Accepting request 546013 from Base:System

OBS-URL: https://build.opensuse.org/request/show/546013 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cronie?expand=0&rev=65
2017-11-29 09:52:01 +00:00 · 2017-11-29 09:52:01 +00:00 · 96f447d2a6
commit 96f447d2a6
parent 24b3c13875 e61cf249e1
4 changed files with 65 additions and 4 deletions
--- a/cronie.changes
+++ b/cronie.changes
@ -1,3 +1,21 @@
 -------------------------------------------------------------------
 Mon Nov 27 09:48:27 UTC 2017 - jsegitz@suse.com
 - Ensure that /etc/cron.{hourly,daily,weekly,monthly} have proper
  permissions and owner. This is racy but prevents some LPE vectors
 -------------------------------------------------------------------
 Fri Nov 24 17:25:56 UTC 2017 - kstreitova@suse.com
 - Requires smtp_daemon (not just Recommends) as it's needed by
  run-crons script [bsc#1064834] 
 -------------------------------------------------------------------
 Thu Nov 23 13:39:47 UTC 2017 - rbrown@suse.com
 - Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)
 -------------------------------------------------------------------
 Mon Aug 21 09:31:32 CEST 2017 - kukuk@suse.de
--- a/cronie.spec
+++ b/cronie.spec
@ -16,6 +16,11 @@
 #
 #Compat macro for new _fillupdir macro introduced in Nov 2017
 %if ! %{defined _fillupdir}
  %define _fillupdir /var/adm/fillup-templates
 %endif
 %define cron_configs %{_sysconfdir}/pam.d/crond %{_sysconfdir}/crontab %{_sysconfdir}/cron.deny
 Name:           cronie
 Version:        1.5.1
@ -61,7 +66,7 @@ Requires(pre):  cron
 %if 0%{?suse_version} >= 1330
 Requires(pre):  group(trusted)
 %endif
-Recommends:     smtp_daemon
+Requires:       smtp_daemon
 Suggests:       postfix
 Conflicts:      cron <= 4.1
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -139,8 +144,8 @@ install -m 644 contrib/anacrontab %{buildroot}%{_sysconfdir}/anacrontab
 install -c -m755 contrib/0anacron %{buildroot}%{_sysconfdir}/cron.hourly/0anacron
 mkdir -p %{buildroot}%{_localstatedir}/spool/anacron
 mv %{buildroot}%{_sbindir}/crond %{buildroot}%{_sbindir}/cron
-mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates
+mkdir -p %{buildroot}%{_fillupdir}
-cp %{SOURCE9} %{buildroot}%{_localstatedir}/adm/fillup-templates/
+cp %{SOURCE9} %{buildroot}%{_fillupdir}/
 touch %{buildroot}%{_localstatedir}/spool/anacron/cron.daily
 touch %{buildroot}%{_localstatedir}/spool/anacron/cron.weekly
@ -206,7 +211,7 @@ exit 0
 %{_sbindir}/rccron
 %{_libexecdir}/cron
 %{_unitdir}/cron.service
-%{_localstatedir}/adm/fillup-templates/sysconfig.cron
+%{_fillupdir}/sysconfig.cron
 %files anacron
 %defattr(-,root,root,-)
--- a/22
+++ b/22
@ -34,6 +34,8 @@
 #        bnc#812367 support MAILFROM as cron does
 #     2016-08-08 - tchvatal@suse.com
 #        bnc#983925 run crons even on battery
 #     2017-10-24 - jsegitz@suse.de
 #        bsc#1062722 - harden run-cron to ensure correct directory permissions
 if [ -f /etc/sysconfig/cron ]; then
 	. /etc/sysconfig/cron
@ -99,8 +101,28 @@ mkdir -p $SPOOL
 #set verbose
 ## stage 1,  search directories/scripts to run
 RUN=""
 SECURE_PERMISSIONS="${SECURE_DIR_PERMISSIONS:-755}"
 for CRONDIR in /etc/cron.{hourly,daily,weekly,monthly} ; do
    test -d $CRONDIR || continue
    # this is racy but better than nothing
    if [ ! "$ENFORCE_ROOT_OWNER_GROUP_DIR" = "no" ] && [ ! -O $CRONDIR -o ! -G $CRONDIR ]; then
      echo "wrong owner/group for $CRONDIR, skipping" | logger
      continue
    fi
    ACTUAL_PERMISSIONS=$(stat -c %a $CRONDIR)
    # to have this default to false would be better, but would require a more
    # complicated logic in the loop 
    PERMISSIONS_ARE_SECURE=true
    for (( i=0; i<${#ACTUAL_PERMISSIONS}; i++ )); do
      if [ "${ACTUAL_PERMISSIONS:$i:1}" -gt "${SECURE_PERMISSIONS:$i:1}" ]; then
        PERMISSIONS_ARE_SECURE=false
      fi
    done
    if [ ! "$PERMISSIONS_ARE_SECURE" = true ]; then
      echo "wrong permissions $ACTUAL_PERMISSIONS for $CRONDIR, expecting $SECURE_PERMISSIONS. Skipping" | logger
      continue
    fi
    BASE=${CRONDIR##*/}
    TIME_EXT=${BASE##cron.}
--- a/sysconfig.cron
+++ b/sysconfig.cron
@ -74,3 +74,19 @@ DELETE_OLD_CATMAN=yes
 # How long should old preformatted man pages be kept before deletion? (days)
 #
 CATMAN_ATIME=7
 ## Type:	yesno
 ## Default:	yes
 #
 # Force cron.{hourly,daily,weekly,monthly} to be
 # owned by user and group root
 #
 ENFORCE_ROOT_OWNER_GROUP_DIR="yes"
 ## Type:	integer
 ## Default:	755
 #
 # Force cron.{hourly,daily,weekly,monthly} to have
 # at most the listed permissions
 #
 SECURE_DIR_PERMISSIONS="755"