rpms/at/devel at-3.1.10-dont_fork.patch, 1.4, 1.5 at-3.1.10-makefile.patch, 1.1, 1.2 at-3.1.10-pam.patch, 1.2, 1.3 at-3.1.10-perm.patch, 1.1, 1.2 at-3.1.8-t_option.patch, 1.4, 1.5 at.spec, 1.53, 1.54
Marcela Mašláňová (mmaslano)
fedora-extras-commits at redhat.com
Tue Jul 3 14:24:55 UTC 2007
- Previous message: rpms/wine/devel .cvsignore, 1.35, 1.36 sources, 1.36, 1.37 wine-rpath.patch, 1.4, 1.5 wine.spec, 1.54, 1.55
- Next message: rpms/claws-mail/devel .cvsignore, 1.9, 1.10 claws-mail.spec, 1.13, 1.14 sources, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mmaslano
Update of /cvs/pkgs/rpms/at/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv3456
Modified Files:
at-3.1.10-dont_fork.patch at-3.1.10-makefile.patch
at-3.1.10-pam.patch at-3.1.10-perm.patch
at-3.1.8-t_option.patch at.spec
Log Message:
Change patches.
at-3.1.10-dont_fork.patch:
Index: at-3.1.10-dont_fork.patch
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at-3.1.10-dont_fork.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- at-3.1.10-dont_fork.patch 30 Jan 2007 12:54:46 -0000 1.4
+++ at-3.1.10-dont_fork.patch 3 Jul 2007 14:24:48 -0000 1.5
@@ -1,33 +1,39 @@
---- at-3.1.10/atd.c.dont_fork 2007-01-30 11:02:37.000000000 +0100
-+++ at-3.1.10/atd.c 2007-01-30 11:07:23.000000000 +0100
-@@ -1001,7 +1001,7 @@
- run_as_daemon = 1;
- batch_interval = BATCH_INTERVAL_DEFAULT;
-
-- while ((c = getopt(argc, argv, "sdl:b:")) != EOF) {
-+ while ((c = getopt(argc, argv, "sdl:b:n:")) != EOF) {
- switch (c) {
- case 'l':
- if (sscanf(optarg, "%lf", &load_avg) != 1)
-@@ -1014,10 +1014,15 @@
- if (sscanf(optarg, "%ud", &batch_interval) != 1)
- pabort("garbled option -b");
- break;
-+
- case 'd':
- daemon_debug++;
-+ /* go through another option*/
-+
-+ case 'n':
-+ daemon_nofork++;
- break;
--
-+
- case 's':
- run_as_daemon = 0;
- break;
---- at-3.1.10/daemon.c.dont_fork 2005-08-05 05:16:01.000000000 +0200
-+++ at-3.1.10/daemon.c 2007-01-30 11:06:19.000000000 +0100
+--- at-3.1.10/atd.8.in.fork 2005-08-29 10:08:51.000000000 +0200
++++ at-3.1.10/atd.8.in 2007-07-03 14:04:05.000000000 +0200
+@@ -1,5 +1,5 @@
+ .Id $Id$
+-.TH ATD 8 "Mar 1997" local "Linux Programmer's Manual"
++.TH ATD 3 "Jun 2007" at-3.1.10 "Linux Programmer's Manual"
+ .SH NAME
+ atd \- run jobs queued for later execution
+ .SH SYNOPSIS
+@@ -10,6 +10,7 @@
+ .IR batch_interval ]
+ .RB [ -d ]
+ .RB [ -s ]
++.RB [ -n ]
+ .SH DESCRIPTION
+ .B atd
+ runs jobs queued by
+@@ -46,6 +47,9 @@
+ is installed as
+ .B @prefix@/sbin/atrun
+ for backward compatibility.
++.TP 8
++.B -n
++Don't fork option.
+ .SH WARNING
+ .B atd
+ won't work if its spool directory is mounted via NFS even if
+--- at-3.1.10/daemon.h.fork 2005-08-05 05:16:01.000000000 +0200
++++ at-3.1.10/daemon.h 2007-07-03 14:02:22.000000000 +0200
+@@ -14,3 +14,4 @@
+ perr (const char *fmt, ...);
+
+ extern int daemon_debug;
++extern int daemon_nofork;
+--- at-3.1.10/daemon.c.fork 2005-08-05 05:16:01.000000000 +0200
++++ at-3.1.10/daemon.c 2007-07-03 14:01:51.000000000 +0200
@@ -50,7 +50,8 @@
static const char *svnid = "$Id$";
@@ -58,30 +64,3 @@
PRIV_START
---- at-3.1.10/daemon.h.dont_fork 2005-08-05 05:16:01.000000000 +0200
-+++ at-3.1.10/daemon.h 2007-01-30 11:07:54.000000000 +0100
-@@ -14,3 +14,4 @@
- perr (const char *fmt, ...);
-
- extern int daemon_debug;
-+extern int daemon_nofork;
---- at-3.1.8/atd.8.in.dontfork 2002-01-18 08:41:03.000000000 +0100
-+++ at-3.1.8/atd.8.in 2007-01-30 10:51:51.000000000 +0100
-@@ -10,6 +10,7 @@
- .IR batch_interval ]
- .RB [ -d ]
- .RB [ -s ]
-+.RB [ -n ]
- .SH DESCRIPTION
- .B atd
- runs jobs queued by
-@@ -46,6 +47,9 @@
- is installed as
- .B @prefix@/sbin/atrun
- for backward compatibility.
-+.TP 8
-+.B -n
-+Don't fork option.
