diff --git a/at-3.1.13-documentation-dir.patch b/at-3.1.13-documentation-dir.patch new file mode 100644 index 0000000..f99597f --- /dev/null +++ b/at-3.1.13-documentation-dir.patch @@ -0,0 +1,17 @@ +Index: at.1.in +=================================================================== +--- at.1.in.orig ++++ at.1.in +@@ -124,11 +124,11 @@ to run a job at 10:00am on July 31, you + .B at 10am Jul 31 + and to run a job at 1am tomorrow, you would do + .B at 1am tomorrow. + .PP + The definition of the time specification can be found in +-.IR @prefix@/share/doc/at/timespec . ++.IR @prefix@/share/doc/packages/at/timespec . + .PP + For both + .BR at " and " batch , + commands are read from standard input or the file specified + with the diff --git a/at-3.1.8-formatbugs.patch b/at-3.1.13-formatbugs.patch similarity index 65% rename from at-3.1.8-formatbugs.patch rename to at-3.1.13-formatbugs.patch index 7ded75b..cdfe1da 100644 --- a/at-3.1.8-formatbugs.patch +++ b/at-3.1.13-formatbugs.patch @@ -1,17 +1,10 @@ ---- atd.c.orig -+++ atd.c -@@ -293,7 +293,7 @@ run_file(const char *filename, uid_t uid - - if (buf.st_nlink > 2) { - perr("Someboy is trying to run a linked script for job %8lu (%.500s)", -- filename); -+ jobno, filename); - } - if ((fflags = fcntl(fd_in, F_GETFD)) < 0) - perr("Error in fcntl"); +Index: daemon.h +=================================================================== --- daemon.h.orig +++ daemon.h -@@ -5,12 +5,12 @@ void +@@ -3,15 +3,15 @@ void daemon_cleanup(void); + + void #ifdef HAVE_ATTRIBUTE_NORETURN __attribute__((noreturn)) #endif @@ -26,9 +19,14 @@ +perr (const char *fmt, ...) __attribute__((__format__(printf,1,2))); extern int daemon_debug; + extern int daemon_foreground; +Index: panic.h +=================================================================== --- panic.h.orig +++ panic.h -@@ -26,7 +26,9 @@ void +@@ -24,11 +24,13 @@ __attribute__((noreturn)) + panic(char *a); + void #ifdef HAVE_ATTRIBUTE_NORETURN __attribute__((noreturn)) #endif @@ -39,3 +37,5 @@ void #ifdef HAVE_ATTRIBUTE_NORETURN __attribute__((noreturn)) + #endif + usage(void); diff --git a/at-3.1.8-joblist.patch b/at-3.1.13-joblist.patch similarity index 57% rename from at-3.1.8-joblist.patch rename to at-3.1.13-joblist.patch index 4cb02bc..ac908b7 100644 --- a/at-3.1.8-joblist.patch +++ b/at-3.1.13-joblist.patch @@ -1,18 +1,25 @@ +Index: at.c +=================================================================== --- at.c.orig +++ at.c -@@ -133,8 +133,10 @@ static void sigc(int signo); +@@ -132,11 +132,13 @@ char atverify = 0; /* verify time inste + + static void sigc(int signo); static void alarmc(int signo); static char *cwdname(void); static void writefile(time_t runtimer, char queue); -static void list_jobs(void); +static void list_jobs(long *, int); - static time_t ttime(const char *arg); +static int in_job_list(long, long *, int); +static long *get_job_list(int, char *[], int *); /* Signal catching functions */ -@@ -526,8 +528,20 @@ writefile(time_t runtimer, char queue) + static RETSIGTYPE + sigc(int signo) +@@ -545,12 +547,24 @@ writefile(time_t runtimer, char queue) + break; + } return; } @@ -29,12 +36,16 @@ +} + static void --list_jobs() +-list_jobs(void) +list_jobs(long *joblist, int len) { /* List all a user's jobs in the queue, by looping through ATJOB_DIR, * or everybody's if we are root -@@ -566,6 +580,10 @@ list_jobs() + */ + DIR *spool; +@@ -585,10 +599,14 @@ list_jobs(void) + continue; + if (sscanf(dirent->d_name, "%c%5lx%8lx", &queue, &jobno, &ctm) != 3) continue; @@ -45,9 +56,13 @@ if (atqueue && (queue != atqueue)) continue; -@@ -743,6 +761,28 @@ terr: - "out of range or illegal time specification: [[CC]YY]MMDDhhmm[.SS]"); - } + runtimer = 60 * (time_t) ctm; + runtime = localtime(&runtimer); +@@ -706,10 +724,33 @@ process_jobs(int argc, char **argv, int + } + } + return rc; + } /* delete_jobs */ +static long * +get_job_list(int argc, char *argv[], int *joblen) @@ -71,27 +86,32 @@ + *joblen = len; + return joblist; +} - ++ /* Global functions */ -@@ -769,9 +809,13 @@ main(int argc, char **argv) - char *options = "q:f:t:MmvldrhVc"; /* default options for at */ + void * + mymalloc(size_t n) + { +@@ -731,10 +772,12 @@ main(int argc, char **argv) + + int program = AT; /* our default program */ + char *options = "q:f:MmvlrdhVct:"; /* default options for at */ int disp_version = 0; - time_t timer; -+ long *joblist; -+ int joblen; + time_t timer = 0; ++ long *joblist = NULL; ++ int joblen = 0; struct passwd *pwe; struct group *ge; -+ joblist = NULL; -+ joblen = 0; - timer = -1; RELINQUISH_PRIVS -@@ -901,7 +945,9 @@ main(int argc, char **argv) +@@ -868,12 +911,13 @@ main(int argc, char **argv) + switch (program) { + int i; case ATQ: REDUCE_PRIV(daemon_uid, daemon_gid) +- - list_jobs(); + if (queue_set == 0) + joblist = get_job_list(argc - optind, argv + optind, &joblen); @@ -99,14 +119,21 @@ break; case ATRM: + + REDUCE_PRIV(daemon_uid, daemon_gid) +Index: panic.c +=================================================================== --- panic.c.orig +++ panic.c -@@ -95,6 +95,8 @@ usage(void) - " at [-V] -c job [job ...]\n" - " at [-V] -r job [job ...]\n" - " at [-V] [-f file] -t [[CC]YY]MMDDhhmm[.SS]\n" -+ " at [-V] -l -q queuename\n" +@@ -93,10 +93,11 @@ usage(void) + /* Print usage and exit. + */ + fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mlbv] timespec ...\n" + " at [-V] [-q x] [-f file] [-mlbv] -t time\n" + " at -c job ...\n" + " at [-V] -l [job ...]\n" " atq [-V] [-q x]\n" - " atrm [-V] [-q x] job ...\n" - " batch [-V] [-f file] [-m]\n"); + " at [ -rd ] job ...\n" + " atrm [-V] job ...\n" + " batch\n"); + exit(EXIT_FAILURE); diff --git a/at-3.1.13-leak-fix.patch b/at-3.1.13-leak-fix.patch new file mode 100644 index 0000000..69f67b2 --- /dev/null +++ b/at-3.1.13-leak-fix.patch @@ -0,0 +1,30 @@ +Index: at.c +=================================================================== +--- at.c.orig ++++ at.c +@@ -616,10 +616,13 @@ list_jobs(long *joblist, int len) + if ((pwd = getpwuid(buf.st_uid))) + printf("%ld\t%s %c %s\n", jobno, timestr, queue, pwd->pw_name); + else + printf("%ld\t%s %c\n", jobno, timestr, queue); + } ++ ++ closedir(spool); ++ + PRIV_END + } + + static int + process_jobs(int argc, char **argv, int what) +@@ -698,10 +701,11 @@ process_jobs(int argc, char **argv, int + if (fp) { + while ((ch = getc(fp)) != EOF) { + putchar(ch); + } + done = 1; ++ fclose(fp); + } + else { + perr("Cannot open %.500s", dirent->d_name); + rc = EXIT_FAILURE; + } diff --git a/at-3.1.8-massive_batch.patch b/at-3.1.13-massive_batch.patch similarity index 55% rename from at-3.1.8-massive_batch.patch rename to at-3.1.13-massive_batch.patch index 75ab6c6..942eac5 100644 --- a/at-3.1.8-massive_batch.patch +++ b/at-3.1.13-massive_batch.patch @@ -1,6 +1,10 @@ +Index: atd.c +=================================================================== --- atd.c.orig +++ atd.c -@@ -137,9 +137,10 @@ static char rcsid[] = "$Id: atd.c,v 1.28 +@@ -112,13 +112,14 @@ gid_t daemon_gid = (gid_t) - 3; + + static char *namep; static double load_avg = LOADAVG_MX; static time_t now; static time_t last_chg; @@ -12,20 +16,29 @@ static volatile sig_atomic_t term_signal = 0; -@@ -152,9 +153,10 @@ set_term(int dummy) + #ifdef WITH_PAM + #include +@@ -146,14 +147,14 @@ set_term(int dummy) + { + term_signal = 1; + return; } - RETSIGTYPE +-RETSIGTYPE -sdummy(int dummy) ++RETSIGTYPE +set_hup(int dummy) { - /* Empty signal handler */ + hupped = 1; -+ nothing_to_do = 0; + nothing_to_do = 0; return; } -@@ -790,6 +792,7 @@ run_loop() + /* SIGCHLD handler - discards completion status of children */ +@@ -807,10 +808,11 @@ run_loop() + + if (nothing_to_do && buf.st_mtime <= last_chg) return next_job; last_chg = buf.st_mtime; @@ -33,7 +46,11 @@ if ((spool = opendir(".")) == NULL) perr("Cannot read " ATJOB_DIR); -@@ -1014,7 +1017,7 @@ main(int argc, char *argv[]) + run_batch = 0; + nothing_to_do = 1; +@@ -1043,11 +1045,11 @@ main(int argc, char *argv[]) + * A signal