Package: cron / 3.0pl1-136

Metadata

Package Version Patches format
cron 3.0pl1-136 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fixes/Legacy porting issues.patch | (download)

Makefile | 2 1 + 1 - 0 !
compat.h | 20 10 + 10 - 0 !
cron.c | 2 1 + 1 - 0 !
do_command.c | 5 3 + 2 - 0 !
externs.h | 1 1 + 0 - 0 !
pathnames.h | 2 1 + 1 - 0 !
popen.c | 2 1 + 1 - 0 !
7 files changed, 18 insertions(+), 16 deletions(-)

 legacy porting issues

Various fixes, additions or updates regarding portability. These are quite
numerous because the upstream code is from 1993, and does not even assume POSIX
compatibility, which is why we declare it.

Based on the changes originally made by Steve Greenland <stevegr@debian.org>.

fixes/Hurd MAXPATHLEN workaround.patch | (download)

database.c | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

 hurd maxpathlen workaround

Hurd does not define MAXPATHLEN.

Fix provided by Steve Greenland <stevegr@debian.org>.

Bug-Debian: https://bugs.debian.org/64382
fixes/Miscellaneous coding errors.patch | (download)

compat.c | 2 1 + 1 - 0 !
cron.c | 4 2 + 2 - 0 !
cron.h | 5 3 + 2 - 0 !
crontab.c | 18 12 + 6 - 0 !
database.c | 4 2 + 2 - 0 !
do_command.c | 22 10 + 12 - 0 !
env.c | 5 4 + 1 - 0 !
misc.c | 26 14 + 12 - 0 !
popen.c | 4 2 + 2 - 0 !
user.c | 1 1 + 0 - 0 !
10 files changed, 51 insertions(+), 40 deletions(-)

 miscellaneous code errors

These are mostly one-line fixes of obvious errors such as running into
undefined behaviour, missing arguments to functions, typos, name mix-ups, etc.
Creating separate patches for them would be overkill.

Originally by Steve Greenland <stevegr@debian.org>, occasionally modified to
match what upstream eventually did for ISC cron v4.1.

fixes/Memory allocation issues.patch | (download)

compat.c | 5 4 + 1 - 0 !
crontab.c | 4 4 + 0 - 0 !
entry.c | 54 47 + 7 - 0 !
env.c | 30 26 + 4 - 0 !
job.c | 3 2 + 1 - 0 !
misc.c | 10 8 + 2 - 0 !
user.c | 27 22 + 5 - 0 !
7 files changed, 113 insertions(+), 20 deletions(-)

 memory allocation issues

Check the results of malloc(), strdup(), etc., and don't forget to free memory.

Fixes provided by Steve Greenland <stevegr@debian.org> and extended for
CVE-2019-9704.

Bug-Debian: https://bugs.debian.org/264320
fixes/Use safe string functions.patch | (download)

compat.c | 8 5 + 3 - 0 !
cron.h | 4 2 + 2 - 0 !
crontab.c | 36 23 + 13 - 0 !
database.c | 2 1 + 1 - 0 !
do_command.c | 6 3 + 3 - 0 !
entry.c | 10 5 + 5 - 0 !
env.c | 8 6 + 2 - 0 !
misc.c | 25 13 + 12 - 0 !
8 files changed, 58 insertions(+), 41 deletions(-)

 use safe s string functions

Use safe string functions instead of unsafe ones.

Most of these fixes were originally taken from Red Hat's
vixie-cron-3.0.1-24.src.rpm.

Bug-Debian: https://bugs.debian.org/26705
Bug-Debian: https://bugs.debian.org/26749
Bug-Debian: https://bugs.debian.org/62268
Bug-Debian: https://bugs.debian.org/89040
fixes/Entry symbolic name fixes.patch | (download)

entry.c | 7 5 + 2 - 0 !
1 file changed, 5 insertions(+), 2 deletions(-)

 correct which/how flags are set for entries

In the entry processing code, either set certain internal flags which are
missing, or correct broken settings.

Fix provided by Steve Greenland <stevegr@debian.org>.

Bug-Debian: https://bugs.debian.org/43282
Bug-Debian: https://bugs.debian.org/62141
Bug-Debian: https://bugs.debian.org/84727
Bug-Debian: https://bugs.debian.org/150591
fixes/Limit number of command arguments.patch | (download)

popen.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 limit number of command arguments

Set an upper limit for the number of arguments in a command, instead of
hardcoding 100 (and not checking for that limit).

