetime.y + $(YACC) -d parsetime.y +@@ -99,40 +99,41 @@ + configure + + .c.o: +- $(CC) -c $(CFLAGS) $(DEFS) $*.c ++ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c + + install: all +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(etcdir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(bindir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(sbindir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(atdatadir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(docdir) +- $(INSTALL) -g root -o root -m 755 -d $(DESTDIR)$(atdocdir) +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(DESTDIR)$(ATSPOOL_DIR) $(DESTDIR)$(ATJOB_DIR) +- chmod 1770 $(DESTDIR)$(ATSPOOL_DIR) $(DESTDIR)$(ATJOB_DIR) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(etcdir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(bindir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(docdir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(atdocdir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(etcdir)/pam.d/ ++ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(DESTDIR)$(ATSPOOL_DIR) ++ chmod 700 $(DESTDIR)$(ATJOB_DIR) $(DESTDIR)$(ATSPOOL_DIR) ++ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(DESTDIR)$(ATJOB_DIR) $(DESTDIR)$(ATSPOOL_DIR) + touch $(DESTDIR)$(LFILE) + chmod 600 $(DESTDIR)$(LFILE) + chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(DESTDIR)$(LFILE) +- test -f $(DESTDIR)$(etcdir)/at.allow || test -f $(DESTDIR)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(DESTDIR)$(etcdir)/ +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(DESTDIR)$(bindir) ++ test -f $(DESTDIR)$(etcdir)/at.allow || test -f $(DESTDIR)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(DESTDIR)$(etcdir)/ ++ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(DESTDIR)$(etcdir)/pam.d/atd ++ $(INSTALL) -m 4755 at $(DESTDIR)$(bindir) + $(LN_S) -f at $(DESTDIR)$(bindir)/atq + $(LN_S) -f at $(DESTDIR)$(bindir)/atrm +- $(INSTALL) -g root -o root -m 755 batch $(DESTDIR)$(bindir) +- $(INSTALL) -g root -o root -m 755 batch-job $(DESTDIR)$(atdatadir) +- $(INSTALL) -d -o root -g root -m 755 $(DESTDIR)$(man1dir) +- $(INSTALL) -d -o root -g root -m 755 $(DESTDIR)$(man5dir) +- $(INSTALL) -d -o root -g root -m 755 $(DESTDIR)$(man8dir) +- $(INSTALL) -g root -o root -m 755 atd $(DESTDIR)$(sbindir) +- $(INSTALL) -g root -o root -m 755 atrun $(DESTDIR)$(sbindir) +- $(INSTALL) -g root -o root -m 644 at.1 $(DESTDIR)$(man1dir)/ ++ $(INSTALL) -m 755 batch $(DESTDIR)$(bindir) ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man1dir) ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man5dir) ++ $(INSTALL) -d -m 755 $(DESTDIR)$(man8dir) ++ $(INSTALL) -m 755 atd $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 755 atrun $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 644 at.1 $(DESTDIR)$(man1dir)/ + cd $(DESTDIR)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1 +- $(INSTALL) -g root -o root -m 644 atd.8 $(DESTDIR)$(man8dir)/ ++ $(INSTALL) -m 644 atd.8 $(DESTDIR)$(man8dir)/ + sed "s,\$${exec_prefix},$(exec_prefix),g" tmpman +- $(INSTALL) -g root -o root -m 644 tmpman $(DESTDIR)$(man8dir)/atrun.8 ++ $(INSTALL) -m 644 tmpman $(DESTDIR)$(man8dir)/atrun.8 + rm -f tmpman +- $(INSTALL) -g root -o root -m 644 at.allow.5 $(DESTDIR)$(man5dir)/ ++ $(INSTALL) -m 644 at.allow.5 $(DESTDIR)$(man5dir)/ + cd $(DESTDIR)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5 +- $(INSTALL) -g root -o root -m 644 $(DOCS) $(DESTDIR)$(atdocdir) ++ $(INSTALL) -m 644 $(DOCS) $(DESTDIR)$(atdocdir) + rm -f $(DESTDIR)$(mandir)/cat1/at.1* $(DESTDIR)$(mandir)/cat1/batch.1* \ + $(DESTDIR)$(mandir)/cat1/atq.1* + rm -f $(DESTDIR)$(mandir)/cat1/atd.8* diff --git a/at-3.1.18-nitpicks.patch b/at-3.2.5-nitpicks.patch similarity index 68% rename from at-3.1.18-nitpicks.patch rename to at-3.2.5-nitpicks.patch index 2bcaebb..3765552 100644 --- a/at-3.1.18-nitpicks.patch +++ b/at-3.2.5-nitpicks.patch @@ -1,7 +1,19 @@ -diff -up at-3.1.18/atd.c.nit at-3.1.18/atd.c ---- at-3.1.18/atd.c.nit 2016-03-23 12:46:49.222277787 +0100 -+++ at-3.1.18/atd.c 2016-03-23 12:47:50.521639804 +0100 -@@ -196,6 +196,18 @@ myfork() +diff -ur b/at.1.in a/at.1.in +--- b/at.1.in 2022-01-29 17:42:19.000000000 +0100 ++++ a/at.1.in 2022-02-22 15:19:47.598996428 +0100 +@@ -226,7 +226,7 @@ + .BR batch . + Queues with higher letters run with increased niceness. The special + queue "=" is reserved for jobs which are currently running. +-.P ++ + If a job is submitted to a queue designated with an uppercase letter, the + job is treated as if it were submitted to batch at the time of the job. + Once the time is reached, the batch processing rules with respect to load +diff -ur b/atd.c a/atd.c +--- b/atd.c 2022-02-22 15:14:02.736336912 +0100 ++++ a/atd.c 2022-02-22 15:19:02.163909540 +0100 +@@ -197,6 +197,18 @@ #define fork myfork #endif @@ -20,7 +32,7 @@ diff -up at-3.1.18/atd.c.nit at-3.1.18/atd.c #ifdef WITH_SELINUX static int -@@ -339,6 +351,9 @@ run_file(const char *filename, uid_t uid +@@ -340,6 +352,9 @@ free(newname); return; } @@ -30,51 +42,39 @@ diff -up at-3.1.18/atd.c.nit at-3.1.18/atd.c /* Let's see who we mail to. Hopefully, we can read it from * the command file; if not, send it to the owner, or, failing that, * to root. -@@ -507,6 +522,9 @@ run_file(const char *filename, uid_t uid +@@ -508,6 +523,9 @@ if (setuid(uid) < 0) perr("Cannot set user id"); -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) + perr("Cannot reset signal handler to default"); + chdir("/"); execle("/bin/sh", "sh", (char *) NULL, nenvp); -@@ -572,6 +590,9 @@ run_file(const char *filename, uid_t uid +@@ -573,6 +591,9 @@ if (setuid(uid) < 0) perr("Cannot set user id"); -+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) ++ if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) + perr("Cannot reset signal handler to default"); + chdir ("/"); #if defined(SENDMAIL) -@@ -699,6 +720,7 @@ run_loop() +@@ -707,6 +728,7 @@ * Let's remove the lockfile and reschedule. */ strncpy(lock_name, dirent->d_name, sizeof(lock_name)); -+ lock_name[sizeof(lock_name)-1] = '\0'; ++ lock_name[sizeof(lock_name)-1] = '\0'; lock_name[0] = '='; unlink(lock_name); next_job = now; -@@ -733,6 +755,7 @@ run_loop() +@@ -741,6 +763,7 @@ run_batch++; if (strcmp(batch_name, dirent->d_name) > 0) { strncpy(batch_name, dirent->d_name, sizeof(batch_name)); -+ batch_name[sizeof(batch_name)-1] = '\0'; ++ batch_name[sizeof(batch_name)-1] = '\0'; batch_uid = buf.st_uid; batch_gid = buf.st_gid; batch_queue = queue; -diff -up at-3.1.18/at.1.in.nit at-3.1.18/at.1.in ---- at-3.1.18/at.1.in.nit 2015-12-06 16:45:10.000000000 +0100 -+++ at-3.1.18/at.1.in 2016-03-23 12:46:49.226277876 +0100 -@@ -210,7 +210,7 @@ queue for - .BR batch . - Queues with higher letters run with increased niceness. The special - queue "=" is reserved for jobs which are currently running. --.P -+ - If a job is submitted to a queue designated with an uppercase letter, the - job is treated as if it were submitted to batch at the time of the job. - Once the time is reached, the batch processing rules with respect to load diff --git a/at-3.1.18-noabort.patch b/at-3.2.5-noabort.patch similarity index 69% rename from at-3.1.18-noabort.patch rename to at-3.2.5-noabort.patch index 1154fb9..2d72301 100644 --- a/at-3.1.18-noabort.patch +++ b/at-3.2.5-noabort.patch @@ -1,7 +1,7 @@ -diff -up at-3.1.18/atd.c.noabort at-3.1.18/atd.c ---- at-3.1.18/atd.c.noabort 2016-03-23 12:49:15.147520116 +0100 -+++ at-3.1.18/atd.c 2016-03-23 12:49:15.148520138 +0100 -@@ -349,9 +349,12 @@ run_file(const char *filename, uid_t uid +diff -ur b/atd.c a/atd.c +--- b/atd.c 2022-02-22 16:09:15.683717386 +0100 ++++ a/atd.c 2022-02-22 16:12:48.992989327 +0100 +@@ -344,9 +344,12 @@ */ pid = fork(); @@ -17,7 +17,7 @@ diff -up at-3.1.18/atd.c.noabort at-3.1.18/atd.c else if (pid != 0) { free(mailname); free(newname); -@@ -669,15 +672,19 @@ run_loop() +@@ -659,16 +662,20 @@ * up. */ @@ -28,10 +28,11 @@ diff -up at-3.1.18/atd.c.noabort at-3.1.18/atd.c + return next_job; + } - if (nothing_to_do && buf.st_mtime <= last_chg) + if (nothing_to_do && buf.st_mtime == last_chg) return next_job; last_chg = buf.st_mtime; + hupped = 0; - if ((spool = opendir(".")) == NULL) - perr("Cannot read " ATJOB_DIR); + if ((spool = opendir(".")) == NULL) { diff --git a/at-3.2.2-pam.patch b/at-3.2.5-pam.patch similarity index 88% rename from at-3.2.2-pam.patch rename to at-3.2.5-pam.patch index df1435e..941da0a 100644 --- a/at-3.2.2-pam.patch +++ b/at-3.2.5-pam.patch @@ -1,7 +1,7 @@ diff -ur b/at.c a/at.c ---- b/at.c 2021-04-25 03:31:30.000000000 +0200 -+++ a/at.c 2021-05-20 17:57:36.909775361 +0200 -@@ -145,18 +145,12 @@ +--- b/at.c 2022-01-29 17:42:19.000000000 +0100 ++++ a/at.c 2022-02-23 18:42:45.941757090 +0100 +@@ -155,18 +155,12 @@ /* If the user presses ^C, remove the spool file and exit */ if (fcreated) { @@ -21,14 +21,14 @@ diff -ur b/at.c a/at.c } exit(EXIT_FAILURE); } -@@ -316,26 +310,19 @@ +@@ -326,26 +320,19 @@ * bit. Yes, this is a kluge. */ cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); - seteuid(real_uid); + if ((seteuid(effective_uid)) < 0) + perr("Error in seteuid: %s", errno); - if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) + if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY | O_SYNC, S_IRUSR)) == -1) perr("Cannot create atjob file %.500s", atfile); - seteuid(effective_uid); @@ -51,7 +51,7 @@ diff -ur b/at.c a/at.c /* We've successfully created the file; let's set the flag so it * gets removed in case of an interrupt or error. */ -@@ -694,7 +681,7 @@ +@@ -733,7 +720,7 @@ We need the unprivileged uid here since the file is owned by the real (not effective) uid. */ @@ -60,7 +60,7 @@ diff -ur b/at.c a/at.c if (queue == '=') { fprintf(stderr, "Warning: deleting running job\n"); -@@ -703,8 +690,8 @@ +@@ -742,8 +729,8 @@ perr("Cannot unlink %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -70,7 +70,7 @@ diff -ur b/at.c a/at.c done = 1; break; -@@ -714,7 +701,7 @@ +@@ -753,7 +740,7 @@ FILE *fp; int ch; @@ -79,7 +79,7 @@ diff -ur b/at.c a/at.c fp = fopen(dirent->d_name, "r"); if (fp) { -@@ -727,7 +714,7 @@ +@@ -768,7 +755,7 @@ perr("Cannot open %.500s", dirent->d_name); rc = EXIT_FAILURE; } @@ -89,8 +89,8 @@ diff -ur b/at.c a/at.c break; diff -ur b/atd.c a/atd.c ---- b/atd.c 2021-04-25 03:31:30.000000000 +0200 -+++ a/atd.c 2021-05-20 17:57:35.005776469 +0200 +--- b/atd.c 2022-01-29 17:42:19.000000000 +0100 ++++ a/atd.c 2022-02-23 18:50:53.743511813 +0100 @@ -91,6 +91,10 @@ /* Macros */ @@ -102,7 +102,7 @@ diff -ur b/atd.c a/atd.c #define BATCH_INTERVAL_DEFAULT 60 #define CHECK_INTERVAL 3600 -@@ -114,7 +118,7 @@ +@@ -115,7 +119,7 @@ static volatile sig_atomic_t term_signal = 0; @@ -111,7 +111,7 @@ diff -ur b/atd.c a/atd.c #include static pam_handle_t *pamh = NULL; -@@ -123,15 +127,7 @@ +@@ -124,15 +128,7 @@ NULL }; @@ -128,7 +128,7 @@ diff -ur b/atd.c a/atd.c /* Signal handlers */ RETSIGTYPE -@@ -292,7 +288,7 @@ +@@ -293,7 +289,7 @@ char fmt[64]; unsigned long jobno; int rc; @@ -137,7 +137,7 @@ diff -ur b/atd.c a/atd.c int retcode; #endif -@@ -449,17 +445,11 @@ +@@ -450,17 +446,11 @@ fstat(fd_out, &buf); size = buf.st_size; @@ -160,11 +160,10 @@ diff -ur b/atd.c a/atd.c #endif close(STDIN_FILENO); -@@ -473,7 +463,14 @@ - else if (pid == 0) { +@@ -475,6 +465,14 @@ char *nul = NULL; char **nenvp = &nul; -- + + char **pam_envp=0L; + + PRIV_START @@ -176,16 +175,15 @@ diff -ur b/atd.c a/atd.c /* Set up things for the child; we want standard input from the * input file, and standard output and error sent to our output file. */ -@@ -492,8 +489,6 @@ +@@ -493,7 +491,6 @@ close(fd_in); close(fd_out); - PRIV_START -- + nice((tolower((int) queue) - 'a') * 2); - #ifdef WITH_SELINUX -@@ -514,9 +509,9 @@ +@@ -515,9 +512,9 @@ chdir("/"); @@ -198,7 +196,7 @@ diff -ur b/atd.c a/atd.c PRIV_END } /* We're the parent. Let's wait. -@@ -529,14 +524,6 @@ +@@ -530,14 +527,6 @@ */ waitpid(pid, (int *) NULL, 0); @@ -213,21 +211,21 @@ diff -ur b/atd.c a/atd.c /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ -@@ -567,8 +554,13 @@ +@@ -568,8 +557,13 @@ unlink(newname); free(newname); +#ifdef ATD_MAIL_PROGRAM if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { + int mail_pid = -1; -+ -+ mail_pid = fork(); ++ mail_pid = fork(); ++ + if ( mail_pid == 0 ) { PRIV_START if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -590,7 +582,20 @@ +@@ -591,7 +585,20 @@ perr("Exec failed for mail command"); PRIV_END @@ -236,7 +234,7 @@ diff -ur b/atd.c a/atd.c + syslog(LOG_ERR, "fork of mailer failed: %m"); + } + /* Parent */ -+ waitpid(mail_pid, (int *) NULL, 0); ++ waitpid(mail_pid, (int *) NULL, 0); } + +#ifdef WITH_PAM @@ -249,9 +247,9 @@ diff -ur b/atd.c a/atd.c } diff -ur b/config.h.in a/config.h.in ---- b/config.h.in 2021-04-25 03:31:30.000000000 +0200 -+++ a/config.h.in 2021-05-20 17:59:32.127708342 +0200 -@@ -71,8 +71,8 @@ +--- b/config.h.in 2022-01-29 17:42:19.000000000 +0100 ++++ a/config.h.in 2022-02-23 18:51:31.467570176 +0100 +@@ -74,8 +74,8 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NLIST_H @@ -263,9 +261,9 @@ diff -ur b/config.h.in a/config.h.in /* Define to 1 if you have the `pstat_getdynamic' function. */ #undef HAVE_PSTAT_GETDYNAMIC diff -ur b/configure.ac a/configure.ac ---- b/configure.ac 2021-04-25 03:31:30.000000000 +0200 -+++ a/configure.ac 2021-05-20 17:59:29.088710109 +0200 -@@ -96,7 +96,7 @@ +--- b/configure.ac 2022-01-29 17:42:19.000000000 +0100 ++++ a/configure.ac 2022-02-23 18:53:08.516720324 +0100 +@@ -97,7 +97,7 @@ AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid) AC_CHECK_HEADERS(security/pam_appl.h, [ PAMLIB="-lpam" @@ -274,7 +272,7 @@ diff -ur b/configure.ac a/configure.ac ]) dnl Checking for programs -@@ -257,6 +257,13 @@ +@@ -260,6 +260,13 @@ ) AC_SUBST(DAEMON_USERNAME) @@ -289,9 +287,9 @@ diff -ur b/configure.ac a/configure.ac [ --with-selinux Define to run with selinux (default=check)], [], diff -ur b/Makefile.in a/Makefile.in ---- b/Makefile.in 2021-04-25 03:31:30.000000000 +0200 -+++ a/Makefile.in 2021-05-20 18:00:04.874689294 +0200 -@@ -71,7 +71,7 @@ +--- b/Makefile.in 2022-02-23 18:33:26.999892289 +0100 ++++ a/Makefile.in 2022-02-23 18:53:28.600751396 +0100 +@@ -76,7 +76,7 @@ all: at atd atd.service atrun at: $(ATOBJECTS) @@ -301,8 +299,8 @@ diff -ur b/Makefile.in a/Makefile.in $(LN_S) -f at atq $(LN_S) -f at atrm diff -ur b/perm.c a/perm.c ---- b/perm.c 2021-04-25 03:31:30.000000000 +0200 -+++ a/perm.c 2021-05-20 18:01:58.689621839 +0200 +--- b/perm.c 2022-01-29 17:42:19.000000000 +0100 ++++ a/perm.c 2022-02-23 18:56:21.401018761 +0100 @@ -51,6 +51,14 @@ #define PRIV_END while(0) #endif @@ -368,8 +366,8 @@ diff -ur b/perm.c a/perm.c if (allow==0 || allow==1) return allow; diff -ur b/privs.h a/privs.h ---- b/privs.h 2021-04-25 03:31:30.000000000 +0200 -+++ a/privs.h 2021-05-20 18:02:51.847589692 +0200 +--- b/privs.h 2022-01-29 17:42:19.000000000 +0100 ++++ a/privs.h 2022-02-23 18:58:20.920203690 +0100 @@ -144,3 +144,62 @@ #error "Cannot implement user ID swapping without setreuid or setresuid" #endif diff --git a/at.spec b/at.spec index 54ecf9a..0022f4c 100644 --- a/at.spec +++ b/at.spec @@ -2,8 +2,8 @@ Summary: Job spooling tools Name: at -Version: 3.2.2 -Release: 3%{?dist} +Version: 3.2.5 +Release: 1%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -16,22 +16,20 @@ Source3: atd.sysconf Source5: atd.systemd Patch: at-aarch64.patch -Patch: at-3.2.2-make.patch -Patch: at-3.2.2-pam.patch +Patch: at-3.2.5-make.patch +Patch: at-3.2.5-pam.patch Patch: at-3.1.14-opt_V.patch Patch: at-3.2.2-shell.patch -Patch: at-3.1.18-nitpicks.patch +Patch: at-3.2.5-nitpicks.patch Patch: at-3.1.14-fix_no_export.patch -Patch: at-3.1.14-mailwithhostname.patch -Patch: at-3.1.14-usePOSIXtimers.patch -Patch: at-3.1.20-aborted-jobs.patch -Patch: at-3.1.18-noabort.patch +Patch: at-3.2.5-mailwithhostname.patch +Patch: at-3.2.5-aborted-jobs.patch +Patch: at-3.2.5-noabort.patch Patch: at-3.1.16-fclose-error.patch Patch: at-3.1.16-clear-nonjobs.patch Patch: at-3.2.2-lock-locks.patch Patch: at-3.1.23-document-n.patch Patch: at-3.1.20-log-jobs.patch -Patch: at-3.2.23-coverity-fix.patch BuildRequires: gcc BuildRequires: flex flex-static bison autoconf @@ -71,8 +69,6 @@ cp %{SOURCE1} . %autopatch -p1 %build -# at-3.1.14-usePOSIXtimers.patch touches configure.in -autoconf # uselles files rm -f lex.yy.* y.tab.* @@ -87,24 +83,24 @@ make %install make install \ - DAEMON_USERNAME=`id -nu`\ + DAEMON_USERNAME=`id -nu` \ DAEMON_GROUPNAME=`id -ng` \ - DESTDIR=%{buildroot}\ - sbindir=%{buildroot}%{_prefix}/sbin\ - bindir=%{buildroot}%{_bindir}\ - prefix=%{buildroot}%{_prefix}\ - exec_prefix=%{buildroot}%{_prefix}\ - docdir=%{buildroot}/usr/doc\ - mandir=%{buildroot}%{_mandir}\ - etcdir=%{buildroot}%{_sysconfdir} \ - ATJOB_DIR=%{buildroot}%{_localstatedir}/spool/at \ - ATSPOOL_DIR=%{buildroot}%{_localstatedir}/spool/at/spool \ + DESTDIR=%{buildroot} \ + sbindir=%{_prefix}/sbin \ + bindir=%{_bindir} \ + prefix=%{_prefix} \ + exec_prefix=%{_prefix} \ + docdir=%{_prefix}/doc \ + mandir=%{_mandir} \ + etcdir=%{_sysconfdir} \ + ATJOB_DIR=%{_localstatedir}/spool/at \ + ATSPOOL_DIR=%{_localstatedir}/spool/at/spool \ INSTALL_ROOT_USER=`id -nu` \ INSTALL_ROOT_GROUP=`id -nu`; echo > %{buildroot}%{_sysconfdir}/at.deny mkdir docs -cp %{buildroot}/%{_prefix}/doc/at/* docs/ +cp %{buildroot}%{_prefix}/doc/at/* docs/ mkdir -p %{buildroot}%{_sysconfdir}/pam.d install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/atd @@ -166,6 +162,14 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Tue Mar 01 2022 Ondřej Pohořelský - 3.2.5-1 +- Update to new upstream release +- Removed at-3.1.14-usePOSIXtimers.patch and at-3.2.23-coverity-fix.patch, because + upstream implemented them +- Defined folder paths without %%{buildroot} in order to make them work with latest + Makefile changes +- Resolves: rhbz#2048132 + * Wed Jan 19 2022 Fedora Release Engineering - 3.2.