filter environment variables not acceptable in bash input (#1147043)

This reverts commit 6059ae8011.

at-3.1.10-filter-environment.patch

@@ -0,0 +1,26 @@
+diff -up at-3.1.10/at.c.filter-environment at-3.1.10/at.c
+--- at-3.1.10/at.c.filter-environment	2014-10-02 10:21:01.684890331 +0200
++++ at-3.1.10/at.c	2014-10-02 10:21:40.678770635 +0200
+@@ -388,6 +388,22 @@ writefile(time_t runtimer, char queue)
+ 	int export = 1;
+ 	char *eqp;
+ 
++        /* Only accept alphanumerics and underscore in variable names.
++         * Also require the name to not start with a digit.
++         * Some shells don't like other variable names.
++         */
++        {
++            char *p = *atenv;
++            if (isdigit(*p))
++                export = 0;
++            for (; *p != '=' && *p != '\0'; ++p) {
++                if (!isalnum(*p) && *p != '_') {
++                    export = 0;
++                    break;
++                }
++            }
++        }
++
+ 	eqp = strchr(*atenv, '=');
+ 	if (ap == NULL)
+ 	    eqp = *atenv;

at-3.1.13-pam.patch

@@ -1,6 +1,6 @@
 diff -up at-3.1.13/at.c.pam at-3.1.13/at.c
---- at-3.1.13/at.c.pam	2012-04-19 16:50:57.491000001 +0200
-+++ at-3.1.13/at.c	2012-04-19 16:50:57.505000001 +0200
+--- at-3.1.13/at.c.pam	2013-12-03 16:42:16.582903011 +0100
++++ at-3.1.13/at.c	2013-12-03 16:42:16.585903079 +0100
 @@ -141,18 +141,13 @@ sigc(int signo)
  /* If the user presses ^C, remove the spool file and exit 
   */
@@ -90,8 +90,8 @@ diff -up at-3.1.13/at.c.pam at-3.1.13/at.c
  		    break;
  
 diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c
---- at-3.1.13/atd.c.pam	2012-04-19 16:50:57.498000001 +0200
-+++ at-3.1.13/atd.c	2012-04-19 16:52:37.209000138 +0200
+--- at-3.1.13/atd.c.pam	2013-12-03 16:42:16.584903056 +0100
++++ at-3.1.13/atd.c	2013-12-03 16:53:42.835351089 +0100
 @@ -111,7 +111,7 @@ static int run_as_daemon = 0;
  
  static volatile sig_atomic_t term_signal = 0;
@@ -174,25 +174,20 @@ diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c
  	    nice((tolower((int) queue) - 'a' + 1) * 2);
  
  	    if (initgroups(pentry->pw_name, pentry->pw_gid))
-@@ -458,7 +449,16 @@ run_file(const char *filename, uid_t uid
+@@ -456,9 +447,9 @@ run_file(const char *filename, uid_t uid
  
- 	    if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
- 		perr("Exec failed for /bin/sh");
+ 	    chdir("/");
+ 
+-	    if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
+-		perr("Exec failed for /bin/sh");
 -
-+#ifdef  WITH_PAM
-+	    if ( ( nenvp != &nul ) && (pam_envp != 0L)  && (*pam_envp != 0L))
-+	    {
-+		for( nenvp = pam_envp; *nenvp != 0L; nenvp++)
-+			free(*nenvp);
-+		free( pam_envp );
-+		nenvp = &nul;
-+		pam_envp=0L;
-+	    }
-+#endif
++	    execle("/bin/sh", "sh", (char *) NULL, nenvp);
++	    perr("Exec failed for /bin/sh");
++            /* perr exits, the PRIV_END is just for nice form */
  	PRIV_END
      }
      /* We're the parent.  Let's wait.
-@@ -471,14 +471,6 @@ run_file(const char *filename, uid_t uid
+@@ -471,14 +462,6 @@ run_file(const char *filename, uid_t uid
       */
      waitpid(pid, (int *) NULL, 0);
  
@@ -207,52 +202,44 @@ diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c
      /* Send mail.  Unlink the output file after opening it, so it
       * doesn't hang around after the run.
       */
-@@ -509,8 +501,20 @@ run_file(const char *filename, uid_t uid
+@@ -509,8 +492,13 @@ run_file(const char *filename, uid_t uid
      unlink(newname);
      free(newname);
  