- .SH WARNING
- .B atd
- won't work if its spool directory is mounted via NFS even if
at-3.1.10-makefile.patch:
Index: at-3.1.10-makefile.patch
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at-3.1.10-makefile.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- at-3.1.10-makefile.patch 24 Oct 2006 14:25:28 -0000 1.1
+++ at-3.1.10-makefile.patch 3 Jul 2007 14:24:48 -0000 1.2
@@ -1,23 +1,36 @@
---- at-3.1.10/Makefile.in.makefile 2006-09-12 08:33:38.000000000 +0200
-+++ at-3.1.10/Makefile.in 2006-09-12 08:44:52.000000000 +0200
-@@ -69,13 +69,13 @@
+--- at-3.1.10/Makefile.in.old 2005-08-29 10:08:28.000000000 +0200
++++ at-3.1.10/Makefile.in 2007-07-02 15:38:48.000000000 +0200
+@@ -51,7 +51,7 @@
+ privs.h
+
+ OTHERS = parsetime.l parsetime.y
+-
++TEST_VERBOSE = 0
+ DOCS = Problems Copyright README ChangeLog timespec
+
+ MISC = COPYING Makefile.in configure acconfig.h install-sh \
+@@ -67,13 +67,13 @@
all: at atd atrun
at: $(ATOBJECTS)
-- $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB)
-+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(PAMLIB)
+- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
++ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB)
rm -f $(CLONES)
$(LN_S) -f at atq
$(LN_S) -f at atrm
atd: $(RUNOBJECTS)
-- $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(PAMLIB)
-+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB)
+- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB)
++ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(PAMLIB)
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
-@@ -90,35 +90,38 @@
- $(CC) -c $(CFLAGS) -fpie $(DEFS) $*.c
+@@ -85,38 +85,42 @@
+ configure
+
+ .c.o:
+- $(CC) -c $(CFLAGS) $(DEFS) $*.c
++ $(CC) -c $(CFLAGS) -fpie $(DEFS) $*.c
install: all
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir)
@@ -33,18 +46,18 @@
+ $(INSTALL) -m 755 -d $(IROOT)$(docdir)
+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir)
+ $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR)
-+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d
-+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT) $(ATSPOOL_DIR)
-+ chmod 700 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
++ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d
++ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR)
++ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
++ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
touch $(IROOT)$(LFILE)
chmod 600 $(IROOT)$(LFILE)
-- chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE)
+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE)
- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 -s at $(IROOT)$(bindir)
-+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
-+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/
++ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/
+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd
-+ $(INSTALL) -m 4755 -s at $(IROOT)$(bindir)
++ $(INSTALL) -m 4755 at $(IROOT)$(bindir)
$(LN_S) -f at $(IROOT)$(bindir)/atq
$(LN_S) -f at $(IROOT)$(bindir)/atrm
- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir)
@@ -55,10 +68,10 @@
- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir)
- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/
+ $(INSTALL) -m 755 batch $(IROOT)$(bindir)
-+ $(INSTALL) -m 755 -d $(IROOT)$(man1dir)
-+ $(INSTALL) -m 755 -d $(IROOT)$(man5dir)
-+ $(INSTALL) -m 755 -d $(IROOT)$(man8dir)
-+ $(INSTALL) -m 755 -s atd $(IROOT)$(sbindir)
++ $(INSTALL) -d -m 755 $(IROOT)$(man1dir)
++ $(INSTALL) -d -m 755 $(IROOT)$(man5dir)
++ $(INSTALL) -d -m 755 $(IROOT)$(man8dir)
++ $(INSTALL) -m 755 atd $(IROOT)$(sbindir)
+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir)
+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/
cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1
@@ -69,10 +82,21 @@
+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8
rm -f tmpman
- $(INSTALL) -g root -o root -m 644 at_allow.5 $(IROOT)$(man5dir)/
-+ $(INSTALL) -m 644 at_allow.5 $(IROOT)$(man5dir)/
- cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5
+- cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5
- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir)
++ $(INSTALL) -m 644 at_allow.5 $(IROOT)$(man5dir)/
++ cd $(IROOT)$(man5dir) && $(LN_S) -f at_allow.5 at_deny.5
+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir)
rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \
$(IROOT)$(mandir)/cat1/atq.1*
rm -f $(IROOT)$(mandir)/cat1/atd.8*
+@@ -150,6 +154,9 @@
+ parsetest: lex.yy.c y.tab.c
+ $(CC) -o parsetest $(CFLAGS) $(DEFS) -DTEST_PARSER -DNEED_YYWRAP lex.yy.c y.tab.c
+
++test: parsetest
++ PERL_DL_NONLAZY=1 perl -e 'use Test::Harness qw(&runtests $$verbose); $$verbose=$(TEST_VERBOSE); runtests @ARGV;' test.pl
++
+ .depend: $(CSRCS)
+ gcc $(CFLAGS) $(DEFS) -MM $(CSRCS) > .depend
+
at-3.1.10-pam.patch:
Index: at-3.1.10-pam.patch
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at-3.1.10-pam.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- at-3.1.10-pam.patch 30 Jan 2007 12:10:25 -0000 1.2
+++ at-3.1.10-pam.patch 3 Jul 2007 14:24:48 -0000 1.3
@@ -1,9 +1,40 @@
---- at-3.1.10/atd.c.pam 2006-09-12 15:01:55.000000000 +0200
-+++ at-3.1.10/atd.c 2006-09-12 15:26:49.000000000 +0200
-@@ -73,6 +73,42 @@
- #ifdef HAVE_UNISTD_H
- #include <syslog.h>
+--- at-3.1.10/perm.c.pam 2005-08-05 05:16:01.000000000 +0200
++++ at-3.1.10/perm.c 2007-07-03 13:29:24.000000000 +0200
+@@ -51,6 +51,14 @@
+ #define PRIV_END while(0)
#endif
+
++#ifdef WITH_PAM
++#include <security/pam_appl.h>
++static pam_handle_t *pamh = NULL;
++static const struct pam_conv conv = {
++ NULL
++};
++#endif
++
+ /* Structures and unions */
+
+
+@@ -109,18 +117,54 @@
+ int
+ check_permission()
+ {
