From 0c97661a07f1823da286b45706c4fab3c763acbf984a0c7f27d903957618af27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Mon, 22 Jun 2015 16:02:29 +0000 Subject: [PATCH 1/2] Accepting request 313129 from home:scarabeus_iv:branches:Base:System - Version bump to 3.1.16 to match latest upstream: * Fix regression for sec-fix in bash we applied in form of patch till now - deleting at-3.1.15-sane-envkeys.patch - Sync/split features to be patch specific, modifying: * at-3.1.13-pam.patch * at-3.1.14-parse-suse-sysconfig.patch * at-3.1.14-selinux.patch - Cleanup with spec-cleaner - Remove systemd conditional (we do not work on sle11 anyway) OBS-URL: https://build.opensuse.org/request/show/313129 OBS-URL: https://build.opensuse.org/package/show/Base:System/at?expand=0&rev=97 --- at-3.1.13-pam.patch | 113 +++++---------------------- at-3.1.14-parse-suse-sysconfig.patch | 90 +++------------------ at-3.1.14-selinux.patch | 98 ++++++++++++++--------- at-3.1.15-sane-envkeys.patch | 39 --------- at.changes | 17 ++++ at.spec | 48 +++++------- at_3.1.15.orig.tar.gz | 3 - at_3.1.16.orig.tar.gz | 3 + 8 files changed, 133 insertions(+), 278 deletions(-) delete mode 100644 at-3.1.15-sane-envkeys.patch delete mode 100644 at_3.1.15.orig.tar.gz create mode 100644 at_3.1.16.orig.tar.gz diff --git a/at-3.1.13-pam.patch b/at-3.1.13-pam.patch index 2257eb6..5ee3c57 100644 --- a/at-3.1.13-pam.patch +++ b/at-3.1.13-pam.patch @@ -2,9 +2,7 @@ Index: atd.c =================================================================== --- atd.c.orig +++ atd.c -@@ -89,10 +89,14 @@ - int selinux_enabled=0; - #include +@@ -91,6 +91,10 @@ int selinux_enabled=0; #include #endif @@ -15,11 +13,7 @@ Index: atd.c /* Macros */ #define BATCH_INTERVAL_DEFAULT 60 - #define CHECK_INTERVAL 3600 - -@@ -114,11 +118,11 @@ static int nothing_to_do; - unsigned int batch_interval; - static int run_as_daemon = 0; +@@ -116,7 +120,7 @@ static int run_as_daemon = 0; static volatile sig_atomic_t term_signal = 0; @@ -28,11 +22,7 @@ Index: atd.c #include static pam_handle_t *pamh = NULL; - - static const struct pam_conv conv = { -@@ -126,16 +130,17 @@ static const struct pam_conv conv = { - }; - +@@ -128,12 +132,13 @@ static const struct pam_conv conv = { #define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \ fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \ @@ -47,11 +37,7 @@ Index: atd.c /* Signal handlers */ RETSIGTYPE - set_term(int dummy) - { -@@ -263,10 +268,23 @@ static int set_selinux_context(const cha - freecon(user_context); - return 0; +@@ -265,6 +270,19 @@ static int set_selinux_context(const cha } #endif @@ -71,11 +57,7 @@ Index: atd.c static void run_file(const char *filename, uid_t uid, gid_t gid) { - /* Run a file by by spawning off a process which redirects I/O, - * spawns a subshell, then waits for it to complete and sends -@@ -288,11 +306,11 @@ run_file(const char *filename, uid_t uid - int ngid; - char queue; +@@ -290,7 +308,7 @@ run_file(const char *filename, uid_t uid char fmt[64]; unsigned long jobno; int rc; @@ -84,11 +66,7 @@ Index: atd.c int retcode; #endif - #ifdef _SC_LOGIN_NAME_MAX - errno = 0; -@@ -450,20 +468,24 @@ run_file(const char *filename, uid_t uid - write_string(fd_out, mailname); - write_string(fd_out, "\n\n"); +@@ -452,16 +470,20 @@ run_file(const char *filename, uid_t uid fstat(fd_out, &buf); size = buf.st_size; @@ -110,11 +88,7 @@ Index: atd.c PRIV_END #endif - close(STDIN_FILENO); - close(STDOUT_FILENO); -@@ -474,10 +496,20 @@ run_file(const char *filename, uid_t uid - perr("Error in fork"); - +@@ -476,6 +498,16 @@ run_file(const char *filename, uid_t uid else if (pid == 