Fix provided by Steve Greenland <stevegr@debian.org>.

fixes/Validate MAILTO input.patch | (download)

do_command.c | 15 15 + 0 - 0 !
1 file changed, 15 insertions(+)

 validate mailto input

Validate the contents of the MAILTO variable. In particular, this prevents
users from passing arbitrary options to sendmail.

Fix provided by Steve Greenland <stevegr@debian.org>.

fixes/Manpage corrections and improvements.patch | (download)

cron.8 | 54 35 + 19 - 0 !
crontab.1 | 65 43 + 22 - 0 !
crontab.5 | 224 181 + 43 - 0 !
3 files changed, 259 insertions(+), 84 deletions(-)

 manpage corrections and improvements

A collection of various corrections, clarifications, and additions to the
manpages cron.8, crontab.1, and crontab.5 which are not specific to Debian's
version of vixie cron.

Fixes mostly provided originally by Steve Greenland <stevegr@debian.org>, with
numerous smaller contributions by others.

Bug-Debian: https://bugs.debian.org/43282
Bug-Debian: https://bugs.debian.org/893575
Bug-Debian: https://bugs.debian.org/893576
Bug-Debian: https://bugs.debian.org/893579
Bug-Debian: https://bugs.debian.org/934543
fixes/cron report missing newline before EOF.patch | (download)

crontab.1 | 5 5 + 0 - 0 !
crontab.5 | 6 6 + 0 - 0 !
entry.c | 4 4 + 0 - 0 !
user.c | 17 13 + 4 - 0 !
4 files changed, 28 insertions(+), 4 deletions(-)

 cron: report missing newline before eof

A missing newline before EOF caused the daemon to silently ignore the last line
of a crontab. Print a warning instead.

Bug-Debian: https://bugs.debian.org/79037
fixes/crontab entry parsing fixes.patch | (download)

entry.c | 16 15 + 1 - 0 !
1 file changed, 15 insertions(+), 1 deletion(-)

 crontab entry parsing fixes

Handle various entry parsing bugs:
  * Steve Greenland <stevegr@debian.org> noticed that whitespace between
    @symbolic names and commands weren't all being skipped
  * Steve Greenland noticed that get_number() did not detect invalid number
    specifications early enough
  * Steve Greenland discovered that invalid step sizes weren't being detected
  * Justin T. Pryzby <justinpryzby@users.sourceforge.net> discovered that steps
    without a range (an invalid specification) weren't detected

Bug-Debian: https://bugs.debian.org/62141
Bug-Debian: https://bugs.debian.org/84727
Bug-Debian: https://bugs.debian.org/183650
Bug-Debian: https://bugs.debian.org/733478
fixes/crontab detect missing eol.patch | (download)

crontab.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 crontab: warn about missing newline

Make crontab(1) refuse to add/replace a crontab with a missing newline before
EOF. The daemon will either not execute the last entry, or refuse to execute
the entire crontab (depending on the implementation).

Bug-Debian: https://bugs.debian.org/79037
fixes/crontab allow deny logic fix.patch | (download)

crontab.1 | 8 8 + 0 - 0 !
misc.c | 41 33 + 8 - 0 !
2 files changed, 41 insertions(+), 8 deletions(-)

 crontab allow/deny logic fix

Looking at config.h and pathnames.h, it is evident that the intention was to
always allow root to execute jobs. Furthermore, the conditional tests for the
ALLOW and DENY files were incorrect.

Fix provided by Steve Grubb as part of another patch, then further improved by
Javier Fernández-Sanguino Peña <jfs@debian.org> and Christian Kastner.

Bug-Debian: https://bugs.debian.org/383741
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1813833
fixes/Entry time range check.patch | (download)

entry.c | 11 11 + 0 - 0 !
1 file changed, 11 insertions(+)

 entry time range check

Explicitly check for sane values in time ranges. Certain invalid combinations
of ranges and steps weren't being detected, eg:

    5-64/30 * * * *  touch /dev/null

contains an invalid minute "64".

Bug-Debian: https://bugs.debian.org/533726
fixes/Abort processing of crontabs with errors.patch | (download)

user.c | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

 abort processing of crontabs with errors

Discard crontabs with syntax errors, and log an error.