+- uid_t uid = geteuid();
++ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
+ struct passwd *pentry;
+ int allow = 0, deny = 1;
+-
+- if (uid == 0)
++ int retcode = 0;
++ if (euid == 0)
+ return 1;
+
+- if ((pentry = getpwuid(uid)) == NULL) {
++ if ((pentry = getpwuid(euid)) == NULL) {
+ perror("Cannot access user database");
+ exit(EXIT_FAILURE);
+ }
+
+#ifdef WITH_PAM
+/*
+ * We must check if the atd daemon userid will be allowed to gain the job owner user's
@@ -14,12 +45,11 @@
+
+# define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"PAM authentication failure: %s\n",pam_strerror(pamh, retcode)); \
-+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
-+ pam_close_session(pamh,PAM_SILENT); \
++ pam_close_session(pamh,PAM_SILENT); \
+ pam_end(pamh, retcode); \
-+ setregid(gid,egid); \
-+ setreuid(uid,euid); \
-+ return(0); \
++ setregid(gid,egid); \
++ setreuid(uid,euid); \
++ return(0); \
+ }
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
+ PAM_FAIL_CHECK;
@@ -32,6 +62,7 @@
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
+ PAM_FAIL_CHECK;
+
++ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
+ pam_close_session(pamh,PAM_SILENT);
+ pam_end(pamh, PAM_ABORT);
+
@@ -40,10 +71,62 @@
+
+#endif
+
+ allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
+ if (allow==0 || allow==1)
+ return allow;
+--- at-3.1.10/config.h.in.pam 2005-08-05 05:16:02.000000000 +0200
++++ at-3.1.10/config.h.in 2007-07-03 13:29:24.000000000 +0200
+@@ -181,3 +181,10 @@
+
+ #undef HAVE_ATTRIBUTE_NORETURN
+ #undef HAVE_PAM
++
++/* Define if you are building with_pam */
++#undef WITH_PAM
++
++/* Define if you are building with_selinux */
++#undef WITH_SELINUX
++
+--- at-3.1.10/configure.in.pam 2005-08-05 05:16:02.000000000 +0200
++++ at-3.1.10/configure.in 2007-07-03 13:29:24.000000000 +0200
+@@ -316,4 +316,19 @@
+ )
+ AC_SUBST(DAEMON_GROUPNAME)
+
++AC_ARG_WITH(selinux,
++[ --with-selinux Define to run with selinux],
++AC_DEFINE(WITH_SELINUX),
++)
++AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
++AC_SUBST(SELINUXLIB)
++AC_SUBST(WITH_SELINUX)
++
++AC_ARG_WITH(pam,
++[ --with-pam Define to enable pam support ],
++AC_DEFINE(WITH_PAM),
++)
++AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
++AC_SUBST(PAMLIB)
++
+ AC_OUTPUT(Makefile atrun atd.8 atrun.8 at.1 batch)
+--- at-3.1.10/atd.c.pam 2007-07-03 13:29:24.000000000 +0200
++++ at-3.1.10/atd.c 2007-07-03 13:52:38.000000000 +0200
+@@ -74,6 +74,14 @@
+ #include <syslog.h>
+ #endif
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/get_context_list.h>
++int selinux_enabled=0;
++#include <selinux/flask.h>
++#include <selinux/av_permissions.h>
++#endif
++
/* Local headers */
-@@ -83,6 +119,10 @@
+ #include "privs.h"
+@@ -83,6 +91,10 @@
#include "getloadavg.h"
#endif
@@ -54,7 +137,15 @@
/* Macros */
#define BATCH_INTERVAL_DEFAULT 60
-@@ -196,6 +236,19 @@
+@@ -121,6 +133,7 @@
+ #define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
++ pam_close_session(pamh, PAM_SILENT); \
+ pam_end(pamh, retcode); exit(1); \
+ }
+ #define PAM_END { retcode = pam_close_session(pamh,0); \
+@@ -196,6 +209,19 @@
#define fork myfork
#endif
@@ -72,33 +163,50 @@
+#endif
+
static void
- run_file(char *filename, uid_t uid, gid_t gid)
+ run_file(const char *filename, uid_t uid, gid_t gid)
{
-@@ -420,6 +473,8 @@
+@@ -378,18 +404,22 @@
+ fstat(fd_out, &buf);
+ size = buf.st_size;
+
+-#ifdef HAVE_PAM
+- PRIV_START
++//add for fedora, removed HAVE_PAM
++#ifdef WITH_PAM
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
+ PAM_FAIL_CHECK;
++ retcode = pam_set_item(pamh, PAM_TTY, "atd");
++ PAM_FAIL_CHECK;
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
+ PAM_FAIL_CHECK;
+ retcode = pam_open_session(pamh, PAM_SILENT);
PAM_FAIL_CHECK;
retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
PAM_FAIL_CHECK;
+- PRIV_END
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
- PRIV_END
#endif
++//end
-@@ -434,6 +489,14 @@
+ close(STDIN_FILENO);
+ close(STDOUT_FILENO);
+@@ -402,6 +432,14 @@
else if (pid == 0) {
char *nul = NULL;
char **nenvp = &nul;
+ char **pam_envp=0L;
-+
-+ PRIV_START
-+ #ifdef WITH_PAM
-+ pam_envp = pam_getenvlist(pamh);
-+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
-+ nenvp = pam_envp;
-+ #endif
++
++ PRIV_START
++#ifdef WITH_PAM
++ pam_envp = pam_getenvlist(pamh);
++ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
++ nenvp = pam_envp;
++#endif
/* Set up things for the child; we want standard input from the
* input file, and standard output and error sent to our output file.
-@@ -455,8 +518,6 @@
+@@ -423,8 +461,6 @@
if (chdir(ATJOB_DIR) < 0)
perr("Cannot chdir to " ATJOB_DIR);
@@ -107,87 +215,84 @@
nice((tolower((int) queue) - 'a' + 1) * 2);
if (initgroups(pentry->pw_name, pentry->pw_gid))
-@@ -472,10 +533,93 @@
- perr("Cannot reset signal handler to default");
+@@ -441,10 +477,90 @@
chdir("/");
+
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0) {
-+ security_context_t user_context=NULL;
-+ security_context_t file_context=NULL;
-+ int retval=0;
-+ struct av_decision avd;
-+ char *seuser=NULL;
-+ char *level=NULL;
-+
-+ if (getseuserbyname(pentry->pw_name, &seuser, &level) == 0) {
-+ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
-+ free(seuser);
-+ free(level);
-+ if (retval) {
-+ if (security_getenforce()==1) {
-+ perr("execle: couldn't get security context for user %s\n", pentry->pw_name);
-+ } else {
-+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", pentry->pw_name);
-+ goto out;
-+ }
-+ }
-+ }
-+
-+ /*
-+ * Since crontab files are not directly executed,
-+ * crond must ensure that the crontab file has
-+ * a context that is appropriate for the context of
-+ * the user cron job. It performs an entrypoint
-+ * permission check for this purpose.
