pool/at
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 178545 from Base:System

Browse Source 
Upgrade to 3.1.13 (forwarded request 178540 from ralflangb1)

OBS-URL: https://build.opensuse.org/request/show/178545
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/at?expand=0&rev=51
This commit is contained in:
Stephan Kulow 2013-06-18 08:02:04 +00:00 committed by Git OBS Bridge
commit 06c9af305a
28 changed files with 771 additions and 954 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
at-3.1.13-documentation-dir.patch Normal file
View File

@ -0,0 +1,17 @@
Index: at.1.in
===================================================================
--- at.1.in.orig
+++ at.1.in
@@ -124,11 +124,11 @@ to run a job at 10:00am on July 31, you
.B at 10am Jul 31
and to run a job at 1am tomorrow, you would do
.B at 1am tomorrow.
.PP
The definition of the time specification can be found in
-.IR @prefix@/share/doc/at/timespec .
+.IR @prefix@/share/doc/packages/at/timespec .
.PP
For both
.BR at " and " batch ,
commands are read from standard input or the file specified
with the

26
at-3.1.8-formatbugs.patch → at-3.1.13-formatbugs.patch
View File

@ -1,17 +1,10 @@
--- atd.c.orig
+++ atd.c
@@ -293,7 +293,7 @@ run_file(const char *filename, uid_t uid
if (buf.st_nlink > 2) {
perr("Someboy is trying to run a linked script for job %8lu (%.500s)",
- filename);
+ jobno, filename);
}
if ((fflags = fcntl(fd_in, F_GETFD)) < 0)
perr("Error in fcntl");
Index: daemon.h
===================================================================
--- daemon.h.orig
+++ daemon.h
@@ -5,12 +5,12 @@ void
@@ -3,15 +3,15 @@ void daemon_cleanup(void);
void
#ifdef HAVE_ATTRIBUTE_NORETURN
__attribute__((noreturn))
#endif
@ -26,9 +19,14 @@
+perr (const char *fmt, ...) __attribute__((__format__(printf,1,2)));
extern int daemon_debug;
extern int daemon_foreground;
Index: panic.h
===================================================================
--- panic.h.orig
+++ panic.h
@@ -26,7 +26,9 @@ void
@@ -24,11 +24,13 @@ __attribute__((noreturn))
panic(char *a);
void
#ifdef HAVE_ATTRIBUTE_NORETURN
__attribute__((noreturn))
#endif
@ -39,3 +37,5 @@
void
#ifdef HAVE_ATTRIBUTE_NORETURN
__attribute__((noreturn))
#endif
usage(void);

77
at-3.1.8-joblist.patch → at-3.1.13-joblist.patch
View File

@ -1,18 +1,25 @@
Index: at.c
===================================================================
--- at.c.orig
+++ at.c
@@ -133,8 +133,10 @@ static void sigc(int signo);
@@ -132,11 +132,13 @@ char atverify = 0; /* verify time inste
static void sigc(int signo);
static void alarmc(int signo);
static char *cwdname(void);
static void writefile(time_t runtimer, char queue);
-static void list_jobs(void);
+static void list_jobs(long *, int);
static time_t ttime(const char *arg);
+static int in_job_list(long, long *, int);
+static long *get_job_list(int, char *[], int *);
/* Signal catching functions */
@@ -526,8 +528,20 @@ writefile(time_t runtimer, char queue)
static RETSIGTYPE
sigc(int signo)
@@ -545,12 +547,24 @@ writefile(time_t runtimer, char queue)
break;
}
return;
}
@ -29,12 +36,16 @@
+}
+
static void
-list_jobs()
-list_jobs(void)
+list_jobs(long *joblist, int len)
{
/* List all a user's jobs in the queue, by looping through ATJOB_DIR,
* or everybody's if we are root
@@ -566,6 +580,10 @@ list_jobs()
*/
DIR *spool;
@@ -585,10 +599,14 @@ list_jobs(void)
continue;
if (sscanf(dirent->d_name, "%c%5lx%8lx", &queue, &jobno, &ctm) != 3)
continue;
@ -45,9 +56,13 @@
if (atqueue && (queue != atqueue))
continue;
@@ -743,6 +761,28 @@ terr:
"out of range or illegal time specification: [[CC]YY]MMDDhhmm[.SS]");
}
runtimer = 60 * (time_t) ctm;
runtime = localtime(&runtimer);
@@ -706,10 +724,33 @@ process_jobs(int argc, char **argv, int
}
}
return rc;
} /* delete_jobs */
+static long *
+get_job_list(int argc, char *argv[], int *joblen)
@ -71,27 +86,32 @@
+ *joblen = len;
+ return joblist;
+}
+
/* Global functions */
@@ -769,9 +809,13 @@ main(int argc, char **argv)
char *options = "q:f:t:MmvldrhVc"; /* default options for at */
void *
mymalloc(size_t n)
{
@@ -731,10 +772,12 @@ main(int argc, char **argv)
int program = AT; /* our default program */
char *options = "q:f:MmvlrdhVct:"; /* default options for at */
int disp_version = 0;
time_t timer;
+ long *joblist;
+ int joblen;
time_t timer = 0;
+ long *joblist = NULL;
+ int joblen = 0;
struct passwd *pwe;
struct group *ge;
+ joblist = NULL;
+ joblen = 0;
timer = -1;
RELINQUISH_PRIVS
@@ -901,7 +945,9 @@ main(int argc, char **argv)
@@ -868,12 +911,13 @@ main(int argc, char **argv)
switch (program) {
int i;
case ATQ:
REDUCE_PRIV(daemon_uid, daemon_gid)
-
- list_jobs();
+ if (queue_set == 0)
+ joblist = get_job_list(argc - optind, argv + optind, &joblen);
@ -99,14 +119,21 @@
break;
case ATRM:
REDUCE_PRIV(daemon_uid, daemon_gid)
Index: panic.c
===================================================================
--- panic.c.orig
+++ panic.c
@@ -95,6 +95,8 @@ usage(void)
" at [-V] -c job [job ...]\n"
" at [-V] -r job [job ...]\n"
" at [-V] [-f file] -t [[CC]YY]MMDDhhmm[.SS]\n"
+ " at [-V] -l -q queuename\n"
@@ -93,10 +93,11 @@ usage(void)
/* Print usage and exit.
*/
fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mlbv] timespec ...\n"
" at [-V] [-q x] [-f file] [-mlbv] -t time\n"
" at -c job ...\n"
+ " at [-V] -l [job ...]\n"
" atq [-V] [-q x]\n"
" atrm [-V] [-q x] job ...\n"
" batch [-V] [-f file] [-m]\n");
" at [ -rd ] job ...\n"
" atrm [-V] job ...\n"
" batch\n");
exit(EXIT_FAILURE);

30
at-3.1.13-leak-fix.patch Normal file
View File

@ -0,0 +1,30 @@
Index: at.c
===================================================================
--- at.c.orig
+++ at.c
@@ -616,10 +616,13 @@ list_jobs(long *joblist, int len)
if ((pwd = getpwuid(buf.st_uid)))
printf("%ld\t%s %c %s\n", jobno, timestr, queue, pwd->pw_name);
else
printf("%ld\t%s %c\n", jobno, timestr, queue);
}
+
+ closedir(spool);
+
PRIV_END
}
static int
process_jobs(int argc, char **argv, int what)
@@ -698,10 +701,11 @@ process_jobs(int argc, char **argv, int
if (fp) {
while ((ch = getc(fp)) != EOF) {
putchar(ch);
}
done = 1;
+ fclose(fp);
}
else {
perr("Cannot open %.500s", dirent->d_name);
rc = EXIT_FAILURE;
}