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild diff --git a/sources b/sources index c11e3f8..9e44a81 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (at_3.2.2.orig.tar.gz) = e6f5aeddd89438aadff627d654ebc821a0b0e1a600ebaacc8a5fd3ec2c7c716f593757d00501311736d28f6d4276899667d6901d70836af208ff7d181b5b680f -SHA512 (at_3.2.2.orig.tar.gz.asc) = 54716fef56436c352a08c4bba5b0693a3dd7e187c320dc1ebf4e840b9175f024f3eb11b0a1f5dd428cfb3f2d59de8ab45b394576d71c033f99291a7bee3c1005 +SHA512 (at_3.2.5.orig.tar.gz) = 542e8948bbdc1d06934070cbfe242688b541ef6342c6b0351255f8b9d7a3ed915a9304b5cf5442dfc15845b3d2b926ebecbfc5bccd204519d0a2775b27f8139c +SHA512 (at_3.2.5.orig.tar.gz.sig) = 5a38cb7da5b85233ede79e7b90aec7705250e315c5b4bcccb9c1c9a6453a9cc5c79c840023a44ac5d087137596c2b4b98971e233ea1fbbaa0c82833e53dcd8ac From 41850fcf84c76e214b88d598d79ffce72a99eaa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Tue, 8 Mar 2022 16:08:27 +0100 Subject: [PATCH 65/86] Add mising directory and batch-job script into at-3.2.5-make.patch Defined datadir in %%install section and listed batch-job in %%files section --- at-3.2.5-make.patch | 8 +++++--- at.spec | 8 +++++++- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/at-3.2.5-make.patch b/at-3.2.5-make.patch index ebed90f..e8ebcc2 100644 --- a/at-3.2.5-make.patch +++ b/at-3.2.5-make.patch @@ -1,6 +1,6 @@ diff -ur b/Makefile.in a/Makefile.in ---- b/Makefile.in 2022-01-29 17:42:19.000000000 +0100 -+++ a/Makefile.in 2022-02-22 13:22:45.060320153 +0100 +--- b/Makefile.in 2022-02-05 11:00:57.000000000 +0100 ++++ a/Makefile.in 2022-03-08 16:05:28.088069816 +0100 @@ -76,13 +76,13 @@ all: at atd atd.service atrun @@ -17,7 +17,7 @@ diff -ur b/Makefile.in a/Makefile.in y.tab.c y.tab.h: parsetime.y $(YACC) -d parsetime.y -@@ -99,40 +99,41 @@ +@@ -99,40 +99,43 @@ configure .c.o: @@ -36,6 +36,7 @@ diff -ur b/Makefile.in a/Makefile.in + $(INSTALL) -m 755 -d $(DESTDIR)$(etcdir) + $(INSTALL) -m 755 -d $(DESTDIR)$(bindir) + $(INSTALL) -m 755 -d $(DESTDIR)$(sbindir) ++ $(INSTALL) -m 755 -d $(DESTDIR)$(atdatadir) + $(INSTALL) -m 755 -d $(DESTDIR)$(docdir) + $(INSTALL) -m 755 -d $(DESTDIR)$(atdocdir) + $(INSTALL) -m 755 -d $(DESTDIR)$(etcdir)/pam.d/ @@ -61,6 +62,7 @@ diff -ur b/Makefile.in a/Makefile.in - $(INSTALL) -g root -o root -m 755 atrun $(DESTDIR)$(sbindir) - $(INSTALL) -g root -o root -m 644 at.1 $(DESTDIR)$(man1dir)/ + $(INSTALL) -m 755 batch $(DESTDIR)$(bindir) ++ $(INSTALL) -m 755 batch-job $(DESTDIR)$(atdatadir) + $(INSTALL) -d -m 755 $(DESTDIR)$(man1dir) + $(INSTALL) -d -m 755 $(DESTDIR)$(man5dir) + $(INSTALL) -d -m 755 $(DESTDIR)$(man8dir) diff --git a/at.spec b/at.spec index 0022f4c..c2b4bd4 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 1%{?dist} +Release: 2%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -88,6 +88,7 @@ make install \ DESTDIR=%{buildroot} \ sbindir=%{_prefix}/sbin \ bindir=%{_bindir} \ + datadir=%{_datadir} \ prefix=%{_prefix} \ exec_prefix=%{_prefix} \ docdir=%{_prefix}/doc \ @@ -159,9 +160,14 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %{_bindir}/atrm %{_bindir}/atq %attr(4755,root,root) %{_bindir}/at +%{_datadir}/at/batch-job %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Tue Mar 08 2022 Ondřej Pohořelský - 3.2.5-2 +- Add mising directory and batch-job script into at-3.2.5-make.patch +- Defined datadir in %%install section and listed batch-job in %%files section + * Tue Mar 01 2022 Ondřej Pohořelský - 3.2.5-1 - Update to new upstream release - Removed at-3.1.14-usePOSIXtimers.patch and at-3.2.23-coverity-fix.patch, because From d72ffaead4a4410fe7b91570d290baac991a69eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= Date: Thu, 31 Mar 2022 12:13:56 +0200 Subject: [PATCH 66/86] shell: add preceding newline to delimiter at uses heredoc redirection to pass the script being executed into user's defined $SHELL. However, the heredoc delimiter is directly concatenated to the script's contents; if these contents do not end with a newline, the delimiter is attached to the last line of the script. This patch adds a single newline to be always emmited before the delimiter. This guarantees the delimiter is always on it's own line. In case a newline is already present at the end of the original script, this simply adds a single empty line; I cannot think of any complication that could result from that. Resolves: rhbz#2070450 --- at-3.2.2-shell.patch | 10 +++++----- at.spec | 7 +++++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/at-3.2.2-shell.patch b/at-3.2.2-shell.patch index 16c55f8..9e383b8 100644 --- a/at-3.2.2-shell.patch +++ b/at-3.2.2-shell.patch @@ -4,13 +4,13 @@ diff -ur b/at.c a/at.c @@ -62,11 +62,8 @@ #include #include - + -#ifdef TM_IN_SYS_TIME #include -#else #include -#endif - + #ifdef HAVE_UNISTD_H #include @@ -245,6 +242,12 @@ @@ -23,13 +23,13 @@ diff -ur b/at.c a/at.c + + gettimeofday(&tv, &tz); + srandom(getpid()+tv.tv_usec); - + /* Install the signal handler for SIGINT; terminate after removing the * spool file if necessary @@ -492,6 +495,9 @@ fprintf(fp, " || {\n\t echo 'Execution directory " "inaccessible' >&2\n\t exit 1\n}\n"); - + + i = random(); + fprintf(fp, "${SHELL:-/bin/sh} << \'marcinDELIMITER%08lx\'\n", i); + @@ -41,7 +41,7 @@ diff -ur b/at.c a/at.c fprintf(stderr, "\n"); } - fprintf(fp, "\n"); -+ fprintf(fp, "marcinDELIMITER%08lx\n", i); ++ fprintf(fp, "\nmarcinDELIMITER%08lx\n", i); if (ferror(fp)) panic("Output error"); fflush(fp); diff --git a/at.spec b/at.spec index c2b4bd4..fe37818 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 2%{?dist} +Release: 3%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -164,9 +164,12 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Mar 31 2022 Jan Staněk - 3.2.5-3 +- Add preceding newline to delimiter in at-3.2.2-shell.patch + * Tue Mar 08 2022 Ondřej Pohořelský - 3.2.5-2 - Add mising directory and batch-job script into at-3.2.5-make.patch -- Defined datadir in %%install section and listed batch-job in %%files section +- Defined datadir in %%install section and listed batch-job in %%files section * Tue Mar 01 2022 Ondřej Pohořelský - 3.2.5-1 - Update to new upstream release From b6ab1d0ee4c528867fe8d6f049a7c10700d71755 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 20 Jul 2022 21:26:49 +0000 Subject: [PATCH 67/86] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index fe37818..b98736a 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 3%{?dist} +Release: 4%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -164,6 +164,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jul 20 2022 Fedora Release Engineering - 3.2.