-+ */
-+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
-+ perr("fgetfilecon FAILED %s", filename);
-+
-+ retval = security_compute_av(user_context,
-+ file_context,
-+ SECCLASS_FILE,
-+ FILE__ENTRYPOINT,
-+ &avd);
-+ freecon(file_context);
-+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
-+ if (security_getenforce()==1) {
-+ perr("Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name);
-+ } else {
-+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name);
-+ goto out;
-+ }
-+ }
-+
-+ if (setexeccon(user_context) < 0) {
-+ if (security_getenforce()==1) {
-+
-+ perr("Could not set exec context to %s for user %s\n", user_context,pentry->pw_name);
-+ } else {
-+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,pentry->pw_name);
-+ }
-+ }
-+ out:
-+ freecon(user_context);
-+ }
++ security_context_t user_context=NULL;
++ security_context_t file_context=NULL;
++ int retval=0;
++ struct av_decision avd;
++ char *seuser=NULL;
++ char *level=NULL;
++
++ if (getseuserbyname(pentry->pw_name, &seuser, &level) == 0) {
++ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
++ free(seuser);
++ free(level);
++ if (retval) {
++ if (security_getenforce()==1) {
++ perr("execle: couldn't get security context for user %s\n", pentry->pw_name);
++ } else {
++ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", pentry->pw_name);
++ goto out;
++ }
++ }
++ }
++
++ /*
++ * Since crontab files are not directly executed,
++ * crond must ensure that the crontab file has
++ * a context that is appropriate for the context of
++ * the user cron job. It performs an entrypoint
++ * permission check for this purpose.
++ */
++ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) {
++ if (security_getenforce() > 0) {
++ perr("fgetfilecon FAILED %s", filename);
++ } else {
++ syslog(LOG_ERR, "fgetfilecon FAILED %s", filename);
++ goto out;
++ }
++ }
++ retval = security_compute_av(user_context,
++ file_context,
++ SECCLASS_FILE,
++ FILE__ENTRYPOINT,
++ &avd);
++ freecon(file_context);
++ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
++ if (security_getenforce()==1)
++ perr("Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name);
++ }
++
++ if (setexeccon(user_context) < 0) {
++ if (security_getenforce()==1) {
++ perr("Could not set exec context to %s for user %s\n", user_context,pentry->pw_name);
++ } else {
++ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,pentry->pw_name);
++ }
++ }
++ freecon(user_context);
++ }
+#endif
-+
+
-
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
-+
perr("Exec failed for /bin/sh");
-
+-
++//add for fedora
+#ifdef WITH_SELINUX
-+ if (selinux_enabled>0) {
-+ if (setexeccon(NULL) < 0)
-+ if (security_getenforce()==1)
-+ perr("Could not resset exec context for user %s\n", pentry->pw_name);
-+ }
-+ }
-+#endif
++ if (selinux_enabled>0)
++ if (setexeccon(NULL) < 0)
++ if (security_getenforce()==1)
++ perr("Could not resset exec context for user %s\n", pentry->pw_name);
+
-+#ifdef WITH_PAM
++#endif
++//end
++//add for fedora
++#ifdef WITH_PAM
+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L))
+ {
+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++)
@@ -197,13 +302,32 @@
+ pam_envp=0L;
+ }
+#endif
-+
PRIV_END
++//end
}
/* We're the parent. Let's wait.
-@@ -507,14 +651,43 @@
- unlink(filename);
- }
+ */
+@@ -456,7 +572,7 @@
+ return with an ECHILD error.
+ */
+ waitpid(pid, (int *) NULL, 0);
+-
++/* remove because WITH_PAM
+ #ifdef HAVE_PAM
+ PRIV_START
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
+@@ -464,7 +580,7 @@
+ pam_end(pamh, retcode);
+ PRIV_END
+ #endif
+-
++*/
+ /* Send mail. Unlink the output file after opening it, so it
+ * doesn't hang around after the run.
+ */
+@@ -472,6 +588,13 @@
+ if (open(filename, O_RDONLY) != STDIN_FILENO)
+ perr("Open of jobfile failed");
+#ifdef WITH_PAM
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
@@ -212,17 +336,17 @@
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
+#endif
-+
+ unlink(filename);
+
/* The job is now finished. We can delete its input file.
- */
- chdir(ATJOB_DIR);
+@@ -480,8 +603,30 @@
unlink(newname);
+ free(newname);
+#ifdef ATD_MAIL_PROGRAM
if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) {
--
-- PRIV_START
+ int mail_pid = -1;
++//add for fedora
+#ifdef WITH_PAM
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
+ PAM_FAIL_CHECK;
@@ -238,16 +362,15 @@
+ closelog();
+ openlog("atd", LOG_PID, LOG_ATD);
+#endif
-+
-+ mail_pid = fork();
-+
-+ if ( mail_pid == 0 )
-+ {
-+ PRIV_START
++//end
++ mail_pid = fork();
+
++ if ( mail_pid == 0 )
++ {
+ PRIV_START
if (initgroups(pentry->pw_name, pentry->pw_gid))
- perr("Cannot delete saved userids");
-@@ -527,16 +700,81 @@
+@@ -495,16 +640,80 @@
chdir ("/");
@@ -258,85 +381,83 @@
- perr("No mail command specified.");
+#ifdef WITH_SELINUX
+ if (selinux_enabled>0) {
-+ security_context_t user_context=NULL;
-+ security_context_t file_context=NULL;
-+ int retval=0;
-+ struct av_decision avd;
-+
-+ if (get_default_context(pentry->pw_name, NULL, &user_context))
-+ perr("execle: couldn't get security context for user %s\n", pentry->pw_name);
-+ /*
-+ * Since crontab files are not directly executed,
-+ * crond must ensure that the crontab file has
-+ * a context that is appropriate for the context of
-+ * the user cron job. It performs an entrypoint
-+ * permission check for this purpose.
-+ */
-+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
-+ perr("fgetfilecon FAILED %s", filename);
-+
-+ retval = security_compute_av(user_context,
-+ file_context,
-+ SECCLASS_FILE,
-+ FILE__ENTRYPOINT,
-+ &avd);
-+ freecon(file_context);
-+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
-+ if (security_getenforce()==1) {
-+ perr("Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name);
-+ } else {
-+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name);
-+ goto out;
-+ }
-+ }
-+
-+ if (setexeccon(user_context) < 0) {
-+ if (security_getenforce()==1) {
-+ perr("Could not set exec context to %s for user %s\n", user_context,pentry->pw_name);
-+ } else {
-+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,pentry->pw_name);
-+ }
-+ }
-+ freecon(user_context);
-+ }
-+#endif
-+
-+ execl(ATD_MAIL_PROGRAM, ATD_MAIL_NAME, mailname, (char *) NULL);
-+ perr("Exec failed for mail command");
-+ exit(-1);
++ security_context_t user_context=NULL;
++ security_context_t file_context=NULL;
++ int retval=0;
++ struct av_decision avd;
++
++ if (get_default_context(pentry->pw_name, NULL, &user_context))
++ perr("execle: couldn't get security context for user %s\n", pentry->pw_name);
++ /*
++ * Since crontab files are not directly executed,
++ * crond must ensure that the crontab file has
++ * a context that is appropriate for the context of
++ * the user cron job. It performs an entrypoint
++ * permission check for this purpose.