0) { char *nul = NULL; char **nenvp = &nul; @@ -131,11 +105,7 @@ Index: atd.c /* Set up things for the child; we want standard input from the * input file, and standard output and error sent to our output file. - */ - if (lseek(fd_in, (off_t) 0, SEEK_SET) < 0) -@@ -493,12 +525,10 @@ run_file(const char *filename, uid_t uid - perr("Error in I/O redirection"); - +@@ -495,8 +527,6 @@ run_file(const char *filename, uid_t uid close(fd_in); close(fd_out); @@ -144,11 +114,7 @@ Index: atd.c nice((tolower((int) queue) - 'a' + 1) * 2); if (initgroups(pentry->pw_name, pentry->pw_gid)) - perr("Cannot initialize the supplementary group access list"); - -@@ -526,10 +556,20 @@ run_file(const char *filename, uid_t uid - if (security_getenforce()==1) - perr("Could not resset exec context for user %s\n", pentry->pw_name); +@@ -528,6 +558,16 @@ run_file(const char *filename, uid_t uid #endif //end @@ -165,11 +131,7 @@ Index: atd.c PRIV_END } /* We're the parent. Let's wait. - */ - close(fd_in); -@@ -538,18 +578,10 @@ run_file(const char *filename, uid_t uid - non-blocking waitpid. So this blocking one will eventually - return with an ECHILD error. +@@ -540,14 +580,6 @@ run_file(const char *filename, uid_t uid */ waitpid(pid, (int *) NULL, 0); @@ -184,11 +146,7 @@ Index: atd.c /* Send mail. Unlink the output file after opening it, so it * doesn't hang around after the run. */ - fstat(fd_out, &buf); - lseek(fd_out, 0, SEEK_SET); -@@ -570,19 +602,51 @@ run_file(const char *filename, uid_t uid - - if (unlink(filename) == -1) +@@ -572,6 +604,14 @@ run_file(const char *filename, uid_t uid syslog(LOG_WARNING, "Warning: removing output file for job %li failed: %s", jobno, strerror(errno)); @@ -203,8 +161,7 @@ Index: atd.c /* The job is now finished. We can delete its input file. */ chdir(ATJOB_DIR); - unlink(newname); - free(newname); +@@ -580,7 +620,31 @@ run_file(const char *filename, uid_t uid if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) { @@ -236,11 +193,7 @@ Index: atd.c if (initgroups(pentry->pw_name, pentry->pw_gid)) perr("Cannot initialize the supplementary group access list"); - - if (setgid(gid) < 0) -@@ -591,18 +655,85 @@ run_file(const char *filename, uid_t uid - if (setuid(uid) < 0) - perr("Cannot set user id"); +@@ -593,6 +657,47 @@ run_file(const char *filename, uid_t uid chdir ("/"); @@ -288,7 +241,7 @@ Index: atd.c #if defined(SENDMAIL) execl(SENDMAIL, "sendmail", "-i", mailname, (char *) NULL); #else - #error "No mail command specified." +@@ -600,7 +705,33 @@ run_file(const char *filename, uid_t uid #endif perr("Exec failed for mail command"); @@ -323,11 +276,7 @@ Index: atd.c } exit(EXIT_SUCCESS); } - - static time_t -@@ -817,16 +948,11 @@ main(int argc, char *argv[]) - - daemon_gid = ge->gr_gid; +@@ -819,12 +950,7 @@ main(int argc, char *argv[]) RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid) @@ -341,15 +290,11 @@ Index: atd.c opterr = 0; errno = 0; run_as_daemon = 1; - batch_interval = BATCH_INTERVAL_DEFAULT; - Index: config.h.in =================================================================== --- config.h.in.orig +++ config.h.in -@@ -69,13 +69,10 @@ - #undef HAVE_NLIST_H - +@@ -71,9 +71,6 @@ /* Define to 1 for PAM support */ #undef HAVE_PAM @@ -359,11 +304,7 @@ Index: config.h.in /* Define to 1 if you have the `pstat_getdynamic' function. */ #undef HAVE_PSTAT_GETDYNAMIC - /* Define to 1 if you have the header file. */ - #undef HAVE_SECURITY_PAM_APPL_H -@@ -143,11 +140,11 @@ - #undef HAVE_VPRINTF - +@@ -145,7 +142,7 @@ /* Define to 1 if you have the `waitpid' function. */ #undef HAVE_WAITPID @@ -372,11 +313,7 @@ Index: config.h.in #undef