 +#ifdef ATD_MAIL_PROGRAM
      if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) {
 +       int mail_pid = -1;
-+#ifdef WITH_PAM
-+       AT_START_PAM;
-+       AT_OPEN_PAM_SESSION;
-+       closelog();
-+       openlog("atd", LOG_PID, LOG_ATD);
-+#endif
-+
-+   mail_pid = fork();
  
-+   if ( mail_pid == 0 )
-+   {
++     mail_pid = fork();
++
++     if ( mail_pid == 0 ) {
  	PRIV_START
  
  	    if (initgroups(pentry->pw_name, pentry->pw_gid))
-@@ -535,7 +539,21 @@ run_file(const char *filename, uid_t uid
+@@ -535,7 +523,20 @@ run_file(const char *filename, uid_t uid
  	    perr("Exec failed for mail command");
  
  	PRIV_END
-+   }
-+   else if ( mail_pid == -1 ) {
-+           perr("fork of mailer failed");
-+   }
-+   else {
-+           /* Parent */
-+           waitpid(mail_pid, (int *) NULL, 0);
-+   }
-+#ifdef WITH_PAM
-+   AT_CLOSE_PAM;
-+   closelog();
-+   openlog("atd", LOG_PID, LOG_ATD);
-+#endif
++     }
++     else if ( mail_pid == -1 ) {
++           syslog(LOG_ERR, "fork of mailer failed: %m");
++     }
++     /* Parent */
++     waitpid(mail_pid, (int *) NULL, 0);
      }
++
++#ifdef WITH_PAM
++    AT_CLOSE_PAM;
++    closelog();
++    openlog("atd", LOG_PID, LOG_ATD);
++#endif
 +#endif
      exit(EXIT_SUCCESS);
  }
  
 diff -up at-3.1.13/config.h.in.pam at-3.1.13/config.h.in
 --- at-3.1.13/config.h.in.pam	2011-06-25 14:43:14.000000000 +0200
-+++ at-3.1.13/config.h.in	2012-04-19 16:50:57.506000001 +0200
++++ at-3.1.13/config.h.in	2013-12-03 16:42:16.586903101 +0100
 @@ -68,8 +68,8 @@
  /* Define to 1 if you have the <nlist.h> header file. */
  #undef HAVE_NLIST_H
@@ -266,7 +253,7 @@ diff -up at-3.1.13/config.h.in.pam at-3.1.13/config.h.in
  #undef HAVE_PSTAT_GETDYNAMIC
 diff -up at-3.1.13/configure.ac.pam at-3.1.13/configure.ac
 --- at-3.1.13/configure.ac.pam	2011-06-25 14:43:14.000000000 +0200
-+++ at-3.1.13/configure.ac	2012-04-19 16:50:57.506000001 +0200
++++ at-3.1.13/configure.ac	2013-12-03 16:42:16.586903101 +0100
 @@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG
  AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
  AC_CHECK_HEADERS(security/pam_appl.h, [
@@ -292,7 +279,7 @@ diff -up at-3.1.13/configure.ac.pam at-3.1.13/configure.ac
  [ --with-daemon_groupname=DAEMON_GROUPNAME	Groupname to run under (default daemon) ],
 diff -up at-3.1.13/perm.c.pam at-3.1.13/perm.c
 --- at-3.1.13/perm.c.pam	2011-06-25 14:43:14.000000000 +0200
-+++ at-3.1.13/perm.c	2012-04-19 16:53:09.192001742 +0200
++++ at-3.1.13/perm.c	2013-12-03 16:42:16.586903101 +0100
 @@ -51,6 +51,14 @@
  #define PRIV_END while(0)
  #endif
@@ -359,7 +346,7 @@ diff -up at-3.1.13/perm.c.pam at-3.1.13/perm.c
      return allow;
 diff -up at-3.1.13/privs.h.pam at-3.1.13/privs.h
 --- at-3.1.13/privs.h.pam	2011-06-25 14:43:14.000000000 +0200
-+++ at-3.1.13/privs.h	2012-04-19 16:53:46.296016675 +0200
++++ at-3.1.13/privs.h	2013-12-03 16:42:16.586903101 +0100
 @@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da
  #error "Cannot implement user ID swapping without setreuid or setresuid"
  #endif

