diff --git a/.gitignore b/.gitignore
index c4d8252..f2cb27c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ at_3.1.12.orig.tar.gz
/at_3.1.13.orig.tar.gz
/at_3.1.14.orig.tar.gz
/at_3.1.16.orig.tar.gz
+/at_3.1.18.orig.tar.gz
diff --git a/at-3.1.14-selinux.patch b/at-3.1.14-selinux.patch
deleted file mode 100644
index abee8b4..0000000
--- a/at-3.1.14-selinux.patch
+++ /dev/null
@@ -1,154 +0,0 @@
-diff -up at-3.1.14/config.h.in.selinux at-3.1.14/config.h.in
---- at-3.1.14/config.h.in.selinux 2013-09-26 15:06:55.177049852 +0200
-+++ at-3.1.14/config.h.in 2013-09-26 15:06:55.180049850 +0200
-@@ -71,6 +71,9 @@
- /* Define if you are building with_pam */
- #undef WITH_PAM
-
-+/* Define if you are building with_selinux */
-+#undef WITH_SELINUX
-+
- /* Define to 1 if you have the `pstat_getdynamic' function. */
- #undef HAVE_PSTAT_GETDYNAMIC
-
-diff -up at-3.1.14/configure.ac.selinux at-3.1.14/configure.ac
---- at-3.1.14/configure.ac.selinux 2013-09-26 15:06:55.178049851 +0200
-+++ at-3.1.14/configure.ac 2013-09-26 15:06:55.180049850 +0200
-@@ -246,6 +246,14 @@ AC_DEFINE(WITH_PAM),
- AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
- AC_SUBST(PAMLIB)
-
-+AC_ARG_WITH(selinux,
-+[ --with-selinux Define to run with selinux],
-+AC_DEFINE(WITH_SELINUX),
-+)
-+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
-+AC_SUBST(SELINUXLIB)
-+AC_SUBST(WITH_SELINUX)
-+
- AC_MSG_CHECKING(groupname to run under)
- AC_ARG_WITH(daemon_groupname,
- [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ],
-diff -up at-3.1.14/Makefile.in.selinux at-3.1.14/Makefile.in
---- at-3.1.14/Makefile.in.selinux 2013-09-26 15:06:55.175049853 +0200
-+++ at-3.1.14/Makefile.in 2013-09-26 15:06:55.180049850 +0200
-@@ -40,6 +40,7 @@ LIBS = @LIBS@
- LIBOBJS = @LIBOBJS@
- INSTALL = @INSTALL@
- PAMLIB = @PAMLIB@
-+SELINUXLIB = @SELINUXLIB@
-
- CLONES = atq atrm
- ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o
-diff -up at-3.1.14/atd.c.selinux2 at-3.1.14/atd.c
---- at-3.1.14/atd.c.selinux2 2013-12-04 11:27:28.729005384 +0100
-+++ at-3.1.14/atd.c 2013-12-04 11:30:17.709091150 +0100
-@@ -83,6 +83,14 @@
- #include "getloadavg.h"
- #endif
-
-+#ifdef WITH_SELINUX
-+#include <selinux/selinux.h>
-+#include <selinux/get_context_list.h>
-+int selinux_enabled=0;
-+#include <selinux/flask.h>
-+#include <selinux/av_permissions.h>
-+#endif
-+
- #ifndef LOG_ATD
- #define LOG_ATD LOG_DAEMON
- #endif
-@@ -191,6 +199,68 @@ myfork()
- #define fork myfork
- #endif
-
-+#ifdef WITH_SELINUX
-+static int set_selinux_context(const char *name, const char *filename) {
-+ security_context_t user_context=NULL;
-+ security_context_t file_context=NULL;
-+ struct av_decision avd;
-+ int retval=-1;
-+ char *seuser=NULL;
-+ char *level=NULL;
-+
-+ if (getseuserbyname(name, &seuser, &level) == 0) {
-+ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
-+ free(seuser);
-+ free(level);
-+ if (retval) {
-+ if (security_getenforce()==1) {
-+ perr("execle: couldn't get security context for user %s\n", name);
-+ } else {
-+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
-+ return -1;
-+ }
-+ }
-+ }
-+
-+ /*
-+ * Since crontab files are not directly executed,
-+ * crond must ensure that the crontab file has
-+ * a context that is appropriate for the context of
-+ * the user cron job. It performs an entrypoint
-+ * permission check for this purpose.
-+ */
-+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
-+ perr("fgetfilecon FAILED %s", filename);
-+
-+ retval = security_compute_av(user_context,
-+ file_context,
-+ SECCLASS_FILE,
-+ FILE__ENTRYPOINT,
-+ &avd);
-+ freecon(file_context);
-+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
-+ if (security_getenforce()==1) {
-+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
-+ } else {
-+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
-+ retval = -1;
-+ goto err;
-+ }
-+ }
-+ if (setexeccon(user_context) < 0) {
-+ if (security_getenforce()==1) {
-+ perr("Could not set exec context to %s for user %s\n", user_context,name);
-+ retval = -1;
-+ } else {
-+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
-+ }
-+ }
-+ err:
-+ freecon(user_context);
-+ return 0;
-+}
-+#endif
-+
- static void
- run_file(const char *filename, uid_t uid, gid_t gid)
- {
-@@ -419,6 +489,13 @@ run_file(const char *filename, uid_t uid
-
- nice((tolower((int) queue) - 'a' + 1) * 2);
-
-+#ifdef WITH_SELINUX
-+ if (selinux_enabled > 0) {
-+ if (set_selinux_context(pentry->pw_name, filename) < 0)
-+ perr("SELinux Failed to set context\n");
-+ }
-+#endif
-+
- if (initgroups(pentry->pw_name, pentry->pw_gid))
- perr("Cannot initialize the supplementary group access list");
-
-@@ -712,6 +789,10 @@ main(int argc, char *argv[])
- struct passwd *pwe;
- struct group *ge;
-
-+#ifdef WITH_SELINUX
-+ selinux_enabled=is_selinux_enabled();
-+#endif
-+
- /* We don't need root privileges all the time; running under uid and gid
- * daemon is fine.