36
at-3.1.8-massive_batch.patch → at-3.1.13-massive_batch.patch
View File

@ -1,6 +1,10 @@
Index: atd.c
===================================================================
--- atd.c.orig
+++ atd.c
@@ -137,9 +137,10 @@ static char rcsid[] = "$Id: atd.c,v 1.28
@@ -112,13 +112,14 @@ gid_t daemon_gid = (gid_t) - 3;
static char *namep;
static double load_avg = LOADAVG_MX;
static time_t now;
static time_t last_chg;
@ -12,20 +16,29 @@
static volatile sig_atomic_t term_signal = 0;
@@ -152,9 +153,10 @@ set_term(int dummy)
#ifdef WITH_PAM
#include <security/pam_appl.h>
@@ -146,14 +147,14 @@ set_term(int dummy)
{
term_signal = 1;
return;
}
RETSIGTYPE
-RETSIGTYPE
-sdummy(int dummy)
+RETSIGTYPE
+set_hup(int dummy)
{
- /* Empty signal handler */
+ hupped = 1;
+ nothing_to_do = 0;
nothing_to_do = 0;
return;
}
@@ -790,6 +792,7 @@ run_loop()
/* SIGCHLD handler - discards completion status of children */
@@ -807,10 +808,11 @@ run_loop()
if (nothing_to_do && buf.st_mtime <= last_chg)
return next_job;
last_chg = buf.st_mtime;
@ -33,7 +46,11 @@
if ((spool = opendir(".")) == NULL)
perr("Cannot read " ATJOB_DIR);
@@ -1014,7 +1017,7 @@ main(int argc, char *argv[])
run_batch = 0;
nothing_to_do = 1;
@@ -1043,11 +1045,11 @@ main(int argc, char *argv[])
* A signal handler setting term_signal will make sure there's
* a clean exit.
*/
sigaction(SIGHUP, NULL, &act);
@ -42,7 +59,11 @@
sigaction(SIGHUP, &act, NULL);
sigaction(SIGTERM, NULL, &act);
@@ -1030,9 +1033,10 @@ main(int argc, char *argv[])
act.sa_handler = set_term;
sigaction(SIGTERM, &act, NULL);
@@ -1059,12 +1061,13 @@ main(int argc, char *argv[])
daemon_setup();
do {
now = time(NULL);
next_invocation = run_loop();
@ -54,3 +75,4 @@
} while (!term_signal);
daemon_cleanup();
exit(EXIT_SUCCESS);
}

16
at-3.1.8-pam-session-as-root.patch → at-3.1.13-pam-session-as-root.patch
View File

@ -1,7 +1,11 @@
Index: atd.c
===================================================================
--- atd.c.orig
+++ atd.c
@@ -612,11 +612,13 @@ run_file(const char *filename, uid_t uid
unlink(filename);
@@ -663,15 +663,17 @@ run_file(const char *filename, uid_t uid
if (unlink(filename) == -1)
syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s",
jobno, strerror(errno));
#ifdef WITH_PAM
+ PRIV_START
@ -14,7 +18,11 @@
#endif
/* The job is now finished. We can delete its input file.
@@ -737,11 +739,13 @@ run_file(const char *filename, uid_t uid
*/
chdir(ATJOB_DIR);
@@ -784,15 +786,17 @@ run_file(const char *filename, uid_t uid
{
/* Parent */
waitpid(mail_pid, (int *) NULL, 0);
}
#ifdef WITH_PAM
@ -28,3 +36,5 @@
#endif
}
exit(EXIT_SUCCESS);
}

