Bug Fix Advisory cronie bug fix and enhancement update

Advisory: RHBA-2013:1681-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-11-20
Last updated on: 2013-11-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated cronie packages that fix several bugs and add two enhancements are now
available for Red Hat Enterprise Linux 6.

Cronie contains the standard UNIX daemon crond that runs specified programs at
scheduled times and related tools. It is a fork of the original vixie-cron and
has security and configuration enhancements like the ability to use pam and
SELinux.

This update fixes the following bugs:

* Previously, the crond deamon did not drop data about user privileges before
calling the popen() system function. Consequently, warnings about changing
privileges were written to the /var/log/crond file when the function was invoked
by the non-root user. With this update, crond has been modified to drop user
privileges before calling popen(). As a result, warnings are no longer logged in
this scenario. (BZ#697485)

* With this update, file permissions of cron configuration files have been
changed to be readable only by the root user. (BZ#706979)

* Prior to this update, the definition of restart in the cron init file was
incorrect. Consequently, a failure was incorrectly reported when restarting the
crond daemon. The init file has been fixed and the redundant failure message is
no longer displayed after crond restart. (BZ#733697)

* Cron jobs of users with home directories mounted on a Lightweight Directory
Access Protocol (LDAP) server or Network File System (NFS) were often refused
because jobs were marked as orphaned (typically due to a temporary NSS lookup
failure, when NIS and LDAP servers were unreachable). With this update, a
database of orphans is created, and cron jobs are performed as expected.
(BZ#738232)

* With this update, obsolete comments have been removed from the
/etc/cron.hourly/0anacron configuration file. (BZ#743473)

* Due to a bug in cron's support for time zones, planned jobs were executed
multiple times. Effects of this bug were visible only during the spring change
of time. This bug has been fixed and jobs are now executed correctly during the
time change. (BZ#821046, BZ#995089)

* With this update, an incorrect example showing the anacron table setup has
been fixed in the anacrontab man page. (BZ#887859)

* Previously, the crond daemon did not check for existing locks for daemon.
Consequently, multiple instances of crond could run simultaneously. The locking
mechanism has been updated and running multiple instances of cron at once is no
longer possible. (BZ#919440)

* Prior to this update, the $LANG setting was not read by the crond daemon.
Consequently, cron jobs were not run with the system-wide $LANG setting. This
bug has been fixed and $LANG is now used by cron jobs as expected. (BZ#985888)

* Previously, the crond daemon used the putenv system call, which could have
caused crond to terminate unexpectedly with a segmentation fault. With this
update, putenv() has been replaced with the setenv() system call, thus
preventing the segmentation fault. (BZ#985893)

* Prior to this update, the PATH variable could be set by cron or in crontable,
but could not be changed by a PAM setting. With this update, PATH can be altered
by PAM setting. As a result, PATH can now be inherited from the environment if
the "-P" option is used. (BZ#990710)

* Previously, an incorrect error code was returned when non-root user tried to
restart the crond daemon. With this update, a correct code is returned in the
described case. (BZ#1006869)

In addition, this update adds the following enhancements:

* This update adds the RANDOM_DELAY variable that allows delaying job startups
by random amount of minutes with upper limit specified by the variable. The
random scaling factor is determined during the crond daemon startup so it
remains constant for the whole run time of the daemon. (BZ#829910)

* With this update, the CRON_CORRECT_MAIL_HEADER environment variable in the
/etc/crond/sysconfig configuration file has been updated. With this variable
enabled, cron now sends emails with headers in RFC compliant format. (BZ#922829)

Users of cronie are advised to upgrade to these updated packages, which fix
these bugs and add these enhancements.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
cronie-1.4.4-12.el6.src.rpm
File outdated by:  RHBA-2016:1667
    MD5: c6773c93aa7cccb2ecc34fde4a590fdd
SHA-256: a35a24feffaec3dfb47ef7f847cc881d1a5d797c0e78550f139bc44f84b46dd2
 
IA-32:
cronie-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 1cc0e8be892a56a4aa47ec88f9ba41a0
SHA-256: b49da6d3e2d1b8eb4c9e34ac68c41dbf3757ff3e00245d7d56d1b46ef5c2d6ae
cronie-anacron-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 77e8d6d4e411810b93bf45a132d69c2a
SHA-256: 965ac17f445fd67bf62570bb7600d744568b901b697fe6d51e9f0c6d4ef0800e
cronie-debuginfo-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 3b781f6c989e42838836cdcbfa579a9e
SHA-256: 3068ae542e8b71becf039cd99f3f5b9def5947a204f77168869ca29472d0047a
cronie-noanacron-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 26d3d67c8ff003d6ec955b14d1ba0049
SHA-256: c4ed72cd0771fdfd7cc92b00300f3ee49b7576deeda723f242343d00fa1f8160
 
