Hello community,

here is the log from the commit of package at for openSUSE:Factory checked in 
at 2017-08-06 11:28:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/at (Old)
 and      /work/SRC/openSUSE:Factory/.at.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "at"

Sun Aug  6 11:28:23 2017 rev:71 rq:512800 version:3.1.20

Changes:
--------
--- /work/SRC/openSUSE:Factory/at/at.changes    2015-10-17 16:36:49.000000000 
+0200
+++ /work/SRC/openSUSE:Factory/.at.new/at.changes       2017-08-06 
11:28:24.693421366 +0200
@@ -1,0 +2,25 @@
+Sat Jul 22 07:21:45 UTC 2017 - tchva...@suse.com
+
+- Drop patch at-3.1.8-eal3-manpages.patch merged upstream differently
+
+-------------------------------------------------------------------
+Sat Jul 22 07:07:28 UTC 2017 - tchva...@suse.com
+
+- Version update to at 3.1.20 to match latest upstream:
+  * Pam and selinux implemented upstream
+  * various tiny fixes
+- Rebase patches:
+  * at-3.1.13-documentation-dir.patch
+  * at-3.1.13-massive_batch.patch
+  * at-3.1.14-joblist.patch
+  * at-3.1.14-parse-suse-sysconfig.patch
+  * at-3.1.14-usePOSIXtimers.patch
+  * at-3.1.14.patch
+- Drop no longer needed patches:
+  * at-3.1.13-formatbugs.patch
+  * at-3.1.13-pam-session-as-root.patch
+  * at-3.1.13-pam.patch
+  * at-3.1.13-queue-nice-level.patch
+  * at-3.1.14-selinux.patch
+
+-------------------------------------------------------------------

Old:
----
  at-3.1.13-formatbugs.patch
  at-3.1.13-pam-session-as-root.patch
  at-3.1.13-pam.patch
  at-3.1.13-queue-nice-level.patch
  at-3.1.14-selinux.patch
  at-3.1.8-eal3-manpages.patch
  at_3.1.16.orig.tar.gz

New:
----
  at_3.1.20.orig.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ at.spec ++++++
--- /var/tmp/diff_new_pack.6NrHe7/_old  2017-08-06 11:28:26.933105834 +0200
+++ /var/tmp/diff_new_pack.6NrHe7/_new  2017-08-06 11:28:26.941104707 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package at
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           at
-Version:        3.1.16
+Version:        3.1.20
 Release:        0
 Summary:        A Job Manager
 License:        GPL-2.0+
@@ -29,16 +29,8 @@
 Source5:        atd.service
 Patch0:         at-3.1.14.patch
 Patch4:         at-3.1.14-joblist.patch
-Patch5:         at-3.1.14-selinux.patch
-Patch7:         at-3.1.8-eal3-manpages.patch
-## no bugs anymore for patch8. Just paranoia checking
-Patch8:         at-3.1.13-formatbugs.patch
-Patch9:         at-3.1.13-pam.patch
 Patch10:        at-3.1.13-massive_batch.patch
 Patch11:        at-3.1.13-documentation-dir.patch
-Patch12:        at-3.1.13-queue-nice-level.patch
-# PATCH-FIX-UPSTREAM pam-session-as-root (bnc#408986, bnc#239210)
-Patch14:        at-3.1.13-pam-session-as-root.patch
 # PATCH-FIX-UPSTREAM clean-up opened descriptors (bnc#533454, bnc#523346)
 Patch15:        at-3.1.13-leak-fix.patch
 #PATCH-FIX-OPENSUSE add proper system users to the deny list
@@ -86,14 +78,8 @@
 %setup -q
 %patch0
 %patch4
-%patch5
-%patch7
-%patch8
-%patch9
 %patch10
 %patch11
-%patch12
-%patch14
 %patch15
 %patch16
 %patch17 -p1
@@ -109,13 +95,10 @@
 %patch29 -p1
 
 %build
-rm -fv y.tab.c y.tab.h lex.yy.c lex.yy.o y.tab.o
-autoreconf -fiv
-
-export CFLAGS="%{?optflags} -fPIE"
-export LDFLAGS="-pie"
 export SENDMAIL=%{_sbindir}/sendmail
 