Discarding the entire crontab might seem harsh, but crontabs can be used as an
attack vector, as evident by the gluck.debian.org compromise in 2006. Granted,
that attack exploited the /etc/cron.d package directory feature, but it would
seem prudent to err on the side of caution in this case.

The initial fix was originally provided by Faidon Liambotis, and has been
slightly extended.

Bug-Debian: https://bugs.debian.org/378153
fixes/Check privilege drop results CVE 2006 2607.patch | (download)

do_command.c | 24 21 + 3 - 0 !
1 file changed, 21 insertions(+), 3 deletions(-)

 check privilege drop results (cve-2006-2607)

Check the results of privilege dropping operations, and bail out if they fail.
Documented as CVE-2006-2607.

Fixes provided by Steve Greenland <stevegr@debian.org>, and extended by Javier
Fernández-Sanguino Peña <jfs@debian.org>.

Bug-Debian: https://bugs.debian.org/85609
Bug-Debian: https://bugs.debian.org/86775
Bug-Debian: https://bugs.debian.org/528434
fixes/Drop privileges when sending mail.patch | (download)

cron.h | 2 1 + 1 - 0 !
do_command.c | 2 1 + 1 - 0 !
popen.c | 34 33 + 1 - 0 !
3 files changed, 35 insertions(+), 3 deletions(-)

 drop privileges when sending mail

Drop privileges when sending mail. It is unnecessary to send them as root.

Extension of a fix originally provided by Steve Greenland <stevegr@debian.org>
and extended by Javier Fernández-Sanguino Peña <jfs@debian.org>.

fixes/Proper use of error functions.patch | (download)

crontab.c | 29 15 + 14 - 0 !
do_command.c | 3 1 + 2 - 0 !
misc.c | 14 5 + 9 - 0 !
3 files changed, 21 insertions(+), 25 deletions(-)

 proper use of error functions

perror is called after library functions besides the one that failed,
and without saving/restoring errno or otherwise referencing the
correct value.

Fix provided by Justin Pryzby <justinpryzby@users.sourceforge.net>.

Bug-Debian: https://bugs.debian/org/470587
fixes/Ensure stdin is open.patch | (download)

cron.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 ensure stdin is open

Ensure stdin is open on startup. This is needed by the job execution later on.

Fix originally provided by Mustafa Mahudhawala for Red Hat's vixie cron.

Bug-Debian: https://bugs.debian.org/295589
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=145992
fixes/Redirect daemon standard streams to dev null.patch | (download)

cron.c | 5 5 + 0 - 0 !
do_command.c | 1 1 + 0 - 0 !
2 files changed, 6 insertions(+)

 redirect daemon standard streams to /dev/null

Redirect the daemon's stdin/stdout/stderr from resp. to /dev/null.

Fixes provided by Steve Greenland <stevegr@debian.org>.

Debian-Bug: https://bugs.debian.org/23231
Debian-Bug: https://bugs.debian.org/30653
Debian-Bug: https://bugs.debian.org/37189
fixes/Handle escapes in job input.patch | (download)

do_command.c | 13 11 + 2 - 0 !
1 file changed, 11 insertions(+), 2 deletions(-)

 handle escapes in job input

Certain escape sequences are not handled correctly. Fix supplied by Topi
Miettinen, with OpenBSD indicated as the original source of it.

Bug-Debian: https://bugs.debian.org/8499
fixes/Tolerate empty EDITOR and VISUAL envvars.patch | (download)

crontab.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 tolerate empty editor and visual envvars

Treat empty EDITOR and VISUAL environment variables as if they were unset.

Fix provided by Steve Greenland <stevegr@debian.org>.

Bug-Debian: https://bugs.debian.org/148809
fixes/Use strftime to print time.patch | (download)

misc.c | 38 24 + 14 - 0 !
1 file changed, 24 insertions(+), 14 deletions(-)

 use strftime to print time

Fix provided by Steve Greenland <stevegr@debian.org>, possibly with OpenBSD as
the original source (the subversion history is ambiguous).

fixes/fsync to check for full disk.patch | (download)

crontab.c | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 fsync to check for full disk

Make sure that writing the crontab actually succeeded.

Based on an initial fix by Steve Greenland <stevegr@debian.org>.