333
at-3.1.8-pam.patch → at-3.1.13-pam.patch
View File

@ -1,46 +1,13 @@
--- Makefile.in.orig
+++ Makefile.in
@@ -28,6 +28,7 @@ YACC = @YACC@
LEX = @LEX@
LEXLIB = @LEXLIB@
SELINUXLIB = @SELINUXLIB@
+PAMLIB = @PAMLIB@
CC = @CC@
CFLAGS = @CFLAGS@
@@ -73,7 +74,7 @@ at: $(ATOBJECTS)
$(LN_S) -f at atrm
atd: $(RUNOBJECTS)
- $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB)
+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB)
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
Index: atd.c
===================================================================
--- atd.c.orig
+++ atd.c
@@ -93,6 +93,17 @@ int selinux_enabled=0;
@@ -89,10 +89,14 @@
int selinux_enabled=0;
#include <selinux/flask.h>
#include <selinux/av_permissions.h>
#endif
+#ifdef WITH_PAM
+#include <security/pam_appl.h>
+static pam_handle_t *pamh = NULL;
+#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ pam_close_session(pamh, PAM_SILENT); \
+ pam_end(pamh, retcode); exit(1); \
+ }
+#endif
+
/* Local headers */
#include "privs.h"
@@ -102,6 +113,10 @@ int selinux_enabled=0;
#include "getloadavg.h"
#endif
+#ifndef LOG_ATD
+#define LOG_ATD LOG_DAEMON
+#endif
@ -48,8 +15,44 @@
/* Macros */
#define BATCH_INTERVAL_DEFAULT 60
@@ -195,6 +210,47 @@ myfork()
#define fork myfork
#define CHECK_INTERVAL 3600
@@ -114,11 +118,11 @@ static int nothing_to_do;
unsigned int batch_interval;
static int run_as_daemon = 0;
static volatile sig_atomic_t term_signal = 0;
-#ifdef HAVE_PAM
+#ifdef WITH_PAM
#include <security/pam_appl.h>
static pam_handle_t *pamh = NULL;
static const struct pam_conv conv = {
@@ -126,16 +130,17 @@ static const struct pam_conv conv = {
};
#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
+ pam_close_session(pamh, PAM_SILENT); \
pam_end(pamh, retcode); exit(1); \
}
#define PAM_END { retcode = pam_close_session(pamh,0); \
pam_end(pamh,retcode); }
-#endif /* HAVE_PAM */
+#endif /* WITH_PAM */
/* Signal handlers */
RETSIGTYPE
set_term(int dummy)
{
@@ -263,10 +268,23 @@ static int set_selinux_context(const cha
freecon(user_context);
return 0;
}
#endif
+#undef ATD_MAIL_PROGRAM
@ -64,73 +67,54 @@
+#define ATD_MAIL_PROGRAM MAILX
+#define ATD_MAIL_NAME "mailx"
+#endif
+
+#ifdef WITH_PAM
+static int
+cron_conv(int num_msg, const struct pam_message **msgm,
+ struct pam_response **response, void *appdata_ptr)
+{
+ struct pam_message**m = msgm;
+ int i;
+
+ for (i = 0; i < num_msg; i++) {
+ switch (m[i]->msg_style) {
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ if (m[i]->msg != NULL) {
+ syslog (LOG_NOTICE, "%s", m[i]->msg);
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ return (0);
+}
+
+static const struct pam_conv conv = {
+ cron_conv, NULL
+};
+#endif
+
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
@@ -217,6 +273,9 @@ run_file(const char *filename, uid_t uid
/* Run a file by by spawning off a process which redirects I/O,
* spawns a subshell, then waits for it to complete and sends
@@ -288,11 +306,11 @@ run_file(const char *filename, uid_t uid
int ngid;
char queue;
char fmt[64];
unsigned long jobno;
int rc;
-#ifdef HAVE_PAM
+#ifdef WITH_PAM
+ int retcode;
+#endif
int retcode;
#endif
sscanf(filename, "%c%5lx", &queue, &jobno);
@@ -361,6 +420,23 @@ run_file(const char *filename, uid_t uid
#ifdef _SC_LOGIN_NAME_MAX
errno = 0;
@@ -450,20 +468,24 @@ run_file(const char *filename, uid_t uid
write_string(fd_out, mailname);
write_string(fd_out, "\n\n");
fstat(fd_out, &buf);
size = buf.st_size;
-#ifdef HAVE_PAM
+#ifdef WITH_PAM
+ PRIV_START
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
+ PAM_FAIL_CHECK;
PRIV_START
retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
PAM_FAIL_CHECK;
+ retcode = pam_set_item(pamh, PAM_TTY, "atd");
+ PAM_FAIL_CHECK;
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_open_session(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
+ PAM_FAIL_CHECK;
retcode = pam_acct_mgmt(pamh, PAM_SILENT);
PAM_FAIL_CHECK;
retcode = pam_open_session(pamh, PAM_SILENT);
PAM_FAIL_CHECK;
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
PAM_FAIL_CHECK;
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
+ PRIV_END
+#endif
+
PRIV_END
#endif
close(STDIN_FILENO);
close(STDOUT_FILENO);
close(STDERR_FILENO);
@@ -372,6 +448,16 @@ run_file(const char *filename, uid_t uid
@@ -474,10 +496,20 @@ run_file(const char *filename, uid_t uid
perr("Error in fork");
else if (pid == 0) {
char *nul = NULL;
char **nenvp = &nul;
@ -147,27 +131,27 @@
/* Set up things for the child; we want standard input from the
* input file, and standard output and error sent to our output file.
@@ -394,8 +480,6 @@ run_file(const char *filename, uid_t uid
if (chdir(ATJOB_DIR) < 0)
perr("Cannot chdir to " ATJOB_DIR);
*/
if (lseek(fd_in, (off_t) 0, SEEK_SET) < 0)
@@ -493,12 +525,10 @@ run_file(const char *filename, uid_t uid
perr("Error in I/O redirection");
close(fd_in);
close(fd_out);
- PRIV_START
-
nice((tolower((int) queue) - 'a' + 1) * 2);
if (initgroups(pentry->pw_name, pentry->pw_gid))
@@ -485,6 +569,24 @@ run_file(const char *filename, uid_t uid
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
perr("Cannot initialize the supplementary group access list");
@@ -526,10 +556,20 @@ run_file(const char *filename, uid_t uid
if (security_getenforce()==1)
perr("Could not resset exec context for user %s\n", pentry->pw_name);
#endif
//end
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0) {
+ if (setexeccon(NULL) < 0) {
+ perr("Could not resset exec context for user %s\n", pentry->pw_name);
+ }
+ }
+#endif
+
+#ifdef WITH_PAM
+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L))
+ {
@ -181,23 +165,32 @@
PRIV_END
}
/* We're the parent. Let's wait.
@@ -498,13 +600,6 @@ run_file(const char *filename, uid_t uid
*/
close(fd_in);
@@ -538,18 +578,10 @@ run_file(const char *filename, uid_t uid
non-blocking waitpid. So this blocking one will eventually
return with an ECHILD error.
*/
waitpid(pid, (int *) NULL, 0);
-#ifdef WITH_SELINUX
- if (selinux_enabled>0) {
- if (setexeccon(NULL) < 0) {
- perr("Could not reset exec context for user %s\n", pentry->pw_name);
- }
- }
-#endif
-#ifdef HAVE_PAM
- PRIV_START
- pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
- retcode = pam_close_session(pamh, PAM_SILENT);
- pam_end(pamh, retcode);
- PRIV_END
-#endif
-
/* Send mail. Unlink the output file after opening it, so it
* doesn't hang around after the run.
*/
@@ -514,6 +609,14 @@ run_file(const char *filename, uid_t uid
fstat(fd_out, &buf);
lseek(fd_out, 0, SEEK_SET);
@@ -570,19 +602,51 @@ run_file(const char *filename, uid_t uid
unlink(filename);
if (unlink(filename) == -1)
syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s",
jobno, strerror(errno));
+#ifdef WITH_PAM
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
@ -210,7 +203,8 @@
/* The job is now finished. We can delete its input file.
*/
chdir(ATJOB_DIR);
@@ -522,7 +625,31 @@ run_file(const char *filename, uid_t uid
unlink(newname);
free(newname);
if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) {
@ -241,8 +235,12 @@
+ PRIV_START
if (initgroups(pentry->pw_name, pentry->pw_gid))
perr("Cannot delete saved userids");
@@ -535,6 +662,47 @@ run_file(const char *filename, uid_t uid
perr("Cannot initialize the supplementary group access list");
if (setgid(gid) < 0)
@@ -591,18 +655,85 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
chdir ("/");
@ -288,9 +286,9 @@
+#endif
+
#if defined(SENDMAIL)
execl(SENDMAIL, "sendmail", mailname, (char *) NULL);
#elif defined(MAILC)
@@ -546,7 +714,33 @@ run_file(const char *filename, uid_t uid
execl(SENDMAIL, "sendmail", "-i", mailname, (char *) NULL);
#else
#error "No mail command specified."
#endif
perr("Exec failed for mail command");
@ -325,16 +323,11 @@
}
exit(EXIT_SUCCESS);
}
@@ -741,7 +935,7 @@ main(int argc, char *argv[])
#ifdef WITH_SELINUX
selinux_enabled=is_selinux_enabled();
-#endif
+#endif
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/
@@ -758,12 +952,7 @@ main(int argc, char *argv[])
static time_t
@@ -817,16 +948,11 @@ main(int argc, char *argv[])
daemon_gid = ge->gr_gid;
RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid)
@ -348,33 +341,60 @@
opterr = 0;
errno = 0;
run_as_daemon = 1;
batch_interval = BATCH_INTERVAL_DEFAULT;
Index: config.h.in
===================================================================
--- config.h.in.orig
+++ config.h.in
@@ -187,3 +187,7 @@
@@ -69,13 +69,10 @@
#undef HAVE_NLIST_H
/* Define if you are building with_selinux */
#undef WITH_SELINUX
+
+/* Define if you are building with_pam */
/* Define to 1 for PAM support */
#undef HAVE_PAM
-/* Define if you are building with_selinux */
-#undef WITH_SELINUX
-
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
/* Define to 1 if you have the <security/pam_appl.h> header file. */
#undef HAVE_SECURITY_PAM_APPL_H
@@ -143,11 +140,11 @@
#undef HAVE_VPRINTF
/* Define to 1 if you have the `waitpid' function. */
#undef HAVE_WAITPID
-/* Define to 1 if we need to provide our own yywrap() */
+/* need yywrap */
#undef NEED_YYWRAP
/* Define to 1 if your `struct nlist' has an `n_un' member. Obsolete, depend
on `HAVE_STRUCT_NLIST_N_UN_N_NAME */
#undef NLIST_NAME_UNION
@@ -193,10 +190,13 @@
/* Define to 1 for Encore UMAX 4.3 that has <inq_status/cpustats.h> instead of
<sys/cpustats.h>. */
#undef UMAX4_3
+/* use PAM */
+#undef WITH_PAM
+
--- configure.in.orig
+++ configure.in
@@ -323,4 +323,11 @@ AC_CHECK_LIB(selinux, is_selinux_enabled
AC_SUBST(SELINUXLIB)
AC_SUBST(WITH_SELINUX)
/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
`char[]'. */
#undef YYTEXT_POINTER
+AC_ARG_WITH(pam,
+[ --with-pam Define to enable pam support ],
+AC_DEFINE(WITH_PAM),
+)
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
+AC_SUBST(PAMLIB)
+
AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch)
/* Define to empty if `const' does not conform to ANSI C. */
Index: perm.c
===================================================================
--- perm.c.orig
+++ perm.c
@@ -109,14 +109,15 @@ user_in_file(const char *path, const cha
@@ -106,18 +106,19 @@ user_in_file(const char *path, const cha
/* Global functions */
int
check_permission()
{
@ -393,3 +413,24 @@
perror("Cannot access user database");
exit(EXIT_FAILURE);
}
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -265,7 +265,14 @@ AC_DEFINE(WITH_SELINUX),
)
AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
AC_SUBST(SELINUXLIB)
AC_SUBST(WITH_SELINUX)
+AC_ARG_WITH(pam,
+[ --with-pam Define to enable pam support ],
+AC_DEFINE(WITH_PAM),
+)
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
+AC_SUBST(PAMLIB)
+
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch)
AC_OUTPUT

37
at-3.1.13-pie.patch Normal file
View File

@ -0,0 +1,37 @@
Index: Makefile.in
===================================================================
--- Makefile.in.orig
+++ Makefile.in
@@ -65,17 +65,17 @@ LIST = Filelist Filelist.asc
.PHONY: all install clean dist distclean
all: at atd atrun
at: $(ATOBJECTS)
- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB)
rm -f $(CLONES)
$(LN_S) -f at atq
$(LN_S) -f at atrm
atd: $(RUNOBJECTS)
- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB)
+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB)
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
lex.yy.c: parsetime.l
@@ -83,11 +83,11 @@ lex.yy.c: parsetime.l
atrun: atrun.in
configure
.c.o:
- $(CC) -c $(CFLAGS) $(DEFS) $*.c
+ $(CC) -c $(CFLAGS) -fpie $(DEFS) $*.c
install: all
$(INSTALL) -m 755 -d $(IROOT)$(etcdir)
$(INSTALL) -m 755 -d $(IROOT)$(bindir)
$(INSTALL) -m 755 -d $(IROOT)$(sbindir)

17
at-3.1.13-queue-nice-level.patch Normal file
View File

@ -0,0 +1,17 @@
Index: atd.c
===================================================================
--- atd.c.orig
+++ atd.c
@@ -577,11 +577,11 @@ run_file(const char *filename, uid_t uid
perr("Error in I/O redirection");
close(fd_in);
close(fd_out);
- nice((tolower((int) queue) - 'a' + 1) * 2);
+ nice((tolower((int) queue) - 'a' ) );
if (initgroups(pentry->pw_name, pentry->pw_gid))
perr("Cannot initialize the supplementary group access list");
if (setgid(ngid) < 0)