handler setting term_signal will make sure there's + * a clean exit. */ sigaction(SIGHUP, NULL, &act); @@ -42,7 +59,11 @@ sigaction(SIGHUP, &act, NULL); sigaction(SIGTERM, NULL, &act); -@@ -1030,9 +1033,10 @@ main(int argc, char *argv[]) + act.sa_handler = set_term; + sigaction(SIGTERM, &act, NULL); +@@ -1059,12 +1061,13 @@ main(int argc, char *argv[]) + daemon_setup(); + do { now = time(NULL); next_invocation = run_loop(); @@ -54,3 +75,4 @@ } while (!term_signal); daemon_cleanup(); exit(EXIT_SUCCESS); + } diff --git a/at-3.1.8-pam-session-as-root.patch b/at-3.1.13-pam-session-as-root.patch similarity index 59% rename from at-3.1.8-pam-session-as-root.patch rename to at-3.1.13-pam-session-as-root.patch index 81723fb..2797d55 100644 --- a/at-3.1.8-pam-session-as-root.patch +++ b/at-3.1.13-pam-session-as-root.patch @@ -1,7 +1,11 @@ +Index: atd.c +=================================================================== --- atd.c.orig +++ atd.c -@@ -612,11 +612,13 @@ run_file(const char *filename, uid_t uid - unlink(filename); +@@ -663,15 +663,17 @@ run_file(const char *filename, uid_t uid + if (unlink(filename) == -1) + syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s", + jobno, strerror(errno)); #ifdef WITH_PAM + PRIV_START @@ -14,7 +18,11 @@ #endif /* The job is now finished. We can delete its input file. -@@ -737,11 +739,13 @@ run_file(const char *filename, uid_t uid + */ + chdir(ATJOB_DIR); +@@ -784,15 +786,17 @@ run_file(const char *filename, uid_t uid + { + /* Parent */ waitpid(mail_pid, (int *) NULL, 0); } #ifdef WITH_PAM @@ -28,3 +36,5 @@ #endif } exit(EXIT_SUCCESS); + } + diff --git a/at-3.1.8-pam.patch b/at-3.1.13-pam.patch similarity index 53% rename from at-3.1.8-pam.patch rename to at-3.1.13-pam.patch index 33868a0..2257eb6 100644 --- a/at-3.1.8-pam.patch +++ b/at-3.1.13-pam.patch @@ -1,46 +1,13 @@ ---- Makefile.in.orig -+++ Makefile.in -@@ -28,6 +28,7 @@ YACC = @YACC@ - LEX = @LEX@ - LEXLIB = @LEXLIB@ - SELINUXLIB = @SELINUXLIB@ -+PAMLIB = @PAMLIB@ - - CC = @CC@ - CFLAGS = @CFLAGS@ -@@ -73,7 +74,7 @@ at: $(ATOBJECTS) - $(LN_S) -f at atrm - - atd: $(RUNOBJECTS) -- $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) -+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB) - - y.tab.c y.tab.h: parsetime.y - $(YACC) -d parsetime.y +Index: atd.c +=================================================================== --- atd.c.orig +++ atd.c -@@ -93,6 +93,17 @@ int selinux_enabled=0; +@@ -89,10 +89,14 @@ + int selinux_enabled=0; + #include #include #endif -+#ifdef WITH_PAM -+#include -+static pam_handle_t *pamh = NULL; -+#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ -+ fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ -+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ -+ pam_close_session(pamh, PAM_SILENT); \ -+ pam_end(pamh, retcode); exit(1); \ -+ } -+#endif -+ - /* Local headers */ - - #include "privs.h" -@@ -102,6 +113,10 @@ int selinux_enabled=0; - #include "getloadavg.h" - #endif - +#ifndef LOG_ATD +#define LOG_ATD LOG_DAEMON +#endif @@ -48,8 +15,44 @@ /* Macros */ #define BATCH_INTERVAL_DEFAULT 60 -@@ -195,6 +210,47 @@ myfork() - #define fork myfork + #define CHECK_INTERVAL 3600 + +@@ -114,11 +118,11 @@ static int nothing_to_do; + unsigned int batch_interval; + static int run_as_daemon = 0; + + static volatile sig_atomic_t term_signal = 0; + +-#ifdef HAVE_PAM ++#ifdef WITH_PAM + #include + + static pam_handle_t *pamh = NULL; + + static const struct pam_conv conv = { +@@ -126,16 +130,17 @@ static const struct pam_conv conv = { + }; + + #define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ + fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ + syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ ++ pam_close_session(pamh, PAM_SILENT); \ + pam_end(pamh, retcode); exit(1); \ + } + #define PAM_END { retcode = pam_close_session(pamh,0); \ + pam_end(pamh,retcode); } + +-#endif /* HAVE_PAM */ ++#endif /* WITH_PAM */ + + /* Signal handlers */ + RETSIGTYPE + set_term(int dummy) + { +@@ -263,10 +268,23 @@ static int set_selinux_context(const cha + freecon(user_context); + return 0; + } #endif +#undef ATD_MAIL_PROGRAM @@ -64,73 +67,54 @@ +#define ATD_MAIL_PROGRAM MAILX +#define ATD_MAIL_NAME "mailx" +#endif -+ -+#ifdef WITH_PAM -+static int -+cron_conv(int num_msg, const struct pam_message **msgm, -+ struct pam_response **response, void *appdata_ptr) -+{ -+ struct pam_message**m = msgm; -+ int i; -+ -+ for (i = 0; i < num_msg; i++) { -+ switch (m[i]->msg_style) { -+ case PAM_ERROR_MSG: -+ case PAM_TEXT_INFO: -+ if (m[i]->msg != NULL) { -+ syslog (LOG_NOTICE, "%s", m[i]->msg); -+ } -+ break; -+ default: -+ break; -+ } -+ } -+ return (0); -+} -+ -+static const struct pam_conv conv = { -+ cron_conv, NULL -+}; -+#endif + static void run_file(const char *filename, uid_t uid, gid_t gid) { -@@ -217,6 +273,9 @@ run_file(const char *filename, uid_t uid + /* Run a file by by spawning off a process which redirects I/O, + * spawns a subshell, then waits for it to complete and sends +@@ -288,11 +306,11 @@ run_file(const char *filename, uid_t uid int ngid; char queue; + char fmt[64]; unsigned long jobno; + int rc; +-#ifdef HAVE_PAM +#ifdef WITH_PAM -+ int retcode; -+#endif + int retcode; + #endif - sscanf(filename, "%c%5lx", &queue, &jobno); - -@@ -361,6 +420,23 @@ run_file(const char *filename, uid_t uid + #ifdef _SC_LOGIN_NAME_MAX + errno = 0; +@@ -450,20 +468,24 @@ run_file(const char *filename, uid_t uid + write_string(fd_out, mailname); + write_string(fd_out, "\n\n"); fstat(fd_out, &buf); size = buf.st_size; +-#ifdef HAVE_PAM +#ifdef WITH_PAM -+ PRIV_START -+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); -+ PAM_FAIL_CHECK; + PRIV_START + retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); + PAM_FAIL_CHECK; + retcode = pam_set_item(pamh, PAM_TTY, "atd"); + PAM_FAIL_CHECK; -+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); -+ PAM_FAIL_CHECK; -+ retcode = pam_open_session(pamh, PAM_SILENT); -+ PAM_FAIL_CHECK; -+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); -+ PAM_FAIL_CHECK; + retcode = pam_acct_mgmt(pamh, PAM_SILENT); + PAM_FAIL_CHECK; + retcode = pam_open_session(pamh, PAM_SILENT); + PAM_FAIL_CHECK; + retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); + PAM_FAIL_CHECK; + closelog(); + openlog("atd", LOG_PID, LOG_ATD); -+ PRIV_END -+#endif -+ + PRIV_END + #endif + close(STDIN_FILENO); close(STDOUT_FILENO); - close(STDERR_FILENO); -@@ -372,6 +448,16 @@ run_file(const char *filename, uid_t uid +@@ -474,10 +496,20 @@ run_file(const char *filename, uid_t uid + perr("Error in fork"); + else if (pid == 0) { char *nul = NULL; char **nenvp = &nul; @@ -147,27 +131,27 @@ /* Set up things for the child; we want standard input from the * input file, and standard output and error sent to our output file. -@@ -394,8 +480,6 @@ run_file(const char *filename, uid_t uid - if (chdir(ATJOB_DIR) < 0) - perr("Cannot chdir to " ATJOB_DIR); + */ + if (lseek(fd_in, (off_t) 0, SEEK_SET) < 0) +@@ -493,12 +525,10 @@ run_file(const char *filename, uid_t uid + perr("Error in I/O redirection"); + + close(fd_in); + close(fd_out); - PRIV_START - nice((tolower((int) queue) - 'a' + 1) * 2); if (initgroups(pentry->pw_name, pentry->pw_gid)) -@@ -485,6 +569,24 @@ run_file(const char *filename, uid_t uid - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); + perr("Cannot initialize the supplementary group access list"); + +@@ -526,10 +556,20 @@ run_file(const char *filename, uid_t uid + if (security_getenforce()==1) + perr("Could not resset exec context for user %s\n", pentry->pw_name); + #endif + //end -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) { -+ if (setexeccon(NULL) < 0) { -+ perr("Could not resset exec context for user %s\n", pentry->pw_name); -+ } -+ } -+#endif -+ +#ifdef WITH_PAM + if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L)) + { @@ -181,23 +165,32 @@ PRIV_END } /* We're the parent. Let's wait. -@@ -498,13 +600,6 @@ run_file(const char *filename, uid_t