at-3.1.13-selinux.patch

@@ -1,6 +1,6 @@
 diff -up at-3.1.13/atd.c.selinux at-3.1.13/atd.c
---- at-3.1.13/atd.c.selinux	2012-11-01 15:11:21.368772308 +0100
-+++ at-3.1.13/atd.c	2012-11-01 15:13:16.809162818 +0100
+--- at-3.1.13/atd.c.selinux	2013-12-03 17:37:14.492141743 +0100
++++ at-3.1.13/atd.c	2013-12-03 17:49:44.141017027 +0100
 @@ -83,6 +83,14 @@
  #include "getloadavg.h"
  #endif
@@ -85,32 +85,21 @@ diff -up at-3.1.13/atd.c.selinux at-3.1.13/atd.c
  static void
  run_file(const char *filename, uid_t uid, gid_t gid)
  {
-@@ -446,9 +516,23 @@ run_file(const char *filename, uid_t uid
- 		perr("Cannot reset signal handler to default");
+@@ -433,6 +503,13 @@ run_file(const char *filename, uid_t uid
+ 
+ 	    nice((tolower((int) queue) - 'a' + 1) * 2);
  
- 	    chdir("/");
--
 +#ifdef WITH_SELINUX
-+            if (selinux_enabled > 0) {
-+                if (set_selinux_context(pentry->pw_name, filename) < 0)
-+                       perr("SELinux Failed to set context\n");
-+            }
++	    if (selinux_enabled > 0) {
++	        if (set_selinux_context(pentry->pw_name, filename) < 0)
++	               perr("SELinux Failed to set context\n");
++	    }
 +#endif
- 	    if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
- 		perr("Exec failed for /bin/sh");
-+//add for fedora
-+#ifdef WITH_SELINUX
-+               if (selinux_enabled>0)
-+                       if (setexeccon(NULL) < 0)
-+                               if (security_getenforce()==1)
-+                                       perr("Could not resset exec context for user %s\n", pentry->pw_name);
-+#endif
-+//end
-+//add for fedora
- #ifdef  WITH_PAM
- 	    if ( ( nenvp != &nul ) && (pam_envp != 0L)  && (*pam_envp != 0L))
- 	    {
-@@ -751,6 +835,10 @@ main(int argc, char *argv[])
++
+ 	    if (initgroups(pentry->pw_name, pentry->pw_gid))
+ 		perr("Cannot initialize the supplementary group access list");
+ 
+@@ -734,6 +811,10 @@ main(int argc, char *argv[])
      struct passwd *pwe;
      struct group *ge;
  
@@ -122,8 +111,8 @@ diff -up at-3.1.13/atd.c.selinux at-3.1.13/atd.c
   * daemon is fine.
   */
 diff -up at-3.1.13/config.h.in.selinux at-3.1.13/config.h.in
---- at-3.1.13/config.h.in.selinux	2012-11-01 15:11:21.368772308 +0100
-+++ at-3.1.13/config.h.in	2012-11-01 15:11:21.371772392 +0100
+--- at-3.1.13/config.h.in.selinux	2013-12-03 17:37:14.492141743 +0100
++++ at-3.1.13/config.h.in	2013-12-03 17:37:14.494141788 +0100
 @@ -71,6 +71,9 @@
  /* Define if you are building with_pam */
  #undef WITH_PAM
@@ -135,8 +124,8 @@ diff -up at-3.1.13/config.h.in.selinux at-3.1.13/config.h.in
  #undef HAVE_PSTAT_GETDYNAMIC
  