NEED_YYWRAP /* Define to 1 if your `struct nlist' has an `n_un' member. Obsolete, depend - on `HAVE_STRUCT_NLIST_N_UN_N_NAME */ - #undef NLIST_NAME_UNION -@@ -193,10 +190,13 @@ - - /* Define to 1 for Encore UMAX 4.3 that has instead of +@@ -195,6 +192,9 @@ . */ #undef UMAX4_3 @@ -386,15 +323,11 @@ Index: config.h.in /* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a `char[]'. */ #undef YYTEXT_POINTER - - /* Define to empty if `const' does not conform to ANSI C. */ Index: perm.c =================================================================== --- perm.c.orig +++ perm.c -@@ -106,18 +106,19 @@ user_in_file(const char *path, const cha - - /* Global functions */ +@@ -108,14 +108,15 @@ user_in_file(const char *path, const cha int check_permission() { @@ -413,21 +346,17 @@ Index: perm.c perror("Cannot access user database"); exit(EXIT_FAILURE); } - - allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name); Index: configure.ac =================================================================== --- configure.ac.orig +++ configure.ac -@@ -265,7 +265,14 @@ AC_DEFINE(WITH_SELINUX), - ) - AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) +@@ -277,5 +277,12 @@ AC_CHECK_LIB(selinux, is_selinux_enabled AC_SUBST(SELINUXLIB) AC_SUBST(WITH_SELINUX) +AC_ARG_WITH(pam, +[ --with-pam Define to enable pam support ], -+AC_DEFINE(WITH_PAM), ++AC_DEFINE([WITH_PAM], [1], [use PAM]), +) +AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') +AC_SUBST(PAMLIB) diff --git a/at-3.1.14-parse-suse-sysconfig.patch b/at-3.1.14-parse-suse-sysconfig.patch index 932155d..2bf5757 100644 --- a/at-3.1.14-parse-suse-sysconfig.patch +++ b/at-3.1.14-parse-suse-sysconfig.patch @@ -11,9 +11,9 @@ http://bugzilla.novell.com/780259 Index: Makefile.in =================================================================== ---- Makefile.in.orig 2014-09-18 10:46:08.197168752 +0200 -+++ Makefile.in 2014-09-18 10:46:08.265168751 +0200 -@@ -28,7 +28,7 @@ +--- Makefile.in.orig ++++ Makefile.in +@@ -28,7 +28,7 @@ LEX = @LEX@ LEXLIB = @LEXLIB@ CC = @CC@ @@ -22,7 +22,7 @@ Index: Makefile.in LDFLAGS = @LDFLAGS@ LFILE = $(ATJOB_DIR)/.SEQ DEFS = @DEFS@ -DVERSION=\"$(VERSION)\" \ -@@ -36,7 +36,7 @@ +@@ -36,7 +36,7 @@ DEFS = @DEFS@ -DVERSION=\"$(VERSION)\" -DDAEMON_USERNAME=\"$(DAEMON_USERNAME)\" \ -DDAEMON_GROUPNAME=\"$(DAEMON_GROUPNAME)\" \ -DLFILE=\"$(LFILE)\" -Wall @@ -33,8 +33,8 @@ Index: Makefile.in PAMLIB = @PAMLIB@ Index: atd.c =================================================================== ---- atd.c.orig 2014-09-18 10:46:08.261168751 +0200 -+++ atd.c 2014-09-18 10:46:08.265168751 +0200 +--- atd.c.orig ++++ atd.c @@ -74,6 +74,10 @@ #include #endif @@ -46,7 +46,7 @@ Index: atd.c /* Local headers */ #include "privs.h" -@@ -930,6 +934,7 @@ +@@ -930,6 +934,7 @@ main(int argc, char *argv[]) * for execution and yet another one, optionally, for sending mail. * Files which already have run are removed during the next invocation. */ @@ -54,7 +54,7 @@ Index: atd.c int c; time_t next_invocation; struct sigaction act; -@@ -998,6 +1003,22 @@ +@@ -998,6 +1003,22 @@ main(int argc, char *argv[]) } } @@ -79,36 +79,10 @@ Index: atd.c perr("Cannot change to " ATJOB_DIR); Index: configure.ac =================================================================== ---- configure.ac.orig 2014-09-18 10:46:08.217168752 +0200 -+++ configure.ac 2014-09-18 10:46:08.265168751 +0200 -@@ -5,7 +5,7 @@ - - AC_PREFIX_DEFAULT(/usr) - AC_CONFIG_HEADER(config.h) --AC_PREREQ([2.64]) -+AC_PREREQ([2.69]) - - VERSION=AC_PACKAGE_VERSION - if test "X$CFLAGS" = "X"; then -@@ -40,20 +40,21 @@ - esac - - AC_MSG_CHECKING(__attribute__((noreturn))) --AC_TRY_COMPILE([], [void __attribute__((noreturn)) panic(void);], -+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void __attribute__((noreturn)) panic(void);]])],[ - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_ATTRIBUTE_NORETURN, 1, - [Define to 1 if compiler supports __attribute__((noreturn))]), - AC_MSG_RESULT(no) --) -+]) - dnl Checks for libraries. - - AC_CHECK_LIB(fl,yywrap, - [], -- AC_DEFINE(NEED_YYWRAP, 1, -- [Define to 1 if we need to provide our own yywrap()]) -+ AC_DEFINE([NEED_YYWRAP], 1, [need yywrap]) +--- configure.ac.orig ++++ configure.ac +@@ -53,6 +53,8 @@ AC_CHECK_LIB(fl,yywrap, + AC_DEFINE([NEED_YYWRAP], 1, [need yywrap]) ) +PKG_CHECK_MODULES([HX], [libHX]) @@ -116,43 +90,3 @@ Index: configure.ac dnl Checks for header files. AC_HEADER_DIRENT AC_HEADER_STDC -@@ -63,7 +64,18 @@ - - dnl Checks for typedefs, structures, and compiler characteristics. - AC_C_CONST --AC_TYPE_SIGNAL -+AC_DIAGNOSE([obsolete],[your code may safely assume C89 semantics that RETSIGTYPE is void. -+Remove this warning and the `AC_CACHE_CHECK' when you adjust the code.])dnl -+AC_CACHE_CHECK([return type of signal handlers],[ac_cv_type_signal],[AC_COMPILE_IFELSE( -+[AC_LANG_PROGRAM([#include -+#include -+], -+ [return *(signal (0, 0)) (0) == 1;])], -+ [ac_cv_type_signal=int], -+ [ac_cv_type_signal=void])]) -+AC_DEFINE_UNQUOTED([RETSIGTYPE],[$ac_cv_type_signal],[Define as the return type of signal handlers -+ (`int' or `void').]) -+ - AC_TYPE_UID_T - AC_TYPE_MODE_T - AC_TYPE_OFF_T -@@ -261,8 +273,8 @@ - AC_SUBST(DAEMON_GROUPNAME) - - AC_ARG_WITH(selinux, --[ --with-selinux Define to run with selinux], --AC_DEFINE(WITH_SELINUX), -+[ --with-selinux Define to run with selinux], -+AC_DEFINE([WITH_SELINUX] , [1], [enable selinux]), - ) - AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) - AC_SUBST(SELINUXLIB) -@@ -270,7 +282,7 @@ - - AC_ARG_WITH(pam, - [ --with-pam Define to enable pam support ], --AC_DEFINE(WITH_PAM), -+AC_DEFINE([WITH_PAM], [1], [use PAM]), - ) - AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc') - AC_SUBST(PAMLIB) diff --git a/at-3.1.14-selinux.patch b/at-3.1.14-selinux.patch index 1ee9baa..3ae7671 100644 --- a/at-3.1.14-selinux.patch +++ b/at-3.1.14-selinux.patch @@ -2,9 +2,7 @@ Index: atd.c =================================================================== --- atd.c.orig +++ atd.c -@@ -81,10 +81,18 @@ - - #ifndef HAVE_GETLOADAVG +@@ -83,6 +83,14 @@ #include "getloadavg.h" #endif @@ -19,11 +17,7 @@ Index: atd.c /* Macros */ #define BATCH_INTERVAL_DEFAULT 60 - #define CHECK_INTERVAL 3600 - -@@ -193,10 +201,72 @@ myfork() - } - +@@ -195,6 +203,68 @@ myfork() #define fork myfork #endif @@ -92,11 +86,7 @@ Index: atd.c static void run_file(const char *filename, uid_t uid, gid_t gid) { - /* Run a file by by spawning off a process which redirects I/O, - * spawns a subshell, then waits for it to complete and sends -@@ -440,13 +510,25 @@ run_file(const char *filename, uid_t uid - - if (SIG_ERR == signal(SIGCHLD, SIG_DFL)) +@@ -442,9 +512,21 @@ run_file(const char *filename, uid_t uid perr("Cannot reset signal handler to default"); chdir("/"); @@ -119,11 +109,7 @@ Index: atd.c PRIV_END } - /* We're the parent. Let's wait. - */ -@@ -715,10 +797,14 @@ main(int argc, char *argv[]) - time_t next_invocation; - struct sigaction act; +@@ -717,6 +799,10 @@ main(int argc, char *argv[]) struct passwd *pwe; struct group *ge; @@ -134,15 +120,11 @@ Index: atd.c /* We don't need root privileges all the time; running under uid and gid * daemon is fine. */ - - if ((pwe = getpwnam(DAEMON_USERNAME)) == NULL) Index: config.h.in =================================================================== --- config.h.in.orig +++ config.h.in -@@ -69,10 +69,13 @@ - #undef HAVE_NLIST_H - +@@ -71,6 +71,9 @@ /* Define to 1 for PAM support */ #undef HAVE_PAM @@ -152,21 +134,67 @@ Index: config.h.in /* Define to 1 if you have the `pstat_getdynamic' function. */ #undef HAVE_PSTAT_GETDYNAMIC - /* Define to 1 if you have the header file. */ - #undef HAVE_SECURITY_PAM_APPL_H Index: configure.ac =================================================================== --- configure.ac.orig +++ configure.ac -@@ -258,7 +258,15 @@ AC_ARG_WITH(daemon_groupname, - DAEMON_GROUPNAME=daemon - AC_MSG_RESULT(daemon) +@@ -5,7 +5,7 @@ AC_CONFIG_SRCDIR(at.c) + + AC_PREFIX_DEFAULT(/usr) + AC_CONFIG_HEADER(config.h) +-AC_PREREQ([2.64]) ++AC_PREREQ([2.69]) + + VERSION=AC_PACKAGE_VERSION + if test "X$CFLAGS" = "X"; then +@@ -40,18 +40,17 @@ case "$host" in + esac + + AC_MSG_CHECKING(__attribute__((noreturn))) +-AC_TRY_COMPILE([], [void __attribute__((noreturn)) panic(void);], ++AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[void __attribute__((noreturn)) panic(void);]])],[ + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_ATTRIBUTE_NORETURN, 1, + [Define to 1 if compiler supports __attribute__((noreturn))]), + AC_MSG_RESULT(no) +-) ++]) + dnl Checks for libraries. + + AC_CHECK_LIB(fl,yywrap, + [], +- AC_DEFINE(NEED_YYWRAP, 1, +- [Define to 1 if we need to provide our own yywrap()]) ++ AC_DEFINE([NEED_YYWRAP], 1, [need yywrap]) + ) + + dnl Checks for header files. +@@ -63,7 +62,17 @@ AC_CHECK_HEADERS(stdarg.h) + + dnl Checks for typedefs, structures, and compiler characteristics. + AC_C_CONST +-AC_TYPE_SIGNAL ++AC_DIAGNOSE([obsolete],[your code may safely assume C89 semantics that RETSIGTYPE is void. ++Remove this warning and the `AC_CACHE_CHECK' when you adjust the code.])dnl ++AC_CACHE_CHECK([return type of signal handlers],[ac_cv_type_signal],[AC_COMPILE_IFELSE( ++[AC_LANG_PROGRAM([#include ++#include ++], ++ [return *(signal (0, 0)) (0) == 1;])], ++ [ac_cv_type_signal=int], ++ [ac_cv_type_signal=void])]) ++AC_DEFINE_UNQUOTED([RETSIGTYPE],[$ac_cv_type_signal],[Define as the return type of signal handlers ++ (`int' or `void').]) + AC_TYPE_UID_T + AC_TYPE_MODE_T + AC_TYPE_OFF_T +@@ -260,5 +269,13 @@ AC_ARG_WITH(daemon_groupname, ) AC_SUBST(DAEMON_GROUPNAME) +AC_ARG_WITH(selinux, +[ --with-selinux Define to run with selinux], -+AC_DEFINE(WITH_SELINUX), ++AC_DEFINE([WITH_SELINUX] , [1], [enable selinux]), +) +AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux) +AC_SUBST(SELINUXLIB) @@ -178,9 +206,7 @@ Index: Makefile.in =================================================================== --- Makefile.in.orig +++ Makefile.in -@@ -38,10 +38,12 @@ DEFS = @DEFS@ -DVERSION=\"$(VERSION)\" - -DLFILE=\"$(LFILE)\" -Wall - LIBS = @LIBS@ +@@ -40,6 +40,8 @@ LIBS = @LIBS@ LIBOBJS = @LIBOBJS@ INSTALL = @INSTALL@ PAMLIB = @PAMLIB@ @@ -189,11 +215,7 @@ Index: Makefile.in CLONES = atq atrm ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o - RUNOBJECTS = atd.o daemon.o $(LIBOBJS) - CSRCS = at.c atd.c panic.c perm.c posixtm.c daemon.c getloadavg.c \ -@@ -71,11 +72,11 @@ at: $(ATOBJECTS) - rm -f $(CLONES) - $(LN_S) -f at atq +@@ -73,7 +75,7 @@ at: $(ATOBJECTS) $(LN_S) -f at atrm atd: $(RUNOBJECTS) @@ -202,5 +224,3 @@ Index: Makefile.in y.tab.c y.tab.h: parsetime.y $(YACC) -d parsetime.y - - lex.yy.c: parsetime.l diff --git a/at-3.1.15-sane-envkeys.patch b/at-3.1.15-sane-envkeys.patch deleted file mode 100644 index 2390cb7..0000000 --- a/at-3.1.15-sane-envkeys.patch +++ /dev/null @@ -1,39 +0,0 @@ -commit 482f5962d9584d6110b940f0f51ab5919a6eb8a0 -Author: Ansgar Burchardt -Date: Sun Sep 28 17:06:12 2014 +0200 - - at: only retain variables whose name consists of alphanumerics and underscores - - Since a recent security update[1] bash might export variables named - BASH_FUNC_*() to the environment which the serialization code in at - cannot handle properly. - - [1] - -Index: at-3.1.15/at.c -=================================================================== ---- at-3.1.15.orig/at.c -+++ at-3.1.15/at.c -@@ -390,6 +390,22 @@ writefile(time_t runtimer, char queue) - int export = 1; - char *eqp; - -+ /* Only accept alphanumerics and underscore in variable names. -+ * Also require the name to not start with a digit. -+ * Some shells don't like other variable names. -+ */ -+ { -+ char *p = *atenv; -+ if (isdigit(*p)) -+ export = 0; -+ for (; *p != '=' && *p != '\0'; ++p) { -+ if (!isalnum(*p) && *p != '_') { -+ export = 0; -+ break; -+ } -+ } -+ } -+ - eqp = strchr(*atenv, '='); - if (ap == NULL) - eqp = *atenv; diff --git a/at.changes b/at.changes index 1621b7e..5452194 100644 --- a/at.changes +++ b/at.changes @@ -1,3 +1,20 @@ +------------------------------------------------------------------- +Mon Jun 22 15:07:32 UTC 2015 - tchvatal@suse.com + +- Version bump to 3.1.16 to match latest upstream: + * Fix regression for sec-fix in bash we applied in form of patch + till now - deleting at-3.1.15-sane-envkeys.patch +- Sync/split features to be patch specific, modifying: + * at-3.1.13-pam.patch + * at-3.1.14-parse-suse-sysconfig.patch + * at-3.1.14-selinux.patch + +------------------------------------------------------------------- +Mon Jun 22 15:02:30 UTC 2015 - tchvatal@suse.com + +- Cleanup with spec-cleaner +- Remove systemd conditional (we do not work on sle11 anyway) + ------------------------------------------------------------------- Thu Jun 4 01:03:54 UTC 2015 - crrodriguez@opensuse.org diff --git a/at.spec b/at.spec index 63e8b0e..46bf27a 100644 --- a/at.spec +++ b/at.spec @@ -17,18 +17,16 @@ Name: at -Version: 3.1.15 +Version: 3.1.16 Release: 0 Summary: A Job Manager License: GPL-2.0+ Group: System/Daemons - Url: ftp://ftp.debian.org/debian/pool/main/a/at Source: ftp://ftp.debian.org/debian/pool/main/a/at/%{name}_%{version}.orig.tar.gz Source2: atd.pamd Source3: sysconfig.atd Source5: atd.service - Patch0: at-3.1.14.patch Patch4: at-3.1.14-joblist.patch Patch5: at-3.1.14-selinux.patch @@ -59,28 +57,24 @@ Patch23: at-secure_getenv.patch Patch24: at-backport-old-privs.patch #PATCH-FEATURE-UPSTREAM introduce -o argument for atq (bnc#879402) Patch25: at-atq-timeformat.patch -#PATCH-FIX-UPSTREAM sanitize environment variables (bnc#899160) -Patch26: at-3.1.15-sane-envkeys.patch #PATCH-FIX-OPENSUSE use posix timers to avoid the need of suspend/resume hacks. Patch27: at-3.1.14-usePOSIXtimers.patch BuildRequires: autoconf >= 2.69 BuildRequires: automake BuildRequires: bison BuildRequires: flex +BuildRequires: libHX-devel BuildRequires: libselinux-devel BuildRequires: pam-devel -%if 0%{?suse_version} > 1140 -BuildRequires: libHX-devel BuildRequires: pkgconfig -BuildRequires: pkgconfig(systemd) -%{?systemd_requires} -%define has_systemd 1 -%endif -BuildRoot: %{_tmppath}/%{name}-%{version}-build - -PreReq: %{_sbindir}/useradd %{_sbindir}/groupadd %fillup_prereq -PreReq: permissions +BuildRequires: systemd-rpm-macros +Requires(post): %fillup_prereq +Requires(pre): %{_sbindir}/groupadd +Requires(pre): %{_sbindir}/useradd +Requires(pre): permissions Recommends: smtp_daemon +BuildRoot: %{_tmppath}/%{name}-%{version}-build +%{?systemd_requires} %description This program allows you to run jobs at specified times. @@ -107,8 +101,8 @@ This program allows you to run jobs at specified times. %patch23 -p1 %patch24 -p1 %patch25 -%patch26 -p1 %patch27 -p1 + %build rm -fv y.tab.c y.tab.h lex.yy.c lex.yy.o y.tab.o autoreconf -fiv @@ -123,41 +117,41 @@ export SENDMAIL=%{_sbindir}/sendmail --with-daemon_username=at \ --with-daemon_groupname=at -%{__make} %{?