fcron (3.0.1-1) unstable; urgency=medium * New upstream source (closes: #353339, #392057) * fcrontab: access user's directory with user's rights (necessary if user/group fcron has not the right to read the directory). * improvement in check_system_crontabs: more comments, added some help messages, added command line options, cleaner, safer code. * Improved English documentation: clarified some previously-unclear points. * Added French translation of the manual pages (thanks go to Alain Portal) * Removed old documentation from the package. * Better handling of the pipes in job.c: this should remove some problems encountered on BSD systems. * bug fix: do not use a tv_usec > 999999: should fix the problem encountered on BSD systems with select(). * bug fix: fixed a bug in make_msg(): the size of a string written to a buffer was not controlled correctly in some cases. This could result in buffer overflow and thus this was security problem. However the bug seems not exploitable as the part of the string which could overflow the buffer could not be freely defined by an attacker (it was either ": " or one of the strings returned by strerror()). * Bug fix: set the FDs correctly for select(). * Do not enable SE_LINUX for GNU/kFreeBSD builds, patch from Aurelien Jarno (closes: #336945) * Install both english and french HTML documentation * Use dh_installpam to install pam.d files * Ship Debian-customized pam.d files instead of upstream's * Depend on libpam-runtime (>= 0.76-14) as required by PAM minipolicy for @include common-* in pam.d files * Apply patch from upstream to use the correct shell for cronjobs, instead of whatever is specified for the user's login shell (closes: #333223) * Add warning about the shell set in fcron.conf and vixie-cron compatibility (basically, it must be /bin/sh) * debian/watch: switch to version 3 and avoid capturing .gz/.bz2 as part of the version number * Switch to debhelper mode V5 * Bump standards-version to 3.7.2 (no changes needed) * Remove debian/ from upstream tarball. Yes, this is not the nicest way to go about it, but it is the cleanest and fastest way to deal with the issue * debian/copyright: update dates, and also note the change to the upstream tarball -- Henrique de Moraes Holschuh Fri, 16 Jun 2006 14:34:43 -0300 fcron (3.0.0-2) unstable; urgency=low * Fix missing space on & lines in systab, and fix manpages that incorrectly documented the fact that such spaces were not needed (closes: #333668) -- Henrique de Moraes Holschuh Thu, 13 Oct 2005 07:37:39 -0300 fcron (3.0.0-1) unstable; urgency=low * New stable branch upstream source + Added time zone support (option timezone) + Fixed a bug which used to make fcron send empty mails on very recent systems (closes: #328719) * Recommend a syslog daemon instead of depending on one (closes: #319597) * Add sv, vi, cs and ja devconf translations (closes: #307001, #308061, #311649, #333089) * Update de.po translation (closes: #314116, #326147) * Bump standards-version to 3.6.2 (no changes) * Add support for LOGNAME, for Debian cron compatibility (closes: #330212) * Add big fat warning that fcron does not replace cron's functionality, and thus obviously you have to keep cron installed in the system (closes: #218513) * Mention the systab fcrontab on README.Debian * Switch systab to & lines while waiting for a reply from upstream about implementing !bootrun for % lines. If you want to customize at what time the daily/weeky/monthly cronjobs should run, edit it with fcrontab -e systab, as root (closes: #314573) -- Henrique de Moraes Holschuh Mon, 10 Oct 2005 11:11:07 -0300 fcron (2.9.6-2) unstable; urgency=medium * The "remember to clean below the carpet" release * Some portability fixes for limited size of (char) and size_t != long int; Thanks to the Debian build-daemons and gcc -Wall for telling me about it ;-) Might fix a real bug in ppc, arm and s390 * Remove statoverride on /var/spool/fcron during purge * Ignore return code for db_go in config script * Fix fcronsighup override logic in postinst script (closes: #300931) * Force systab crontabs to owner root in the spool * Ship upstream changelog properly -- Henrique de Moraes Holschuh Sat, 26 Mar 2005 01:12:48 -0300 fcron (2.9.6-1) unstable; urgency=low * The "long winter cleanup" release * Adopt package (I STILL WANT TO HAND THIS TO SOMEONE ELSE), so that it makes my life