2006
fcron (3.0.1-1) unstable; urgency=medium
* New upstream source (closes: #353339, #392057) * fcrontab: access user's directory with user's rights (necessary if user/group fcron has not the right to read the directory). * improvement in check_system_crontabs: more comments, added some help messages, added command line options, cleaner, safer code. * Improved English documentation: clarified some previously-unclear points. * Added French translation of the manual pages (thanks go to Alain Portal) * Removed old documentation from the package. * Better handling of the pipes in job.c: this should remove some problems encountered on BSD systems. * bug fix: do not use a tv_usec > 999999: should fix the problem encountered on BSD systems with select(). * bug fix: fixed a bug in make_msg(): the size of a string written to a buffer was not controlled correctly in some cases. This could result in buffer overflow and thus this was security problem. However the bug seems not exploitable as the part of the string which could overflow the buffer could not be freely defined by an attacker (it was either ": " or one of the strings returned by strerror()). * Bug fix: set the FDs correctly for select(). * Do not enable SE_LINUX for GNU/kFreeBSD builds, patch from Aurelien Jarno <aurel32@debian.org> (closes: #336945) * Install both english and french HTML documentation * Use dh_installpam to install pam.d files * Ship Debian-customized pam.d files instead of upstream's * Depend on libpam-runtime (>= 0.76-14) as required by PAM minipolicy for @include common-* in pam.d files * Apply patch from upstream to use the correct shell for cronjobs, instead of whatever is specified for the user's login shell (closes: #333223) * Add warning about the shell set in fcron.conf and vixie-cron compatibility (basically, it must be /bin/sh) * debian/watch: switch to version 3 and avoid capturing .gz/.bz2 as part of the version number * Switch to debhelper mode V5 * Bump standards-version to 3.7.2 (no changes needed) * Remove debian/ from upstream tarball. Yes, this is not the nicest way to go about it, but it is the cleanest and fastest way to deal with the issue * debian/copyright: update dates, and also note the change to the upstream tarball
-- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 16 Jun 2006 14:34:43 -0300
2005
fcron (3.0.0-2) unstable; urgency=low
* Fix missing space on & lines in systab, and fix manpages that
incorrectly documented the fact that such spaces were not needed
(closes: #333668)
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 13 Oct 2005 07:37:39 -0300
fcron (3.0.0-1) unstable; urgency=low
* New stable branch upstream source
+ Added time zone support (option timezone)
+ Fixed a bug which used to make fcron send empty mails on very recent
systems (closes: #328719)
* Recommend a syslog daemon instead of depending on one (closes: #319597)
* Add sv, vi, cs and ja devconf translations
(closes: #307001, #308061, #311649, #333089)
* Update de.po translation (closes: #314116, #326147)
* Bump standards-version to 3.6.2 (no changes)
* Add support for LOGNAME, for Debian cron compatibility (closes: #330212)
* Add big fat warning that fcron does not replace cron's functionality,
and thus obviously you have to keep cron installed in the system
(closes: #218513)
* Mention the systab fcrontab on README.Debian
* Switch systab to & lines while waiting for a reply from upstream about
implementing !bootrun for % lines. If you want to customize at what
time the daily/weeky/monthly cronjobs should run, edit it with
fcrontab -e systab, as root (closes: #314573)
-- Henrique de Moraes Holschuh <hmh@debian.org> Mon, 10 Oct 2005 11:11:07 -0300
fcron (2.9.6-2) unstable; urgency=medium
* The "remember to clean below the carpet" release
* Some portability fixes for limited size of (char) and size_t != long
int; Thanks to the Debian build-daemons and gcc -Wall for telling me
about it ;-) Might fix a real bug in ppc, arm and s390
* Remove statoverride on /var/spool/fcron during purge
* Ignore return code for db_go in config script
* Fix fcronsighup override logic in postinst script (closes: #300931)
* Force systab crontabs to owner root in the spool
* Ship upstream changelog properly
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 26 Mar 2005 01:12:48 -0300
fcron (2.9.6-1) unstable; urgency=low
* The "long winter cleanup" release
* Adopt package (I STILL WANT TO HAND THIS TO SOMEONE ELSE), so that
it makes my life easier with the BTS and other non-uploaders-aware
scripts
* New upstream source
* Add watch file
* Use make clean instead of inexistant distclean
* Switch to po-debconf, thanks to Christian Perrier (closes: #200114)
* Remove legacy suidregister/suidunregister crap (closes: #292976)
* Fix regexp to move legacy root fcrontab entries on prerm (closes: #248707)
* Add a proper ego-inflated daemon description to fcron initscript
messages (close: #240024)
* Move fcronsighup to /usr/sbin (closes: #284036)
* Switch to debhelper mode v4, and cleanup debian/rules accordingly
* With this upload everything of use in the diff provided by the
bug reporter has been addressed (closes: #193628)
* Update debian/copyright
* Update lintian overrides
* Remove fcron 0.9.x cruft from maintainer scripts, we do not care about
ancient sid -> current sarge/sid updates
-- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 13 Mar 2005 18:33:44 -0300
2004
fcron (2.9.5.1-1) unstable; urgency=high
* New upstream source:
* SECURITY FIX: Due to design errors in the fcronsighup program, Fcron
may allow a local user to bypass access restrictions (CAN-2004-1031),
view the contents of root owned files (CAN-2004-1030), remove
arbitrary files or create empty files (CAN-2004-1032), and send a
SIGHUP to any process. A vulnerability also exists in fcrontab which
may allow local users to view the contents of fcron.allow and
fcron.deny (CAN-2004-1033).
