commit cronie for openSUSE:Factory

Source-Sync Mon, 22 Jul 2024 08:15:36 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package cronie for openSUSE:Factory checked 
in at 2024-07-22 17:14:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cronie (Old)
 and      /work/SRC/openSUSE:Factory/.cronie.new.17339 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "cronie"

Mon Jul 22 17:14:12 2024 rev:94 rq:1188846 version:unknown

Changes:
--------
--- /work/SRC/openSUSE:Factory/cronie/cronie.changes    2024-05-01 
14:55:50.496579028 +0200
+++ /work/SRC/openSUSE:Factory/.cronie.new.17339/cronie.changes 2024-07-22 
17:14:27.732786499 +0200
@@ -1,0 +2,6 @@
+Tue Jul  9 10:02:29 UTC 2024 - Johannes Segitz <jseg...@suse.com>
+
+- Improve permissions checks in run-cron. Just check if the permission
+  matches completely. Otherwise e.g. setgid directories causes failures
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ run-crons ++++++
--- /var/tmp/diff_new_pack.5IpvW3/_old  2024-07-22 17:14:29.564860082 +0200
+++ /var/tmp/diff_new_pack.5IpvW3/_new  2024-07-22 17:14:29.568860243 +0200
@@ -104,22 +104,15 @@
 SECURE_PERMISSIONS="${SECURE_DIR_PERMISSIONS:-755}"
 for CRONDIR in /etc/cron.{hourly,daily,weekly,monthly} ; do
     test -d $CRONDIR || continue
-    # this is racy but better than nothing
+    # these checks are racy but better than nothing
     if [ ! "$ENFORCE_ROOT_OWNER_GROUP_DIR" = "no" ] && [ ! -O $CRONDIR -o ! -G 
$CRONDIR ]; then
       echo "wrong owner/group for $CRONDIR, skipping" | logger
       continue
     fi
     ACTUAL_PERMISSIONS=$(stat -c %a $CRONDIR)
-    # to have this default to false would be better, but would require a more
-    # complicated logic in the loop 
-    PERMISSIONS_ARE_SECURE=true
-    for (( i=0; i<${#ACTUAL_PERMISSIONS}; i++ )); do
-      if [ "${ACTUAL_PERMISSIONS:$i:1}" -gt "${SECURE_PERMISSIONS:$i:1}" ]; 
then
-        PERMISSIONS_ARE_SECURE=false
-      fi
-    done
-    if [ ! "$PERMISSIONS_ARE_SECURE" = true ]; then
-      echo "wrong permissions $ACTUAL_PERMISSIONS for $CRONDIR, expecting 
$SECURE_PERMISSIONS. Skipping" | logger
+
+    if [ ! "${ACTUAL_PERMISSIONS}" = "${SECURE_PERMISSIONS}" ]; then
+      echo "wrong permissions $ACTUAL_PERMISSIONS for $CRONDIR, expecting 
$SECURE_PERMISSIONS (see SECURE_DIR_PERMISSIONS in /etc/sysconfig/cron). 
Skipping" | logger
       continue
     fi

commit cronie for openSUSE:Factory

Reply via email to