+autoreconf -fvi
+
 %configure \
   --with-pam \
   --with-selinux \

++++++ at-3.1.13-documentation-dir.patch ++++++
--- /var/tmp/diff_new_pack.6NrHe7/_old  2017-08-06 11:28:27.005095692 +0200
+++ /var/tmp/diff_new_pack.6NrHe7/_new  2017-08-06 11:28:27.017094001 +0200
@@ -2,10 +2,8 @@
 ===================================================================
 --- at.1.in.orig
 +++ at.1.in
-@@ -124,11 +124,11 @@ to run a job at 10:00am on July 31, you
- .B at 10am Jul 31
- and to run a job at 1am tomorrow, you would do
- .B at 1am tomorrow.
+@@ -132,7 +132,7 @@ the past, the job will run as soon as po
+ it will run more likely at 8:05pm.
  .PP
  The definition of the time specification can be found in
 -.IR @prefix@/share/doc/at/timespec .
@@ -13,5 +11,3 @@
  .PP
  For both
  .BR at " and " batch ,
- commands are read from standard input or the file specified
- with the

++++++ at-3.1.13-massive_batch.patch ++++++
--- /var/tmp/diff_new_pack.6NrHe7/_old  2017-08-06 11:28:27.109081042 +0200
+++ /var/tmp/diff_new_pack.6NrHe7/_new  2017-08-06 11:28:27.113080479 +0200
@@ -2,9 +2,7 @@
 ===================================================================
 --- atd.c.orig
 +++ atd.c
-@@ -112,13 +112,14 @@ gid_t daemon_gid = (gid_t) - 3;
- 
- static char *namep;
+@@ -108,9 +108,10 @@ static char *namep;
  static double load_avg = LOADAVG_MX;
  static time_t now;
  static time_t last_chg;
@@ -16,11 +14,7 @@
  
  static volatile sig_atomic_t term_signal = 0;
  
- #ifdef WITH_PAM
- #include <security/pam_appl.h>
-@@ -146,14 +147,14 @@ set_term(int dummy)
- {
-     term_signal = 1;
+@@ -141,10 +142,10 @@ set_term(int dummy)
      return;
  }
  
@@ -34,11 +28,7 @@
      nothing_to_do = 0;
      return;
  }
- 
- /* SIGCHLD handler - discards completion status of children */
-@@ -807,10 +808,11 @@ run_loop()
- 
-     if (nothing_to_do && buf.st_mtime <= last_chg)
+@@ -647,6 +648,7 @@ run_loop()
        return next_job;
      last_chg = buf.st_mtime;
  
@@ -46,11 +36,7 @@
      if ((spool = opendir(".")) == NULL)
        perr("Cannot read " ATJOB_DIR);
  
-     run_batch = 0;
-     nothing_to_do = 1;
-@@ -1043,11 +1045,11 @@ main(int argc, char *argv[])
-      * A signal handler setting term_signal will make sure there's
-      * a clean exit.
+@@ -898,7 +900,7 @@ main(int argc, char *argv[])
       */
  
      sigaction(SIGHUP, NULL, &act);
@@ -59,11 +45,7 @@
      sigaction(SIGHUP, &act, NULL);
  
      sigaction(SIGTERM, NULL, &act);
-     act.sa_handler = set_term;
-     sigaction(SIGTERM, &act, NULL);
-@@ -1059,12 +1061,13 @@ main(int argc, char *argv[])
-     daemon_setup();
- 
+@@ -914,9 +916,10 @@ main(int argc, char *argv[])
      do {
        now = time(NULL);
        next_invocation = run_loop();
@@ -75,4 +57,3 @@
      } while (!term_signal);
      daemon_cleanup();
      exit(EXIT_SUCCESS);
- }

++++++ at-3.1.14-joblist.patch ++++++
--- /var/tmp/diff_new_pack.6NrHe7/_old  2017-08-06 11:28:27.157074281 +0200
+++ /var/tmp/diff_new_pack.6NrHe7/_new  2017-08-06 11:28:27.165073154 +0200
@@ -2,9 +2,7 @@
 ===================================================================
 --- at.c.orig
 +++ at.c
-@@ -132,11 +132,13 @@ char atverify = 0;               /* verify time inste
- 
- static void sigc(int signo);
+@@ -134,7 +134,9 @@ static void sigc(int signo);
  static void alarmc(int signo);
  static char *cwdname(void);
  static void writefile(time_t runtimer, char queue);
@@ -15,11 +13,7 @@
  