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Thu Mar 31 2022 Jan Staněk - 3.2.5-3 - Add preceding newline to delimiter in at-3.2.2-shell.patch From a069b01c5ac84ae01edfca084f3ac59f6997843a Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 18 Jan 2023 22:21:37 +0000 Subject: [PATCH 68/86] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index b98736a..989fffc 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 4%{?dist} +Release: 5%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain @@ -164,6 +164,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jan 18 2023 Fedora Release Engineering - 3.2.5-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Wed Jul 20 2022 Fedora Release Engineering - 3.2.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 36dcc21dda52bf5450d29c0c130ae6e739f7c838 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 26 Jun 2023 15:18:20 +0200 Subject: [PATCH 69/86] Convert licenses to SPDX format Dropped MIT and Public Domain license as they are not present in upstream sources --- at.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/at.spec b/at.spec index 989fffc..4df9333 100644 --- a/at.spec +++ b/at.spec @@ -3,10 +3,10 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 5%{?dist} +Release: 6%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain -License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain +License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC URL: http://ftp.debian.org/debian/pool/main/a/at Source: http://software.calhariz.com/at/at_%{version}.orig.tar.gz @@ -164,6 +164,10 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Mon Jun 26 2023 Ondřej Pohořelský - 3.2.5-6 +- Convert licenses to SPDX format +- Dropped MIT and Public Domain license as they are not present in upstream sources + * Wed Jan 18 2023 Fedora Release Engineering - 3.2.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From 0489cbcbe2c133a8c9a00d1e80297247f30d4593 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 19 Jul 2023 14:01:03 +0000 Subject: [PATCH 70/86] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 4df9333..c457b82 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 6%{?dist} +Release: 7%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -164,6 +164,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jul 19 2023 Fedora Release Engineering - 3.2.5-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Mon Jun 26 2023 Ondřej Pohořelský - 3.2.5-6 - Convert licenses to SPDX format - Dropped MIT and Public Domain license as they are not present in upstream sources From 10907ac03939fc7b28c2b951416a8209505808e1 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 13:47:50 +0000 Subject: [PATCH 71/86] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index c457b82..a78d0d8 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 7%{?dist} +Release: 8%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -164,6 +164,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Fri Jan 19 2024 Fedora Release Engineering - 3.2.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Wed Jul 19 2023 Fedora Release Engineering - 3.2.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From ba26b4715f7ecff26553c66f95ea8c13c0fe5e3d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 22 Jan 2024 23:43:30 +0000 Subject: [PATCH 72/86] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index a78d0d8..3677213 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 8%{?dist} +Release: 9%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -164,6 +164,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Mon Jan 22 2024 Fedora Release Engineering - 3.2.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Fri Jan 19 2024 Fedora Release Engineering - 3.2.5-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 7a6968e726cdb80440a9922b5044e8b41752b86e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Thu, 2 May 2024 16:19:21 +0200 Subject: [PATCH 73/86] Corrected document-n patch Resolves: rhbz#2276918 --- at-3.1.23-document-n.patch | 3 ++- at.spec | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/at-3.1.23-document-n.patch b/at-3.1.23-document-n.patch index 7028300..39e77e4 100644 --- a/at-3.1.23-document-n.patch +++ b/at-3.1.23-document-n.patch @@ -9,10 +9,11 @@ diff -up at-3.1.23/atd.8.in.document-n at-3.1.23/atd.8.in .RB [ \-s ] .SH DESCRIPTION .B atd -@@ -44,6 +45,10 @@ in the foreground. +@@ -44,6 +45,11 @@ in the foreground. Process the at/batch queue only once. This is primarily of use for compatibility with old versions of .BR at ; ++.TP +.B \-n +Append the hostname of the system to the subject of the e-mails sent by +.BR atd . diff --git a/at.spec b/at.spec index 3677213..ba00768 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 9%{?dist} +Release: 10%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -164,6 +164,10 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu May 02 2024 Ondřej Pohořelský - 3.2.5-10 +- Corrected document-n patch +- Resolves: rhbz#2276918 + * Mon Jan 22 2024 Fedora Release Engineering - 3.2.5-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 14379bfef8e307901b26f2ad09acdc9afec40011 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 17 Jul 2024 17:42:30 +0000 Subject: [PATCH 74/86] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index ba00768..65d389b 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 10%{?dist} +Release: 11%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -164,6 +164,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jul 