++ */
++ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
++ perr("fgetfilecon FAILED %s", filename);
++
++ retval = security_compute_av(user_context,
++ file_context,
++ SECCLASS_FILE,
++ FILE__ENTRYPOINT,
++ &avd);
++ freecon(file_context);
++ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
++ if (security_getenforce()==1) {
++ perr("Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name);
++ } else {
++ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,pentry->pw_name);
++ goto out;
++ }
++ }
++
++ if (setexeccon(user_context) < 0) {
++ if (security_getenforce()==1) {
++ perr("Could not set exec context to %s for user %s\n", user_context,pentry->pw_name);
++ } else {
++ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,pentry->pw_name);
++ }
++ }
++ out:
++ freecon(user_context);
++ }
++#endif
++ execl(ATD_MAIL_PROGRAM, ATD_MAIL_NAME, mailname, (char *) NULL);
++ perr("Exec faile for mail command");
++ exit(-1);
++
+#ifdef WITH_SELINUX
-+ if (selinux_enabled>0) {
-+ if (setexeccon(NULL) < 0)
-+ if (security_getenforce()==1)
-+ perr("Could not resset exec context for user %s\n", pentry->pw_name);
-+ }
-+ }
++ if (selinux_enabled>0)
++ if (setexeccon(NULL) < 0)
++ if (security_getenforce()==1)
++ perr("Could not resset exec context for user %s\n", pentry->pw_name);
#endif
- perr("Exec failed for mail command");
-- PRIV_END
-+ PRIV_END
-+ } else
-+ if ( mail_pid == -1 ) {
-+ perr("fork of mailer failed");
-+ } else {
-+ /* Parent */
-+ waitpid(mail_pid, (int *) NULL, 0);
-+
+ PRIV_END
++ }
++ else if ( mail_pid == -1 ) {
++ perr("fork of mailer failed");
++ }
++ else {
++ /* Parent */
++ waitpid(mail_pid, (int *) NULL, 0);
++ }
+#ifdef WITH_PAM
-+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
-+ pam_close_session(pamh, PAM_SILENT);
-+ pam_end(pamh, PAM_ABORT);
-+ closelog();
-+ openlog("atd", LOG_PID, LOG_ATD);
++ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
++ pam_close_session(pamh, PAM_SILENT);
++ pam_end(pamh, PAM_ABORT);
++ closelog();
++ openlog("atd", LOG_PID, LOG_ATD);
+#endif
-+ }
}
+#endif
exit(EXIT_SUCCESS);
}
-@@ -736,6 +974,10 @@
+@@ -702,6 +911,10 @@
struct passwd *pwe;
struct group *ge;
@@ -347,7 +468,7 @@
/* We don't need root privileges all the time; running under uid and gid
* daemon is fine.
*/
-@@ -752,11 +994,7 @@
+@@ -718,18 +931,13 @@
RELINQUISH_PRIVS_ROOT(daemon_uid, daemon_gid)
@@ -356,110 +477,74 @@
-#endif
-
- openlog("atd", LOG_PID, LOG_CRON);
+-
+ openlog("atd", LOG_PID, LOG_ATD);
-
opterr = 0;
errno = 0;
---- at-3.1.10/perm.c.pam 2005-08-05 05:16:01.000000000 +0200
-+++ at-3.1.10/perm.c 2006-09-12 15:06:30.000000000 +0200
-@@ -51,6 +51,14 @@
- #define PRIV_END while(0)
- #endif
-
-+#ifdef WITH_PAM
-+#include <security/pam_appl.h>
-+static pam_handle_t *pamh = NULL;
-+static const struct pam_conv conv = {
-+ NULL
-+};
-+#endif
-+
- /* Structures and unions */
-
-
-@@ -109,18 +117,58 @@
- int
- check_permission()
- {
-- uid_t uid = geteuid();
-+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
- struct passwd *pentry;
- int allow = 0, deny = 1;
-
-- if (uid == 0)
-+ int retcode=0;
-+
-+ if (euid == 0)
- return 1;
-
-- if ((pentry = getpwuid(uid)) == NULL) {
-+ if ((pentry = getpwuid(euid)) == NULL) {
- perror("Cannot access user database");
- exit(EXIT_FAILURE);
- }
-
-+#ifdef WITH_PAM
-+/*
-+ * We must check if the atd daemon userid will be allowed to gain the job owner user's
-+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
-+ */
-+ setreuid(daemon_uid, daemon_uid);
-+ setregid(daemon_gid, daemon_gid);
-+
-+# define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
-+ fprintf(stderr,"PAM authentication failure: %s\n",pam_strerror(pamh, retcode)); \
-+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
-+ pam_close_session(pamh,PAM_SILENT); \
-+ pam_end(pamh, retcode); \
-+ setregid(gid,egid); \
-+ setreuid(uid,euid); \
-+ return(0); \
-+ }
-+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
-+ PAM_FAIL_CHECK;
-+ retcode = pam_set_item(pamh, PAM_TTY, "atd");
-+ PAM_FAIL_CHECK;
-+ retcode = pam_acct_mgmt(pamh, PAM_SILENT);
-+ PAM_FAIL_CHECK;
-+ retcode = pam_open_session(pamh, PAM_SILENT);
-+ PAM_FAIL_CHECK;
-+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
-+ PAM_FAIL_CHECK;
-+
-+ pam_close_session(pamh,PAM_SILENT);
-+ pam_end(pamh, PAM_ABORT);
-+
-+ setregid(gid,egid);
-+ setreuid(uid,euid);
-+
-+#endif
-+
-+
-+
- allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
- if (allow==0 || allow==1)
- return allow;
---- at-3.1.10/config.h.in.__ 2006-09-07 18:47:06.000000000 +0200
-+++ at-3.1.10/config.h.in 2006-09-07 18:48:12.000000000 +0200
-@@ -181,3 +181,9 @@
+ run_as_daemon = 1;
+ batch_interval = BATCH_INTERVAL_DEFAULT;
- #undef HAVE_ATTRIBUTE_NORETURN
- #undef HAVE_PAM
-+
-+/* Define if you are building with_selinux */
-+#undef WITH_SELINUX
-+
-+/* Define if you are building with_pam */
-+#undef WITH_PAM
---- at-3.1.10/configure.in._ 2005-08-05 05:16:02.000000000 +0200
-+++ at-3.1.10/configure.in 2006-09-07 16:21:19.000000000 +0200
-@@ -88,6 +88,9 @@
- if test "$ac_cv_path_SENDMAIL" != "" ; then
- AC_DEFINE_UNQUOTED(SENDMAIL,"$ac_cv_path_SENDMAIL")
- MAIL_CMD="$ac_cv_path_SENDMAIL"
