Accepting request 685771 from home:kstreitova:branches:Base:System

- update to 1.5.3 * Fix CVE-2019-9704 [bnc#1128937] and CVE-2019-9705 [bnc#1128935] to avoid local DoS of the crond * crontab: Make crontab without arguments fail * crond: In PAM configuration include system-auth instead of password-auth * crond: In the systemd service file restart crond if it fails * crond: Use the role from the crond context for system job contexts * Multiple small cleanups and fixes. - refresh cronie-nheader_lines.diff and cronie-pam_config.diff OBS-URL: https://build.opensuse.org/request/show/685771 OBS-URL: https://build.opensuse.org/package/show/Base:System/cronie?expand=0&rev=171
2019-03-19 16:04:35 +00:00 · 2019-03-19 16:04:35 +00:00 · 715db45cc6
commit 715db45cc6
parent 8f36ae216e
6 changed files with 32 additions and 17 deletions
--- a/cronie-1.5.2.tar.gz
+++ b/cronie-1.5.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:28cfdc6cc7df304dced6d0d0543767d8d22926f669a28d650c0513c168183eb4
-size 121604
--- a/cronie-1.5.3.tar.gz
+++ b/cronie-1.5.3.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1cb51ef28e079153227ff3d0de8e876863e9b57b25642ced37df48769960fe20
+size 122363
--- a/cronie-nheader_lines.diff
+++ b/cronie-nheader_lines.diff
@ -2,7 +2,7 @@ Index: src/crontab.c
 ===================================================================
 --- src/crontab.c.orig
 +++ src/crontab.c
-@@ -65,7 +65,7 @@
+@@ -64,7 +64,7 @@
 #include "pathnames.h"
 #include "structs.h"
 
@ -11,7 +11,7 @@ Index: src/crontab.c
 
 enum opt_t {opt_unknown, opt_list, opt_delete, opt_edit, opt_replace, opt_hostset, opt_hostget};
 
-@@ -475,7 +475,7 @@ static void edit_cmd(void) {
+@@ -485,7 +485,7 @@ static void edit_cmd(void) {
 	char n[MAX_FNAME], q[MAX_TEMPSTR];
 	const char *editor;
 	FILE *f;
@ -20,7 +20,7 @@ Index: src/crontab.c
 	struct stat statbuf;
 	struct utimbuf utimebuf;
 	WAIT_T waiter;
-@@ -527,13 +527,25 @@ static void edit_cmd(void) {
+@@ -537,13 +537,25 @@ static void edit_cmd(void) {
 	}
 
 	Set_LineNum(1)
@ -53,15 +53,15 @@ Index: src/crontab.c
 		while (EOF != (ch = get_char(f)))
 			putc(ch, NewCrontab);
 
-@@ -741,6 +753,7 @@ static int replace_cmd(void) {
+@@ -751,6 +763,7 @@ static int replace_cmd(void) {
 	int error = 0;
 	entry *e;
 	uid_t file_owner;
 +	time_t now = time(NULL);
 	char **envp;
 	char *safename;
- 
-@@ -770,10 +783,10 @@ static int replace_cmd(void) {
+ 	int envs = 0, entries = 0;
+@@ -781,10 +794,10 @@ static int replace_cmd(void) {
 	 *
 	 * VERY IMPORTANT: make sure NHEADER_LINES agrees with this code.
 	 */
--- a/cronie-pam_config.diff
+++ b/cronie-pam_config.diff
@ -1,16 +1,16 @@
-Index: cronie-cronie-1.5.2/pam/crond
+Index: cronie-cronie-1.5.3/pam/crond
 ===================================================================
--- cronie-cronie-1.5.2.orig/pam/crond
-+++ cronie-cronie-1.5.2/pam/crond
+--- cronie-cronie-1.5.3.orig/pam/crond
+++ cronie-cronie-1.5.3/pam/crond
@@ -4,8 +4,9 @@
 #
 # Although no PAM authentication is called, auth modules
 # are used for credential setting
-auth       include    password-auth
+-auth       include    system-auth
 -account    required   pam_access.so
-account    include    password-auth
+-account    include    system-auth
 -session    required   pam_loginuid.so
-session    include    password-auth
+-session    include    system-auth
 +auth     sufficient     pam_rootok.so
 +account  sufficient     pam_listfile.so item=user sense=allow file=/etc/cron.allow onerr=succeed quiet
 +auth     include        common-auth
--- a/cronie.changes
+++ b/cronie.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Sun Mar 17 10:37:44 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>
+
+- update to 1.5.3
+  * Fix CVE-2019-9704 [bnc#1128937] and CVE-2019-9705 [bnc#1128935]
+    to avoid local DoS of the crond
+  * crontab: Make crontab without arguments fail
+  * crond: In PAM configuration include system-auth instead of
+    password-auth
+  * crond: In the systemd service file restart crond if it fails
+  * crond: Use the role from the crond context for system job
+    contexts
+  * Multiple small cleanups and fixes.
+- refresh cronie-nheader_lines.diff and  cronie-pam_config.diff
+
 -------------------------------------------------------------------
 Wed Feb  6 15:47:40 UTC 2019 - Cristian Rodríguez <crrodriguez@opensuse.org>

--- a/cronie.spec
+++ b/cronie.spec
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
 #


@ -23,7 +23,7 @@

 %define cron_configs %{_sysconfdir}/pam.d/crond %{_sysconfdir}/crontab %{_sysconfdir}/cron.deny
 Name:           cronie
-Version:        1.5.2
+Version:        1.5.3
 Release:        0
 Summary:        Cron Daemon
 License:        BSD-3-Clause AND GPL-2.0-only AND MIT