17 2024 Fedora Release Engineering - 3.2.5-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Thu May 02 2024 Ondřej Pohořelský - 3.2.5-10 - Corrected document-n patch - Resolves: rhbz#2276918 From 5f6bc87dd0f8fedd63cb63e41b3a3000cb35dd35 Mon Sep 17 00:00:00 2001 From: Ales Nezbeda Date: Thu, 8 Aug 2024 16:44:26 +0200 Subject: [PATCH 75/86] Backport PR from upstream addressing SAST issues --- at-3.2.2-lock-locks.patch | 2 +- at-3.2.5-address-sast.patch | 57 +++++++++++++++++++++++++++++++++ at-3.2.5-mailwithhostname.patch | 2 +- at-3.2.5-pam.patch | 2 +- at.spec | 7 +++- 5 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 at-3.2.5-address-sast.patch diff --git a/at-3.2.2-lock-locks.patch b/at-3.2.2-lock-locks.patch index 6d97c82..5b97d34 100644 --- a/at-3.2.2-lock-locks.patch +++ b/at-3.2.2-lock-locks.patch @@ -19,7 +19,7 @@ diff -ur b/atd.c a/atd.c + int fd_out, fd_in, fd_std; char jobbuf[9]; char *mailname = NULL; - int mailsize = 128; + size_t mailsize = 128; @@ -390,6 +393,10 @@ fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); diff --git a/at-3.2.5-address-sast.patch b/at-3.2.5-address-sast.patch new file mode 100644 index 0000000..ecf981c --- /dev/null +++ b/at-3.2.5-address-sast.patch @@ -0,0 +1,57 @@ +From 43e8b5b5dd72bb9a80679dec8c15a24f00888a53 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= +Date: Wed, 26 Jun 2024 16:59:31 +0200 +Subject: [PATCH] Address issues from static analyzer +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +- Tweak types in run_file() to prevent overflow +- Initialize all members of of struct tm in posix_time_parse(). + +The static analyzer findings: https://issues.redhat.com/browse/RHEL-44999 + +Signed-off-by: Jan Staněk +--- + atd.c | 4 ++-- + posixtm.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/atd.c b/atd.c +index 64fdd83..3908de3 100644 +--- a/atd.c ++++ b/atd.c +@@ -279,7 +279,7 @@ run_file(const char *filename, uid_t uid, gid_t gid) + int fd_out, fd_in; + char jobbuf[9]; + char *mailname = NULL; +- int mailsize = 128; ++ size_t mailsize = 128; + char *newname; + FILE *stream; + int send_mail = 0; +@@ -292,7 +292,7 @@ run_file(const char *filename, uid_t uid, gid_t gid) + char queue; + char fmt[64]; + unsigned long jobno; +- int rc; ++ long rc; + #ifdef HAVE_PAM + int retcode; + #endif +diff --git a/posixtm.c b/posixtm.c +index cf4ec09..06b22fa 100644 +--- a/posixtm.c ++++ b/posixtm.c +@@ -188,7 +188,7 @@ posix_time_parse (struct tm *tm, const char *s, unsigned int syntax_bits) + bool + posixtime (time_t *p, const char *s, unsigned int syntax_bits) + { +- struct tm tm0; ++ struct tm tm0 = {0}; + struct tm tm1; + struct tm const *tm; + time_t t; +-- +GitLab + diff --git a/at-3.2.5-mailwithhostname.patch b/at-3.2.5-mailwithhostname.patch index cebfb76..a601db4 100644 --- a/at-3.2.5-mailwithhostname.patch +++ b/at-3.2.5-mailwithhostname.patch @@ -23,7 +23,7 @@ diff -ur b/atd.c a/atd.c @@ -301,6 +306,7 @@ char fmt[64]; unsigned long jobno; - int rc; + long rc; + char hostbuf[MAXHOSTNAMELEN]; #ifdef WITH_PAM int retcode; diff --git a/at-3.2.5-pam.patch b/at-3.2.5-pam.patch index 941da0a..eba2f84 100644 --- a/at-3.2.5-pam.patch +++ b/at-3.2.5-pam.patch @@ -131,7 +131,7 @@ diff -ur b/atd.c a/atd.c @@ -293,7 +289,7 @@ char fmt[64]; unsigned long jobno; - int rc; + long rc; -#ifdef HAVE_PAM +#ifdef WITH_PAM int retcode; diff --git a/at.spec b/at.spec index 65d389b..d36c82d 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 11%{?dist} +Release: 12%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -15,6 +15,7 @@ Source1: pam_atd Source3: atd.sysconf Source5: atd.systemd +Patch: at-3.2.5-address-sast.patch Patch: at-aarch64.patch Patch: at-3.2.5-make.patch Patch: at-3.2.5-pam.patch @@ -164,6 +165,10 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Aug 8 2024 Ales Nezbeda - 3.2.5-12 +- Backport fixes from upstream PR +- https://salsa.debian.org/debian/at/-/merge_requests/34 + * Wed Jul 17 2024 Fedora Release Engineering - 3.2.5-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 5eee4f96240768d3e34023fabb7aee4f6fdf0b64 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 11:51:06 +0000 Subject: [PATCH 76/86] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index d36c82d..b317829 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 12%{?dist} +Release: 13%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -165,6 +165,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Jan 16 2025 Fedora Release Engineering - 3.2.5-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Thu Aug 8 2024 Ales Nezbeda - 3.2.5-12 - Backport fixes from upstream PR - https://salsa.debian.org/debian/at/-/merge_requests/34 From 0da79b8efbea92705a852a17b7b9035d2cb10689 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 27 Jan 2025 13:49:35 +0100 Subject: [PATCH 77/86] Unify bin and sbin directories Resolves: rhbz#2339910 --- at.spec | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/at.spec b/at.spec index b317829..fc325f7 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 13%{?dist} +Release: 14%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -87,7 +87,7 @@ make install \ DAEMON_USERNAME=`id -nu` \ DAEMON_GROUPNAME=`id -ng` \ DESTDIR=%{buildroot} \ - sbindir=%{_prefix}/sbin \ + sbindir=%{_bindir} \ bindir=%{_bindir} \ datadir=%{_datadir} \ prefix=%{_prefix} \ @@ -154,8 +154,8 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0600,root,root) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ %attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd -%{_sbindir}/atrun -%attr(0755,root,root) %{_sbindir}/atd +%{_bindir}/atrun +%attr(0755,root,root) %{_bindir}/atd %{_mandir}/man*/* %{_bindir}/batch %{_bindir}/atrm @@ -165,6 +165,10 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Mon Jan 27 2025 Ondřej Pohořelský - 3.2.5-14 +- Unify bin and sbin directories +- Resolves: rhbz#2339910 + * Thu Jan 16 2025 Fedora Release Engineering - 3.2.5-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 0da060e2afaa594f921f3cec0c13d01555a8a3eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 5 May 2025 10:14:16 +0200 Subject: [PATCH 78/86] Claim ownership of /usr/share/at Resolves: rhbz#2283298 --- at.