  /* Signal catching functions */
  
- static RETSIGTYPE 
- sigc(int signo)
-@@ -545,12 +547,24 @@ writefile(time_t runtimer, char queue)
-       break;
-     }
+@@ -566,8 +568,20 @@ writefile(time_t runtimer, char queue)
      return;
  }
  
@@ -41,11 +35,7 @@
  {
      /* List all a user's jobs in the queue, by looping through ATJOB_DIR, 
       * or everybody's if we are root
-      */
-     DIR *spool;
-@@ -585,10 +599,14 @@ list_jobs(void)
-           continue;
- 
+@@ -606,6 +620,10 @@ list_jobs(void)
        if (sscanf(dirent->d_name, "%c%5lx%8lx", &queue, &jobno, &ctm) != 3)
            continue;
  
@@ -56,11 +46,7 @@
        if (atqueue && (queue != atqueue))
            continue;
  
-       runtimer = 60 * (time_t) ctm;
-       runtime = localtime(&runtimer);
-@@ -706,10 +724,33 @@ process_jobs(int argc, char **argv, int
-       }
-     }
+@@ -727,6 +745,29 @@ process_jobs(int argc, char **argv, int
      return rc;
  }                             /* delete_jobs */
  
@@ -90,12 +76,8 @@
  /* Global functions */
  
  void *
- mymalloc(size_t n)
- {
-@@ -731,10 +772,12 @@ main(int argc, char **argv)
- 
-     int program = AT;         /* our default program */
-     char *options = "q:f:MmvlrdhVct:";        /* default options for at */
+@@ -752,6 +793,8 @@ main(int argc, char **argv)
+     char *options = "q:f:MmbvlrdhVct:";       /* default options for at */
      int disp_version = 0;
      time_t timer = 0;
 +    long *joblist = NULL;
@@ -103,11 +85,7 @@
      struct passwd *pwe;
      struct group *ge;
  
-     RELINQUISH_PRIVS
- 
-@@ -868,12 +911,13 @@ main(int argc, char **argv)
-     switch (program) {
-       int i;
+@@ -889,8 +932,9 @@ main(int argc, char **argv)
      case ATQ:
  
        REDUCE_PRIV(daemon_uid, daemon_gid)
@@ -119,15 +97,11 @@
        break;
  
      case ATRM:
- 
-       REDUCE_PRIV(daemon_uid, daemon_gid)
 Index: panic.c
 ===================================================================
 --- panic.c.orig
 +++ panic.c
-@@ -93,10 +93,11 @@ usage(void)
- /* Print usage and exit.
-  */
+@@ -95,6 +95,7 @@ usage(void)
      fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mMlbv] timespec ...\n"
              "       at [-V] [-q x] [-f file] [-mMlbv] -t time\n"
            "       at -c job ...\n"
@@ -135,5 +109,3 @@
            "       atq [-V] [-q x]\n"
            "       at [ -rd ] job ...\n"
            "       atrm [-V] job ...\n"
-           "       batch\n");
-     exit(EXIT_FAILURE);

++++++ at-3.1.14-parse-suse-sysconfig.patch ++++++
--- /var/tmp/diff_new_pack.6NrHe7/_old  2017-08-06 11:28:27.217065829 +0200
+++ /var/tmp/diff_new_pack.6NrHe7/_new  2017-08-06 11:28:27.229064138 +0200
@@ -46,7 +46,7 @@
  /* Local headers */
  
  #include "privs.h"
-@@ -930,6 +934,7 @@ main(int argc, char *argv[])
+@@ -798,6 +802,7 @@ main(int argc, char *argv[])
   * for execution and yet another one, optionally, for sending mail.
   * Files which already have run are removed during the next invocation.
   */
@@ -54,7 +54,7 @@
      int c;
      time_t next_invocation;
      struct sigaction act;
-@@ -998,6 +1003,22 @@ main(int argc, char *argv[])
+@@ -875,6 +880,22 @@ main(int argc, char *argv[])
        }
      }
  