206
at-3.1.13-selinux.patch Normal file
View File

@ -0,0 +1,206 @@
Index: atd.c
===================================================================
--- atd.c.orig
+++ atd.c
@@ -81,10 +81,18 @@
#ifndef HAVE_GETLOADAVG
#include "getloadavg.h"
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+int selinux_enabled=0;
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif
+
/* Macros */
#define BATCH_INTERVAL_DEFAULT 60
#define CHECK_INTERVAL 3600
@@ -193,10 +201,72 @@ myfork()
}
#define fork myfork
#endif
+#ifdef WITH_SELINUX
+static int set_selinux_context(const char *name, const char *filename) {
+ security_context_t user_context=NULL;
+ security_context_t file_context=NULL;
+ struct av_decision avd;
+ int retval=-1;
+ char *seuser=NULL;
+ char *level=NULL;
+
+ if (getseuserbyname(name, &seuser, &level) == 0) {
+ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
+ free(seuser);
+ free(level);
+ if (retval) {
+ if (security_getenforce()==1) {
+ perr("execle: couldn't get security context for user %s\n", name);
+ } else {
+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
+ return -1;
+ }
+ }
+ }
+
+ /*
+ * Since crontab files are not directly executed,
+ * crond must ensure that the crontab file has
+ * a context that is appropriate for the context of
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
+ perr("fgetfilecon FAILED %s", filename);
+
+ retval = security_compute_av(user_context,
+ file_context,
+ SECCLASS_FILE,
+ FILE__ENTRYPOINT,
+ &avd);
+ freecon(file_context);
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
+ if (security_getenforce()==1) {
+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
+ } else {
+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ goto err;
+ }
+ }
+ if (setexeccon(user_context) < 0) {
+ if (security_getenforce()==1) {
+ perr("Could not set exec context to %s for user %s\n", user_context,name);
+ retval = -1;
+ } else {
+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
+ }
+ }
+ err:
+ freecon(user_context);
+ return 0;
+}
+#endif
+
static void
run_file(const char *filename, uid_t uid, gid_t gid)
{
/* Run a file by by spawning off a process which redirects I/O,
* spawns a subshell, then waits for it to complete and sends
@@ -440,13 +510,25 @@ run_file(const char *filename, uid_t uid
if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
perr("Cannot reset signal handler to default");
chdir("/");
-
+#ifdef WITH_SELINUX
+ if (selinux_enabled > 0) {
+ if (set_selinux_context(pentry->pw_name, filename) < 0)
+ perr("SELinux Failed to set context\n");
+ }
+#endif
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0)
+ if (setexeccon(NULL) < 0)
+ if (security_getenforce()==1)
+ perr("Could not resset exec context for user %s\n", pentry->pw_name);
+#endif
+//end
PRIV_END
}
/* We're the parent. Let's wait.
*/
@@ -715,10 +797,14 @@ main(int argc, char *argv[])
time_t next_invocation;
struct sigaction act;
struct passwd *pwe;
struct group *ge;
+#ifdef WITH_SELINUX
+ selinux_enabled=is_selinux_enabled();
+#endif
+
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/
if ((pwe = getpwnam(DAEMON_USERNAME)) == NULL)
Index: config.h.in
===================================================================
--- config.h.in.orig
+++ config.h.in
@@ -69,10 +69,13 @@
#undef HAVE_NLIST_H
/* Define to 1 for PAM support */
#undef HAVE_PAM
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
+
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
/* Define to 1 if you have the <security/pam_appl.h> header file. */
#undef HAVE_SECURITY_PAM_APPL_H
Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -257,7 +257,15 @@ AC_ARG_WITH(daemon_groupname,
DAEMON_GROUPNAME=daemon
AC_MSG_RESULT(daemon)
)
AC_SUBST(DAEMON_GROUPNAME)
+AC_ARG_WITH(selinux,
+[ --with-selinux Define to run with selinux],
+AC_DEFINE(WITH_SELINUX),
+)
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch)
AC_OUTPUT
Index: Makefile.in
===================================================================
--- Makefile.in.orig
+++ Makefile.in
@@ -37,10 +37,12 @@ DEFS = @DEFS@ -DVERSION=\"$(VERSION)\"
-DLFILE=\"$(LFILE)\" -Wall
LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
INSTALL = @INSTALL@
PAMLIB = @PAMLIB@
+SELINUXLIB = @SELINUXLIB@
+
CLONES = atq atrm
ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o
RUNOBJECTS = atd.o daemon.o $(LIBOBJS)
CSRCS = at.c atd.c panic.c perm.c posixtm.c daemon.c getloadavg.c \
@@ -69,11 +71,11 @@ at: $(ATOBJECTS)
rm -f $(CLONES)
$(LN_S) -f at atq
$(LN_S) -f at atrm
atd: $(RUNOBJECTS)
- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB)
+ $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB)
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
lex.yy.c: parsetime.l

20
at-3.1.13-tomorrow.patch Normal file
View File

@ -0,0 +1,20 @@
Index: at-3.1.13/parsetime.y
===================================================================
--- at-3.1.13.orig/parsetime.y
+++ at-3.1.13/parsetime.y
@@ -504,10 +504,15 @@ parsetime(time_t currtime, int argc, cha
if (isgmt) {
exectime -= timezone;
if (currtm.tm_isdst && !exectm.tm_isdst)
exectime -= 3600;
}
+ /* exectime zeroes its seconds, thus we need +60,
+ * else "now" will be scheduled to tomorrow */
+ if (currtime > exectime + 60) {
+ exectime += 24*3600;
+ }
if (exectime < currtime)
panic("refusing to create job destined in the past");
return exectime;
}
else {

