Accepting request 389666 from utilities

Security fix (CVE-2016-3992) OBS-URL: https://build.opensuse.org/request/show/389666 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cronic?expand=0&rev=2
2016-04-14 11:08:49 +00:00 · 2016-04-14 11:08:49 +00:00 · e4370e8246
commit e4370e8246
parent e3b235585f c193ecaf29
4 changed files with 17 additions and 36 deletions
--- a/15
+++ b/15
@ -1,14 +1,15 @@
 #!/bin/bash

-# Cronic v2 - cron job report wrapper
-# Copyright 2007 Chuck Houpt. No rights reserved, whatsoever.
+# Cronic v3 - cron job report wrapper
+# Copyright 2007-2016 Chuck Houpt. No rights reserved, whatsoever.
 # Public Domain CC0: http://creativecommons.org/publicdomain/zero/1.0/

 set -eu

-OUT=/tmp/cronic.out.$$
-ERR=/tmp/cronic.err.$$
-TRACE=/tmp/cronic.trace.$$
+TMP=$(mktemp -d)
+OUT=$TMP/cronic.out
+ERR=$TMP/cronic.err
+TRACE=$TMP/cronic.trace

 set +e
 "$@" >$OUT 2>$TRACE
@ -43,6 +44,4 @@ if [ $RESULT -ne 0 -o -s "$ERR" ]
    fi
 fi

-rm -f "$OUT"
-rm -f "$ERR"
-rm -f "$TRACE"
+rm -rf "$TMP"
--- a/cronic.changes
+++ b/cronic.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Apr 13 20:11:17 UTC 2016 - seroton10@gmail.com
+
+- Security update to v3 (CVE-2016-3992):
+  * Use mktemp-d to avoid race-conditions and security problems.
+  * Drop cronic.patch, which has become redundant.
+
 -------------------------------------------------------------------
 Fri Sep  5 11:07:44 UTC 2014 - seroton10@gmail.com

--- a/cronic.patch
+++ b/cronic.patch
@ -1,23 +0,0 @@
--- cronic.orig	2014-09-05 12:53:29.524263599 +0200
-+++ cronic	2014-09-05 12:56:03.710663672 +0200
-@@ -6,9 +6,9 @@
- 
- set -eu
- 
-OUT=/tmp/cronic.out.$$
-ERR=/tmp/cronic.err.$$
-TRACE=/tmp/cronic.trace.$$
-+OUT=$(mktemp /tmp/cronic.$$.out.XXXX)
-+ERR=$(mktemp /tmp/cronic.$$.err.XXXX)
-+TRACE=$(mktemp /tmp/cronic.$$.trace.XXXX)
- 
- set +e
- "$@" >$OUT 2>$TRACE
-@@ -20,6 +20,7 @@
- then
-     ! grep -av "$PATTERN" $TRACE > $ERR
- else
-+    rm -f "$ERR"
-     ERR=$TRACE
- fi
- 
--- a/cronic.spec
+++ b/cronic.spec
@ -1,7 +1,7 @@
 #
 # spec file for package cronic
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@


 Name:           cronic
-Version:        2
+Version:        3
 Release:        0
 Summary:        A cure for Cron's chronic email problem
 License:        SUSE-Public-Domain
@ -25,7 +25,6 @@ Group:          System/Base
 Url:            http://habilis.net/cronic/
 Source0:        http://habilis.net/cronic/cronic
 Source1:        cronic.1
-Patch0:         cronic.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildArch:      noarch

@ -40,7 +39,6 @@ simply executes its arguments.
 %prep
 %setup -q -c -T
 cp %{SOURCE0} .
-%patch0

 %build

@ -54,6 +52,6 @@ gzip -c %{SOURCE1} >%{buildroot}/%{_mandir}/man1/cronic.1.gz
 %files
 %defattr (-, root, root)
 %attr(755,root,root) %{_bindir}/cronic
-%doc %{_mandir}/man1/cronic.1.gz
+%{_mandir}/man1/cronic.1.gz

 %changelog