 diff -up at-3.1.13/configure.ac.selinux at-3.1.13/configure.ac
---- at-3.1.13/configure.ac.selinux	2012-11-01 15:11:21.369772335 +0100
-+++ at-3.1.13/configure.ac	2012-11-01 15:11:21.372772420 +0100
+--- at-3.1.13/configure.ac.selinux	2013-12-03 17:37:14.492141743 +0100
++++ at-3.1.13/configure.ac	2013-12-03 17:37:14.494141788 +0100
 @@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname,
  )
  AC_SUBST(DAEMON_GROUPNAME)
@@ -152,8 +141,8 @@ diff -up at-3.1.13/configure.ac.selinux at-3.1.13/configure.ac
  AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch)
  AC_OUTPUT
 diff -up at-3.1.13/Makefile.in.selinux at-3.1.13/Makefile.in
---- at-3.1.13/Makefile.in.selinux	2012-11-01 15:11:21.361772115 +0100
-+++ at-3.1.13/Makefile.in	2012-11-01 15:11:21.372772420 +0100
+--- at-3.1.13/Makefile.in.selinux	2013-12-03 17:37:14.486141608 +0100
++++ at-3.1.13/Makefile.in	2013-12-03 17:37:14.494141788 +0100
 @@ -39,6 +39,8 @@ LIBS		= @LIBS@
  LIBOBJS		= @LIBOBJS@
  INSTALL		= @INSTALL@

at-3.1.14-wrong_format.patch

@@ -0,0 +1,23 @@
+diff -up at-3.1.14/atd.c.seg at-3.1.14/atd.c
+--- at-3.1.14/atd.c.seg	2013-12-02 14:33:48.650769756 +0100
++++ at-3.1.14/atd.c	2013-12-02 14:52:49.057437721 +0100
+@@ -752,14 +752,17 @@ run_loop()
+ 	/* Is the file already locked?
+ 	 */
+ 	if (buf.st_nlink > 1) {
+-	    if (run_time + CHECK_INTERVAL <= now) {
+-
++	    if (buf.st_mtime + CHECK_INTERVAL <= now) {
+ 		/* Something went wrong the last time this was executed.
+ 		 * Let's remove the lockfile and reschedule.
++		 * We also change the timestamp to avoid rerunning the job more
++		 * than once every CHECK_INTERVAL.
+ 		 */
+ 		strncpy(lock_name, dirent->d_name, sizeof(lock_name));
+ 		lock_name[sizeof(lock_name)-1] = '\0';
+ 		lock_name[0] = '=';
++		if (utime(lock_name, 0) < 0)
++			syslog(LOG_ERR, "utime couldn't be set for lock file %s\n", lock_name);
+ 		unlink(lock_name);
+ 		next_job = now;
+ 		nothing_to_do = 0;

at.spec

@@ -3,7 +3,7 @@
 Summary:	Job spooling tools
 Name:		at
 Version:	3.1.13
-Release:	12%{dist}
+Release:	15%{?dist}
 # http://packages.debian.org/changelogs/pool/main/a/at/current/copyright
 # + install-sh is MIT license with changes under Public Domain
 License:	GPLv3+ and GPLv2+ and ISC and MIT and Public Domain
@@ -28,6 +28,8 @@ Patch8:		at-3.1.12-fix_no_export.patch
 Patch9:         at-3.1.13-mailwithhostname.patch
 Patch10:        at-3.1.13-usePOSIXtimers.patch
 Patch11:        at-3.1.13-help.patch
+Patch12:        at-3.1.14-wrong_format.patch
+Patch13:        at-3.1.10-filter-environment.patch
 
 BuildRequires: fileutils /etc/init.d
 BuildRequires: flex flex-static bison autoconf
@@ -81,6 +83,8 @@ cp %{SOURCE1} .
 %patch9 -p1 -b .mail
 %patch10 -p1 -b .posix
 %patch11 -p1 -b .help
+%patch12 -p1 -b .wrong
+%patch13 -p1 -b .filter-environment
 
 %build
 # patch9 touches configure.in
@@ -96,7 +100,7 @@ rm -f lex.yy.* y.tab.*
 	--with-pam
 %endif
 
-make %{?_smp_mflags} V=1
+make V=1
 
 %install
 make install \
@@ -187,6 +191,13 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ
 %attr(0755,root,root)		%{_initrddir}/atd
 
 %changelog
+* Sat Oct  4 2014 Tomáš Mráz <tmraz@redhat.com> - 3.1.13-15
+- filter environment variables not acceptable in bash input (#1147043)
+
+* Wed Dec  4 2013 Marcela Mašláňová <mmaslano@redhat.com> 3.1.13-13
+- 989201 PAM issue prevents atd sending mail
+- 718422 File a0000f0149b7f3 is in wrong format
+
 * Mon Feb 11 2013 Peter Robinson <pbrobinson@fedoraproject.org> 3.1.13-12
 - Fix patch to fix FTBFS with gcc 4.8