-+#AC_PATH_PROG(GETOPT, getopt, , $PATH:/bin:/usr/bin:/usr/local/bin )
-+#if test "$ac_cv_path_GETOPT" != "" ; then
-+#AC_DEFINE_UNQUOTED(GETOPT,"$ac_cv_path_GETOPT")
- fi
-
- AC_SUBST(MAIL_CMD)
+- while ((c = getopt(argc, argv, "sdl:b:")) != EOF) {
++ while ((c = getopt(argc, argv, "sdl:b:n:")) != EOF) {
+ switch (c) {
+ case 'l':
+ if (sscanf(optarg, "%lf", &load_avg) != 1)
+@@ -742,10 +950,15 @@
+ if (sscanf(optarg, "%ud", &batch_interval) != 1)
+ pabort("garbled option -b");
+ break;
++
+ case 'd':
+ daemon_debug++;
++ /* go through another option*/
++
++ case 'n':
++ daemon_nofork++;
+ break;
+-
++
+ case 's':
+ run_as_daemon = 0;
+ break;
+--- at-3.1.10/Makefile.in.pam 2007-07-03 13:29:24.000000000 +0200
++++ at-3.1.10/Makefile.in 2007-07-03 13:29:24.000000000 +0200
+@@ -41,6 +41,7 @@
+ LIBOBJS = @LIBOBJS@
+ INSTALL = @INSTALL@
+ PAMLIB = @PAMLIB@
++SELINUXLIB = @SELINUXLIB@
+
+ CLONES = atq atrm
+ ATOBJECTS = at.o panic.o perm.o y.tab.o lex.yy.o
+@@ -67,13 +68,13 @@
+ all: at atd atrun
+
+ at: $(ATOBJECTS)
+- $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB)
++ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(PAMLIB)
+ rm -f $(CLONES)
+ $(LN_S) -f at atq
+ $(LN_S) -f at atrm
+
+ atd: $(RUNOBJECTS)
+- $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(PAMLIB)
++ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB)
+
+ y.tab.c y.tab.h: parsetime.y
+ $(YACC) -d parsetime.y
+--- at-3.1.10/pam_atd.pam 2007-07-03 13:29:24.000000000 +0200
++++ at-3.1.10/pam_atd 2007-07-03 13:29:24.000000000 +0200
+@@ -0,0 +1,13 @@
++# The PAM configuration file for the at daemon
++#
++#
++auth sufficient pam_rootok.so
++auth include system-auth
++auth required pam_env.so
++account include system-auth
++session required pam_loginuid.so
++session include system-auth
++# Sets up user limits, please uncomment and read /etc/security/limits.conf
++# to enable this functionality.
++# session required pam_limits.so
++#
at-3.1.10-perm.patch:
Index: at-3.1.10-perm.patch
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at-3.1.10-perm.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- at-3.1.10-perm.patch 14 Nov 2006 11:36:00 -0000 1.1
+++ at-3.1.10-perm.patch 3 Jul 2007 14:24:48 -0000 1.2
@@ -1,29 +1,12 @@
---- at-3.1.10/at.c.perm 2006-11-14 12:26:27.000000000 +0100
-+++ at-3.1.10/at.c 2006-11-14 12:28:15.000000000 +0100
-@@ -144,17 +144,12 @@
- */
- if (fcreated) {
- /*
-- PRIV_START
--
- We need the unprivileged uid here since the file is owned by the real
- (not effective) uid.
- */
- setregid(real_gid, effective_gid);
- unlink(atfile);
- setregid(effective_gid, real_gid);
-- /*
-- PRIV_END
-- */
- }
- exit(EXIT_FAILURE);
- }
-@@ -314,18 +309,18 @@
+--- at-3.1.10/at.c.perm 2007-07-02 15:40:35.000000000 +0200
++++ at-3.1.10/at.c 2007-07-02 16:19:54.000000000 +0200
+@@ -314,10 +314,11 @@
* bit. Yes, this is a kluge.
*/
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
- seteuid(real_uid);
-+ seteuid(effective_uid);
++ //seteuid(real_uid);
++ seteuid(effective_uid);
if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1)
perr("Cannot create atjob file %.500s", atfile);
- seteuid(effective_uid);
@@ -31,53 +14,3 @@
if ((fd2 = dup(fd)) < 0)
perr("Error in dup() of job file");
-
-- /*
-+
- if (fchown(fd2, real_uid, real_gid) != 0)
- perr("Cannot give away file");
-- */
-+
-
- PRIV_END
-
-@@ -656,6 +651,7 @@
- We need the unprivileged uid here since the file is owned by the real
- (not effective) uid.
- */
-+// PRIV_START
- setregid(real_gid, effective_gid);
-
- if (queue == '=') {
-@@ -668,17 +664,17 @@
-
- setregid(effective_gid, real_gid);
- done = 1;
--
-+// PRIV_END
- break;
-
- case CAT:
- {
- FILE *fp;
- int ch;
--
-+ // PRIV_START
- setregid(real_gid, effective_gid);
- fp = fopen(dirent->d_name, "r");
--
-+ // PRIV_END
- if (fp) {
- while ((ch = getc(fp)) != EOF) {
- putchar(ch);
---- at-3.1.10/Makefile.in.perm 2006-11-14 12:26:27.000000000 +0100
-+++ at-3.1.10/Makefile.in 2006-11-14 12:26:27.000000000 +0100
-@@ -97,7 +97,7 @@
- $(INSTALL) -m 755 -d $(IROOT)$(atdocdir)
- $(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR)
- $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d
-- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT) $(ATSPOOL_DIR)
-+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR)
- chmod 700 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
- touch $(IROOT)$(LFILE)
- chmod 600 $(IROOT)$(LFILE)
at-3.1.8-t_option.patch:
Index: at-3.1.8-t_option.patch
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at-3.1.8-t_option.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- at-3.1.8-t_option.patch 24 Oct 2006 14:25:28 -0000 1.4
+++ at-3.1.8-t_option.patch 3 Jul 2007 14:24:48 -0000 1.5
@@ -1,41 +1,18 @@
---- at-3.1.10/at.1.in.t_opti 2006-09-12 12:48:04.000000000 +0200
-+++ at-3.1.10/at.1.in 2006-09-12 12:45:40.000000000 +0200
-@@ -12,6 +12,16 @@
- .RB [ -mldbv ]
- .B TIME
- .br
-+.B at
-+.RB [ -V ]
-+.RB [ -q
-+.IR queue ]
-+.RB [ -f
-+.IR file ]
-+.RB [ -mldbv ]
-+.RB -t
-+.IR time_arg
-+.br
- .B "at -c"
- .I job
- .RI [ job... ]
-@@ -227,6 +237,15 @@
- .B
- \-c
- cats the jobs listed on the command line to standard output.