easier with the BTS and other non-uploaders-aware scripts * New upstream source * Add watch file * Use make clean instead of inexistant distclean * Switch to po-debconf, thanks to Christian Perrier (closes: #200114) * Remove legacy suidregister/suidunregister crap (closes: #292976) * Fix regexp to move legacy root fcrontab entries on prerm (closes: #248707) * Add a proper ego-inflated daemon description to fcron initscript messages (close: #240024) * Move fcronsighup to /usr/sbin (closes: #284036) * Switch to debhelper mode v4, and cleanup debian/rules accordingly * With this upload everything of use in the diff provided by the bug reporter has been addressed (closes: #193628) * Update debian/copyright * Update lintian overrides * Remove fcron 0.9.x cruft from maintainer scripts, we do not care about ancient sid -> current sarge/sid updates -- Henrique de Moraes Holschuh Sun, 13 Mar 2005 18:33:44 -0300 fcron (2.9.5.1-1) unstable; urgency=high * New upstream source: * SECURITY FIX: Due to design errors in the fcronsighup program, Fcron may allow a local user to bypass access restrictions (CAN-2004-1031), view the contents of root owned files (CAN-2004-1030), remove arbitrary files or create empty files (CAN-2004-1032), and send a SIGHUP to any process. A vulnerability also exists in fcrontab which may allow local users to view the contents of fcron.allow and fcron.deny (CAN-2004-1033). Ref: iDEFENSE Security Advisory 11.15.04. (closes: #281436) * Thanks to Gentoo's GLSA 200411-27 for providing the above text ;-) * Add myself to uploaders * Use $(MAKE) distclean on clean: target * Clean up autom4te.cache directory on clean: target * Rename fcron-update-crontabs.1 to fcron-update-crontabs.8, since it is in section 8 anyway * Add non-virtual-package packages to dependencies on virtual packages (syslog-daemon and mail-transport-agent). Use packages that are priority standard or higher for that * Fix initscript so that it will start a stopped daemon on "restart" * Now compliant to standards-version 3.6.1, bump control file entry accordingly -- Henrique de Moraes Holschuh Fri, 19 Nov 2004 10:20:44 -0200 fcron (2.9.5-1) unstable; urgency=low * New upstream version. * Fix init script. Closes: #262886 * Merged change from BSP. Closes: #232986 -- Russell Coker Tue, 9 Nov 2004 02:03:00 +1100 fcron (2.9.4-3.1) unstable; urgency=low * NMU during BSP. * ./configure uses now --with-sendmail without checks (closes: #232986). -- Sebastian Muszynski Fri, 19 Mar 2004 16:54:57 +0100 fcron (2.9.4-3) unstable; urgency=high * Made it depend on exim4|mail-transport-agent. Closes: #228570 -- Russell Coker Tue, 20 Jan 2004 17:36:00 +1100 fcron (2.9.4-2) unstable; urgency=high * Accidentally uploaded a version compiled with debugging code, so this version has a correct compile. -- Russell Coker Thu, 4 Jan 2004 22:31:00 +1100 fcron (2.9.4-1) unstable; urgency=high * New upstream with SE Linux. Upstream has old SE Linux so patched for new SE Linux. -- Russell Coker Thu, 4 Jan 2004 22:25:00 +1100 fcron (2.9.3-3) unstable; urgency=high * Added patch for ./configure checking for SE Linux from Torsten Knodt . Also added the SE Linux patch. Closes: #193610 -- Russell Coker Sat, 17 May 2003 13:55:00 +1000 fcron (2.9.3-2) unstable; urgency=high * Changes for warnings, I think it fixes #169451. -- Russell Coker Sun, 17 Nov 2002 14:12:00 +0100 fcron (2.9.3-1) unstable; urgency=high * New upstream version. -- Russell Coker Sat, 2 Nov 2002 22:09:00 +0100 fcron (2.9.2-2) unstable; urgency=high * Made it not try to use -lsecure for non-SE systems. Closes: #163680 * Added fcrondyn to package. Closes: #163808 * This is a 2.x.x release. Closes: #112146 -- Russell Coker Sat, 26 Oct 2002 21:25:00 +0200 fcron (2.9.2-1) unstable; urgency=high * New upstream version. * Temporarily taking over maintenance. -- Russell Coker Sun, 6 Oct 2002 07:14:00 +0200 fcron (1.0.3-5) unstable; urgency=high * Fix infinite loop on midmontly code. Thanks to Guy Geens for the patch (closes: #143497) -- Henrique de Moraes Holschuh Thu, 18 Apr 2002 16:45:55 -0300 fcron (1.0.3-4) unstable; urgency=high * Merge in new es, fr, ru templates (closes: #136099, #136484, #137646) * Fix bug in code that showed up with the glibc nice() fix (closes: #143044) -- Henrique de Moraes Holschuh Tue, 16 Apr 2002 10:49:17 -0300 fcron (1.0.3-3) unstable; urgency=high * SECURITY FIX: Close /tmp exploitable race in fcrontab. Thanks to Colin Phipps for reporting the bug and supplying a patch (closes: #102930) -- Henrique de Moraes Holschuh Fri, 6 Jul 2001 22:22:42 -0300 fcron (1.0.3-2) unstable; urgency=low * Do not abort postinst if dpkg-statoverride returns non-zero status (closes: #100905) -- Henrique de Moraes Holschuh Wed, 20 Jun 2001 02:24:19 -0300 fcron (1.0.3-1) unstable; urgency=medium * New upstream source: - Fixes a crash when truncating long messages (not exploitable) -- Henrique de Moraes Holschuh Sun, 15 Apr 2001 16:41:02 -0300 fcron (1.0.2-4) unstable; urgency=low * Restore default umask settings before running a job. Do note that not setting the umask explicitly in a cronjob that creates files sensitive to it IS asking for trouble, though (closes: #93123) -- Henrique de Moraes Holschuh Sat, 7 Apr 2001 23:59:10 -0300 fcron (1.0.2-3) unstable; urgency=low * Make sure postinst and postrm will exit with status 0 upon successful completion -- Henrique de Moraes Holschuh Sun, 1 Apr 2001 02:10:14 -0300 fcron (1.0.2-2) unstable; urgency=low * Build-depends only in mail-transport-agent, as autobuilders will not use the OR dependency * Trash dpkg-statoverride entries on purge -- Henrique de Moraes Holschuh Wed, 14 Mar 2001 15:00:45 -0300 fcron (1.0.2-1) unstable; urgency=low * New upstream source - Fixes bootrun option - shell variables containing "_" are now accepted. -- Henrique de Moraes Holschuh Sat, 10 Mar 2001 23:25:39 -0300 fcron (1.0.1-1) unstable; urgency=low * New upstream source -- Henrique de Moraes Holschuh Mon, 26 Feb 2001 17:53:46 -0300 fcron (1.0.0-1) unstable; urgency=low * New upstream source -- Henrique de Moraes Holschuh Mon, 26 Feb 2001 09:29:13 -0300 fcron (0.9.5-3) unstable; urgency=low * Added german template. Thanks go to Joerg Rieger (closes: #84261). This would have been done much sooner, if I had actually received the report from the BTS. * Fixed lintian warnings, and added lintian override file -- Henrique de Moraes Holschuh Thu, 22 Feb 2001 22:47:34 -0300 fcron (0.9.5-2) unstable; urgency=low * Better handling of dpkg-overriding in postinst -- Henrique de Moraes Holschuh Sat, 3 Feb 2001 21:52:15 -0200 fcron (0.9.5-1) unstable; urgency=high * Converted to dpkg-statoverride instead of suidregister * New upstream version * Upstream fixed a severe security hole (another local root exploit) * Minor updates to bring package up-to-date with policy 3.5.0.0 -- Henrique de Moraes Holschuh Wed, 31 Jan 2001 10:44:43 -0200 fcron (0.9.4-1) unstable; urgency=high * New upstream version * Real fix for local root exploit in fcrontab * Re-enables user crontabs disabled by 0.9.3-5 to -7 * Root fcrontab protected against non-root access at filesystem level. -- Henrique de Moraes Holschuh Sun, 31 Dec 2000 22:41:34 -0200 fcron (0.9.3-7) unstable; urgency=low * Fixed sendmail invoke path, and build-depends (closes: #79414) -- Henrique de Moraes Holschuh Tue, 12 Dec 2000 10:15:00 -0200 fcron (0.9.3-6) unstable; urgency=high * Make sure the security workaround is enabled by suidunregistering fcrontab. -- Henrique de Moraes Holschuh Sun, 10 Dec 2000 00:23:40 -0200 fcron (0.9.3-5) unstable; urgency=high * Disable fcrontab for users, as it is currently a local root exploit. I'll reenable it after a fix is ready and tested. * All user fcrontabs are moved to /var/spool/fcron/rxdisabled to make sure they're not run until the fix is ready. -- Henrique de Moraes Holschuh Sat, 9 Dec 2000 16:21:36 -0200 fcron (0.9.3-4) unstable; urgency=low * Fixed double negative in package description * Fixed bogus .orig.tar.gz source -- Henrique de Moraes Holschuh Fri, 8 Dec 2000 18:31:20 -0200 fcron (0.9.3-3) unstable; urgency=low * Added postinst message (using debconf) to reduce probability of bogus bug reports against anacron. * First upload to Debian (closes: #76497) -- Henrique de Moraes Holschuh Wed, 6 Dec 2000 21:56:42 -0200 fcron (0.9.3-2) unstable; urgency=low * Fixed maintainer address in control file * Changed package description in control file * Better Depends: line * Better init.d script reload behaviour, now it will freshen up saved uid/gids in fcrontabs. * Updated README.Debian -- Henrique de Moraes Holschuh Sat, 2 Dec 2000 22:03:45 -0200 fcron (0.9.3-1) unstable; urgency=low * Initial Package. (Closes: #76497) -- Henrique de Moraes Holschuh Sat, 11 Nov 2000 23:10:37 -0200