_smp_mflags} +make %{?_smp_mflags} %install -%{__install} -d %{buildroot}{%{_sysconfdir}/pam.d,%{_bindir},%{_sbindir},%{_mandir}/man{1,5,8},%{_localstatedir}/adm/fillup-templates} +install -d %{buildroot}{%{_sysconfdir}/pam.d,%{_bindir},%{_sbindir},%{_mandir}/man{1,5,8},%{_localstatedir}/adm/fillup-templates} export CFLAGS="%{?optflags}" export SENDMAIL=%{_sbindir}/sendmail -%{__make} install IROOT=%{buildroot} +make install IROOT=%{buildroot} # Don't install docs here in this way mkdir docs mv %{buildroot}/%{_prefix}/doc/at/* docs/ -%{__install} -D -m 0644 %{S:5} %{buildroot}%{_unitdir}/atd.service -%{__ln_s} -f %{_sbindir}/service %{buildroot}%{_sbindir}/rcatd +install -D -m 0644 %{SOURCE5} %{buildroot}%{_unitdir}/atd.service +ln -s service %{buildroot}%{_sbindir}/rcatd -%{__install} -m644 %SOURCE2 %{buildroot}%{_sysconfdir}/pam.d/atd -%{__install} -m644 %SOURCE3 %{buildroot}%{_localstatedir}/adm/fillup-templates +install -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/atd +install -m644 %{SOURCE3} %{buildroot}%{_localstatedir}/adm/fillup-templates %pre %{_sbindir}/groupadd -g 25 -o -r at 2> /dev/null || : -%{_sbindir}/useradd -r -o -g at -u 25 -s /bin/bash -c "Batch jobs daemon" -d /var/spool/atjobs at 2> /dev/null || : +%{_sbindir}/useradd -r -o -g at -u 25 -s /bin/bash -c "Batch jobs daemon" -d %{_localstatedir}/spool/atjobs at 2> /dev/null || : %service_add_pre atd.service %preun %service_del_preun atd.service %post -%fillup_only -n atd -%set_permissions /usr/bin/at +%{fillup_only -n atd} +%set_permissions %{_bindir}/at %service_add_post atd.service %verifyscript -%verify_permissions -e /usr/bin/at +%verify_permissions -e %{_bindir}/at %postun %service_del_postun atd.service diff --git a/at_3.1.15.orig.tar.gz b/at_3.1.15.orig.tar.gz deleted file mode 100644 index 399aeaf..0000000 --- a/at_3.1.15.orig.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:03a84f5293d5a95ef4231b7faf5578f141f0c76a2b304dd655bc7e90e97bf7fc -size 122968 diff --git a/at_3.1.16.orig.tar.gz b/at_3.1.16.orig.tar.gz new file mode 100644 index 0000000..1329bb9 --- /dev/null +++ b/at_3.1.16.orig.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:cb9af59c6a54edce9536ba629841055409d1f89d8ae26494727a97141fb4d5c1 +size 123174 From f9b617fd8ae0e2a63c92ab2e54c963d84278ecb004d737ebff8551e5e30af098 Mon Sep 17 00:00:00 2001 From: Kristyna Streitova Date: Wed, 24 Jun 2015 08:32:27 +0000 Subject: [PATCH 2/2] Accepting request 313311 from home:vitezslav_cizek:branches:Base:System - loadavg on Linux is a sum over all CPUs, so multiply LOADAVG_MX by the amount of CPUs when comparing to loadavg (bnc#889174) * added at-adjust_load_to_cpu_count.patch OBS-URL: https://build.opensuse.org/request/show/313311 OBS-URL: https://build.opensuse.org/package/show/Base:System/at?expand=0&rev=98 --- at-adjust_load_to_cpu_count.patch | 59 +++++++++++++++++++++++++++++++ at.changes | 7 ++++ at.spec | 2 ++ sysconfig.atd | 3 +- 4 files changed, 70 insertions(+), 1 deletion(-) create mode 100644 at-adjust_load_to_cpu_count.patch diff --git a/at-adjust_load_to_cpu_count.patch b/at-adjust_load_to_cpu_count.patch new file mode 100644 index 0000000..345c4a2 --- /dev/null +++ b/at-adjust_load_to_cpu_count.patch @@ -0,0 +1,59 @@ +Index: at-3.1.16/at.1.in +=================================================================== +--- at-3.1.16.orig/at.1.in 2015-06-23 18:12:35.348993941 +0200 ++++ at-3.1.16/at.1.in 2015-06-23 18:48:39.666401868 +0200 +@@ -68,6 +68,9 @@ deletes jobs, identified by their job nu + executes commands when system load levels permit; in other words, when the load average + drops below @LOADAVG_MX@, or the value specified in the invocation of + .BR atd . ++Note that because of the load meaning on Linux, ++this number is multiplied by the amount of CPUs when compared to the ++system loadavg. + .PP + .B At + allows fairly complex time +Index: at-3.1.16/atd.c +=================================================================== +--- at-3.1.16.orig/atd.c 2015-06-23 18:12:35.353994001 +0200 ++++ at-3.1.16/atd.c 2015-06-23 18:31:52.137058536 +0200 +@@ -763,6 +763,7 @@ run_loop() + int run_batch; + static time_t next_batch = 0; + double currlavg[3]; ++ int cpu_count = 1; + + /* Main loop. Open spool directory for reading and look over all the + * files in there. If the filename indicates that the job should be run, +@@ -907,7 +908,14 @@ run_loop() + #ifdef GETLOADAVG_PRIVILEGED + END_PRIV + #endif +- if (currlavg[0] < load_avg) { ++#ifdef _SC_NPROCESSORS_ONLN ++ cpu_count = sysconf(_SC_NPROCESSORS_ONLN); ++ if (cpu_count < 1) { ++ cpu_count = 1; ++ } ++#endif ++ ++ if (currlavg[0] < load_avg * cpu_count) { + run_file(batch_name, batch_uid, batch_gid); + run_batch--; + } +Index: at-3.1.16/atd.8.in +=================================================================== +--- at-3.1.16.orig/atd.8.in 2014-09-30 08:29:02.000000000 +0200 ++++ at-3.1.16/atd.8.in 2015-06-23 18:48:17.519128303 +0200 +@@ -20,10 +20,8 @@ runs jobs queued by + .B -l + Specifies a limiting load factor, over which batch jobs should + not be run, instead of the compile-time choice of @LOADAVG_MX@. +-For an SMP system with +-.I n +-CPUs, you will probably want to set this higher than +-.IR n-1. ++This number is multiplied by the amount of CPUs when comparing ++to /proc/loadavg, because loadavg is a sum over all processors on Linux. + .TP 8 + .B -b + Specify the minimum interval in seconds between the start of two diff --git a/at.changes b/at.changes index 5452194..4f340c7 100644 --- a/at.changes +++ b/at.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Jun 23 16:48:56 UTC 2015 - vcizek@suse.com + +- loadavg on Linux is a sum over all CPUs, so multiply LOADAVG_MX + by the amount of CPUs when comparing to loadavg (bnc#889174) + * added at-adjust_load_to_cpu_count.patch + ------------------------------------------------------------------- Mon Jun 22 15:07:32 UTC 2015 - tchvatal@suse.com diff --git a/at.spec b/at.spec index 46bf27a..dd8c3fa 100644 --- a/at.spec +++ b/at.spec @@ -59,6 +59,7 @@ Patch24: at-backport-old-privs.patch Patch25: at-atq-timeformat.patch #PATCH-FIX-OPENSUSE use posix timers to avoid the need of suspend/resume hacks. Patch27: at-3.1.14-usePOSIXtimers.patch +Patch28: at-adjust_load_to_cpu_count.patch BuildRequires: autoconf >= 2.69 BuildRequires: automake BuildRequires: bison @@ -102,6 +103,7 @@ This program allows you to run jobs at specified times. %patch24 -p1 %patch25 %patch27 -p1 +%patch28 -p1 %build rm -fv y.tab.c y.tab.h lex.yy.c lex.yy.o y.tab.o diff --git a/sysconfig.atd b/sysconfig.atd index 0504065..b6931fc 100644 --- a/sysconfig.atd +++ b/sysconfig.atd @@ -13,7 +13,8 @@ ATD_BATCH_INTERVAL="" ## Type: string ## Default: "" ## ServiceRestart: atd -# load limiting factor for atd, "" for default +# load limiting factor for atd, "" for default, +# it's multiplied by the amount of CPUs when comparing to /proc/loadavg # ATD_LOADAVG=""