-+.TP
-+.BI \-t " time_arg"
-+Submit the job to be run at the time specified by the
-+.BI time_arg
-+option argument, which must have the same format as specified for the
-+.BR touch(1)
-+utility's
-+.B -t
-+time option argument ([[CC]YY]MMDDhhmm).
- .SH FILES
- .I @ATJBD@
- .br
---- at-3.1.10/at.c.t_ 2006-09-12 10:15:56.000000000 +0200
-+++ at-3.1.10/at.c 2006-09-12 10:30:17.000000000 +0200
-@@ -750,6 +750,101 @@
+--- at-3.1.10/at.c.t_option 2007-06-28 14:43:51.000000000 +0200
++++ at-3.1.10/at.c 2007-06-28 14:54:04.000000000 +0200
+@@ -396,8 +396,9 @@
+ unsigned int i;
+ for (i = 0; i < sizeof(no_export) / sizeof(no_export[0]); i++) {
+ export = export
+- && (strncmp(*atenv, no_export[i],
+- (size_t) (eqp - *atenv)) != 0);
++ && ( (((size_t) (eqp - *atenv)) != strlen(no_export[i]))
++ ||(strncmp(*atenv, no_export[i],(size_t) (eqp - *atenv)) != 0)
++ );
+ }
+ eqp++;
+ }
+@@ -752,6 +753,102 @@
return p;
}
@@ -126,8 +103,9 @@
+
+ if( tm.tm_mday )
+ {
-+ tm.tm_isdst = tm_now.tm_isdst;
-+ return mktime(&tm);
++ tm.tm_isdst = -1;
++ t = mktime(&tm);
++ return t;
+ } else
+ return 0L;
+}
@@ -137,3 +115,136 @@
int
main(int argc, char **argv)
{
+@@ -761,9 +858,9 @@
+ char *pgm;
+
+ int program = AT; /* our default program */
+- char *options = "q:f:MmvldhVc"; /* default options for at */
++ char *options = "q:f:MmvldhVct:"; /* default options for at */
+ int disp_version = 0;
+- time_t timer;
++ time_t timer=0L;
+ struct passwd *pwe;
+ struct group *ge;
+
+@@ -866,7 +963,9 @@
+ program = CAT;
+ options = "";
+ break;
+-
++ case 't':
++ timer = t_option(optarg);
++ break;
+ default:
+ usage();
+ break;
+@@ -955,10 +1054,12 @@
+ else
+ queue = DEFAULT_BATCH_QUEUE;
+
+- if (argc > optind)
+- timer = parsetime(argc, argv);
+- else
+- timer = time(NULL);
++ if( timer == 0L ) {
++ if (argc > optind)
++ timer = parsetime(argc, argv);
++ else
++ timer = time(NULL);
++ }
+
+ if (atverify) {
+ struct tm *tm = localtime(&timer);
+--- at-3.1.10/at.1.in.t_option 2007-06-28 14:43:51.000000000 +0200
++++ at-3.1.10/at.1.in 2007-06-28 14:43:51.000000000 +0200
+@@ -12,6 +12,16 @@
+ .RB [ -mldbv ]
+ .B TIME
+ .br
++.B at
++.RB [ -V ]
++.RB [ -q
++.IR queue ]
++.RB [ -f
++.IR file ]
++.RB [ -mldbv ]
++.RB -t
++.IR time_arg
++.br
+ .B "at -c"
+ .I job
+ .RI [ job... ]
+@@ -32,8 +42,7 @@
+ and
+ .B batch
+ read commands from standard input or a specified file which are to
+-be executed at a later time, using
+-.BR /bin/sh .
++be executed at a later time.
+ .TP 8
+ .BR at
+ executes commands at a specified time.
+@@ -227,6 +236,63 @@
+ .B
+ \-c
+ cats the jobs listed on the command line to standard output.
++.TP
++.BI \-t " time_arg"
++Submit the job to be run at the time specified by the
++.BI time_arg
++option argument, which must have the same format as specified for the
++.BR touch(1)
++utility's
++.B \-t
++time option argument ([[CC]YY]MMDDhhmm).
++.SH ENVIRONMENT
++.P
++.TP 8
++.B SHELL
++The value of the SHELL environment variable at the time of
++.B at
++invocation will determine which shell is used to execute the
++.B at
++job commands. If SHELL is unset when
++.B at
++is invoked, the user's login shell will be used; otherwise,
++if SHELL is set when
++.B at
++is invoked, it must contain the path of a shell interpreter
++executable that will be used to run the commands at the specified time.
++.P
++.B at
++will record the values of
++environment variables present at time of
++.B at
++invocation. When the commands are run at the specified time,
++.B at
++will restore these variables to their recorded values .
++These variables are excluded from this processing and are never
++set by
++.B at
++when the commands are run :
++.br
++.BI TERM,
++.BI DISPLAY,
++.BI SHELLOPTS,
++.BI _,
++.BI PPID,
++.BI BASH_VERSINFO,
++.BI EUID,
++.BI UID,
++.BI GROUPS.
++.br
++If the user submitting the
++.B at
++job is not the super-user, variables that alter the behaviour of the
++loader
++.BR ld.so(8),
++such as
++.B LD_LIBRARY_PATH
++, cannot be recorded and restored by
++.B at .