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index fc325f7..51a0785 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 14%{?dist} +Release: 15%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -161,10 +161,15 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %{_bindir}/atrm %{_bindir}/atq %attr(4755,root,root) %{_bindir}/at +%{_datadir}/at/ %{_datadir}/at/batch-job %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Mon May 05 2025 Ondřej Pohořelský - 3.2.5-15 +- Claim ownership of /usr/share/at +- Resolves: rhbz#2283298 + * Mon Jan 27 2025 Ondřej Pohořelský - 3.2.5-14 - Unify bin and sbin directories - Resolves: rhbz#2339910 From c697b4595ce1df51088a6427f1a53121ba70c673 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Thu, 26 Jun 2025 09:42:57 +0200 Subject: [PATCH 79/86] Fix past date handling with -t option --- at-3.2.5-past-date.patch | 33 +++++++++++++++++++++++++++++++++ at.spec | 6 +++++- 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 at-3.2.5-past-date.patch diff --git a/at-3.2.5-past-date.patch b/at-3.2.5-past-date.patch new file mode 100644 index 0000000..6344c40 --- /dev/null +++ b/at-3.2.5-past-date.patch @@ -0,0 +1,33 @@ +From 6c131df8c85cb2761faf551f8f9db179e216fc09 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= +Date: Wed, 25 Jun 2025 14:35:31 +0200 +Subject: [PATCH] Reject past dates when using -t option + +-t option was missing validation to reject past dates, unlike the +regular time parsing. + +Add the same past date validation used by parsetime() to the posixtime() +code path to ensure consistent behavior when parsing time. +--- + at.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/at.c b/at.c +index 8d0feaa..3fb0582 100644 +--- a/at.c ++++ b/at.c +@@ -951,6 +951,11 @@ main(int argc, char **argv) + fprintf(stderr, "invalid date format: %s\n", optarg); + exit(EXIT_FAILURE); + } ++ /* Check if the parsed time is in the past */ ++ if (timer < time(NULL)) { ++ fprintf(stderr, "at: refusing to create job destined in the past\n"); ++ exit(EXIT_FAILURE); ++ } + break; + + case 'o': +-- +2.49.0 + diff --git a/at.spec b/at.spec index 51a0785..1bf04e7 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 15%{?dist} +Release: 16%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -31,6 +31,7 @@ Patch: at-3.1.16-clear-nonjobs.patch Patch: at-3.2.2-lock-locks.patch Patch: at-3.1.23-document-n.patch Patch: at-3.1.20-log-jobs.patch +Patch: at-3.2.5-past-date.patch BuildRequires: gcc BuildRequires: flex flex-static bison autoconf @@ -166,6 +167,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jun 25 2025 Ondřej Pohořelský - 3.2.5-16 +- Fix past date handling with -t option + * Mon May 05 2025 Ondřej Pohořelský - 3.2.5-15 - Claim ownership of /usr/share/at - Resolves: rhbz#2283298 From e11f7fc108132b9b3eb4daa6728a4c65ccefb907 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= Date: Fri, 4 Jul 2025 13:22:58 +0200 Subject: [PATCH 80/86] tests: migrate from STI to TMT --- .fmf/version | 1 + plans/ci.fmf | 5 +++++ tests/initscript/main.fmf | 12 ++++++++++++ tests/initscript/runtest.sh | 2 +- tests/tests.yml | 13 ------------- 5 files changed, 19 insertions(+), 14 deletions(-) create mode 100644 .fmf/version create mode 100644 plans/ci.fmf create mode 100644 tests/initscript/main.fmf delete mode 100644 tests/tests.yml diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/plans/ci.fmf b/plans/ci.fmf new file mode 100644 index 0000000..c1627f9 --- /dev/null +++ b/plans/ci.fmf @@ -0,0 +1,5 @@ +summary: Basic smoke test +discover: + how: fmf +execute: + how: tmt diff --git a/tests/initscript/main.fmf b/tests/initscript/main.fmf new file mode 100644 index 0000000..275b067 --- /dev/null +++ b/tests/initscript/main.fmf @@ -0,0 +1,12 @@ +summary: Initscript sanity +description: '' +contact: Radek Biba +component: + - at +test: ./runtest.sh +framework: beakerlib +recommend: + - at +duration: 5m +extra-summary: /CoreOS/at/Sanity/initscript +extra-task: /CoreOS/at/Sanity/initscript diff --git a/tests/initscript/runtest.sh b/tests/initscript/runtest.sh index a84aecb..67ecc2d 100755 --- a/tests/initscript/runtest.sh +++ b/tests/initscript/runtest.sh @@ -27,7 +27,7 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include rhts environment -. /usr/share/rhts-library/rhtslib.sh +. /usr/share/beakerlib/beakerlib.sh || exit 1 PACKAGE="at" SERVICE="atd" diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index 751a586..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# This first play always runs on the local staging system -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - - container - - atomic - tests: - - initscript - required_packages: - - at # Required to run initscript From 1fc88529b95f6206e1e0cc6466241e010e6d3c36 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 17:22:50 +0000 Subject: [PATCH 81/86] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 1bf04e7..44553a5 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 16%{?dist} +Release: 17%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -167,6 +167,9 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Wed Jul 23 2025 Fedora Release Engineering - 3.2.5-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Wed Jun 25 2025 Ondřej Pohořelský - 3.2.5-16 - Fix past date handling with -t option From 774dcfc0e121c81b6835df89ff5c83c708d2a5a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Wed, 27 Aug 2025 15:55:17 +0200 Subject: [PATCH 82/86] Use systemd-tmpfiles for /var/spool/at directories Replace RPM scriptlets with systemd-tmpfiles to create /var/spool/at structure, fixing Image Mode compatibility and bootc container lint warnings. --- at-tmpfiles.conf | 6 ++++++ at.spec | 22 ++++++++++++++-------- 2 files changed, 20 insertions(+), 8 deletions(-) create mode 100644 at-tmpfiles.conf diff --git a/at-tmpfiles.conf