Ref: iDEFENSE Security Advisory 11.15.04.
(closes: #281436)
* Thanks to Gentoo's GLSA 200411-27 for providing the above text ;-)
* Add myself to uploaders
* Use $(MAKE) distclean on clean: target
* Clean up autom4te.cache directory on clean: target
* Rename fcron-update-crontabs.1 to fcron-update-crontabs.8, since it
is in section 8 anyway
* Add non-virtual-package packages to dependencies on virtual packages
(syslog-daemon and mail-transport-agent). Use packages that are
priority standard or higher for that
* Fix initscript so that it will start a stopped daemon on "restart"
* Now compliant to standards-version 3.6.1, bump control file entry
accordingly
-- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 19 Nov 2004 10:20:44 -0200
fcron (2.9.5-1) unstable; urgency=low
* New upstream version.
* Fix init script.
Closes: #262886
* Merged change from BSP.
Closes: #232986
-- Russell Coker <russell@coker.com.au> Tue, 9 Nov 2004 02:03:00 +1100
fcron (2.9.4-3.1) unstable; urgency=low
* NMU during BSP. * ./configure uses now --with-sendmail without checks (closes: #232986).
-- Sebastian Muszynski <do2ksm@linkt.de> Fri, 19 Mar 2004 16:54:57 +0100
fcron (2.9.4-3) unstable; urgency=high
* Made it depend on exim4|mail-transport-agent.
Closes: #228570
-- Russell Coker <russell@coker.com.au> Tue, 20 Jan 2004 17:36:00 +1100
fcron (2.9.4-2) unstable; urgency=high
* Accidentally uploaded a version compiled with debugging code, so this
version has a correct compile.
-- Russell Coker <russell@coker.com.au> Thu, 4 Jan 2004 22:31:00 +1100
fcron (2.9.4-1) unstable; urgency=high
* New upstream with SE Linux. Upstream has old SE Linux so patched for new
SE Linux.
-- Russell Coker <russell@coker.com.au> Thu, 4 Jan 2004 22:25:00 +1100
2003
fcron (2.9.3-3) unstable; urgency=high
* Added patch for ./configure checking for SE Linux from Torsten Knodt
<tk-debian@datas-world.de>. Also added the SE Linux patch.
Closes: #193610
-- Russell Coker <russell@coker.com.au> Sat, 17 May 2003 13:55:00 +1000
2002
fcron (2.9.3-2) unstable; urgency=high
* Changes for warnings, I think it fixes #169451.
-- Russell Coker <russell@coker.com.au> Sun, 17 Nov 2002 14:12:00 +0100
fcron (2.9.3-1) unstable; urgency=high
* New upstream version.
-- Russell Coker <russell@coker.com.au> Sat, 2 Nov 2002 22:09:00 +0100
fcron (2.9.2-2) unstable; urgency=high
* Made it not try to use -lsecure for non-SE systems.
Closes: #163680
* Added fcrondyn to package.
Closes: #163808
* This is a 2.x.x release.
Closes: #112146
-- Russell Coker <russell@coker.com.au> Sat, 26 Oct 2002 21:25:00 +0200
fcron (2.9.2-1) unstable; urgency=high
* New upstream version. * Temporarily taking over maintenance.