Bug-Debian: https://bugs.debian.org/110612
fixes/Signal handling issues.patch | (download)

cron.c | 8 8 + 0 - 0 !
popen.c | 17 11 + 6 - 0 !
2 files changed, 19 insertions(+), 6 deletions(-)

 signal handling issues

Move signal handling away from the obsolete API.

Fix provided by Justin Pryzby <justinpryzby@users.sourceforge.net>, as part of
a larger fix, so it has been split out.

Bug-Debian: https://bugs.debian.org/155109
fixes/Improve waiting for spawned editor.patch | (download)

crontab.c | 59 33 + 26 - 0 !
1 file changed, 33 insertions(+), 26 deletions(-)

 improve waiting for spawned editor

Refine the process of waiting for the spawned editor. Also, block signals while
waiting.

Fix provided by Steve Greenland <stevegr@debian.org>.

fixes/Avoid predictable filenames.patch | (download)

crontab.c | 21 13 + 8 - 0 !
1 file changed, 13 insertions(+), 8 deletions(-)

 avoid predictable filenames

Prevent symlink attack by using mkstemp() instead of predictable filenames.

Based on a fix originally provided by Daniel Jacobowitz.

fixes/Cleanup tmpfiles.patch | (download)

crontab.c | 23 21 + 2 - 0 !
1 file changed, 21 insertions(+), 2 deletions(-)

 cleanup tmpfiles

Install a signal handler that removes a temporarily created file upon exit.

Based on a fix originally provided by Daniel Jacobowitz together with symlink
attack prevention.

fixes/Set umask while editing crontab.patch | (download)

crontab.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 set umask while editing crontab

When editing/replacing a crontab, set the umask to 077.

fixes/crontab must be regular file.patch | (download)

crontab.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 crontab must be a regular file

Ensure that the crontab opened in SPOOL_DIR a regular file.

Fix provided by Steve Greenland <stevegr@debian.org>.

fixes/Allow editors with tmpfiles.patch | (download)

crontab.c | 223 189 + 34 - 0 !
1 file changed, 189 insertions(+), 34 deletions(-)

 allow editors with tmpfiles

Certain editors such as vi use temporary files for editing. In the past, this
has caused problems with crontab's operation mode.

Fix provided by Steve Greenland <stevegr@debian.org>.

Bug-Debian: https://bugs.debian.org/149908
Bug-Debian: https://bugs.debian.org/413962
fixes/Improve retry prompt.patch | (download)

crontab.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 improve retry prompt

Include y/n in the prompt to indicate the expected input.

fixes/Dont die on missing spool dir.patch | (download)

database.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 don't die on missing spool dir

The daemon shouldn't just die when spool dir is missing, for example when
/var/spool is being moved around. This a recoverable situation.

Fix provided by Justin Pryzby <justinpryzby@users.sourceforge.net>.

Bug-Debian: https://bugs.debian.org/470564
fixes/Improve mode checks for crontabs.patch | (download)

cron.8 | 2 2 + 0 - 0 !
database.c | 28 27 + 1 - 0 !
2 files changed, 29 insertions(+), 1 deletion(-)

 improve mode checks for crontabs

Improve mode checks for crontabs to improve security. Specifically, check for:
 * Invalid owner
 * Invalid filetype
 * Insecure mode
 * Hard links

fixes/Enforce maximum crontab line count.patch | (download)

cron.h | 4 4 + 0 - 0 !
crontab.c | 12 8 + 4 - 0 !
user.c | 14 13 + 1 - 0 !
3 files changed, 25 insertions(+), 5 deletions(-)

 enforce maximum crontab line count

As any user can create a crontab that is read by the cron daemon, it is
possible for a user to cause a DoS via memory exhaustion by creating an
excessivly large crontab. This was classified as a security issue with
CVE-2019-9705.

As a measure to prevent this, limit the size of individual crontab files
to 1000 lines.

While it is still technically possible for a user to create a larger crontab
(for example, by creating a single, very long comment), this should not affect
the daemon, as it simply skips over comments.

For crontab entries (for which the daemon allocates memory), the maximum
command length is already limited to 998 characters, so these allocations are
already kept in check.

fixes/Swap both uid and gid.patch | (download)

misc.c | 19 15 + 4 - 0 !
1 file changed, 15 insertions(+), 4 deletions(-)

 swap both uid and gid

When swapping uid, also swap the gid.

