From c193ecaf297719e92fe87b443bf5e8dab12298c64cb778e5e73a516219b61aa8 Mon Sep 17 00:00:00 2001 From: Olav Reinert Date: Wed, 13 Apr 2016 21:32:21 +0000 Subject: [PATCH] - Security update to v3 (CVE-2016-3992): * Use mktemp-d to avoid race-conditions and security problems. * Drop cronic.patch, which has become redundant. OBS-URL: https://build.opensuse.org/package/show/utilities/cronic?expand=0&rev=7 --- cronic | 15 +++++++-------- cronic.changes | 7 +++++++ cronic.patch | 23 ----------------------- cronic.spec | 8 +++----- 4 files changed, 17 insertions(+), 36 deletions(-) delete mode 100644 cronic.patch diff --git a/cronic b/cronic index 6557aea..194814c 100644 --- a/cronic +++ b/cronic @@ -1,14 +1,15 @@ #!/bin/bash -# Cronic v2 - cron job report wrapper -# Copyright 2007 Chuck Houpt. No rights reserved, whatsoever. +# Cronic v3 - cron job report wrapper +# Copyright 2007-2016 Chuck Houpt. No rights reserved, whatsoever. # Public Domain CC0: http://creativecommons.org/publicdomain/zero/1.0/ set -eu -OUT=/tmp/cronic.out.$$ -ERR=/tmp/cronic.err.$$ -TRACE=/tmp/cronic.trace.$$ +TMP=$(mktemp -d) +OUT=$TMP/cronic.out +ERR=$TMP/cronic.err +TRACE=$TMP/cronic.trace set +e "$@" >$OUT 2>$TRACE @@ -43,6 +44,4 @@ if [ $RESULT -ne 0 -o -s "$ERR" ] fi fi -rm -f "$OUT" -rm -f "$ERR" -rm -f "$TRACE" +rm -rf "$TMP" diff --git a/cronic.changes b/cronic.changes index c9f02ab..3004dd1 100644 --- a/cronic.changes +++ b/cronic.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Apr 13 20:11:17 UTC 2016 - seroton10@gmail.com + +- Security update to v3 (CVE-2016-3992): + * Use mktemp-d to avoid race-conditions and security problems. + * Drop cronic.patch, which has become redundant. + ------------------------------------------------------------------- Fri Sep 5 11:07:44 UTC 2014 - seroton10@gmail.com diff --git a/cronic.patch b/cronic.patch deleted file mode 100644 index 140458c..0000000 --- a/cronic.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- cronic.orig 2014-09-05 12:53:29.524263599 +0200 -+++ cronic 2014-09-05 12:56:03.710663672 +0200 -@@ -6,9 +6,9 @@ - - set -eu - --OUT=/tmp/cronic.out.$$ --ERR=/tmp/cronic.err.$$ --TRACE=/tmp/cronic.trace.$$ -+OUT=$(mktemp /tmp/cronic.$$.out.XXXX) -+ERR=$(mktemp /tmp/cronic.$$.err.XXXX) -+TRACE=$(mktemp /tmp/cronic.$$.trace.XXXX) - - set +e - "$@" >$OUT 2>$TRACE -@@ -20,6 +20,7 @@ - then - ! grep -av "$PATTERN" $TRACE > $ERR - else -+ rm -f "$ERR" - ERR=$TRACE - fi - diff --git a/cronic.spec b/cronic.spec index da793c0..ae20095 100644 --- a/cronic.spec +++ b/cronic.spec @@ -1,7 +1,7 @@ # # spec file for package cronic # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: cronic -Version: 2 +Version: 3 Release: 0 Summary: A cure for Cron's chronic email problem License: SUSE-Public-Domain @@ -25,7 +25,6 @@ Group: System/Base Url: http://habilis.net/cronic/ Source0: http://habilis.net/cronic/cronic Source1: cronic.1 -Patch0: cronic.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -40,7 +39,6 @@ simply executes its arguments. %prep %setup -q -c -T cp %{SOURCE0} . -%patch0 %build @@ -54,6 +52,6 @@ gzip -c %{SOURCE1} >%{buildroot}/%{_mandir}/man1/cronic.1.gz %files %defattr (-, root, root) %attr(755,root,root) %{_bindir}/cronic -%doc %{_mandir}/man1/cronic.1.gz +%{_mandir}/man1/cronic.1.gz %changelog