uid + */ + close(fd_in); +@@ -538,18 +578,10 @@ run_file(const char *filename, uid_t uid + non-blocking waitpid. So this blocking one will eventually + return with an ECHILD error. */ waitpid(pid, (int *) NULL, 0); --#ifdef WITH_SELINUX -- if (selinux_enabled>0) { -- if (setexeccon(NULL) < 0) { -- perr("Could not reset exec context for user %s\n", pentry->pw_name); -- } -- } --#endif +-#ifdef HAVE_PAM +- PRIV_START +- pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT); +- retcode = pam_close_session(pamh, PAM_SILENT); +- pam_end(pamh, retcode); +- PRIV_END +-#endif +- /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ -@@ -514,6 +609,14 @@ run_file(const char *filename, uid_t uid + fstat(fd_out, &buf); + lseek(fd_out, 0, SEEK_SET); +@@ -570,19 +602,51 @@ run_file(const char *filename, uid_t uid - unlink(filename); + if (unlink(filename) == -1) + syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s", + jobno, strerror(errno)); +#ifdef WITH_PAM + pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT ); @@ -210,7 +203,8 @@ /* The job is now finished. We can delete its input file. */ chdir(ATJOB_DIR); -@@ -522,7 +625,31 @@ run_file(const char *filename, uid_t uid + unlink(newname); + free(newname); if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { @@ -241,8 +235,12 @@ + PRIV_START if (initgroups(pentry->pw_name, pentry->pw_gid)) - perr("Cannot delete saved userids"); -@@ -535,6 +662,47 @@ run_file(const char *filename, uid_t uid + perr("Cannot initialize the supplementary group access list"); + + if (setgid(gid) < 0) +@@ -591,18 +655,85 @@ run_file(const char *filename, uid_t uid + if (setuid(uid) < 0) + perr("Cannot set user id"); chdir ("/"); @@ -288,9 +286,9 @@ +#endif + #if defined(SENDMAIL) - execl(SENDMAIL, "sendmail", mailname, (char *) NULL); - #elif defined(MAILC) -@@ -546,7 +714,33 @@ run_file(const char *filename, uid_t uid + execl(SENDMAIL, "sendmail", "-i", mailname, (char *) NULL); + #else + #error "No mail command specified." #endif perr("Exec failed for mail command"); @@ -325,16 +323,11 @@ } exit(EXIT_SUCCESS); } -@@ -741,7 +935,7 @@ main(int argc, char *argv[]) - #ifdef WITH_SELINUX - selinux_enabled=is_selinux_enabled(); --#endif -+#endif - /* We don't need root privileges all the time; running under uid and gid - * daemon is fine. - */ -@@ -758,12 +952,7 @@ main(int argc, char *argv[]) + static time_t +@@ -817,16 +948,11 @@ main(int argc, char *argv[]) + + daemon_gid = ge->gr_gid; RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) @@ -348,33 +341,60 @@ opterr = 0; errno = 0; run_as_daemon = 1; + batch_interval = BATCH_INTERVAL_DEFAULT; + +Index: config.h.in +=================================================================== --- config.h.in.orig +++ config.h.in -@@ -187,3 +187,7 @@ +@@ -69,13 +69,10 @@ + #undef HAVE_NLIST_H - /* Define if you are building with_selinux */ - #undef WITH_SELINUX -+ -+/* Define if you are building with_pam */ + /* Define to 1 for PAM support */ + #undef HAVE_PAM + +-/* Define if you are building with_selinux */ +-#undef WITH_SELINUX +- + /* Define to 1 if you have the `pstat_getdynamic' function. */ + #undef HAVE_PSTAT_GETDYNAMIC + + /* Define to 1 if you have the header file. */ + #undef HAVE_SECURITY_PAM_APPL_H +@@ -143,11 +140,11 @@ + #undef HAVE_VPRINTF + + /* Define to 1 if you have the `waitpid' function. */ + #undef HAVE_WAITPID + +-/* Define to 1 if we need to provide our own yywrap() */ ++/* need yywrap */ + #undef NEED_YYWRAP + + /* Define to 1 if your `struct nlist' has an `n_un' member. Obsolete, depend + on `HAVE_STRUCT_NLIST_N_UN_N_NAME */ + #undef NLIST_NAME_UNION +@@ -193,10 +190,13 @@ + + /* Define to 1 for Encore UMAX 4.3 that has instead of + . */ + #undef UMAX4_3 + ++/* use PAM */ +#undef WITH_PAM + ---- configure.in.orig -+++ configure.in -@@ -323,4 +323,11 @@ AC_CHECK_LIB(selinux, is_selinux_enabled - AC_SUBST(SELINUXLIB) - AC_SUBST(WITH_SELINUX) + /* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a + `char[]'. */ + #undef YYTEXT_POINTER -+AC_ARG_WITH(pam, -+[ --with-pam Define to enable pam support ], -+AC_DEFINE(WITH_PAM), -+) -+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') -+AC_SUBST(PAMLIB) -+ - AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch) + /* Define to empty if `const' does not conform to ANSI C. */ +Index: perm.c +=================================================================== --- perm.c.orig +++ perm.c -@@ -109,14 +109,15 @@ user_in_file(const char *path, const cha +@@ -106,18 +106,19 @@ user_in_file(const char *path, const cha + + /* Global functions */ int check_permission() { @@ -393,3 +413,24 @@ perror("Cannot access user database"); exit(EXIT_FAILURE); } + + allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); +Index: configure.ac +=================================================================== +--- configure.ac.orig ++++ configure.ac +@@ -265,7 +265,14 @@ AC_DEFINE(WITH_SELINUX), + ) + AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) + AC_SUBST(SELINUXLIB) + AC_SUBST(WITH_SELINUX) + ++AC_ARG_WITH(pam, ++[ --with-pam Define to enable pam support ], ++AC_DEFINE(WITH_PAM), ++) ++AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') ++AC_SUBST(PAMLIB) ++ + AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch) + AC_OUTPUT diff --git a/at-3.1.13-pie.patch b/at-3.1.13-pie.patch new file mode 100644 index 0000000..ec5b9d3 --- /dev/null +++ b/at-3.1.13-pie.patch @@ -0,0 +1,37 @@ +Index: Makefile.in +=================================================================== +--- Makefile.in.orig ++++ Makefile.in +@@ -65,17 +65,17 @@ LIST = Filelist Filelist.asc + .PHONY: all install clean dist distclean + + all: at atd atrun + + at: $(ATOBJECTS) +- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) ++ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm + + atd: $(RUNOBJECTS) +- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) ++ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) + + y.tab.c y.tab.h: parsetime.y + $(YACC) -d parsetime.y + + lex.yy.c: parsetime.l +@@ -83,11 +83,11 @@ lex.yy.c: parsetime.l + + atrun: atrun.in + configure + + .c.o: +- $(CC) -c $(CFLAGS) $(DEFS) $*.c ++ $(CC) -c $(CFLAGS) -fpie $(DEFS) $*.c + + install: all + $(INSTALL) -m 755 -d $(IROOT)$(etcdir) + $(INSTALL) -m 755 -d $(IROOT)$(bindir) + $(INSTALL) -m 755 -d $(IROOT)$(sbindir) diff --git a/at-3.1.13-queue-nice-level.patch b/at-3.1.13-queue-nice-level.patch new file mode 100644 index 0000000..9f5e37f --- /dev/null +++ b/at-3.1.13-queue-nice-level.patch @@ -0,0 +1,17 @@ +Index: atd.c +=================================================================== +--- atd.c.orig ++++ atd.c +@@ -577,11 +577,11 @@ run_file(const char *filename, uid_t uid + perr("Error in I/O redirection"); + + close(fd_in); + close(fd_out); + +- nice((tolower((int) queue) - 'a' + 1) * 2); ++ nice((tolower((int) queue) - 'a' ) ); + + if (initgroups(pentry->pw_name, pentry->pw_gid)) + perr("Cannot initialize the supplementary group access list"); + + if (setgid(ngid) < 0) diff --git a/at-3.1.13-selinux.patch b/at-3.1.13-selinux.patch new file mode 100644 index 0000000..473d4cf --- /dev/null +++ b/at-3.1.13-selinux.patch @@ -0,0 +1,206 @@ +Index: atd.c +=================================================================== +--- atd.c.orig ++++ atd.c +@@ -81,10 +81,18 @@ + + #ifndef HAVE_GETLOADAVG + #include "getloadavg.h" + #endif + ++#ifdef WITH_SELINUX ++#include ++#include ++int selinux_enabled=0; ++#include ++#include ++#endif ++ + /* Macros */ + + #define BATCH_INTERVAL_DEFAULT 60 + #define CHECK_INTERVAL 3600 + +@@ -193,10 +201,72 @@ myfork() + } + + #define fork myfork + #endif + ++#ifdef WITH_SELINUX ++static int set_selinux_context(const char *name, const char *filename) { ++ security_context_t user_context=NULL; ++ security_context_t file_context=NULL; ++ struct av_decision avd; ++ int retval=-1; ++ char *seuser=NULL; ++ char *level=NULL; ++ ++ if (getseuserbyname(name, &seuser, &level) == 