@@ -81,8 +81,8 @@
 ===================================================================
 --- configure.ac.orig
 +++ configure.ac
-@@ -53,6 +53,8 @@ AC_CHECK_LIB(fl,yywrap,
-         AC_DEFINE([NEED_YYWRAP], 1, [need yywrap])
+@@ -54,6 +54,8 @@ AC_CHECK_LIB(fl,yywrap,
+                   [Define to 1 if we need to provide our own yywrap()])
  )
  
 +PKG_CHECK_MODULES([HX], [libHX])

++++++ at-3.1.14-usePOSIXtimers.patch ++++++
--- /var/tmp/diff_new_pack.6NrHe7/_old  2017-08-06 11:28:27.273057940 +0200
+++ /var/tmp/diff_new_pack.6NrHe7/_new  2017-08-06 11:28:27.273057940 +0200
@@ -1,6 +1,8 @@
---- at-3.1.15.orig/atd.c
-+++ at-3.1.15/atd.c
-@@ -919,6 +919,54 @@ run_loop()
+Index: at-3.1.20/atd.c
+===================================================================
+--- at-3.1.20.orig/atd.c
++++ at-3.1.20/atd.c
+@@ -787,6 +787,54 @@ run_loop()
      return next_job;
  }
  
@@ -55,7 +57,7 @@
  /* Global functions */
  
  int
-@@ -1032,7 +1080,7 @@ main(int argc, char *argv[])
+@@ -909,7 +957,7 @@ main(int argc, char *argv[])
      sigaction(SIGCHLD, &act, NULL);
  
      if (!run_as_daemon) {
@@ -64,7 +66,7 @@
        run_loop();
        exit(EXIT_SUCCESS);
      }
-@@ -1055,13 +1103,14 @@ main(int argc, char *argv[])
+@@ -932,13 +980,14 @@ main(int argc, char *argv[])
      act.sa_handler = set_term;
      sigaction(SIGINT, &act, NULL);
  
@@ -81,8 +83,10 @@
        }
        hupped = 0;
      } while (!term_signal);
---- at-3.1.15.orig/config.h.in
-+++ at-3.1.15/config.h.in
+Index: at-3.1.20/config.h.in
+===================================================================
+--- at-3.1.20.orig/config.h.in
++++ at-3.1.20/config.h.in
 @@ -38,6 +38,9 @@
  /* Define to 1 if you have the `getloadavg' function. */
  #undef HAVE_GETLOADAVG
@@ -93,11 +97,13 @@
  /* Define to 1 if you have the <getopt.h> header file. */
  #undef HAVE_GETOPT_H
  
---- at-3.1.15.orig/configure.ac
-+++ at-3.1.15/configure.ac
-@@ -254,6 +254,12 @@ AC_ARG_WITH(daemon_username,
- )
- AC_SUBST(DAEMON_USERNAME)
+Index: at-3.1.20/configure.ac
+===================================================================
+--- at-3.1.20.orig/configure.ac
++++ at-3.1.20/configure.ac
+@@ -263,6 +263,12 @@ fi
+ AC_SUBST(SELINUXLIB)
+ AC_SUBST(WITH_SELINUX)
  
 +dnl check for POSIX timer functions
 +AC_SEARCH_LIBS([timer_create],[rt])

++++++ at-3.1.14.patch ++++++
--- /var/tmp/diff_new_pack.6NrHe7/_old  2017-08-06 11:28:27.361045544 +0200
+++ /var/tmp/diff_new_pack.6NrHe7/_new  2017-08-06 11:28:27.373043854 +0200
@@ -55,7 +55,7 @@
 -      cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5
 -      $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir)
 +      $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/
-+      $(INSTALL) -m 644 at.deny.5  $(IROOT)$(man5dir)/
++      cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5
 +      $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir)
        rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \
                $(IROOT)$(mandir)/cat1/atq.1*

++++++ at_3.1.16.orig.tar.gz -> at_3.1.20.orig.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/ChangeLog new/at-3.1.20/ChangeLog
--- old/at-3.1.16/ChangeLog     2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/ChangeLog     2016-06-28 22:55:01.000000000 +0200
@@ -157,3 +157,20 @@
 