170
at-3.1.8.patch → at-3.1.13.patch
View File

@ -1,6 +1,10 @@
Index: Makefile.in
===================================================================
--- Makefile.in.orig
+++ Makefile.in
@@ -87,37 +87,35 @@ atrun: atrun.in
@@ -84,39 +84,39 @@ atrun: atrun.in
.c.o:
$(CC) -c $(CFLAGS) $(DEFS) $*.c
install: all
@ -9,30 +13,30 @@
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir)
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir)
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir)
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)
+ $(INSTALL) -m 755 -d $(IROOT)$(bindir)
+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir)
+ $(INSTALL) -m 755 -d $(IROOT)$(docdir)
+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir)
$(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR)
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR)
+ $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR)
+ $(INSTALL) -m 755 -d $(IROOT)$(ATSPOOL_DIR)
chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
- chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
+ chmod 1770 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
touch $(IROOT)$(LFILE)
chmod 600 $(IROOT)$(LFILE)
- chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE)
- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -m 600 at.deny $(IROOT)$(etcdir)/
- $(INSTALL) -g root -o root -m 4755 -s at $(IROOT)$(bindir)
+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/
+ $(INSTALL) -m 4755 at $(IROOT)$(bindir)
- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir)
+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 640 at.deny $(IROOT)$(etcdir)/
+ $(INSTALL) -m 6755 at $(IROOT)$(bindir)
$(LN_S) -f at $(IROOT)$(bindir)/atq
$(LN_S) -f at $(IROOT)$(bindir)/atrm
- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir)
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir)
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir)
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir)
- $(INSTALL) -g root -o root -m 755 -s atd $(IROOT)$(sbindir)
- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir)
- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir)
- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/
+ $(INSTALL) -m 755 batch $(IROOT)$(bindir)
@ -49,8 +53,8 @@
- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8
+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8
rm -f tmpman
- $(INSTALL) -g root -o root -m 644 at_allow.5 $(IROOT)$(man5dir)/
- cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5
- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/
- cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5
- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir)
+ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/
+ $(INSTALL) -m 644 at.deny.5 $(IROOT)$(man5dir)/
@ -58,9 +62,15 @@
rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \
$(IROOT)$(mandir)/cat1/atq.1*
rm -f $(IROOT)$(mandir)/cat1/atd.8*
dist: checkin $(DIST) $(LIST) Filelist.asc
Index: Problems
===================================================================
--- Problems.orig
+++ Problems
@@ -5,7 +5,7 @@ Possible reasons why at may not run for
@@ -3,10 +3,10 @@ Possible reasons why at may not run for
- HAVE you run ./configure ? If that fails for some
mysterious reasons, you can also do a
make -f Makefile.old install
@ -69,70 +79,14 @@
- If you find numerous 'try again' error messages in your syslog files,
you have too many processes running; recompile your kernel for a
--- README.orig
+++ README
@@ -23,7 +23,7 @@ The new one is to start up an atd daemon
The old one is to put
-* * * * 0,5,10,15,20,25,30,35,40,45,50,55 /usr/lib/atrun
+* * * * 0,5,10,15,20,25,30,35,40,45,50,55 /usr/sbin/atrun
into root's crontab file (or wherever you put the atrun binary;
don't forget to start up cron.)
larger number
Index: atd.c
===================================================================
--- atd.c.orig
+++ atd.c
@@ -1,4 +1,4 @@
-/*
+/*
* atd.c - run jobs queued by at; run with root privileges.
* Copyright (C) 1993, 1994, 1996 Thomas Koenig
*
@@ -22,7 +22,7 @@
#include "config.h"
#endif
-/*
+/*
* /usr/bin/mail aka /usr/bin/mailx require the subject to be
* specified on the command line instead of reading it from stdin like
* /usr/sbin/sendmail does. For now simply disable MAILC and MAILX,
@@ -121,14 +121,14 @@ static int run_as_daemon = 0;
static volatile sig_atomic_t term_signal = 0;
/* Signal handlers */
-RETSIGTYPE
+RETSIGTYPE
set_term(int dummy)
{
term_signal = 1;
return;
}
-RETSIGTYPE
+RETSIGTYPE
sdummy(int dummy)
{
/* Empty signal handler */
@@ -156,7 +156,7 @@ release_zombie(int dummy)
}
return;
}
-
+
/* Local functions */
@@ -196,7 +196,7 @@ run_file(const char *filename, uid_t uid
*/
pid_t pid;
int fd_out, fd_in;
- char mailbuf[9], jobbuf[9];
+ char mailbuf[17], jobbuf[9];
char *mailname = NULL;
char *newname;
FILE *stream;
@@ -290,7 +290,12 @@ run_file(const char *filename, uid_t uid
@@ -314,11 +314,16 @@ run_file(const char *filename, uid_t uid
jobno, filename);
}
if ((fflags = fcntl(fd_in, F_GETFD)) < 0)
perr("Error in fcntl");
@ -146,34 +100,11 @@
/*
* If the spool directory is mounted via NFS `atd' isn't able to
@@ -299,7 +304,7 @@ run_file(const char *filename, uid_t uid
* NFS and works with local file systems. It's not clear where
* the bug is located. -Joey
*/
- if (fscanf(stream, "#!/bin/sh\n# atrun uid=%d gid=%d\n# mail %8s %d",
+ if (fscanf(stream, "#!/bin/sh\n# atrun uid=%d gid=%d\n# mail %16s %d",
&nuid, &ngid, mailbuf, &send_mail) != 4)
pabort("File %.500s is in wrong format - aborting",
filename);
@@ -328,7 +333,7 @@ run_file(const char *filename, uid_t uid
perr("Cannot chdir to " ATSPOOL_DIR);
* read from the job file and will bump out here. The file is
* opened as "root" but it is read as "daemon" which fails over
@@ -431,10 +436,13 @@ run_file(const char *filename, uid_t uid
perr("Cannot change group");
/* Create a file to hold the output of the job we are about to run.
- * Write the mail header. Complain in case
+ * Write the mail header. Complain in case
*/
if (unlink(filename) != -1) {
@@ -343,7 +348,7 @@ run_file(const char *filename, uid_t uid
write_string(fd_out, "Subject: Output from your job ");
write_string(fd_out, jobbuf);
write_string(fd_out, "\nTo: ");
- write_string(fd_out, mailname);
+ write_string(fd_out, mailname);
write_string(fd_out, "\n\n");
fstat(fd_out, &buf);
size = buf.st_size;
@@ -394,6 +399,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
@ -183,16 +114,11 @@
chdir("/");
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
@@ -408,7 +416,7 @@ run_file(const char *filename, uid_t uid
perr("Exec failed for /bin/sh");
/* We inherited the master's SIGCHLD handler, which does a
non-blocking waitpid. So this blocking one will eventually
- return with an ECHILD error.
+ return with an ECHILD error.
*/
waitpid(pid, (int *) NULL, 0);
@@ -612,11 +620,12 @@ run_loop()
if (run_time + CHECK_INTERVAL <= now) {
@@ -557,7 +565,8 @@ run_loop()
/* Something went wrong the last time this was executed.
* Let's remove the lockfile and reschedule.
*/
@ -202,7 +128,11 @@
lock_name[0] = '=';
unlink(lock_name);
next_job = now;
@@ -591,7 +600,8 @@ run_loop()
nothing_to_do = 0;
}
@@ -646,11 +655,12 @@ run_loop()
* at a higher priority than anything before, keep its
* filename.
*/
run_batch++;
if (strcmp(batch_name, dirent->d_name) > 0) {
@ -212,14 +142,22 @@
batch_uid = buf.st_uid;
batch_gid = buf.st_gid;
batch_queue = queue;
--- configure.in.orig
+++ configure.in
@@ -126,7 +126,7 @@ else
}
}
Index: configure.ac
===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -129,11 +129,11 @@ else
fi
AC_DEFINE_UNQUOTED(PIDFILE, "$PIDDIR/atd.pid", [What is the name of our PID file?])
AC_MSG_RESULT($PIDDIR)
AC_MSG_CHECKING(location of spool directory)
-if test -d /var/spool/atjobs ; then
+if test -d /var/spool ; then
+if test -d /var/spool; then
sp=/var/spool
AC_DEFINE(SPOOLDIR, "/var/spool")
AC_MSG_RESULT(Using existing /var/spool/at{jobs|run})
elif test -d /var/spool/cron ; then
sp=/var/spool/cron
AC_MSG_RESULT(/var/spool/cron)

33
at-3.1.8-atrm-race.patch
View File

@ -1,33 +0,0 @@
Copyright (c) 2011 Ingo Schwarze <ischwarze@astaro.com>
This patch is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
--- atd.c 2011-02-25 12:40:46.000000000 +0100
+++ atd.c.new 2011-02-25 14:59:44.000000000 +0100
@@ -291,16 +291,16 @@ run_file(const char *filename, uid_t uid
newname[0] = '=';
/* We try to make a hard link to lock the file. If we fail, then
- * somebody else has already locked it (a second atd?); log the
+ * somebody else has already locked or deleted it; log the
* fact and return.
*/
if (link(filename, newname) == -1) {
- if (errno == EEXIST) {
- syslog(LOG_WARNING, "trying to execute job %.100s twice",filename);
- return;
- } else {
- perr("Can't link execution file");
- }
+ syslog(LOG_WARNING,
+ (errno == EEXIST ? "trying to execute job %.100s twice"
+ : "Can't link execution file %.100s: %m"),
+ filename);
+ free(newname);
+ return;
}
/* If something goes wrong between here and the unlink() call,
* the job gets restarted as soon as the "=" entry is cleared

27
at-3.1.8-bison.patch
View File

@ -1,27 +0,0 @@
--- parsetime.y.orig
+++ parsetime.y
@@ -63,6 +63,7 @@ now : NOW
time_or_not : time
|
+ ;
time : hr24clock_hr_min
| hr24clock_hr_min timezone_name
@@ -112,6 +113,7 @@ date : month_name day_number
inc_or_dec : increment
| decrement
+ ;
increment : '+' inc_number inc_period
{
@@ -287,6 +289,8 @@ month_number : INT
free($1);
}
}
+ ;
+
day_number : INT
{
exectm.tm_mday = -1;

15
at-3.1.8-cleanup_perm.patch
View File

@ -1,15 +0,0 @@
--- panic.c.orig
+++ panic.c
@@ -58,8 +58,11 @@ panic(char *a)
/* Something fatal has happened, print error message and exit.
*/
fprintf(stderr, "%s: %s\n", namep, a);
- if (fcreated)
+ if (fcreated){
+ PRIV_START
unlink(atfile);
+ PRIV_END
+ }
exit(EXIT_FAILURE);
}

51
at-3.1.8-delete_r.patch
View File

@ -1,51 +0,0 @@
--- at.1.in.orig
+++ at.1.in
@@ -9,7 +9,7 @@ at, batch, atq, atrm \- queue, examine o
.IR queue ]
.RB [ -f
.IR file ]
-.RB [ -mldbv ]
+.RB [ -mldrbv ]
.B TIME
.br
.B "at -c"
@@ -219,8 +219,8 @@ rather than standard input.
Is an alias for
.B atq.
.TP
-.B \-d
-Is an alias for
+.B \-d, -r
+Are aliases for
.B atrm.
.TP
.TP
--- at.c.orig
+++ at.c
@@ -692,7 +692,7 @@ main(int argc, char **argv)
char *pgm;
int program = AT; /* our default program */
- char *options = "q:f:MmvldhVc"; /* default options for at */
+ char *options = "q:f:MmvldrhVc"; /* default options for at */
int disp_version = 0;
time_t timer;
struct passwd *pwe;
@@ -765,6 +765,7 @@ main(int argc, char **argv)
break;
case 'd':
+ case 'r':
if (program != AT)
usage();
--- panic.c.orig
+++ panic.c
@@ -92,6 +92,7 @@ usage(void)
/* Print usage and exit.
*/
fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-m] time\n"
+ " at [-V] -r job [job ...]\n"
" atq [-V] [-q x]\n"
" atrm [-V] [-q x] job ...\n"
" batch [-V] [-f file] [-m]\n");