0) { ++ retval=get_default_context_with_level(seuser, level, NULL, &user_context); ++ free(seuser); ++ free(level); ++ if (retval) { ++ if (security_getenforce()==1) { ++ perr("execle: couldn't get security context for user %s\n", name); ++ } else { ++ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name); ++ return -1; ++ } ++ } ++ } ++ ++ /* ++ * Since crontab files are not directly executed, ++ * crond must ensure that the crontab file has ++ * a context that is appropriate for the context of ++ * the user cron job. It performs an entrypoint ++ * permission check for this purpose. ++ */ ++ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) ++ perr("fgetfilecon FAILED %s", filename); ++ ++ retval = security_compute_av(user_context, ++ file_context, ++ SECCLASS_FILE, ++ FILE__ENTRYPOINT, ++ &avd); ++ freecon(file_context); ++ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) { ++ if (security_getenforce()==1) { ++ perr("Not allowed to set exec context to %s for user %s\n", user_context,name); ++ } else { ++ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ goto err; ++ } ++ } ++ if (setexeccon(user_context) < 0) { ++ if (security_getenforce()==1) { ++ perr("Could not set exec context to %s for user %s\n", user_context,name); ++ retval = -1; ++ } else { ++ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name); ++ } ++ } ++ err: ++ freecon(user_context); ++ return 0; ++} ++#endif ++ + static void + run_file(const char *filename, uid_t uid, gid_t gid) + { + /* Run a file by by spawning off a process which redirects I/O, + * spawns a subshell, then waits for it to complete and sends +@@ -440,13 +510,25 @@ run_file(const char *filename, uid_t uid + + if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) + perr("Cannot reset signal handler to default"); + + chdir("/"); +- ++#ifdef WITH_SELINUX ++ if (selinux_enabled > 0) { ++ if (set_selinux_context(pentry->pw_name, filename) < 0) ++ perr("SELinux Failed to set context\n"); ++ } ++#endif + if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) + perr("Exec failed for /bin/sh"); ++#ifdef WITH_SELINUX ++ if (selinux_enabled>0) ++ if (setexeccon(NULL) < 0) ++ if (security_getenforce()==1) ++ perr("Could not resset exec context for user %s\n", pentry->pw_name); ++#endif ++//end + + PRIV_END + } + /* We're the parent. Let's wait. + */ +@@ -715,10 +797,14 @@ main(int argc, char *argv[]) + time_t next_invocation; + struct sigaction act; + struct passwd *pwe; + struct group *ge; + ++#ifdef WITH_SELINUX ++ selinux_enabled=is_selinux_enabled(); ++#endif ++ + /* We don't need root privileges all the time; running under uid and gid + * daemon is fine. + */ + + if ((pwe = getpwnam(DAEMON_USERNAME)) == NULL) +Index: config.h.in +=================================================================== +--- config.h.in.orig ++++ config.h.in +@@ -69,10 +69,13 @@ + #undef HAVE_NLIST_H + + /* Define to 1 for PAM support */ + #undef HAVE_PAM + ++/* Define if you are building with_selinux */ ++#undef WITH_SELINUX ++ + /* Define to 1 if you have the `pstat_getdynamic' function. */ + #undef HAVE_PSTAT_GETDYNAMIC + + /* Define to 1 if you have the header file. */ + #undef HAVE_SECURITY_PAM_APPL_H +Index: configure.ac +=================================================================== +--- configure.ac.orig ++++ configure.ac +@@ -257,7 +257,15 @@ AC_ARG_WITH(daemon_groupname, + DAEMON_GROUPNAME=daemon + AC_MSG_RESULT(daemon) + ) + AC_SUBST(DAEMON_GROUPNAME) + ++AC_ARG_WITH(selinux, ++[ --with-selinux Define to run with selinux], ++AC_DEFINE(WITH_SELINUX), ++) ++AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) ++AC_SUBST(SELINUXLIB) ++AC_SUBST(WITH_SELINUX) ++ + AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch) + AC_OUTPUT +Index: Makefile.in +=================================================================== +--- Makefile.in.orig ++++ Makefile.in +@@ -37,10 +37,12 @@ DEFS = @DEFS@ -DVERSION=\"$(VERSION)\" + -DLFILE=\"$(LFILE)\" -Wall + LIBS = @LIBS@ + LIBOBJS = @LIBOBJS@ + INSTALL = @INSTALL@ + PAMLIB = @PAMLIB@ ++SELINUXLIB = @SELINUXLIB@ ++ + + CLONES = atq atrm + ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o + RUNOBJECTS = atd.o daemon.o $(LIBOBJS) + CSRCS = at.c atd.c panic.c perm.c posixtm.c daemon.c getloadavg.c \ +@@ -69,11 +71,11 @@ at: $(ATOBJECTS) + rm -f $(CLONES) + $(LN_S) -f at atq + $(LN_S) -f at atrm + + atd: $(RUNOBJECTS) +- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) ++ $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB) + + y.tab.c y.tab.h: parsetime.y + $(YACC) -d parsetime.y + + lex.yy.c: parsetime.l diff --git a/at-3.1.13-tomorrow.patch b/at-3.1.13-tomorrow.patch new file mode 100644 index 0000000..6ca3080 --- /dev/null +++ b/at-3.1.13-tomorrow.patch @@ -0,0 +1,20 @@ +Index: at-3.1.13/parsetime.y +=================================================================== +--- at-3.1.13.orig/parsetime.y ++++ at-3.1.13/parsetime.y +@@ -504,10 +504,15 @@ parsetime(time_t currtime, int argc, cha + if (isgmt) { + exectime -= timezone; + if (currtm.tm_isdst && !exectm.tm_isdst) + exectime -= 3600; + } ++ /* exectime zeroes its seconds, thus we need +60, ++ * else "now" will be scheduled to tomorrow */ ++ if (currtime > exectime + 60) { ++ exectime += 24*3600; ++ } + if (exectime < currtime) + panic("refusing to create job destined in the past"); + return exectime; + } + else { diff --git a/at-3.1.8.patch b/at-3.1.13.patch similarity index 52% rename from at-3.1.8.patch rename to at-3.1.13.patch index 2e71c42..60b608d 100644 --- a/at-3.1.8.patch +++ b/at-3.1.13.patch @@ -1,6 +1,10 @@ +Index: Makefile.in +=================================================================== --- Makefile.in.orig +++ Makefile.in -@@ -87,37 +87,35 @@ atrun: atrun.in +@@ -84,39 +84,39 @@ atrun: atrun.in + + .c.o: $(CC) -c $(CFLAGS) $(DEFS) $*.c install: all @@ -9,30 +13,30 @@ - $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir) - $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir) - $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir) +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) +- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR) + $(INSTALL) -m 755 -d $(IROOT)$(etcdir) + $(INSTALL) -m 755 -d $(IROOT)$(bindir) + $(INSTALL) -m 755 -d $(IROOT)$(sbindir) + $(INSTALL) -m 755 -d $(IROOT)$(docdir) + $(INSTALL) -m 755 -d $(IROOT)$(atdocdir) - $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR) -- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) ++ $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR) + $(INSTALL) -m 755 -d $(IROOT)$(ATSPOOL_DIR) - chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) -- chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) ++ chmod 1770 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR) touch $(IROOT)$(LFILE) chmod 600 $(IROOT)$(LFILE) - chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE) -- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -m 600 at.deny $(IROOT)$(etcdir)/ -- $(INSTALL) -g root -o root -m 4755 -s at $(IROOT)$(bindir) -+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/ -+ $(INSTALL) -m 4755 at $(IROOT)$(bindir) +- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/ +- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir) ++ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 640 at.deny $(IROOT)$(etcdir)/ ++ $(INSTALL) -m 6755 at $(IROOT)$(bindir) $(LN_S) -f at $(IROOT)$(bindir)/atq $(LN_S) -f at $(IROOT)$(bindir)/atrm - $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir) - $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir) - $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir) - $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir) -- $(INSTALL) -g root -o root -m 755 -s atd $(IROOT)$(sbindir) +- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir) - $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir) - $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/ + $(INSTALL) -m 755 batch $(IROOT)$(bindir) @@ -49,8 +53,8 @@ - $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 + $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8 rm -f tmpman -- $(INSTALL) -g root -o root -m 644 at_allow.5 $(IROOT)$(man5dir)/ -- cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5 +- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/ +- cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5 - $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir) + $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/ + $(INSTALL) -m 644 at.deny.5 $(IROOT)$(man5dir)/ @@ -58,9 +62,15 @@ rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \ $(IROOT)$(mandir)/cat1/atq.1* rm -f $(IROOT)$(mandir)/cat1/atd.8* + + dist: checkin $(DIST) $(LIST) Filelist.asc +Index: Problems +=================================================================== --- Problems.orig +++ Problems -@@ -5,7 +5,7 @@ Possible reasons why at may not run for +@@ -3,10 +3,10 @@ Possible reasons why at may not run for + - HAVE you run ./configure ? If that fails for some + mysterious reasons, you can also do a make -f Makefile.old install @@ -69,70 +79,14 @@ - If you find numerous 'try again' error messages in your syslog files, you have too many processes running; recompile your kernel for a ---- README.orig -+++ README -@@ -23,7 +23,7 @@ The new one is to start up an atd daemon - - The old one is to put - --* * * * 0,5,10,15,20,25,30,35,40,45,50,55 /usr/lib/atrun -+* * * * 0,5,10,15,20,25,30,35,40,45,50,55 /usr/sbin/atrun - - into root's crontab file (or wherever you put the atrun binary; - don't forget to start up cron.) + larger number +Index: atd.c +=================================================================== --- atd.c.orig +++ atd.c -@@ -1,4 +1,4 @@ --/* -+/* - * atd.c - run jobs queued by at; run with root privileges. - * Copyright (C) 1993, 1994, 1996 Thomas Koenig - * -@@ -22,7 +22,7 @@ - #include "config.h" - #endif - --/* -+/* - * /usr/bin/mail aka /usr/bin/mailx require the subject to be - * specified on the command line instead of reading it from stdin like - * /usr/sbin/sendmail does. For now simply disable MAILC and MAILX, -@@ -121,14 +121,14 @@ static int run_as_daemon = 0; - static volatile sig_atomic_t term_signal = 0; - - /* Signal handlers */ --RETSIGTYPE -+RETSIGTYPE - set_term(int dummy) - { - term_signal = 1; - return; - } - --RETSIGTYPE -+RETSIGTYPE - sdummy(int dummy) - { - /* Empty signal handler */ -@@ -156,7 +156,7 @@ release_zombie(int dummy) - } - return; - } -- -+ - - /* Local functions */ - -@@ -196,7 +196,7 @@ run_file(const char *filename, uid_t uid - */ - pid_t pid; - int fd_out, fd_in; -- char mailbuf[9], jobbuf[9]; -+ char mailbuf[17], jobbuf[9]; - char *mailname = NULL; - char *newname; - FILE *stream; -@@ -290,7 +290,12 @@ run_file(const char *filename, uid_t uid +@@ -314,11 +314,16 @@ run_file(const char *filename, uid_t uid + jobno, filename); + } if ((fflags = fcntl(fd_in, F_GETFD)) < 0) perr("Error in fcntl"); @@ -146,34 +100,11 @@ /* * If the spool directory is mounted via NFS `atd' isn't able to -@@ -299,7 +304,7 @@ run_file(const char *filename, uid_t uid - * NFS and works with local file systems. It's not clear where - * the bug is located. -Joey - */ -- if (fscanf(stream, "#!/bin/sh\n# atrun uid=%d gid=%d\n# mail %8s %d", -+ if (fscanf(stream, "#!/bin/sh\n# atrun uid=%d gid=%d\n# mail %16s %d", - &nuid, &ngid, mailbuf, &send_mail) != 4) - pabort("File %.500s is in wrong format - aborting", - filename); -@@ -328,7 +333,7 @@ run_file(const char *filename, uid_t uid - perr("Cannot chdir to " ATSPOOL_DIR); + * read from the job file and will bump out here. The file is + * opened as "root" but it is read as "daemon" which fails over +@@ -431,10 +436,13 @@ run_file(const char *filename, uid_t uid + perr("Cannot change group"); - /* Create a file to hold the output of the job we are about to run. -- * Write the mail header. Complain in case -+ * Write the mail header. Complain in case - */ - - if (unlink(filename) != -1) { -@@ -343,7 +348,7 @@ run_file(const char *filename, uid_t uid - write_string(fd_out, "Subject: Output from your job "); - write_string(fd_out, jobbuf); - write_string(fd_out, "\nTo: "); -- write_string(fd_out, mailname); -+ write_string(fd_out, mailname); - write_string(fd_out, "\n\n"); - fstat(fd_out, &buf); - size = buf.st_size; -@@ -394,6 +399,9 @@ run_file(const char *filename, uid_t uid if (setuid(uid) < 0) perr("Cannot set user id"); @@ -183,16 +114,11 @@ chdir("/"); if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) -@@ -408,7 +416,7 @@ run_file(const char *filename, uid_t uid + perr("Exec failed for /bin/sh"); - /* We inherited the master's SIGCHLD handler, which does a - non-blocking waitpid. So this blocking one will eventually -- return with an ECHILD error. -+ return with an ECHILD error. - */ - waitpid(pid, (int *) NULL, 0); +@@ -612,11 +620,12 @@ run_loop() + if (run_time + CHECK_INTERVAL <= now) { -@@ -557,7 +565,8 @@ run_loop() /* Something went wrong the last time this was executed. * Let's remove the lockfile and reschedule. */ @@ -202,7 +128,11 @@ lock_name[0] = '='; unlink(lock_name); next_job = now; -@@ -591,7 +600,8 @@ run_loop() + nothing_to_do = 0; + } +@@ -646,11 +655,12 @@ run_loop() + * at a higher priority than anything before, keep its + * filename. */ run_batch++; if (strcmp(batch_name, dirent->d_name) > 0) { @@ -212,14 +142,22 @@ batch_uid = buf.st_uid; batch_gid = buf.st_gid; batch_queue = queue; ---- configure.in.orig -+++ configure.in -@@ -126,7 +126,7 @@ else + } + } +Index: configure.ac +=================================================================== +--- configure.ac.orig ++++ configure.ac +@@ -129,11 +129,11 @@ else fi + AC_DEFINE_UNQUOTED(PIDFILE, "$PIDDIR/atd.pid", [What is the name of our PID file?]) + AC_MSG_RESULT($PIDDIR) AC_MSG_CHECKING(location of spool directory) -if test -d /var/spool/atjobs ; then -+if test -d /var/spool ; then ++if test -d /var/spool; then sp=/var/spool - AC_DEFINE(SPOOLDIR, "/var/spool") AC_MSG_RESULT(Using existing /var/spool/at{jobs|run}) + elif test -d /var/spool/cron ; then + sp=/var/spool/cron + AC_MSG_RESULT(/var/spool/cron) diff --git a/at-3.1.8-atrm-race.patch b/at-3.1.8-atrm-race.patch deleted file mode 100644 index 22dde57..0000000 --- a/at-3.1.8-atrm-race.patch +++ /dev/null @@ -1,33 +0,0 @@ -Copyright (c) 2011 Ingo Schwarze - -This patch is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or -(at your option) any later version. - ---- atd.c 2011-02-25 12:40:46.000000000 +0100 -+++ atd.c.new 2011-02-25 14:59:44.000000000 +0100 -@@ -291,16 +291,16 @@ run_file(const char *filename, uid_t uid - newname[0] = '='; - - /* We try to make a hard link to lock the file. If we fail, then -- * somebody else has already locked it (a second atd?); log the -+ * somebody else has already locked or deleted it; log the - * fact and return. - */ - if (link(filename, newname) == -1) { -- if (errno == EEXIST) { -- syslog(LOG_WARNING, "trying to execute job %.100s twice",filename); -- return; -- } else { -- perr("Can't link execution file"); -- } -+ syslog(LOG_WARNING, -+ (errno == EEXIST ? "trying to execute job %.100s twice" -+ : "Can't link execution file %.100s: %m"), -+ filename); -+ free(newname); -+ return; - } - /* If something goes wrong between here and the unlink() call, - * the job gets restarted as soon as the "=" entry is cleared diff --git a/at-3.1.8-bison.patch b/at-3.1.8-bison.patch deleted file mode 100644 index 6f6f1c5..0000000 --- a/at-3.1.8-bison.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- parsetime.y.orig -+++ parsetime.y -@@ -63,6 +63,7 @@ now : NOW - - time_or_not : time - | -+ ; - - time : hr24clock_hr_min - | hr24clock_hr_min timezone_name -@@ -112,6 +113,7 @@ date : month_name day_number - - inc_or_dec : increment - | decrement -+ ; - - increment : '+' inc_number inc_period - { -@@ -287,6 +289,8 @@ month_number : INT - free($1); - } - } -+ ; -+ - day_number : INT - { - exectm.tm_mday = -1; diff --git a/at-3.1.8-cleanup_perm.patch b/at-3.1.8-cleanup_perm.patch deleted file mode 100644 index 5f5dc34..0000000 --- a/at-3.1.8-cleanup_perm.