   Ansgar Burchardt (1):
         at: only retain variables whose name consists of alphanumerics and 
underscores
+
+at 3.1.17 (2015-08-31):
+
+  Jose M Calhariz:
+       at.1.in: Document behaviour when using past time, thanks Kelly Price 
(Closes: #639900).
+       Makefile.in: On distclean remove at.allow.5, auto generated file.
+
+at 3.1.18 (2015-12-06)
+
+  Jose M Calhariz:
+       Add support for SELinux, multiples files
+
+at 3.1.19 (2016-03-20)
+  Jose M Calhariz:
+       Fix configure handling of flag --without-selinux.
+
+Last entry on this file follow debian/changelog.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/Copyright new/at-3.1.20/Copyright
--- old/at-3.1.16/Copyright     2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/Copyright     2015-12-18 21:29:24.000000000 +0100
@@ -9,6 +9,9 @@
 In August 2009 the upstream development and Debian packaging were taken over
 by Ansgar Burchardt <ans...@debian.org> and Cyril Brulebois <k...@debian.org>.
 
+In August 2015 the upstream development and Debian packaging were
+taken over by Jose M Calhariz <j...@calhariz.com>
+
 This may be considered the experimental upstream source, and since there
 doesn't seem to be any other upstream source, the only upstream source.
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/Makefile.in new/at-3.1.20/Makefile.in
--- old/at-3.1.16/Makefile.in   2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/Makefile.in   2015-12-18 21:29:24.000000000 +0100
@@ -40,6 +40,7 @@
 LIBOBJS                = @LIBOBJS@
 INSTALL                = @INSTALL@
 PAMLIB          = @PAMLIB@
+SELINUXLIB      = @SELINUXLIB@
 
 CLONES         = atq atrm
 ATOBJECTS      = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o
@@ -73,7 +74,7 @@
        $(LN_S) -f at atrm
 
 atd: $(RUNOBJECTS)
-       $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB)
+       $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB)
 
 y.tab.c y.tab.h: parsetime.y
        $(YACC) -d parsetime.y
@@ -142,7 +143,7 @@
        rm -f parsetest parsetime.c lex.yy.c y.tab.c y.tab.h
 
 distclean: clean
-       rm -rf at.1 atd.8 atrun.8 config.cache atrun batch config.h \
+       rm -rf at.1 at.allow.5 atd.8 atrun.8 config.cache atrun batch config.h \
                config.status Makefile config.log build atd.service
 
 checkin: $(DIST)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/at.1.in new/at-3.1.20/at.1.in
--- old/at-3.1.16/at.1.in       2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/at.1.in       2015-12-18 21:29:24.000000000 +0100
@@ -125,6 +125,12 @@
 and to run a job at 1am tomorrow, you would do
 .B at 1am tomorrow.
 .PP
+If you specify a job to absolutely run at a specific time and date in
+the past, the job will run as soon as possible.  For example, if it is
+8pm and you do a
+.B at 6pm today,
+it will run more likely at 8:05pm.
+.PP
 The definition of the time specification can be found in
 .IR @prefix@/share/doc/at/timespec .
 .PP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/at.c new/at-3.1.20/at.c
--- old/at-3.1.16/at.c  2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/at.c  2016-06-28 22:18:00.000000000 +0200
@@ -495,6 +495,9 @@
     fprintf(fp, "\n");
     if (ferror(fp))
        panic("Output error");
+    fflush(fp);
+    if (ferror(fp))
+       panic("Output error");
 
     if (ferror(stdin))
        panic("Input error");
@@ -746,7 +749,7 @@
     char *pgm;
 
     int program = AT;          /* our default program */
-    char *options = "q:f:MmvlrdhVct:"; /* default options for at */
+    char *options = "q:f:MmbvlrdhVct:";        /* default options for at */
     int disp_version = 0;
     time_t timer = 0;
     struct passwd *pwe;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/atd.c new/at-3.1.20/atd.c
--- old/at-3.1.16/atd.c 2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/atd.c 2016-06-28 22:14:39.000000000 +0200
@@ -83,6 +83,12 @@
 #include "getloadavg.h"
 #endif
 
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+int selinux_enabled = 0;
+#endif
+
 /* Macros */
 