b/at-tmpfiles.conf new file mode 100644 index 0000000..8eec9a7 --- /dev/null +++ b/at-tmpfiles.conf @@ -0,0 +1,6 @@ +# at - Tmpfiles configuration for at daemon +# Create /var/spool/at directory structure for the at daemon + +d /var/spool/at 0700 root root - - +d /var/spool/at/spool 0700 root root - - +f /var/spool/at/.SEQ 0600 root root - - diff --git a/at.spec b/at.spec index 44553a5..3b02e46 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 17%{?dist} +Release: 18%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -12,6 +12,7 @@ URL: http://ftp.debian.org/debian/pool/main/a/at Source: http://software.calhariz.com/at/at_%{version}.orig.tar.gz # git upstream source git://git.debian.org/git/collab-maint/at.git Source1: pam_atd +Source2: at-tmpfiles.conf Source3: atd.sysconf Source5: atd.systemd @@ -38,6 +39,7 @@ BuildRequires: flex flex-static bison autoconf BuildRequires: libselinux-devel >= 1.27.9 BuildRequires: perl(Test::Harness) BuildRequires: perl(Test::More) +BuildRequires: systemd-rpm-macros %if %{with pam} BuildRequires: pam-devel @@ -50,6 +52,7 @@ BuildRequires: make Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units +Requires: systemd-tmpfiles # at-sysvinit subpackage dropped Obsoletes: at-sysvinit < 3.1.16-1 @@ -115,18 +118,24 @@ install -m 644 %{SOURCE3} %{buildroot}/etc/sysconfig/atd mkdir -p %{buildroot}/%{_unitdir}/ install -m 644 %{SOURCE5} %{buildroot}/%{_unitdir}/atd.service +# install tmpfiles configuration +mkdir -p %{buildroot}%{_tmpfilesdir} +install -m 644 %{SOURCE2} %{buildroot}%{_tmpfilesdir}/at.conf + # remove unpackaged files from the buildroot rm -r %{buildroot}%{_prefix}/doc +# Remove .SEQ file created by make install - tmpfiles will create it +rm -f %{buildroot}%{_localstatedir}/spool/at/.SEQ %check make test %post -touch %{_localstatedir}/spool/at/.SEQ -chmod 600 %{_localstatedir}/spool/at/.SEQ -chown root:root %{_localstatedir}/spool/at/.SEQ %systemd_post atd.service +# Create directories and files using tmpfiles +%tmpfiles_create at.conf + %preun %systemd_preun atd.service @@ -151,10 +160,8 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %doc README timespec ChangeLog %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd -%attr(0700,root,root) %dir %{_localstatedir}/spool/at -%attr(0600,root,root) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ -%attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd +%{_tmpfilesdir}/at.conf %{_bindir}/atrun %attr(0755,root,root) %{_bindir}/atd %{_mandir}/man*/* @@ -163,7 +170,6 @@ chown root:root %{_localstatedir}/spool/at/.SEQ %{_bindir}/atq %attr(4755,root,root) %{_bindir}/at %{_datadir}/at/ -%{_datadir}/at/batch-job %attr(0644,root,root) /%{_unitdir}/atd.service %changelog From 96f550ec593ca5e92c203beeb80cfe0b60ce8ea2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Thu, 18 Sep 2025 12:49:15 +0200 Subject: [PATCH 83/86] Add /var/spool/at and /var/spool/at/spool directories into %%files section --- at.spec | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 3b02e46..f74305b 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 18%{?dist} +Release: 19%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -161,6 +161,8 @@ make test %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/at.deny %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/atd %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/atd +%attr(0700,root,root) %dir %{_localstatedir}/spool/at +%attr(0700,root,root) %dir %{_localstatedir}/spool/at/spool %{_tmpfilesdir}/at.conf %{_bindir}/atrun %attr(0755,root,root) %{_bindir}/atd @@ -173,6 +175,13 @@ make test %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Thu Sep 18 2025 Ondřej Pohořelský - 3.2.5-19 +- Add /var/spool/at and /var/spool/at/spool directories into %%files section +- Resolves: rhbz#2396330 + +* Wed Aug 27 2025 Ondřej Pohořelský - 3.2.5-18 +- Use systemd-tmpfiles for /var/spool/at directories + * Wed Jul 23 2025 Fedora Release Engineering - 3.2.5-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From ced9e7e3752bd28284339d46b36a106452a45bec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Wed, 24 Sep 2025 18:32:27 +0200 Subject: [PATCH 84/86] Remove broken and unused git submodule from tests --- tests/at | 1 - 1 file changed, 1 deletion(-) delete mode 160000 tests/at diff --git a/tests/at b/tests/at deleted file mode 160000 index 30cccc8..0000000 --- a/tests/at +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 30cccc88a2064eb05018a09d65164a26972cd5b5 From 99f9f320e1cd4b9d717a90f38b94afd7cfa8af34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= Date: Mon, 29 Sep 2025 10:26:16 +0200 Subject: [PATCH 85/86] Remove unnecessary Require --- at.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/at.spec b/at.spec index f74305b..4773caa 100644 --- a/at.spec +++ b/at.spec @@ -52,7 +52,6 @@ BuildRequires: make Requires(post): systemd-units Requires(preun): systemd-units Requires(postun): systemd-units -Requires: systemd-tmpfiles # at-sysvinit subpackage dropped Obsoletes: at-sysvinit < 3.1.16-1 From c6de37879a86d935a52ff6fb08bc601193409e5a Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 16 Jan 2026 04:04:41 +0000 Subject: [PATCH 86/86] Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild --- at.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/at.spec b/at.spec index 4773caa..60d9fd4 100644 --- a/at.spec +++ b/at.spec @@ -3,7 +3,7 @@ Summary: Job spooling tools Name: at Version: 3.2.5 -Release: 19%{?dist} +Release: 20%{?dist} # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright # + install-sh is MIT license with changes under Public Domain License: GPL-3.0-or-later AND GPL-2.0-or-later AND ISC @@ -174,6 +174,9 @@ make test %attr(0644,root,root) /%{_unitdir}/atd.service %changelog +* Fri Jan 16 2026 Fedora Release Engineering - 3.2.5-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild + * Thu Sep 18 2025 Ondřej Pohořelský - 3.2.5-19 - Add /var/spool/at and /var/spool/at/spool directories into %%files section - Resolves: rhbz#2396330