x86_64:
cronie-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: c7f934cebd5300361309cd700cc94798
SHA-256: 617ead81eb3c340c02312525aee81a0dd987bd5ac4866f95b8aa45c606078e93
cronie-anacron-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: 43c17760717f0f8f4113df569cfec898
SHA-256: 31a389510f119ad8d734d4ddbd2f8f386af0c59ff45068b48b43972e88edfdc2
cronie-debuginfo-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: cf5d6aa6e1fcfc4e95108462d29c9487
SHA-256: 15dd7d99e0c911a144efe01166b2973421f1b0ea736a547ea88085e814603259
cronie-noanacron-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: a87e79887202b7870698e5848b71e019
SHA-256: 98bba4fc4c0db5094e06a3dc53a38009254fff634bfc6911b8df63a4ef03162c
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
cronie-1.4.4-12.el6.src.rpm
File outdated by:  RHBA-2016:1667
    MD5: c6773c93aa7cccb2ecc34fde4a590fdd
SHA-256: a35a24feffaec3dfb47ef7f847cc881d1a5d797c0e78550f139bc44f84b46dd2
 
x86_64:
cronie-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: c7f934cebd5300361309cd700cc94798
SHA-256: 617ead81eb3c340c02312525aee81a0dd987bd5ac4866f95b8aa45c606078e93
cronie-anacron-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: 43c17760717f0f8f4113df569cfec898
SHA-256: 31a389510f119ad8d734d4ddbd2f8f386af0c59ff45068b48b43972e88edfdc2
cronie-debuginfo-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: cf5d6aa6e1fcfc4e95108462d29c9487
SHA-256: 15dd7d99e0c911a144efe01166b2973421f1b0ea736a547ea88085e814603259
cronie-noanacron-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: a87e79887202b7870698e5848b71e019
SHA-256: 98bba4fc4c0db5094e06a3dc53a38009254fff634bfc6911b8df63a4ef03162c
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
cronie-1.4.4-12.el6.src.rpm
File outdated by:  RHBA-2016:1667
    MD5: c6773c93aa7cccb2ecc34fde4a590fdd
SHA-256: a35a24feffaec3dfb47ef7f847cc881d1a5d797c0e78550f139bc44f84b46dd2
 
IA-32:
cronie-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 1cc0e8be892a56a4aa47ec88f9ba41a0
SHA-256: b49da6d3e2d1b8eb4c9e34ac68c41dbf3757ff3e00245d7d56d1b46ef5c2d6ae
cronie-anacron-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 77e8d6d4e411810b93bf45a132d69c2a
SHA-256: 965ac17f445fd67bf62570bb7600d744568b901b697fe6d51e9f0c6d4ef0800e
cronie-debuginfo-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 3b781f6c989e42838836cdcbfa579a9e
SHA-256: 3068ae542e8b71becf039cd99f3f5b9def5947a204f77168869ca29472d0047a
cronie-noanacron-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 26d3d67c8ff003d6ec955b14d1ba0049
SHA-256: c4ed72cd0771fdfd7cc92b00300f3ee49b7576deeda723f242343d00fa1f8160
 
PPC:
cronie-1.4.4-12.el6.ppc64.rpm
File outdated by:  RHBA-2016:1667
    MD5: 346c0af3f29a7e711ca612278cadfaca
SHA-256: fd5743bbc3e482d157aa7fc034ae7b78a50c521053abd35e82f42a07f945289e
cronie-anacron-1.4.4-12.el6.ppc64.rpm
File outdated by:  RHBA-2016:1667
    MD5: b49552f1bb4b738af3b67424839a706a
SHA-256: d0be57778eeeea5a93131f5d377d0deb91b6f2d465025ff93e8327589f9effa4
cronie-debuginfo-1.4.4-12.el6.ppc64.rpm
File outdated by:  RHBA-2016:1667
    MD5: 6ad37e6fefc9dda276362a5cf9318eda
SHA-256: 8e083270f074d566e71623019eab5a374c1cc97e1bd67d00d838ea9d09a174a9
cronie-noanacron-1.4.4-12.el6.ppc64.rpm
File outdated by:  RHBA-2016:1667
    MD5: 21e4475eb8da0a9b87dadd512d5f8e2c
SHA-256: 40604f295cdfe35f9b410d337495b5e0fa4350a8b43a0ce5b19627d732bdb92e
 