Fix provided by Solar Designer.

fixes/Dont run reboot jobs on restart.patch | (download)

cron.c | 19 19 + 0 - 0 !
pathnames.h | 4 4 + 0 - 0 !
2 files changed, 23 insertions(+)

 don't run reboot jobs on restart

Don't run reboot jobs when restarting the cron daemon.

Fix provided by Steve Greenland <stevegr@debian.org>.

Bug-Debian: https://bugs.debian.org/74762
Bug-Debian: https://bugs.debian.org/77563
fixes/Backport crontab envparser from v4.1.patch | (download)

env.c | 101 91 + 10 - 0 !
1 file changed, 91 insertions(+), 10 deletions(-)

 backport crontab envparser from v4.1

The 3.0 parser is crude and may misparse crontab entries containing equal signs
(=). This patch backports the parser from the 4.1 release.

Bug-Debian: https://bugs.debian.org/437180
fixes/Send proper 8 bit emails.patch | (download)

config.h | 2 1 + 1 - 0 !
do_command.c | 3 3 + 0 - 0 !
2 files changed, 4 insertions(+), 1 deletion(-)

 send proper 8-bit emails

Cron sends 8-bit emails, so it needs to send these mails as 8BITMIME.  This
involves passing -B8BITMIME so that sendmail knows what kind of data to expect,
as well as sending an appropriate MIME-Version and Content-Transfer-Encoding
header.

Without these changes, mail servers that reject non-MIME 8-bit emails will
reject cron's messages.

Fix provided by brian m. carlson <sandals@crustytoothpaste.net>.

Bug-Debian: https://bugs.debian.org/694686
fixes/Dont silently truncate commands.patch | (download)

crontab.5 | 3 2 + 1 - 0 !
entry.c | 14 12 + 2 - 0 !
2 files changed, 14 insertions(+), 3 deletions(-)

 don't silently truncate commands

Commands have a maximum length. When hitting this maximum, generate an error
instead of silently truncated the command.

Bug-Debian: https://bugs.debian.org/686223
fixes/Use basename for syslog tag.patch | (download)

cron.c | 3 2 + 1 - 0 !
crontab.c | 3 2 + 1 - 0 !
2 files changed, 4 insertions(+), 2 deletions(-)

 use basename for syslog tag

Use basename of argv[0] as syslog tag. This avoids the inclusion of the "/"
character, which is a violation of RFC 3164.

The rule files of package logcheck-database do not have to be updated; they
already considered the dirname of argv[0] to be an optional prefix.

Bug-Debian: https://bugs.debian.org/752750
fixes/Improve denied user warning.patch | (download)

crontab.c | 18 13 + 5 - 0 !
1 file changed, 13 insertions(+), 5 deletions(-)

 improve denied user warning

fixes/Permit user to use u option on self.patch | (download)

crontab.c | 13 7 + 6 - 0 !
1 file changed, 7 insertions(+), 6 deletions(-)

 permit user to use -u option on self

Instead of entirely prohibiting non-root users to use the -u option, allow them
to use it on themselves, as this should be a null-op.

Fix provided by Steve Greenland <stevegr@debian.org>.

fixes/crontab wo arguments reads from stdin.patch | (download)

crontab.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 crontab without arguments reads from stdin

If crontab is run without argument, then POSIX mandates that it should read the
crontab from stdin. See

    http://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html

Fix provided by TANIGUCHI Takaki <takaki@asis.media-as.org>.

Bug-Debian: https://bugs.debian.org/514062
features/Debian build process customizations.patch | (download)

Makefile | 11 6 + 5 - 0 !
1 file changed, 6 insertions(+), 5 deletions(-)

 debian build process customizations

Build process customizations for building under Debian. Most notably, disable
upstream's optimization and stripping; our build process does that.

features/Debian manpage and doc updates.patch | (download)

README | 6 6 + 0 - 0 !
cron.8 | 82 79 + 3 - 0 !
crontab.1 | 28 22 + 6 - 0 !
crontab.5 | 55 50 + 5 - 0 !
4 files changed, 157 insertions(+), 14 deletions(-)

 debian manpage and doc updates

A collection of various corrections, clarifications, and additions to the
manpages cron.8, crontab.1, and crontab.5 which are not specific to Debian's
version of vixie cron.