11
at-3.1.8-documentation-dir.patch
View File

@ -1,11 +0,0 @@
--- at.1.in.orig
+++ at.1.in
@@ -117,7 +117,7 @@ and to run a job at 1am tomorrow, you wo
.B at 1am tomorrow.
.PP
The exact definition of the time specification can be found in
-.IR @prefix@/share/doc/at/timespec .
+.IR @prefix@/share/doc/packages/at/timespec .
.PP
For both
.BR at " and " batch ,

39
at-3.1.8-leak-fix.patch
View File

@ -1,39 +0,0 @@
--- at.c.orig
+++ at.c
@@ -600,6 +600,9 @@ list_jobs(long *joblist, int len)
else
printf("%ld\t%s %c\n", jobno, timestr, queue);
}
+
+ closedir(spool);
+
PRIV_END
}
@@ -676,6 +679,11 @@ process_jobs(int argc, char **argv, int
while ((ch = getc(fp)) != EOF) {
putchar(ch);
}
+ PRIV_START
+ if (fp!=NULL) {
+ fclose(fp);
+ }
+ PRIV_END
}
break;
@@ -687,7 +695,13 @@ process_jobs(int argc, char **argv, int
}
}
}
- }
+ }
+
+ PRIV_START
+ if (spool!=NULL) {
+ closedir(spool);
+ }
+ PRIV_END
} /* delete_jobs */
#define ATOI2(ar) ((ar)[0] - '0') * 10 + ((ar)[1] - '0'); (ar) += 2;

27
at-3.1.8-pie.patch
View File

@ -1,27 +0,0 @@
--- Makefile.in.orig
+++ Makefile.in
@@ -67,13 +67,13 @@ LIST = Filelist Filelist.asc
all: at atd atrun
at: $(ATOBJECTS)
- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB)
rm -f $(CLONES)
$(LN_S) -f at atq
$(LN_S) -f at atrm
atd: $(RUNOBJECTS)
- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(SELINUXLIB)
+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB)
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
@@ -85,7 +85,7 @@ atrun: atrun.in
configure
.c.o:
- $(CC) -c $(CFLAGS) $(DEFS) $*.c
+ $(CC) -c $(CFLAGS) -fpie $(DEFS) $*.c
install: all
$(INSTALL) -m 755 -d $(IROOT)$(etcdir)

11
at-3.1.8-queue-nice-level.patch
View File

@ -1,11 +0,0 @@
--- atd.c.orig
+++ atd.c
@@ -482,7 +482,7 @@ run_file(const char *filename, uid_t uid
if (chdir(ATJOB_DIR) < 0)
perr("Cannot chdir to " ATJOB_DIR);
- nice((tolower((int) queue) - 'a' + 1) * 2);
+ nice((tolower((int) queue) - 'a' ) );
if (initgroups(pentry->pw_name, pentry->pw_gid))
perr("Cannot delete saved userids");

161
at-3.1.8-selinux.patch
View File

@ -1,161 +0,0 @@
--- Makefile.in.orig
+++ Makefile.in
@@ -27,6 +27,7 @@ LN_S = @LN_S@
YACC = @YACC@
LEX = @LEX@
LEXLIB = @LEXLIB@
+SELINUXLIB = @SELINUXLIB@
CC = @CC@
CFLAGS = @CFLAGS@
@@ -72,7 +73,7 @@ at: $(ATOBJECTS)
$(LN_S) -f at atrm
atd: $(RUNOBJECTS)
- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS)
+ $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(SELINUXLIB)
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
--- atd.c.orig
+++ atd.c
@@ -85,6 +85,14 @@
#include <syslog.h>
#endif
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+int selinux_enabled=0;
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#endif
+
/* Local headers */
#include "privs.h"
@@ -404,6 +412,76 @@ run_file(const char *filename, uid_t uid
chdir("/");
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0) {
+ security_context_t file_context=NULL;
+ security_context_t *context_list=NULL;
+ security_context_t current_con=NULL;
+ int retval=0, list_count=0, i;
+ struct av_decision avd;
+ char *seuser=NULL, *level=NULL;
+
+ if (getseuserbyname(pentry->pw_name, &seuser, &level))
+ perr("getseuserbyname FAILED for %s\n", pentry->pw_name);
+
+ if(getcon(&current_con)) {
+ free(seuser);
+ free(level);
+ perr("Can't get current context");
+ }
+ list_count = get_ordered_context_list_with_level(seuser, level, current_con, &context_list);
+ freecon(current_con);
+ free(seuser);
+ free(level);
+ if (list_count == -1) {
+ if (security_getenforce() > 0)
+ perr("Couldn't get security context for user %s\n", pentry->pw_name);
+ else
+ syslog(LOG_WARNING, "Couldn't get security context for user %s, but in permissive mode", pentry->pw_name);
+ }
+
+ /*
+ * Since crontab files are not directly executed,
+ * crond must ensure that the crontab file has
+ * a context that is appropriate for the context of
+ * the user cron job. It performs an entrypoint
+ * permission check for this purpose.
+ */
+ if (list_count != -1) {
+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) {
+ if (security_getenforce() > 0)
+ perr("fgetfilecon FAILED for user %s", pentry->pw_name);
+ }
+
+ for(i = 0; i < list_count; i++) {
+ retval = security_compute_av(context_list[i],
+ file_context,
+ SECCLASS_FILE,
+ FILE__ENTRYPOINT,
+ &avd);
+ if (!retval && ((FILE__ENTRYPOINT & avd.allowed) == FILE__ENTRYPOINT))
+ break;
+ }
+ }
+ freecon(file_context);
+ if (list_count != -1 && (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT))) {
+ if (security_getenforce()==1)
+ perr("Not allowed to set exec context for user %s\n", pentry->pw_name);
+ else
+ syslog(LOG_WARNING, "Not allowed to set exec context for user %s, but in permissive mode", pentry->pw_name);
+ }
+
+ if ((list_count != -1 || retval) && setexeccon(context_list[i]) < 0) {
+ if (security_getenforce()==1) {
+ perr("Could not set exec context to %s for user %s\n", context_list[i], pentry->pw_name);
+ } else {
+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", context_list[i], pentry->pw_name);
+ }
+ }
+ freeconary(context_list);
+ }
+#endif
+
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
@@ -420,6 +498,13 @@ run_file(const char *filename, uid_t uid
*/
waitpid(pid, (int *) NULL, 0);
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0) {
+ if (setexeccon(NULL) < 0) {
+ perr("Could not reset exec context for user %s\n", pentry->pw_name);
+ }
+ }
+#endif
/* Send mail. Unlink the output file after opening it, so it
* doesn't hang around after the run.
*/
@@ -654,6 +739,9 @@ main(int argc, char *argv[])
struct passwd *pwe;
struct group *ge;
+#ifdef WITH_SELINUX
+ selinux_enabled=is_selinux_enabled();
+#endif
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/
--- config.h.in.orig
+++ config.h.in
@@ -184,3 +184,6 @@
#undef DEFAULT_BATCH_QUEUE
#undef HAVE_ATTRIBUTE_NORETURN
+
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
--- configure.in.orig
+++ configure.in
@@ -315,4 +315,12 @@ AC_ARG_WITH(daemon_groupname,
)
AC_SUBST(DAEMON_GROUPNAME)
+AC_ARG_WITH(selinux,
+[ --with-selinux Define to run with selinux],
+AC_DEFINE(WITH_SELINUX),
+)
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch)

15
at-3.1.8-tomorrow.patch
View File

@ -1,15 +0,0 @@
diff --git a/parsetime.y b/parsetime.y
index ef1ff7f..141d792 100644
--- a/parsetime.y
+++ b/parsetime.y
@@ -379,7 +379,9 @@ parsetime(int argc, char **argv)
exectime -= 3600;
}
}
- if (time_only && (currtime > exectime)) {
+ /* exectime zeroes its seconds, thus we need +60,
+ * else "now" will be scheduled to tomorrow */
+ if (currtime > exectime + 60) {
exectime += 24*3600;
}
return exectime;