++.P
+ .SH FILES
+ .I @ATJBD@
+ .br
Index: at.spec
===================================================================
RCS file: /cvs/pkgs/rpms/at/devel/at.spec,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- at.spec 27 Mar 2007 13:47:01 -0000 1.53
+++ at.spec 3 Jul 2007 14:24:48 -0000 1.54
@@ -6,7 +6,7 @@
Summary: Job spooling tools
Name: at
Version: 3.1.10
-Release: 11%{?dist}
+Release: 12%{?dist}
License: GPL
Group: System Environment/Daemons
URL: http://ftp.debian.org/debian/pool/main/a/at
@@ -14,25 +14,17 @@
Source1: test.pl
Source2: atd.init
Patch0: at-3.1.7-lockfile.patch
-Patch1: at-3.1.10-man-timespec-path.patch
-Patch2: at-3.1.7-sigchld.patch
-Patch3: at-3.1.10-typo.patch
-Patch4: at-3.1.10-lexer-parser.patch
-Patch5: at-3.1.8-test.patch
-Patch6: at-3.1.8-perr.patch
-Patch7: at-3.1.10-instinet.patch
-Patch8: at-3.1.10-shell.patch
-Patch9: at-3.1.10-pie.patch
-Patch10: at-3.1.8-t_option.patch
-Patch11: at-3.1.10-usage.patch
-Patch12: at-3.1.10-fix_no_export.patch
-Patch13: at-3.1.10-pam.patch
-Patch14: at-3.1.10-dont_fork.patch
-Patch15: at-3.1.10-makefile.patch
-Patch16: at-3.1.10-daylight.patch
-Patch17: at-3.1.10-perm.patch
-Patch18: at-3.1.10-newpam.patch
-Patch19: at-3.1.10-debug.patch
+Patch1: at-3.1.10-makefile.patch
+Patch2: at-3.1.10-man-timespec-path.patch
+Patch3: at-3.1.7-sigchld.patch
+Patch4: at-3.1.10-typo.patch
+Patch7: at-3.1.8-perr.patch
+#Patch8: at-3.1.8-instinet.patch
+Patch9: at-3.1.10-shell.patch
+Patch11: at-3.1.8-t_option.patch
+Patch14: at-3.1.10-pam.patch
+Patch15: at-3.1.10-dont_fork.patch
+Patch21: at-3.1.10-perm.patch
BuildRequires: fileutils chkconfig /etc/init.d
BuildRequires: flex bison autoconf
@@ -67,25 +59,17 @@
cp %{SOURCE1} .
%patch0 -p1 -b .lockfile
-%patch1 -p1 -b .paths
-%patch2 -p1 -b .sigchld
-%patch3 -p1 -b .typo
-%patch4 -p1 -b .lexer
-%patch5 -p1 -b .test
-%patch6 -p1 -b .perr
-%patch7 -p1 -b .instinet
-%patch8 -p1 -b .shell
-%patch9 -p1 -b .pie
-%patch10 -p1 -b .t_option
-%patch11 -p1 -b .usage
-%patch12 -p1 -b .fix_no_export
-%patch13 -p1 -b .pam
-%patch14 -p1 -b .dont_fork
-%patch15 -p1 -b .makefile
-%patch16 -p1 -b .daylight
-%patch17 -p1 -b .perm
-%patch18 -p1 -b .newpam
-%patch19 -p1 -b .debug
+%patch1 -p1 -b .make
+%patch2 -p1 -b .paths
+%patch3 -p1 -b .sigchld
+%patch4 -p1 -b .typo
+%patch7 -p1 -b .perr
+#%patch8 -p1 -b .instinet #unlink unsucessful jobs, removed -> atd crash
+%patch9 -p1 -b .shell
+%patch11 -p1 -b .t_option
+%patch14 -p1 -b .pam
+%patch15 -p1 -b .dont_fork
+%patch21 -p1 -b .perm
%build
# patch10 touches configure.in
@@ -104,10 +88,10 @@
make
%check
-# don't run "make test" by default
-%{?_without_check: %define _without_check 1}
-%{!?_without_check: %define _without_check 1}
-
+# don't run "make test" by default
+%{?_without_check: %define _without_check 1}
+%{!?_without_check: %define _without_check 1}
+
%if ! %{_without_check}
LANG=C make test > /dev/null
%endif
@@ -115,6 +99,7 @@
%install
make install \
DAEMON_USERNAME=`id -nu`\
+ DAEMON_GROUPNAME=`id -ng` \
DESTDIR=%{buildroot}\
sbindir=%{buildroot}%{_prefix}/sbin\
bindir=%{buildroot}%{_bindir}\
@@ -122,7 +107,6 @@
exec_prefix=%{buildroot}%{_prefix}\
docdir=%{buildroot}/usr/doc\
mandir=%{buildroot}%{_mandir}\
- DAEMON_GROUPNAME=`id -ng` \
etcdir=%{buildroot}%{_sysconfdir} \
ATJOB_DIR=%{buildroot}%{_localstatedir}/spool/at \
ATSPOOL_DIR=%{buildroot}%{_localstatedir}/spool/at/spool \
@@ -150,6 +134,7 @@
%post
touch %{_localstatedir}/spool/at/.SEQ
+chmod 600 %{_localstatedir}/spool/at/.SEQ
chown daemon:daemon %{_localstatedir}/spool/at/.SEQ
/sbin/chkconfig --add atd
@@ -168,11 +153,11 @@
%defattr(-,root,root,-)
%doc docs/*
%config(noreplace) %{_sysconfdir}/at.deny
-%attr(0755,root,root) %{_sysconfdir}/rc.d/init.d/atd
+%attr(0700,root,root) %{_sysconfdir}/rc.d/init.d/atd
%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at
%attr(0600,daemon,daemon) %verify(not md5 size mtime) %ghost %{_localstatedir}/spool/at/.SEQ
%attr(0700,daemon,daemon) %dir %{_localstatedir}/spool/at/spool
-%attr(0644,root,root) %config(noreplace) /etc/pam.d/atd
+%attr(0640,root,daemon) %config(noreplace) /etc/pam.d/atd
%{_sbindir}/atrun
%attr(0755,root,root) %{_sbindir}/atd
%{_mandir}/man*/*
@@ -182,6 +167,11 @@
%attr(4755,root,root) %{_bindir}/at
%changelog
+* Tue Jul 3 2007 Marcela Maslanova <mmaslano at redhat.com> - 3.1.10-12
+- crashing atd
+- work only for root, still broken some functions
+- Resolves: rhbz#243064
+
* Tue Mar 27 2007 Marcela Maslanova <mmaslano at redhat.com> - 3.1.10-11
- mistake in pam_atd
- rhbz#234120
- Previous message: rpms/wine/devel .cvsignore, 1.35, 1.36 sources, 1.36, 1.37 wine-rpath.patch, 1.4, 1.5 wine.spec, 1.54, 1.55
- Next message: rpms/claws-mail/devel .cvsignore, 1.9, 1.10 claws-mail.spec, 1.13, 1.14 sources, 1.9, 1.10
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list