Fixes mostly provided originally by Steve Greenland <stevegr@debian.org>, with
numerous smaller contributions by others.

features/Debian paths and commands.patch | (download)

cron.8 | 2 1 + 1 - 0 !
crontab.1 | 22 11 + 11 - 0 !
misc.c | 2 1 + 1 - 0 !
pathnames.h | 16 6 + 10 - 0 !
4 files changed, 19 insertions(+), 23 deletions(-)

 debian paths and commands

User pathnames and commands specific to Debian.

Bug-Debian: https://bugs.debian.org/482284
features/Debian sendmail options.patch | (download)

config.h | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 debian sendmail options

Modify the options passed to sendmail:
 * Drop -odi option (don't force immediate delivery)
 * Drop -or0s option (don't override read timeout)
 * Add -i option (Don't terminate on "." by itself)


Bug-Debian: https://bugs.debian.org/36338
Bug-Debian: https://bugs.debian.org/146224
features/Improved debugging options handling.patch | (download)

Makefile | 4 3 + 1 - 0 !
config.h | 1 1 + 0 - 0 !
cron.c | 22 20 + 2 - 0 !
crontab.c | 12 10 + 2 - 0 !
4 files changed, 34 insertions(+), 5 deletions(-)

 improved debugging options handling

When building cron with debugging support, include the ability to print the
debug options. When building without support, drop the debugging option
from option parsing.

features/PAM support for jobs.patch | (download)

Makefile | 4 2 + 2 - 0 !
cron.8 | 2 2 + 0 - 0 !
do_command.c | 33 33 + 0 - 0 !
3 files changed, 37 insertions(+), 2 deletions(-)

 pam support for jobs

Add support for PAM for job execution.

Contributed by Topi Miettinen <Topi.Miettinen@nic.fi>.

Bug-Debian: https://bugs.debian.org/68366
Bug-Debian: https://bugs.debian.org/67586
features/PAM pam_env support for jobs.patch | (download)

crontab.5 | 14 14 + 0 - 0 !
do_command.c | 31 28 + 3 - 0 !
2 files changed, 42 insertions(+), 3 deletions(-)

 pam pam_env support for jobs

Add support for pam_env for job execution.

Contributed by Steve Greenland <stevegr@debian.org>.

IMPORTANT NOTE: This currently only (or mostly) affects commands launched by
crontab entries. Other commands run (such as mail notification via MAILTO) do
not use this code. This is not really that big of an issue (eg. why would
anyone force MAILTO via /etc/environment), but it should be documented
somewhere.

Bug-Debian: https://bugs.debian.org/203737
Bug-Debian: https://bugs.debian.org/511684
features/SELinux support.patch | (download)

Makefile | 4 2 + 2 - 0 !
cron.8 | 2 2 + 0 - 0 !
cron.h | 12 11 + 1 - 0 !
database.c | 5 3 + 2 - 0 !
do_command.c | 23 23 + 0 - 0 !
user.c | 158 154 + 4 - 0 !
6 files changed, 195 insertions(+), 9 deletions(-)

 selinux support

Add SELinux support.

Patch contributed by Manoj Srivastava <srivasta@debian.org>, with additional
fixes by Russell Coker <russell@coker.com.au> and Laurent Bigonville
<bigon@debian.org>.
 
Bug-Debian: https://bugs.debian.org/264320
Bug-Debian: https://bugs.debian.org/315509
Bug-Debian: https://bugs.debian.org/324017
Bug-Debian: https://bugs.debian.org/383857
Bug-Debian: https://bugs.debian.org/857662
Bug-Debian: https://bugs.debian.org/924716
features/Linux Audit support.patch | (download)

Makefile | 4 2 + 2 - 0 !
cron.8 | 2 2 + 0 - 0 !
misc.c | 12 12 + 0 - 0 !
3 files changed, 16 insertions(+), 2 deletions(-)

 linux audit support

Add support for logging using the Linux Auditing System.

Contributed by Steve Grubb.