180
at-3.1.8-ttime.patch
View File

@ -1,180 +0,0 @@
--- at.1.in.orig
+++ at.1.in
@@ -9,7 +9,7 @@ at, batch, atq, atrm \- queue, examine o
.IR queue ]
.RB [ -f
.IR file ]
-.RB [ -mldrbv ]
+.RB [ -mldrbvt ]
.B TIME
.br
.B "at -c"
@@ -235,6 +235,9 @@ is set; then, it will be "Thu Feb 20 14:
.B
\-c
cats the jobs listed on the command line to standard output.
+.TP
+.B \-t time_arg
+Specify the time to run in a format compatible with the touch -t time command.
.SH FILES
.I @ATJBD@
.br
--- at.c.orig
+++ at.c
@@ -28,6 +28,7 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/time.h>
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
@@ -133,6 +134,7 @@ static void alarmc(int signo);
static char *cwdname(void);
static void writefile(time_t runtimer, char queue);
static void list_jobs(void);
+static time_t ttime(const char *arg);
/* Signal catching functions */
@@ -670,6 +672,78 @@ process_jobs(int argc, char **argv, int
}
} /* delete_jobs */
+#define ATOI2(ar) ((ar)[0] - '0') * 10 + ((ar)[1] - '0'); (ar) += 2;
+
+static time_t
+ttime(const char *arg)
+{
+ /*
+ * This is pretty much a copy of stime_arg1() from touch.c. I changed
+ * the return value and the argument list because it's more convenient
+ * (IMO) to do everything in one place. - Joe Halpin
+ */
+ struct timeval tv[2];
+ time_t now;
+ struct tm *t;
+ int yearset;
+ char *p;
+
+ if (gettimeofday(&tv[0], NULL))
+ panic("Cannot get current time");
+
+ /* Start with the current time. */
+ now = tv[0].tv_sec;
+ if ((t = localtime(&now)) == NULL)
+ panic("localtime");
+ /* [[CC]YY]MMDDhhmm[.SS] */
+ if ((p = strchr(arg, '.')) == NULL)
+ t->tm_sec = 0; /* Seconds defaults to 0. */
+ else {
+ if (strlen(p + 1) != 2)
+ goto terr;
+ *p++ = '\0';
+ t->tm_sec = ATOI2(p);
+ }
+
+ yearset = 0;
+ switch(strlen(arg)) {
+ case 12: /* CCYYMMDDhhmm */
+ t->tm_year = ATOI2(arg);
+ t->tm_year *= 100;
+ yearset = 1;
+ /* FALLTHROUGH */
+ case 10: /* YYMMDDhhmm */
+ if (yearset) {
+ yearset = ATOI2(arg);
+ t->tm_year += yearset;
+ } else {
+ yearset = ATOI2(arg);
+ t->tm_year = yearset + 2000;
+ }
+ t->tm_year -= 1900; /* Convert to UNIX time. */
+ /* FALLTHROUGH */
+ case 8: /* MMDDhhmm */
+ t->tm_mon = ATOI2(arg);
+ --t->tm_mon; /* Convert from 01-12 to 00-11 */
+ t->tm_mday = ATOI2(arg);
+ t->tm_hour = ATOI2(arg);
+ t->tm_min = ATOI2(arg);
+ break;
+ default:
+ goto terr;
+ }
+
+ t->tm_isdst = -1; /* Figure out DST. */
+ tv[0].tv_sec = tv[1].tv_sec = mktime(t);
+ if (tv[0].tv_sec != -1)
+ return tv[0].tv_sec;
+ else
+terr:
+ panic(
+ "out of range or illegal time specification: [[CC]YY]MMDDhhmm[.SS]");
+}
+
+
/* Global functions */
void *
@@ -692,12 +766,13 @@ main(int argc, char **argv)
char *pgm;
int program = AT; /* our default program */
- char *options = "q:f:MmvldrhVc"; /* default options for at */
+ char *options = "q:f:t:MmvldrhVc"; /* default options for at */
int disp_version = 0;
time_t timer;
struct passwd *pwe;
struct group *ge;
+ timer = -1;
RELINQUISH_PRIVS
if ((pwe = getpwnam(DAEMON_USERNAME)) == NULL)
@@ -781,6 +856,13 @@ main(int argc, char **argv)
options = "q:V";
break;
+ case 't':
+ if (program != AT)
+ usage();
+
+ timer = ttime(optarg);
+ break;
+
case 'b':
if (program != AT)
usage();
@@ -834,10 +916,16 @@ main(int argc, char **argv)
break;
case AT:
- if (argc > optind) {
- timer = parsetime(argc - optind, argv + optind);
- } else {
- timer = 0;
+ /*
+ * If timer is > -1, then the user gave the time with -t. In that
+ * case, it's already been set. If not, set it now.
+ */
+ if (timer == -1) {
+ if (argc > optind) {
+ timer = parsetime(argc - optind, argv + optind);
+ } else {
+ timer = 0;
+ }
}
if (timer == 0) {
--- panic.c.orig
+++ panic.c
@@ -92,7 +92,9 @@ usage(void)
/* Print usage and exit.
*/
fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-m] time\n"
+ " at [-V] -c job [job ...]\n"
" at [-V] -r job [job ...]\n"
+ " at [-V] [-f file] -t [[CC]YY]MMDDhhmm[.SS]\n"
" atq [-V] [-q x]\n"
" atrm [-V] [-q x] job ...\n"
" batch [-V] [-f file] [-m]\n");