-- Russell Coker <russell@coker.com.au> Sun, 6 Oct 2002 07:14:00 +0200
fcron (1.0.3-5) unstable; urgency=high
* Fix infinite loop on midmontly code. Thanks to Guy Geens
<ggeens@iname.com> for the patch (closes: #143497)
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 18 Apr 2002 16:45:55 -0300
fcron (1.0.3-4) unstable; urgency=high
* Merge in new es, fr, ru templates (closes: #136099, #136484, #137646) * Fix bug in code that showed up with the glibc nice() fix (closes: #143044)
-- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 16 Apr 2002 10:49:17 -0300
2001
fcron (1.0.3-3) unstable; urgency=high
* SECURITY FIX: Close /tmp exploitable race in fcrontab. Thanks to
Colin Phipps <cph@cph.demon.co.uk> for reporting the bug and
supplying a patch (closes: #102930)
-- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 6 Jul 2001 22:22:42 -0300
fcron (1.0.3-2) unstable; urgency=low
* Do not abort postinst if dpkg-statoverride returns non-zero
status (closes: #100905)
-- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 20 Jun 2001 02:24:19 -0300
fcron (1.0.3-1) unstable; urgency=medium
* New upstream source:
- Fixes a crash when truncating long messages (not exploitable)
-- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 15 Apr 2001 16:41:02 -0300
fcron (1.0.2-4) unstable; urgency=low
* Restore default umask settings before running a job. Do note that not
setting the umask explicitly in a cronjob that creates files sensitive
to it IS asking for trouble, though (closes: #93123)
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 7 Apr 2001 23:59:10 -0300
fcron (1.0.2-3) unstable; urgency=low
* Make sure postinst and postrm will exit with status 0
upon successful completion
-- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 1 Apr 2001 02:10:14 -0300
fcron (1.0.2-2) unstable; urgency=low
* Build-depends only in mail-transport-agent, as autobuilders will not
use the OR dependency
* Trash dpkg-statoverride entries on purge
-- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 14 Mar 2001 15:00:45 -0300
fcron (1.0.2-1) unstable; urgency=low
* New upstream source
- Fixes bootrun option
- shell variables containing "_" are now accepted.
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 10 Mar 2001 23:25:39 -0300
fcron (1.0.1-1) unstable; urgency=low
* New upstream source
-- Henrique de Moraes Holschuh <hmh@debian.org> Mon, 26 Feb 2001 17:53:46 -0300
fcron (1.0.0-1) unstable; urgency=low
* New upstream source
-- Henrique de Moraes Holschuh <hmh@debian.org> Mon, 26 Feb 2001 09:29:13 -0300
fcron (0.9.5-3) unstable; urgency=low
* Added german template. Thanks go to Joerg Rieger
(closes: #84261). This would have been done much sooner,
if I had actually received the report from the BTS.
* Fixed lintian warnings, and added lintian override file
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 22 Feb 2001 22:47:34 -0300
fcron (0.9.5-2) unstable; urgency=low
* Better handling of dpkg-overriding in postinst
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 3 Feb 2001 21:52:15 -0200
fcron (0.9.5-1) unstable; urgency=high
* Converted to dpkg-statoverride instead of suidregister * New upstream version * Upstream fixed a severe security hole (another local root exploit) * Minor updates to bring package up-to-date with policy 3.5.0.0
-- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 31 Jan 2001 10:44:43 -0200
fcron (0.9.4-1) unstable; urgency=high
* New upstream version * Real fix for local root exploit in fcrontab * Re-enables user crontabs disabled by 0.9.3-5 to -7 * Root fcrontab protected against non-root access at filesystem level.
-- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 31 Dec 2000 22:41:34 -0200
2000
fcron (0.9.3-7) unstable; urgency=low
* Fixed sendmail invoke path, and build-depends
(closes: #79414)
-- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 12 Dec 2000 10:15:00 -0200
fcron (0.9.3-6) unstable; urgency=high
* Make sure the security workaround is enabled
by suidunregistering fcrontab.
-- Henrique de Moraes Holschuh <hmh@debian.org> Sun, 10 Dec 2000 00:23:40 -0200
fcron (0.9.3-5) unstable; urgency=high
* Disable fcrontab for users, as it is currently a local root exploit.
I'll reenable it after a fix is ready and tested.
* All user fcrontabs are moved to /var/spool/fcron/rxdisabled to make
sure they're not run until the fix is ready.
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 9 Dec 2000 16:21:36 -0200
fcron (0.9.3-4) unstable; urgency=low
* Fixed double negative in package description * Fixed bogus .orig.tar.gz source
-- Henrique de Moraes Holschuh <hmh@debian.org> Fri, 8 Dec 2000 18:31:20 -0200
fcron (0.9.3-3) unstable; urgency=low
* Added postinst message (using debconf) to
reduce probability of bogus bug reports against
anacron.
* First upload to Debian (closes: #76497)
-- Henrique de Moraes Holschuh <hmh@debian.org> Wed, 6 Dec 2000 21:56:42 -0200
fcron (0.9.3-2) unstable; urgency=low
* Fixed maintainer address in control file
* Changed package description in control file
* Better Depends: line
* Better init.d script reload behaviour, now it
will freshen up saved uid/gids in fcrontabs.
* Updated README.Debian
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 2 Dec 2000 22:03:45 -0200
fcron (0.9.3-1) unstable; urgency=low
* Initial Package. (Closes: #76497)
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 11 Nov 2000 23:10:37 -0200