 #define BATCH_INTERVAL_DEFAULT 60
@@ -195,6 +201,72 @@
 #define fork myfork
 #endif
 
+#ifdef WITH_SELINUX
+static int
+set_selinux_context(const char *name, const char *filename) {
+    security_context_t user_context = NULL;
+    security_context_t file_context = NULL;
+    int retval = 0;
+    char *seuser = NULL;
+    char *level = NULL;
+
+    if (getseuserbyname(name, &seuser, &level) == 0) {
+        retval = get_default_context_with_level(seuser, level, NULL, 
&user_context);
+        free(seuser);
+        free(level);
+        if (retval < 0) {
+            lerr("get_default_context_with_level: couldn't get security 
context for user %s", name);
+            retval = -1;
+            goto err;
+        }
+    }
+
+    /*
+     * Since crontab files are not directly executed,
+     * crond must ensure that the crontab file has
+     * a context that is appropriate for the context of
+     * the user cron job.  It performs an entrypoint
+     * permission check for this purpose.
+     */
+    if (fgetfilecon(STDIN_FILENO, &file_context) < 0) {
+        lerr("fgetfilecon FAILED %s", filename);
+        retval = -1;
+        goto err;
+    }
+
+    retval = selinux_check_access(user_context, file_context, "file", 
"entrypoint", NULL);
+    freecon(file_context);
+    if (retval < 0) {
+        lerr("Not allowed to set exec context to %s for user  %s", 
user_context, name);
+        retval = -1;
+        goto err;
+    }
+    if (setexeccon(user_context) < 0) {
+        lerr("Could not set exec context to %s for user  %s", user_context, 
name);
+        retval = -1;
+        goto err;
+    }
+err:
+    if (retval < 0 && security_getenforce() != 1)
+        retval = 0;
+    if (user_context)
+        freecon(user_context);
+    return retval;
+}
+
+static int
+selinux_log_callback (int type, const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+    vsyslog (LOG_ERR, fmt, ap);
+    va_end(ap);
+    return 0;
+}
+
+#endif
+
 static void
 run_file(const char *filename, uid_t uid, gid_t gid)
 {
@@ -424,6 +496,13 @@
 
            nice((tolower((int) queue) - 'a' + 1) * 2);
 
+#ifdef WITH_SELINUX
+           if (selinux_enabled > 0) {
+               if (set_selinux_context(pentry->pw_name, filename) < 0)
+                   perr("SELinux Failed to set context\n");
+           }
+#endif
+
            if (initgroups(pentry->pw_name, pentry->pw_gid))
                perr("Cannot initialize the supplementary group access list");
 
@@ -594,10 +673,16 @@
 
        /* Skip lock files */
        if (queue == '=') {
-           if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) {
-               /* Remove stale lockfile FIXME: lock the lockfile, if you fail, 
it's still in use. */
-               unlink(dirent->d_name);
-           }
+            /* FIXME: calhariz */
+            /* I think the following code is broken, but commenting
+               may haven unknow side effects.  Make a release and see
+               in the wild how it works. For more information see:
+               https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=818508/*
+
+           /* if ((buf.st_nlink == 1) && (run_time + CHECK_INTERVAL <= now)) { 
*/
+           /*     /\* Remove stale lockfile FIXME: lock the lockfile, if you 
fail, it's still in use. *\/ */
+           /*     unlink(dirent->d_name); */
+           /* } */
            continue;
        }
        /* Skip any other file types which may have been invented in
@@ -707,6 +792,14 @@
     struct passwd *pwe;
     struct group *ge;
 
+#ifdef WITH_SELINUX
+    selinux_enabled=is_selinux_enabled();
+
+    if (selinux_enabled) {
+        selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) 
selinux_log_callback);
+    }
+#endif
+
 /* We don't need root privileges all the time; running under uid and gid
  * daemon is fine.
  */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/config.h.in new/at-3.1.20/config.h.in
--- old/at-3.1.16/config.h.in   2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/config.h.in   2015-12-18 21:29:24.000000000 +0100
@@ -192,6 +192,9 @@
    <sys/cpustats.h>. */
 #undef UMAX4_3
 