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- panic.c.orig -+++ panic.c -@@ -58,8 +58,11 @@ panic(char *a) - /* Something fatal has happened, print error message and exit. - */ - fprintf(stderr, "%s: %s\n", namep, a); -- if (fcreated) -+ if (fcreated){ -+ PRIV_START - unlink(atfile); -+ PRIV_END -+ } - - exit(EXIT_FAILURE); - } diff --git a/at-3.1.8-delete_r.patch b/at-3.1.8-delete_r.patch deleted file mode 100644 index 6e2435a..0000000 --- a/at-3.1.8-delete_r.patch +++ /dev/null @@ -1,51 +0,0 @@ ---- at.1.in.orig -+++ at.1.in -@@ -9,7 +9,7 @@ at, batch, atq, atrm \- queue, examine o - .IR queue ] - .RB [ -f - .IR file ] --.RB [ -mldbv ] -+.RB [ -mldrbv ] - .B TIME - .br - .B "at -c" -@@ -219,8 +219,8 @@ rather than standard input. - Is an alias for - .B atq. - .TP --.B \-d --Is an alias for -+.B \-d, -r -+Are aliases for - .B atrm. - .TP - .TP ---- at.c.orig -+++ at.c -@@ -692,7 +692,7 @@ main(int argc, char **argv) - char *pgm; - - int program = AT; /* our default program */ -- char *options = "q:f:MmvldhVc"; /* default options for at */ -+ char *options = "q:f:MmvldrhVc"; /* default options for at */ - int disp_version = 0; - time_t timer; - struct passwd *pwe; -@@ -765,6 +765,7 @@ main(int argc, char **argv) - break; - - case 'd': -+ case 'r': - if (program != AT) - usage(); - ---- panic.c.orig -+++ panic.c -@@ -92,6 +92,7 @@ usage(void) - /* Print usage and exit. - */ - fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-m] time\n" -+ " at [-V] -r job [job ...]\n" - " atq [-V] [-q x]\n" - " atrm [-V] [-q x] job ...\n" - " batch [-V] [-f file] [-m]\n"); diff --git a/at-3.1.8-documentation-dir.patch b/at-3.1.8-documentation-dir.patch deleted file mode 100644 index 4f41f3f..0000000 --- a/at-3.1.8-documentation-dir.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- at.1.in.orig -+++ at.1.in -@@ -117,7 +117,7 @@ and to run a job at 1am tomorrow, you wo - .B at 1am tomorrow. - .PP - The exact definition of the time specification can be found in --.IR @prefix@/share/doc/at/timespec . -+.IR @prefix@/share/doc/packages/at/timespec . - .PP - For both - .BR at " and " batch , diff --git a/at-3.1.8-leak-fix.patch b/at-3.1.8-leak-fix.patch deleted file mode 100644 index 44925c9..0000000 --- a/at-3.1.8-leak-fix.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- at.c.orig -+++ at.c -@@ -600,6 +600,9 @@ list_jobs(long *joblist, int len) - else - printf("%ld\t%s %c\n", jobno, timestr, queue); - } -+ -+ closedir(spool); -+ - PRIV_END - } - -@@ -676,6 +679,11 @@ process_jobs(int argc, char **argv, int - while ((ch = getc(fp)) != EOF) { - putchar(ch); - } -+ PRIV_START -+ if (fp!=NULL) { -+ fclose(fp); -+ } -+ PRIV_END - } - break; - -@@ -687,7 +695,13 @@ process_jobs(int argc, char **argv, int - } - } - } -- } -+ } -+ -+ PRIV_START -+ if (spool!=NULL) { -+ closedir(spool); -+ } -+ PRIV_END - } /* delete_jobs */ - - #define ATOI2(ar) ((ar)[0] - '0') * 10 + ((ar)[1] - '0'); (ar) += 2; diff --git a/at-3.1.8-pie.patch b/at-3.1.8-pie.patch deleted file mode 100644 index 6ff561a..0000000 --- a/at-3.1.8-pie.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- Makefile.in.orig -+++ Makefile.in -@@ -67,13 +67,13 @@ LIST = Filelist Filelist.asc - all: at atd atrun - - at: $(ATOBJECTS) -- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) -+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) - rm -f $(CLONES) - $(LN_S) -f at atq - $(LN_S) -f at atrm - - atd: $(RUNOBJECTS) -- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) -+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) - - y.tab.c y.tab.h: parsetime.y - $(YACC) -d parsetime.y -@@ -85,7 +85,7 @@ atrun: atrun.in - configure - - .c.o: -- $(CC) -c $(CFLAGS) $(DEFS) $*.c -+ $(CC) -c $(CFLAGS) -fpie $(DEFS) $*.c - - install: all - $(INSTALL) -m 755 -d $(IROOT)$(etcdir) diff --git a/at-3.1.8-queue-nice-level.patch b/at-3.1.8-queue-nice-level.patch deleted file mode 100644 index 4ffb40f..0000000 --- a/at-3.1.8-queue-nice-level.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- atd.c.orig -+++ atd.c -@@ -482,7 +482,7 @@ run_file(const char *filename, uid_t uid - if (chdir(ATJOB_DIR) < 0) - perr("Cannot chdir to " ATJOB_DIR); - -- nice((tolower((int) queue) - 'a' + 1) * 2); -+ nice((tolower((int) queue) - 'a' ) ); - - if (initgroups(pentry->pw_name, pentry->pw_gid)) - perr("Cannot delete saved userids"); diff --git a/at-3.1.8-selinux.patch b/at-3.1.8-selinux.patch deleted file mode 100644 index 2391933..0000000 --- a/at-3.1.8-selinux.patch +++ /dev/null @@ -1,161 +0,0 @@ ---- Makefile.in.orig -+++ Makefile.in -@@ -27,6 +27,7 @@ LN_S = @LN_S@ - YACC = @YACC@ - LEX = @LEX@ - LEXLIB = @LEXLIB@ -+SELINUXLIB = @SELINUXLIB@ - - CC = @CC@ - CFLAGS = @CFLAGS@ -@@ -72,7 +73,7 @@ at: $(ATOBJECTS) - $(LN_S) -f at atrm - - atd: $(RUNOBJECTS) -- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) -+ $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) - - y.tab.c y.tab.h: parsetime.y - $(YACC) -d parsetime.y ---- atd.c.orig -+++ atd.c -@@ -85,6 +85,14 @@ - #include - #endif - -+#ifdef WITH_SELINUX -+#include -+#include -+int selinux_enabled=0; -+#include -+#include -+#endif -+ - /* Local headers */ - - #include "privs.h" -@@ -404,6 +412,76 @@ run_file(const char *filename, uid_t uid - - chdir("/"); - -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) { -+ security_context_t file_context=NULL; -+ security_context_t *context_list=NULL; -+ security_context_t current_con=NULL; -+ int retval=0, list_count=0, i; -+ struct av_decision avd; -+ char *seuser=NULL, *level=NULL; -+ -+ if (getseuserbyname(pentry->pw_name, &seuser, &level)) -+ perr("getseuserbyname FAILED for %s\n", pentry->pw_name); -+ -+ if(getcon(¤t_con)) { -+ free(seuser); -+ free(level); -+ perr("Can't get current context"); -+ } -+ list_count = get_ordered_context_list_with_level(seuser, level, current_con, &context_list); -+ freecon(current_con); -+ free(seuser); -+ free(level); -+ if (list_count == -1) { -+ if (security_getenforce() > 0) -+ perr("Couldn't get security context for user %s\n", pentry->pw_name); -+ else -+ syslog(LOG_WARNING, "Couldn't get security context for user %s, but in permissive mode", pentry->pw_name); -+ } -+ -+ /* -+ * Since crontab files are not directly executed, -+ * crond must ensure that the crontab file has -+ * a context that is appropriate for the context of -+ * the user cron job. It performs an entrypoint -+ * permission check for this purpose. -+ */ -+ if (list_count != -1) { -+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) { -+ if (security_getenforce() > 0) -+ perr("fgetfilecon FAILED for user %s", pentry->pw_name); -+ } -+ -+ for(i = 0; i < list_count; i++) { -+ retval = security_compute_av(context_list[i], -+ file_context, -+ SECCLASS_FILE, -+ FILE__ENTRYPOINT, -+ &avd); -+ if (!retval && ((FILE__ENTRYPOINT & avd.allowed) == FILE__ENTRYPOINT)) -+ break; -+ } -+ } -+ freecon(file_context); -+ if (list_count != -1 && (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT))) { -+ if (security_getenforce()==1) -+ perr("Not allowed to set exec context for user %s\n", pentry->pw_name); -+ else -+ syslog(LOG_WARNING, "Not allowed to set exec context for user %s, but in permissive mode", pentry->pw_name); -+ } -+ -+ if ((list_count != -1 || retval) && setexeccon(context_list[i]) < 0) { -+ if (security_getenforce()==1) { -+ perr("Could not set exec context to %s for user %s\n", context_list[i], pentry->pw_name); -+ } else { -+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", context_list[i], pentry->pw_name); -+ } -+ } -+ freeconary(context_list); -+ } -+#endif -+ - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed for /bin/sh"); - -@@ -420,6 +498,13 @@ run_file(const char *filename, uid_t uid - */ - waitpid(pid, (int *) NULL, 0); - -+#ifdef WITH_SELINUX -+ if (selinux_enabled>0) { -+ if (setexeccon(NULL) < 