112
at-parse-suse-sysconfig.patch
View File

@ -9,20 +9,22 @@ http://bugzilla.novell.com/780259
configure.in | 44 +++++++++++++++++++++++++++-----------------
3 files changed, 50 insertions(+), 19 deletions(-)
Index: at-3.1.8/Makefile.in
Index: at-3.1.13/Makefile.in
===================================================================
--- at-3.1.8.orig/Makefile.in
+++ at-3.1.8/Makefile.in
@@ -31,7 +31,7 @@ SELINUXLIB = @SELINUXLIB@
PAMLIB = @PAMLIB@
--- at-3.1.13.orig/Makefile.in
+++ at-3.1.13/Makefile.in
@@ -25,19 +25,19 @@ LN_S = @LN_S@
YACC = @YACC@
LEX = @LEX@
LEXLIB = @LEXLIB@
CC = @CC@
-CFLAGS = @CFLAGS@
+CFLAGS = @CFLAGS@ @HX_CFLAGS@
-CFLAGS = -I$(srcdir) @CFLAGS@
+CFLAGS = -I$(srcdir) @CFLAGS@ @HX_CFLAGS@
LDFLAGS = @LDFLAGS@
LFILE = $(ATJOB_DIR)/.SEQ
DEFS = @DEFS@ -DVERSION=\"$(VERSION)\" \
@@ -39,7 +39,7 @@ DEFS = @DEFS@ -DVERSION=\"$(VERSION)\"
-DETCDIR=\"$(etcdir)\" -DLOADAVG_MX=$(LOADAVG_MX) \
-DDAEMON_USERNAME=\"$(DAEMON_USERNAME)\" \
-DDAEMON_GROUPNAME=\"$(DAEMON_GROUPNAME)\" \
-DLFILE=\"$(LFILE)\" -Wall
@ -30,13 +32,17 @@ Index: at-3.1.8/Makefile.in
+LIBS = @LIBS@ @HX_LIBS@
LIBOBJS = @LIBOBJS@
INSTALL = @INSTALL@
PAMLIB = @PAMLIB@
SELINUXLIB = @SELINUXLIB@
Index: at-3.1.8/atd.c
Index: at-3.1.13/atd.c
===================================================================
--- at-3.1.8.orig/atd.c
+++ at-3.1.8/atd.c
@@ -104,6 +104,10 @@ static pam_handle_t *pamh = NULL;
}
--- at-3.1.13.orig/atd.c
+++ at-3.1.13/atd.c
@@ -72,10 +72,14 @@
#ifdef HAVE_UNISTD_H
#include <syslog.h>
#endif
+#include <libHX/defs.h>
@ -46,7 +52,11 @@ Index: at-3.1.8/atd.c
/* Local headers */
#include "privs.h"
@@ -934,6 +938,7 @@ main(int argc, char *argv[])
#include "daemon.h"
@@ -956,10 +960,11 @@ main(int argc, char *argv[])
* For those files which are to be executed, run_file() is called, which forks
* off a child which takes care of I/O redirection, forks off another child
* for execution and yet another one, optionally, for sending mail.
* Files which already have run are removed during the next invocation.
*/
@ -54,7 +64,11 @@ Index: at-3.1.8/atd.c
int c;
time_t next_invocation;
struct sigaction act;
@@ -996,6 +1001,22 @@ main(int argc, char *argv[])
struct passwd *pwe;
struct group *ge;
@@ -1024,10 +1029,26 @@ main(int argc, char *argv[])
pabort("idiotic option - aborted");
break;
}
}
@ -77,24 +91,28 @@ Index: at-3.1.8/atd.c
namep = argv[0];
if (chdir(ATJOB_DIR) != 0)
perr("Cannot change to " ATJOB_DIR);
Index: at-3.1.8/configure.in
===================================================================
--- at-3.1.8.orig/configure.in
+++ at-3.1.8/configure.in
@@ -1,9 +1,10 @@
dnl Process this file with autoconf to produce a configure script.
-AC_INIT(at.c)
+AC_INIT
+AC_CONFIG_SRCDIR([at.c])
if (optind < argc)
Index: at-3.1.13/configure.ac
===================================================================
--- at-3.1.13.orig/configure.ac
+++ at-3.1.13/configure.ac
@@ -3,11 +3,11 @@ dnl Process this file with autoconf to p
AC_INIT(at, 3.1.13)
AC_CONFIG_SRCDIR(at.c)
AC_PREFIX_DEFAULT(/usr)
AC_CONFIG_HEADER(config.h)
-AC_PREREQ(2.7)
-AC_PREREQ([2.64])
+AC_PREREQ([2.69])
VERSION="3.1.8"
@@ -39,25 +40,22 @@ case "$host" in
VERSION=AC_PACKAGE_VERSION
if test "X$CFLAGS" = "X"; then
CFLAGS="-O2 -g -Wall"
fi
@@ -37,41 +37,50 @@ case "$host" in
*)
AC_MSG_RESULT(no)
;;
esac
AC_MSG_CHECKING(Trying to compile a trivial ANSI C program)
@ -108,18 +126,20 @@ Index: at-3.1.8/configure.in
AC_MSG_CHECKING(__attribute__((noreturn)))
-AC_TRY_COMPILE([], [void __attribute__((noreturn)) panic(void);],
- AC_MSG_RESULT(yes)
- AC_DEFINE(HAVE_ATTRIBUTE_NORETURN),
- AC_MSG_RESULT(no)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void __attribute__((noreturn)) panic(void);]])],[
AC_MSG_RESULT(yes)
AC_DEFINE(HAVE_ATTRIBUTE_NORETURN, 1,
[Define to 1 if compiler supports __attribute__((noreturn))]),
AC_MSG_RESULT(no)
-)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void __attribute__((noreturn)) panic(void);]])],[AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_ATTRIBUTE_NORETURN)],[AC_MSG_RESULT(no)
+])
dnl Checks for libraries.
AC_CHECK_LIB(fl,yywrap,
[],
- AC_DEFINE(NEED_YYWRAP)
- [],
- AC_DEFINE(NEED_YYWRAP, 1,
- [Define to 1 if we need to provide our own yywrap()])
+ [],
+ AC_DEFINE([NEED_YYWRAP], 1, [need yywrap])
)
@ -128,7 +148,9 @@ Index: at-3.1.8/configure.in
dnl Checks for header files.
AC_HEADER_DIRENT
AC_HEADER_STDC
@@ -67,7 +65,18 @@ AC_CHECK_HEADERS(stdarg.h)
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS(fcntl.h syslog.h unistd.h errno.h sys/fcntl.h getopt.h)
AC_CHECK_HEADERS(stdarg.h)
dnl Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
@ -148,25 +170,29 @@ Index: at-3.1.8/configure.in
AC_TYPE_UID_T
AC_TYPE_MODE_T
AC_TYPE_OFF_T
@@ -317,7 +326,7 @@ AC_SUBST(DAEMON_GROUPNAME)
AC_TYPE_PID_T
AC_TYPE_SIZE_T
@@ -258,20 +267,20 @@ AC_ARG_WITH(daemon_groupname,
AC_MSG_RESULT(daemon)
)
AC_SUBST(DAEMON_GROUPNAME)
AC_ARG_WITH(selinux,
[ --with-selinux Define to run with selinux],
-[ --with-selinux Define to run with selinux],
-AC_DEFINE(WITH_SELINUX),
+[ --with-selinux Define to run with selinux],
+AC_DEFINE([WITH_SELINUX] , [1], [enable selinux]),
)
AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
AC_SUBST(SELINUXLIB)
@@ -325,9 +334,10 @@ AC_SUBST(WITH_SELINUX)
AC_SUBST(WITH_SELINUX)
AC_ARG_WITH(pam,
[ --with-pam Define to enable pam support ],
-AC_DEFINE(WITH_PAM),
+AC_DEFINE([WITH_PAM], [1], [with pam]),
+AC_DEFINE([WITH_PAM], [1], [use PAM]),
)
AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
AC_SUBST(PAMLIB)
-AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch)
+AC_CONFIG_FILES([Makefile atrun atd.8 atrun.8 at.1 batch])
+AC_OUTPUT
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch)

7
at.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Jun 11 13:09:18 UTC 2013 - lang@b1-systems.de
- updated to upstream 3.1.13
- ported patches to new source code in session with Stefan Seyfried
- removed unnecessary patches
-------------------------------------------------------------------
Sun Apr 14 06:45:53 UTC 2013 - crrodriguez@opensuse.org

45
at.spec
View File

@ -24,44 +24,38 @@ BuildRequires: flex
BuildRequires: libselinux-devel
BuildRequires: pam-devel
Url: ftp://ftp.debian.org/debian/pool/main/a/at
Version: 3.1.8
Version: 3.1.13
Release: 0
Summary: A Job Manager
License: GPL-2.0+
Group: System/Daemons
Source: at_3.1.8-11.tar.gz
Source: at_3.1.13.orig.tar.gz
Source1: atd.init
Source2: atd.pamd
Source3: sysconfig.atd
Source4: at.sleep
Source5: http://0pointer.de/public/systemd-units/atd.service
Patch0: %{name}-%{version}.patch
Patch1: %{name}-%{version}-bison.patch
Patch2: %{name}-%{version}-delete_r.patch
Patch3: %{name}-%{version}-ttime.patch
Patch4: %{name}-%{version}-joblist.patch
Patch5: %{name}-%{version}-selinux.patch
Patch6: %{name}-%{version}-pie.patch
Patch7: %{name}-%{version}-eal3-manpages.patch
Patch8: %{name}-%{version}-formatbugs.patch
Patch9: %{name}-%{version}-pam.patch
Patch10: %{name}-%{version}-massive_batch.patch
Patch11: %{name}-%{version}-documentation-dir.patch
Patch12: %{name}-%{version}-queue-nice-level.patch
# PATCH-FIX-UPSTREAM cleanup_perm fix permissions for unlink (bnc#478733)
Patch13: %{name}-%{version}-cleanup_perm.patch
Patch0: %{name}-3.1.13.patch
Patch4: %{name}-3.1.13-joblist.patch
Patch5: %{name}-3.1.13-selinux.patch
Patch6: %{name}-3.1.13-pie.patch
Patch7: %{name}-3.1.8-eal3-manpages.patch
## no bugs anymore for patch8. Just paranoia checking
Patch8: %{name}-3.1.13-formatbugs.patch
Patch9: %{name}-3.1.13-pam.patch
Patch10: %{name}-3.1.13-massive_batch.patch
Patch11: %{name}-3.1.13-documentation-dir.patch
Patch12: %{name}-3.1.13-queue-nice-level.patch
# PATCH-FIX-UPSTREAM pam-session-as-root (bnc#408986, bnc#239210)
Patch14: %{name}-%{version}-pam-session-as-root.patch
Patch14: %{name}-3.1.13-pam-session-as-root.patch
# PATCH-FIX-UPSTREAM clean-up opened descriptors (bnc#533454, bnc#523346)
Patch15: %{name}-%{version}-leak-fix.patch
Patch15: %{name}-3.1.13-leak-fix.patch
#PATCH-FIX-OPENSUSE add proper system users to the deny list
Patch16: at-3.1.8-denylist.patch
#PATCH-FIX-UPSTREAM plan jobs with past time to tomorrow (bnc#672586)
Patch17: %{name}-%{version}-tomorrow.patch
#PATCH-FIX-UPSTREAM race condition of atrm against job execution (bnc#679857)
Patch18: %{name}-%{version}-atrm-race.patch
Patch17: %{name}-3.1.13-tomorrow.patch
#PATCH-FIX-UPSTREAM wrong mtime handling of jobdir (bnc#680113)
Patch19: %{name}-%{version}-jobdir-mtime.patch
Patch19: %{name}-3.1.8-jobdir-mtime.patch
Patch20: at-parse-suse-sysconfig.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: %{_sbindir}/useradd %{_sbindir}/groupadd %fillup_prereq %insserv_prereq
@ -81,9 +75,6 @@ This program allows you to run jobs at specified times.
%prep
%setup -q
%patch0
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6
@ -93,12 +84,10 @@ This program allows you to run jobs at specified times.
%patch10
%patch11
%patch12
%patch13
%patch14
%patch15
%patch16
%patch17 -p1
%patch18
%patch19
%patch20 -p1
%build

3
at_3.1.13.orig.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3a8b90868d615d21a92f4986ea9a823886329af8fae8dd7ab4eed9b273bca072
size 122544

3
at_3.1.8-11.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0d77c73a3c151a7da647dd924f32151e5ee4574530568fd65067882f79cd5a44
size 108827