Bug-Debian: https://bugs.debian.org/383741
features/Drop in drop.d directory support.patch | (download)

cron.8 | 107 103 + 4 - 0 !
cron.c | 13 10 + 3 - 0 !
cron.h | 7 6 + 1 - 0 !
database.c | 285 248 + 37 - 0 !
pathnames.h | 2 2 + 0 - 0 !
5 files changed, 369 insertions(+), 45 deletions(-)

 drop-in cron.d directory support

Add support for /etc/cron.d, a drop-in directory for packages. This involves
numerous features, such as:
    * Efficiently detecting changes
    * LSB-conform naming convention
    * Security concerns

Contributed by Steve Greenland <stevegr@debian.org>.

features/Better timeskip handling.patch | (download)

cron.8 | 18 18 + 0 - 0 !
cron.c | 236 168 + 68 - 0 !
cron.h | 26 24 + 2 - 0 !
do_command.c | 2 1 + 1 - 0 !
entry.c | 8 8 + 0 - 0 !
misc.c | 40 38 + 2 - 0 !
6 files changed, 257 insertions(+), 73 deletions(-)

 better timeskip handling

Better handling of time skips (when the clock jumps either forwards or
backwards), in particular with regards to/from daylight savings time.

Originally from OpenBSD patches supplied by Topi Miettinen.

Bug-Debian: https://bugs.debian.org/8499
Bug-Debian: https://bugs.debian.org/458123
Bug-Debian: https://bugs.debian.org/474157
Bug-Ubuntu: https://bugs.launchpad.net/bugs/36690
features/Logging enhancements.patch | (download)

misc.c | 3 2 + 1 - 0 !
pathnames.h | 2 1 + 1 - 0 !
user.c | 30 29 + 1 - 0 !
3 files changed, 32 insertions(+), 3 deletions(-)

 logging enhancements

Minor enhancements to logging, namely:
  * Log to syslog exclusively
  * Log the location of the PID file
  * Log broken system crontabs (user crontabs are checked by crontab(1))
 
Contributed by Steve Greenland <stevegr@debian.org>.

Bug-Debian: https://bugs.debian.org/76625
features/Make crontab SGID crontab.patch | (download)

cron.8 | 2 2 + 0 - 0 !
crontab.1 | 5 5 + 0 - 0 !
crontab.c | 32 14 + 18 - 0 !
misc.c | 41 37 + 4 - 0 !
pathnames.h | 20 20 + 0 - 0 !
5 files changed, 78 insertions(+), 22 deletions(-)

 make crontab sgid crontab

Improve security by making crontab(1) SGID crontab instead of SUID root.

Specifically:
  * Drop the call to set_cron_uid(), which is just a wrapper to seteuid()
  * setgid() to the real group ID before exec'ing the editor
  * Create spool dir with the expected permissions

Nevertheless, Tomi Miettinen's advice in #18333 of not SETing at all, and
using sockets instead should be taken into consideration.

Bug-Debian: https://bugs.debian.org/18333
features/Enable setting content headers in email.patch | (download)

cron.c | 16 16 + 0 - 0 !
cron.h | 3 3 + 0 - 0 !
crontab.5 | 14 14 + 0 - 0 !
do_command.c | 39 38 + 1 - 0 !
externs.h | 5 5 + 0 - 0 !
5 files changed, 76 insertions(+), 1 deletion(-)

 enable setting content headers in email

Set the ContentType: header based on the system locale or cron's environment,
if available.

Implementation taken from Fedora Core's version of cron.

Bug-Debian: https://bugs.debian.org/338051
Bug-Debian: https://bugs.debian.org/309150
Bug-Debian: https://bugs.debian.org/600310
features/Open close syslog on every call.patch | (download)

misc.c | 14 3 + 11 - 0 !
1 file changed, 3 insertions(+), 11 deletions(-)

 open/close syslog on every call

Open and close syslog on every call to log_it().

This ancient change seems to stem from a time when there were various conflicts
with PAM -- for example PAM apparently changed the facility from LOG_CRON to
LOG_AUTH.

I could not reproduce this and other issues alluded to, and this fix is not
present in other Vixie cron derivatives. However, those other derivatives are
based on 4.1, so it might be possible that this fix is still needed for 3.0,
which is why I'm keeping it for now.

Contributed by Steve Greenland <stevegr@debian.org>.

features/Enable running daemon in foreground.patch | (download)

cron.8 | 4 4 + 0 - 0 !
cron.c | 10 7 + 3 - 0 !
cron.h | 1 1 + 0 - 0 !
3 files changed, 12 insertions(+), 3 deletions(-)

 enable running daemon in foreground

Enable running the daemon in the foreground by specifying -f as an option.

Contributed by Steve Greenland <stevegr@debian.org>.

Bug-Debian: https://bugs.debian.org/108492