+/* Define if you are building with_selinux */
+#undef WITH_SELINUX
+
 /* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
    `char[]'. */
 #undef YYTEXT_POINTER
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/configure new/at-3.1.20/configure
--- old/at-3.1.16/configure     2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/configure     2016-06-28 22:55:01.000000000 +0200
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for at 3.1.16.
+# Generated by GNU Autoconf 2.69 for at 3.1.19.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -577,8 +577,8 @@
 # Identity of this package.
 PACKAGE_NAME='at'
 PACKAGE_TARNAME='at'
-PACKAGE_VERSION='3.1.16'
-PACKAGE_STRING='at 3.1.16'
+PACKAGE_VERSION='3.1.19'
+PACKAGE_STRING='at 3.1.19'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -622,6 +622,8 @@
 
 ac_subst_vars='LTLIBOBJS
 DAEMON_GROUPNAME
+WITH_SELINUX
+SELINUXLIB
 DAEMON_USERNAME
 LOADAVG_MX
 ATSPD
@@ -682,6 +684,7 @@
 docdir
 oldincludedir
 includedir
+runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -710,6 +713,7 @@
 with_atspool
 with_loadavg_mx
 with_daemon_username
+with_selinux
 with_daemon_groupname
 '
       ac_precious_vars='build_alias
@@ -761,6 +765,7 @@
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1013,6 +1018,15 @@
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
 
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
+
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1150,7 +1164,7 @@
 for ac_var in  exec_prefix prefix bindir sbindir libexecdir datarootdir \
                datadir sysconfdir sharedstatedir localstatedir includedir \
                oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-               libdir localedir mandir
+               libdir localedir mandir runstatedir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1263,7 +1277,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures at 3.1.16 to adapt to many kinds of systems.
+\`configure' configures at 3.1.19 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1303,6 +1317,7 @@
   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
@@ -1328,7 +1343,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of at 3.1.16:";;
+     short | recursive ) echo "Configuration of at 3.1.19:";;
    esac
   cat <<\_ACEOF
 
@@ -1341,6 +1356,7 @@
   --with-atspool=PATH    Directory containing at spool (default 
SPOOLDIR/atspool).
  --with-loadavg_mx=LOADAVG_MX  Default max. load average for batch (default 
0.8).
  --with-daemon_username=DAEMON_USERNAME        Username to run under (default 
daemon)
+ --with-selinux       Define to run with selinux (default=check)
  --with-daemon_groupname=DAEMON_GROUPNAME      Groupname to run under (default 
daemon)
 
 Some influential environment variables:
@@ -1425,7 +1441,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-at configure 3.1.16
+at configure 3.1.19
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1901,7 +1917,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by at $as_me 3.1.16, which was
+It was created by at $as_me 3.1.19, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -2256,7 +2272,7 @@
 
 
 
-VERSION=3.1.16
+VERSION=3.1.19
 if test "X$CFLAGS" = "X"; then
 CFLAGS="-O2 -g -Wall"
 fi
@@ -5207,6 +5223,73 @@
 
 
 
+
+# Check whether --with-selinux was given.
+if test "${with_selinux+set}" = set; then :
+  withval=$with_selinux;
+else
+  with_selinux=check
+fi
+
+
+if test "x$with_selinux" != xno; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for is_selinux_enabled in 
-lselinux" >&5
+$as_echo_n "checking for is_selinux_enabled in -lselinux... " >&6; }
+if ${ac_cv_lib_selinux_is_selinux_enabled+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lselinux  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char is_selinux_enabled ();
+int
+main ()
+{
+return is_selinux_enabled ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_selinux_is_selinux_enabled=yes
+else
+  ac_cv_lib_selinux_is_selinux_enabled=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: 
$ac_cv_lib_selinux_is_selinux_enabled" >&5
+$as_echo "$ac_cv_lib_selinux_is_selinux_enabled" >&6; }
+if test "x$ac_cv_lib_selinux_is_selinux_enabled" = xyes; then :
+  SELINUXLIB=-lselinux
+
+$as_echo "#define WITH_SELINUX 1" >>confdefs.h
+
+
+else
+  if test "x$with_selinux" != xcheck; then
+       { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "--with-selinux is given, but test for selinux failed 
$with_selinux
+See \`config.log' for more details" "$LINENO" 5; }
+     fi
+
+
+fi
+
+fi
+
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking groupname to run under" >&5
 $as_echo_n "checking groupname to run under... " >&6; }
 
@@ -5744,7 +5827,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by at $as_me 3.1.16, which was
+This file was extended by at $as_me 3.1.19, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -5806,7 +5889,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; 
s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-at config.status 3.1.16
+at config.status 3.1.19
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/configure.ac new/at-3.1.20/configure.ac
--- old/at-3.1.16/configure.ac  2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/configure.ac  2016-06-28 22:55:52.000000000 +0200
@@ -1,6 +1,6 @@
 dnl Process this file with autoconf to produce a configure script.
 