s390x:
cronie-1.4.4-12.el6.s390x.rpm
File outdated by:  RHBA-2016:1667
    MD5: c1d4cf968a6cf9ee66463bbe4f7de99b
SHA-256: 2fc42fb74ba78c94c4862334a9f658ae6aa133bfc3aa09b2c69ec8958b7c729c
cronie-anacron-1.4.4-12.el6.s390x.rpm
File outdated by:  RHBA-2016:1667
    MD5: 2c5184125290b08d5f73315ba3bf06dd
SHA-256: bb7d9afb01793ab30566e98a9fa60bac7011a70a5c74d783f6ac9011f7f0dc55
cronie-debuginfo-1.4.4-12.el6.s390x.rpm
File outdated by:  RHBA-2016:1667
    MD5: 009809d4d2bdd2855f35cd4cdebb28f5
SHA-256: 0c4b45caca4784e3bacd5c51b985f44cded3095f5ea55ed3de2071bf4b16bb22
cronie-noanacron-1.4.4-12.el6.s390x.rpm
File outdated by:  RHBA-2016:1667
    MD5: 89ad7bf2bb5897d944f330efd7cfcc56
SHA-256: d5967979047051af1666cf76e4acc86858aad8a48fab6aa63354af2ba63a6861
 
x86_64:
cronie-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: c7f934cebd5300361309cd700cc94798
SHA-256: 617ead81eb3c340c02312525aee81a0dd987bd5ac4866f95b8aa45c606078e93
cronie-anacron-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: 43c17760717f0f8f4113df569cfec898
SHA-256: 31a389510f119ad8d734d4ddbd2f8f386af0c59ff45068b48b43972e88edfdc2
cronie-debuginfo-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: cf5d6aa6e1fcfc4e95108462d29c9487
SHA-256: 15dd7d99e0c911a144efe01166b2973421f1b0ea736a547ea88085e814603259
cronie-noanacron-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: a87e79887202b7870698e5848b71e019
SHA-256: 98bba4fc4c0db5094e06a3dc53a38009254fff634bfc6911b8df63a4ef03162c
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
cronie-1.4.4-12.el6.src.rpm
File outdated by:  RHBA-2016:1667
    MD5: c6773c93aa7cccb2ecc34fde4a590fdd
SHA-256: a35a24feffaec3dfb47ef7f847cc881d1a5d797c0e78550f139bc44f84b46dd2
 
IA-32:
cronie-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 1cc0e8be892a56a4aa47ec88f9ba41a0
SHA-256: b49da6d3e2d1b8eb4c9e34ac68c41dbf3757ff3e00245d7d56d1b46ef5c2d6ae
cronie-anacron-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 77e8d6d4e411810b93bf45a132d69c2a
SHA-256: 965ac17f445fd67bf62570bb7600d744568b901b697fe6d51e9f0c6d4ef0800e
cronie-debuginfo-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 3b781f6c989e42838836cdcbfa579a9e
SHA-256: 3068ae542e8b71becf039cd99f3f5b9def5947a204f77168869ca29472d0047a
cronie-noanacron-1.4.4-12.el6.i686.rpm
File outdated by:  RHBA-2016:1667
    MD5: 26d3d67c8ff003d6ec955b14d1ba0049
SHA-256: c4ed72cd0771fdfd7cc92b00300f3ee49b7576deeda723f242343d00fa1f8160
 
x86_64:
cronie-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: c7f934cebd5300361309cd700cc94798
SHA-256: 617ead81eb3c340c02312525aee81a0dd987bd5ac4866f95b8aa45c606078e93
cronie-anacron-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: 43c17760717f0f8f4113df569cfec898
SHA-256: 31a389510f119ad8d734d4ddbd2f8f386af0c59ff45068b48b43972e88edfdc2
cronie-debuginfo-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: cf5d6aa6e1fcfc4e95108462d29c9487
SHA-256: 15dd7d99e0c911a144efe01166b2973421f1b0ea736a547ea88085e814603259
cronie-noanacron-1.4.4-12.el6.x86_64.rpm
File outdated by:  RHBA-2016:1667
    MD5: a87e79887202b7870698e5848b71e019
SHA-256: 98bba4fc4c0db5094e06a3dc53a38009254fff634bfc6911b8df63a4ef03162c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1006869 - init script: service restart under the nonroot changed behaviour, it returns 1 instead of 4
697485 - cronie doesn't drop privileges before popen
706979 - config file permissions are world readable
733697 - Service restart needlessly reports failure
743473 - Confusing comments in /etc/cron.hourly/0anacron
887859 - Incorrect example in anacrontab manpage
919440 - cronie: prevent new crond process when already running
985888 - cronie drops $LANG and never passes it on to jobs run
985893 - do not use putenv



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/