0) { -+ perr("Could not reset exec context for user %s\n", pentry->pw_name); -+ } -+ } -+#endif - /* Send mail. Unlink the output file after opening it, so it - * doesn't hang around after the run. - */ -@@ -654,6 +739,9 @@ main(int argc, char *argv[]) - struct passwd *pwe; - struct group *ge; - -+#ifdef WITH_SELINUX -+ selinux_enabled=is_selinux_enabled(); -+#endif - /* We don't need root privileges all the time; running under uid and gid - * daemon is fine. - */ ---- config.h.in.orig -+++ config.h.in -@@ -184,3 +184,6 @@ - #undef DEFAULT_BATCH_QUEUE - - #undef HAVE_ATTRIBUTE_NORETURN -+ -+/* Define if you are building with_selinux */ -+#undef WITH_SELINUX ---- configure.in.orig -+++ configure.in -@@ -315,4 +315,12 @@ AC_ARG_WITH(daemon_groupname, - ) - AC_SUBST(DAEMON_GROUPNAME) - -+AC_ARG_WITH(selinux, -+[ --with-selinux Define to run with selinux], -+AC_DEFINE(WITH_SELINUX), -+) -+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) -+AC_SUBST(SELINUXLIB) -+AC_SUBST(WITH_SELINUX) -+ - AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch) diff --git a/at-3.1.8-tomorrow.patch b/at-3.1.8-tomorrow.patch deleted file mode 100644 index 49f7324..0000000 --- a/at-3.1.8-tomorrow.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/parsetime.y b/parsetime.y -index ef1ff7f..141d792 100644 ---- a/parsetime.y -+++ b/parsetime.y -@@ -379,7 +379,9 @@ parsetime(int argc, char **argv) - exectime -= 3600; - } - } -- if (time_only && (currtime > exectime)) { -+ /* exectime zeroes its seconds, thus we need +60, -+ * else "now" will be scheduled to tomorrow */ -+ if (currtime > exectime + 60) { - exectime += 24*3600; - } - return exectime; diff --git a/at-3.1.8-ttime.patch b/at-3.1.8-ttime.patch deleted file mode 100644 index 8332ce5..0000000 --- a/at-3.1.8-ttime.patch +++ /dev/null @@ -1,180 +0,0 @@ ---- at.1.in.orig -+++ at.1.in -@@ -9,7 +9,7 @@ at, batch, atq, atrm \- queue, examine o - .IR queue ] - .RB [ -f - .IR file ] --.RB [ -mldrbv ] -+.RB [ -mldrbvt ] - .B TIME - .br - .B "at -c" -@@ -235,6 +235,9 @@ is set; then, it will be "Thu Feb 20 14: - .B - \-c - cats the jobs listed on the command line to standard output. -+.TP -+.B \-t time_arg -+Specify the time to run in a format compatible with the touch -t time command. - .SH FILES - .I @ATJBD@ - .br ---- at.c.orig -+++ at.c -@@ -28,6 +28,7 @@ - - #include - #include -+#include - - #ifdef HAVE_SYS_WAIT_H - #include -@@ -133,6 +134,7 @@ static void alarmc(int signo); - static char *cwdname(void); - static void writefile(time_t runtimer, char queue); - static void list_jobs(void); -+static time_t ttime(const char *arg); - - /* Signal catching functions */ - -@@ -670,6 +672,78 @@ process_jobs(int argc, char **argv, int - } - } /* delete_jobs */ - -+#define ATOI2(ar) ((ar)[0] - '0') * 10 + ((ar)[1] - '0'); (ar) += 2; -+ -+static time_t -+ttime(const char *arg) -+{ -+ /* -+ * This is pretty much a copy of stime_arg1() from touch.c. I changed -+ * the return value and the argument list because it's more convenient -+ * (IMO) to do everything in one place. - Joe Halpin -+ */ -+ struct timeval tv[2]; -+ time_t now; -+ struct tm *t; -+ int yearset; -+ char *p; -+ -+ if (gettimeofday(&tv[0], NULL)) -+ panic("Cannot get current time"); -+ -+ /* Start with the current time. */ -+ now = tv[0].tv_sec; -+ if ((t = localtime(&now)) == NULL) -+ panic("localtime"); -+ /* [[CC]YY]MMDDhhmm[.SS] */ -+ if ((p = strchr(arg, '.')) == NULL) -+ t->tm_sec = 0; /* Seconds defaults to 0. */ -+ else { -+ if (strlen(p + 1) != 2) -+ goto terr; -+ *p++ = '\0'; -+ t->tm_sec = ATOI2(p); -+ } -+ -+ yearset = 0; -+ switch(strlen(arg)) { -+ case 12: /* CCYYMMDDhhmm */ -+ t->tm_year = ATOI2(arg); -+ t->tm_year *= 100; -+ yearset = 1; -+ /* FALLTHROUGH */ -+ case 10: /* YYMMDDhhmm */ -+ if (yearset) { -+ yearset = ATOI2(arg); -+ t->tm_year += yearset; -+ } else { -+ yearset = ATOI2(arg); -+ t->tm_year = yearset + 2000; -+ } -+ t->tm_year -= 1900; /* Convert to UNIX time. */ -+ /* FALLTHROUGH */ -+ case 8: /* MMDDhhmm */ -+ t->tm_mon = ATOI2(arg); -+ --t->tm_mon; /* Convert from 01-12 to 00-11 */ -+ t->tm_mday = ATOI2(arg); -+ t->tm_hour = ATOI2(arg); -+ t->tm_min = ATOI2(arg); -+ break; -+ default: -+ goto terr; -+ } -+ -+ t->tm_isdst = -1; /* Figure out DST. */ -+ tv[0].tv_sec = tv[1].tv_sec = mktime(t); -+ if (tv[0].tv_sec != -1) -+ return tv[0].tv_sec; -+ else -+terr: -+ panic( -+ "out of range or illegal time specification: [[CC]YY]MMDDhhmm[.SS]"); -+} -+ -+ - /* Global functions */ - - void * -@@ -692,12 +766,13 @@ main(int argc, char **argv) - char *pgm; - - int program = AT; /* our default program */ -- char *options = "q:f:MmvldrhVc"; /* default options for at */ -+ char *options = "q:f:t:MmvldrhVc"; /* default options for at */ - int disp_version = 0; - time_t timer; - struct passwd *pwe; - struct group *ge; - -+ timer = -1; - RELINQUISH_PRIVS - - if ((pwe = getpwnam(DAEMON_USERNAME)) == NULL) -@@ -781,6 +856,13 @@ main(int argc, char **argv) - options = "q:V"; - break; - -+ case 't': -+ if (program != AT) -+ usage(); -+ -+ timer = ttime(optarg); -+ break; -+ - case 'b': - if (program != AT) - usage(); -@@ -834,10 +916,16 @@ main(int argc, char **argv) - break; - - case AT: -- if (argc > optind) { -- timer = parsetime(argc - optind, argv + optind); -- } else { -- timer = 0; -+ /* -+ * If timer is > -1, then the user gave the time with -t. In that -+ * case, it's already been set. If not, set it now. -+ */ -+ if (timer == -1) { -+ if (argc > optind) { -+ timer = parsetime(argc - optind, argv + optind); -+ } else { -+ timer = 0; -+ } - } - - if (timer == 0) { ---- panic.c.orig -+++ panic.c -@@ -92,7 +92,9 @@ usage(void) - /* Print usage and exit. - */ - fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-m] time\n" -+ " at [-V] -c job [job ...]\n" - " at [-V] -r job [job ...]\n" -+ " at [-V] [-f file] -t [[CC]YY]MMDDhhmm[.SS]\n" - " atq [-V] [-q x]\n" - " atrm [-V] [-q x] job ...\n" - " batch [-V] [-f file] [-m]\n"); diff --git a/at-parse-suse-sysconfig.patch b/at-parse-suse-sysconfig.patch index 6c81f06..c0bfcc3 100644 --- a/at-parse-suse-sysconfig.patch +++ b/at-parse-suse-sysconfig.patch @@ -9,20 +9,22 @@ http://bugzilla.novell.com/780259 configure.in | 44 +++++++++++++++++++++++++++----------------- 3 files changed, 50 insertions(+), 19 deletions(-) -Index: at-3.1.8/Makefile.in +Index: at-3.1.13/Makefile.in =================================================================== ---- at-3.1.8.orig/Makefile.in -+++ at-3.1.8/Makefile.in -@@ -31,7 +31,7 @@ SELINUXLIB = @SELINUXLIB@ - PAMLIB = @PAMLIB@ +--- at-3.1.13.orig/Makefile.in ++++ at-3.1.13/Makefile.in +@@ -25,19 +25,19 @@ LN_S = @LN_S@ + YACC = @YACC@ + LEX = @LEX@ + LEXLIB = @LEXLIB@ CC = @CC@ --CFLAGS = @CFLAGS@ -+CFLAGS = @CFLAGS@ @HX_CFLAGS@ +-CFLAGS = -I$(srcdir) @CFLAGS@ ++CFLAGS = -I$(srcdir) @CFLAGS@ @HX_CFLAGS@ LDFLAGS = @LDFLAGS@ LFILE = $(ATJOB_DIR)/.SEQ DEFS = @DEFS@ -DVERSION=\"$(VERSION)\" \ -@@ -39,7 +39,7 @@ DEFS = @DEFS@ -DVERSION=\"$(VERSION)\" + -DETCDIR=\"$(etcdir)\" -DLOADAVG_MX=$(LOADAVG_MX) \ -DDAEMON_USERNAME=\"$(DAEMON_USERNAME)\" \ -DDAEMON_GROUPNAME=\"$(DAEMON_GROUPNAME)\" \ -DLFILE=\"$(LFILE)\" -Wall @@ -30,13 +32,17 @@ Index: at-3.1.8/Makefile.in +LIBS = @LIBS@ @HX_LIBS@ LIBOBJS = @LIBOBJS@ INSTALL = @INSTALL@ + PAMLIB = @PAMLIB@ + SELINUXLIB = @SELINUXLIB@ -Index: at-3.1.8/atd.c +Index: at-3.1.13/atd.c =================================================================== ---- at-3.1.8.orig/atd.c -+++ at-3.1.8/atd.c -@@ -104,6 +104,10 @@ static pam_handle_t *pamh = NULL; - } +--- at-3.1.13.orig/atd.c ++++ at-3.1.13/atd.c +@@ -72,10 +72,14 @@ + + #ifdef HAVE_UNISTD_H + #include #endif +#include @@ -46,7 +52,11 @@ Index: at-3.1.8/atd.c /* Local headers */ #include "privs.h" -@@ -934,6 +938,7 @@ main(int argc, char *argv[]) + #include "daemon.h" + +@@ -956,10 +960,11 @@ main(int argc, char *argv[]) + * For those files which are to be executed, run_file() is called, which forks + * off a child which takes care of I/O