-AC_INIT(at, 3.1.16)
+AC_INIT(at, 3.1.20)
 AC_CONFIG_SRCDIR(at.c)
 
 AC_PREFIX_DEFAULT(/usr)
@@ -239,6 +239,25 @@
 )
 AC_SUBST(DAEMON_USERNAME)
 
+AC_ARG_WITH(selinux,
+[ --with-selinux       Define to run with selinux (default=check)],
+[],
+[with_selinux=check])
+
+if test "x$with_selinux" != xno; then
+  AC_CHECK_LIB([selinux], [is_selinux_enabled],
+    [SELINUXLIB=-lselinux
+     AC_DEFINE(WITH_SELINUX, 1, [Define if you are building with_selinux])
+    ],
+    [if test "x$with_selinux" != xcheck; then
+       AC_MSG_FAILURE([--with-selinux is given, but test for selinux failed 
$with_selinux])
+     fi
+    ]
+  )
+fi
+AC_SUBST(SELINUXLIB)
+AC_SUBST(WITH_SELINUX)
+
 AC_MSG_CHECKING(groupname to run under)
 AC_ARG_WITH(daemon_groupname,
 [ --with-daemon_groupname=DAEMON_GROUPNAME     Groupname to run under (default 
daemon) ],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/daemon.c new/at-3.1.20/daemon.c
--- old/at-3.1.16/daemon.c      2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/daemon.c      2015-12-18 21:29:24.000000000 +0100
@@ -83,6 +83,22 @@
 }
 
 void
+lerr(const char *fmt,...)
+{
+    char buf[1024];
+    va_list args;
+
+    va_start(args, fmt);
+    vsnprintf(buf, sizeof(buf), fmt, args);
+    va_end(args);
+
+    if (daemon_debug) {
+       perror(buf);
+    } else
+       syslog(LOG_ERR, "%s: %m", buf);
+}
+
+void
 pabort(const char *fmt,...)
 {
     char buf[1024];
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/daemon.h new/at-3.1.20/daemon.h
--- old/at-3.1.16/daemon.h      2014-09-30 08:29:02.000000000 +0200
+++ new/at-3.1.20/daemon.h      2015-12-18 21:29:24.000000000 +0100
@@ -13,5 +13,8 @@
 #endif
 perr (const char *fmt, ...);
 
+void
+lerr (const char *fmt, ...);
+
 extern int daemon_debug;
 extern int daemon_foreground;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/at-3.1.16/dist new/at-3.1.20/dist
--- old/at-3.1.16/dist  1970-01-01 01:00:00.000000000 +0100
+++ new/at-3.1.20/dist  2016-06-28 22:31:01.000000000 +0200
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -e
+
+PACKNAME=at
+SOURCENAME=at
+VER=$( grep AC_INIT configure.ac | cut -d ',' -f 2 | tr -d ' )' )
+RELTAR=${SOURCENAME}_$VER.orig.tar.gz
+
+echo $PACKNAME $SOURCENAME $VER
+echo $RELTAR
+
+[ ! -e ../$SOURCENAME-$VER ] || ( echo "Dir $SOURCENAME-$VER exist, aborting" 
; exit 1 )
+[ ! -e ../$RELTAR ] || ( echo "Release file $RELTAR exist, aborting" ; exit 2 )
+mkdir ../$SOURCENAME-$VER
+fakeroot tar --exclude=debian --exclude=.git -cf - . | tar -C 
../$SOURCENAME-$VER -x
+GZIP=-9 fakeroot tar -C .. -czf ../$RELTAR $SOURCENAME-$VER
+rm -r ../$SOURCENAME-$VER


Reply via email to