redirection, forks off another child * for execution and yet another one, optionally, for sending mail. * Files which already have run are removed during the next invocation. */ @@ -54,7 +64,11 @@ Index: at-3.1.8/atd.c int c; time_t next_invocation; struct sigaction act; -@@ -996,6 +1001,22 @@ main(int argc, char *argv[]) + struct passwd *pwe; + struct group *ge; +@@ -1024,10 +1029,26 @@ main(int argc, char *argv[]) + pabort("idiotic option - aborted"); + break; } } @@ -77,24 +91,28 @@ Index: at-3.1.8/atd.c namep = argv[0]; if (chdir(ATJOB_DIR) != 0) perr("Cannot change to " ATJOB_DIR); -Index: at-3.1.8/configure.in -=================================================================== ---- at-3.1.8.orig/configure.in -+++ at-3.1.8/configure.in -@@ -1,9 +1,10 @@ - dnl Process this file with autoconf to produce a configure script. --AC_INIT(at.c) -+AC_INIT -+AC_CONFIG_SRCDIR([at.c]) + if (optind < argc) +Index: at-3.1.13/configure.ac +=================================================================== +--- at-3.1.13.orig/configure.ac ++++ at-3.1.13/configure.ac +@@ -3,11 +3,11 @@ dnl Process this file with autoconf to p + AC_INIT(at, 3.1.13) + AC_CONFIG_SRCDIR(at.c) + AC_PREFIX_DEFAULT(/usr) AC_CONFIG_HEADER(config.h) --AC_PREREQ(2.7) +-AC_PREREQ([2.64]) +AC_PREREQ([2.69]) - - VERSION="3.1.8" -@@ -39,25 +40,22 @@ case "$host" in + VERSION=AC_PACKAGE_VERSION + if test "X$CFLAGS" = "X"; then + CFLAGS="-O2 -g -Wall" + fi +@@ -37,41 +37,50 @@ case "$host" in + *) + AC_MSG_RESULT(no) ;; esac AC_MSG_CHECKING(Trying to compile a trivial ANSI C program) @@ -108,18 +126,20 @@ Index: at-3.1.8/configure.in AC_MSG_CHECKING(__attribute__((noreturn))) -AC_TRY_COMPILE([], [void __attribute__((noreturn)) panic(void);], -- AC_MSG_RESULT(yes) -- AC_DEFINE(HAVE_ATTRIBUTE_NORETURN), -- AC_MSG_RESULT(no) ++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void __attribute__((noreturn)) panic(void);]])],[ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_ATTRIBUTE_NORETURN, 1, + [Define to 1 if compiler supports __attribute__((noreturn))]), + AC_MSG_RESULT(no) -) -+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void __attribute__((noreturn)) panic(void);]])],[AC_MSG_RESULT(yes) -+ AC_DEFINE(HAVE_ATTRIBUTE_NORETURN)],[AC_MSG_RESULT(no) +]) dnl Checks for libraries. AC_CHECK_LIB(fl,yywrap, - [], -- AC_DEFINE(NEED_YYWRAP) +- [], +- AC_DEFINE(NEED_YYWRAP, 1, +- [Define to 1 if we need to provide our own yywrap()]) ++ [], + AC_DEFINE([NEED_YYWRAP], 1, [need yywrap]) ) @@ -128,7 +148,9 @@ Index: at-3.1.8/configure.in dnl Checks for header files. AC_HEADER_DIRENT AC_HEADER_STDC -@@ -67,7 +65,18 @@ AC_CHECK_HEADERS(stdarg.h) + AC_HEADER_SYS_WAIT + AC_CHECK_HEADERS(fcntl.h syslog.h unistd.h errno.h sys/fcntl.h getopt.h) + AC_CHECK_HEADERS(stdarg.h) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST @@ -148,25 +170,29 @@ Index: at-3.1.8/configure.in AC_TYPE_UID_T AC_TYPE_MODE_T AC_TYPE_OFF_T -@@ -317,7 +326,7 @@ AC_SUBST(DAEMON_GROUPNAME) + AC_TYPE_PID_T + AC_TYPE_SIZE_T +@@ -258,20 +267,20 @@ AC_ARG_WITH(daemon_groupname, + AC_MSG_RESULT(daemon) + ) + AC_SUBST(DAEMON_GROUPNAME) AC_ARG_WITH(selinux, - [ --with-selinux Define to run with selinux], +-[ --with-selinux Define to run with selinux], -AC_DEFINE(WITH_SELINUX), ++[ --with-selinux Define to run with selinux], +AC_DEFINE([WITH_SELINUX] , [1], [enable selinux]), ) AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) AC_SUBST(SELINUXLIB) -@@ -325,9 +334,10 @@ AC_SUBST(WITH_SELINUX) + AC_SUBST(WITH_SELINUX) AC_ARG_WITH(pam, [ --with-pam Define to enable pam support ], -AC_DEFINE(WITH_PAM), -+AC_DEFINE([WITH_PAM], [1], [with pam]), ++AC_DEFINE([WITH_PAM], [1], [use PAM]), ) AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') AC_SUBST(PAMLIB) --AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch) -+AC_CONFIG_FILES([Makefile atrun atd.8 atrun.8 at.1 batch]) -+AC_OUTPUT + AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 at.allow.5 batch) diff --git a/at.changes b/at.changes index 8256450..134905f 100644 --- a/at.changes +++ b/at.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jun 11 13:09:18 UTC 2013 - lang@b1-systems.de + +- updated to upstream 3.1.13 +- ported patches to new source code in session with Stefan Seyfried +- removed unnecessary patches + ------------------------------------------------------------------- Sun Apr 14 06:45:53 UTC 2013 - crrodriguez@opensuse.org diff --git a/at.spec b/at.spec index 1e4c3a5..a991c89 100644 --- a/at.spec +++ b/at.spec @@ -24,44 +24,38 @@ BuildRequires: flex BuildRequires: libselinux-devel BuildRequires: pam-devel Url: ftp://ftp.debian.org/debian/pool/main/a/at -Version: 3.1.8 +Version: 3.1.13 Release: 0 Summary: A Job Manager License: GPL-2.0+ Group: System/Daemons -Source: at_3.1.8-11.tar.gz +Source: at_3.1.13.orig.tar.gz Source1: atd.init Source2: atd.pamd Source3: sysconfig.atd Source4: at.sleep Source5: http://0pointer.de/public/systemd-units/atd.service -Patch0: %{name}-%{version}.patch -Patch1: %{name}-%{version}-bison.patch -Patch2: %{name}-%{version}-delete_r.patch -Patch3: %{name}-%{version}-ttime.patch -Patch4: %{name}-%{version}-joblist.patch -Patch5: %{name}-%{version}-selinux.patch -Patch6: %{name}-%{version}-pie.patch -Patch7: %{name}-%{version}-eal3-manpages.patch -Patch8: %{name}-%{version}-formatbugs.patch -Patch9: %{name}-%{version}-pam.patch -Patch10: %{name}-%{version}-massive_batch.patch -Patch11: %{name}-%{version}-documentation-dir.patch -Patch12: %{name}-%{version}-queue-nice-level.patch -# PATCH-FIX-UPSTREAM cleanup_perm fix permissions for unlink (bnc#478733) -Patch13: %{name}-%{version}-cleanup_perm.patch +Patch0: %{name}-3.1.13.patch +Patch4: %{name}-3.1.13-joblist.patch +Patch5: %{name}-3.1.13-selinux.patch +Patch6: %{name}-3.1.13-pie.patch +Patch7: %{name}-3.1.8-eal3-manpages.patch +## no bugs anymore for patch8. Just paranoia checking +Patch8: %{name}-3.1.13-formatbugs.patch +Patch9: %{name}-3.1.13-pam.patch +Patch10: %{name}-3.1.13-massive_batch.patch +Patch11: %{name}-3.1.13-documentation-dir.patch +Patch12: %{name}-3.1.13-queue-nice-level.patch # PATCH-FIX-UPSTREAM pam-session-as-root (bnc#408986, bnc#239210) -Patch14: %{name}-%{version}-pam-session-as-root.patch +Patch14: %{name}-3.1.13-pam-session-as-root.patch # PATCH-FIX-UPSTREAM clean-up opened descriptors (bnc#533454, bnc#523346) -Patch15: %{name}-%{version}-leak-fix.patch +Patch15: %{name}-3.1.13-leak-fix.patch #PATCH-FIX-OPENSUSE add proper system users to the deny list Patch16: at-3.1.8-denylist.patch #PATCH-FIX-UPSTREAM plan jobs with past time to tomorrow (bnc#672586) -Patch17: %{name}-%{version}-tomorrow.patch -#PATCH-FIX-UPSTREAM race condition of atrm against job execution (bnc#679857) -Patch18: %{name}-%{version}-atrm-race.patch +Patch17: %{name}-3.1.13-tomorrow.patch #PATCH-FIX-UPSTREAM wrong mtime handling of jobdir (bnc#680113) -Patch19: %{name}-%{version}-jobdir-mtime.patch +Patch19: %{name}-3.1.8-jobdir-mtime.patch Patch20: at-parse-suse-sysconfig.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %{_sbindir}/useradd %{_sbindir}/groupadd %fillup_prereq %insserv_prereq @@ -81,9 +75,6 @@ This program allows you to run jobs at specified times. %prep %setup -q %patch0 -%patch1 -%patch2 -%patch3 %patch4 %patch5 %patch6 @@ -93,12 +84,10 @@ This program allows you to run jobs at specified times. %patch10 %patch11 %patch12 -%patch13 %patch14 %patch15 %patch16 %patch17 -p1 -%patch18 %patch19 %patch20 -p1 %build diff --git a/at_3.1.13.orig.tar.gz b/at_3.1.13.orig.tar.gz new file mode 100644 index 0000000..20d3f0a --- /dev/null +++ b/at_3.1.13.orig.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3a8b90868d615d21a92f4986ea9a823886329af8fae8dd7ab4eed9b273bca072 +size 122544 diff --git a/at_3.1.8-11.tar.gz b/at_3.1.8-11.tar.gz deleted file mode 100644 index 5f9e162..0000000 --- a/at_3.1.8-11.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0d77c73a3c151a7da647dd924f32151e5ee4574530568fd65067882f79cd5a44 -size 108827