- */
diff --git a/at-3.1.16-noabort.patch b/at-3.1.16-noabort.patch
deleted file mode 100644
index 58ffdd2..0000000
--- a/at-3.1.16-noabort.patch
+++ /dev/null
@@ -1,157 +0,0 @@
-diff -up at-3.1.16/atd.c.noabort at-3.1.16/atd.c
---- at-3.1.16/atd.c.noabort 2014-10-02 11:08:26.000000000 +0200
-+++ at-3.1.16/atd.c 2014-11-06 16:07:54.851652541 +0100
-@@ -221,7 +221,7 @@ static int set_selinux_context(const cha
- security_context_t user_context=NULL;
- security_context_t file_context=NULL;
- struct av_decision avd;
-- int retval=-1;
-+ int retval=0;
- char *seuser=NULL;
- char *level=NULL;
-
-@@ -230,12 +230,9 @@ static int set_selinux_context(const cha
- free(seuser);
- free(level);
- if (retval) {
-- if (security_getenforce()==1) {
-- perr("execle: couldn't get security context for user %s\n", name);
-- } else {
-- syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
-- return -1;
-- }
-+ lerr("execle: couldn't get security context for user %s\n", name);
-+ retval = -1;
-+ goto err;
- }
- }
-
-@@ -246,8 +243,11 @@ static int set_selinux_context(const cha
- * the user cron job. It performs an entrypoint
- * permission check for this purpose.
- */
-- if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
-- perr("fgetfilecon FAILED %s", filename);
-+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0) {
-+ lerr("fgetfilecon FAILED %s", filename);
-+ retval = -1;
-+ goto err;
-+ }
-
- retval = security_compute_av(user_context,
- file_context,
-@@ -256,25 +256,21 @@ static int set_selinux_context(const cha
- &avd);
- freecon(file_context);
- if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
-- if (security_getenforce()==1) {
-- perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
-- } else {
-- syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
-- retval = -1;
-- goto err;
-- }
-+ lerr("Not allowed to set exec context to %s for user %s\n", user_context,name);
-+ retval = -1;
-+ goto err;
- }
- if (setexeccon(user_context) < 0) {
-- if (security_getenforce()==1) {
-- perr("Could not set exec context to %s for user %s\n", user_context,name);
-- retval = -1;
-- } else {
-- syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
-- }
-+ lerr("Could not set exec context to %s for user %s\n", user_context,name);
-+ retval = -1;
-+ goto err;
- }
- err:
-- freecon(user_context);
-- return 0;
-+ if (retval < 0 && security_getenforce() != 1)
-+ retval = 0;
-+ if (user_context)
-+ freecon(user_context);
-+ return retval;
- }
- #endif
-
-@@ -347,9 +343,12 @@ run_file(const char *filename, uid_t uid
- */
-
- pid = fork();
-- if (pid == -1)
-- perr("Cannot fork");
--
-+ if (pid == -1) {
-+ lerr("Cannot fork for job execution");
-+ free(mailname);
-+ free(newname);
-+ return;
-+ }
- else if (pid != 0) {
- free(mailname);
- free(newname);
-@@ -667,15 +666,19 @@ run_loop()
- * up.
- */
-
-- if (stat(".", &buf) == -1)
-- perr("Cannot stat " ATJOB_DIR);
-+ if (stat(".", &buf) == -1) {
-+ lerr("Cannot stat " ATJOB_DIR);
-+ return next_job;
-+ }
-
- if (nothing_to_do && buf.st_mtime <= last_chg)
- return next_job;
- last_chg = buf.st_mtime;
-
-- if ((spool = opendir(".")) == NULL)
-- perr("Cannot read " ATJOB_DIR);
-+ if ((spool = opendir(".")) == NULL) {
-+ lerr("Cannot read " ATJOB_DIR);
-+ return next_job;
-+ }
-
- run_batch = 0;
- nothing_to_do = 1;
-diff -up at-3.1.16/daemon.c.noabort at-3.1.16/daemon.c
---- at-3.1.16/daemon.c.noabort 2014-09-30 08:29:02.000000000 +0200
-+++ at-3.1.16/daemon.c 2014-11-06 15:37:22.109277583 +0100
-@@ -83,6 +83,22 @@ perr(const char *fmt,...)
- }
-
- void
-+lerr(const char *fmt,...)
-+{
-+ char buf[1024];
-+ va_list args;
-+
-+ va_start(args, fmt);
-+ vsnprintf(buf, sizeof(buf), fmt, args);
-+ va_end(args);
-+
-+ if (daemon_debug) {
-+ perror(buf);
-+ } else
-+ syslog(LOG_ERR, "%s: %m", buf);
-+}
-+
-+void
- pabort(const char *fmt,...)
- {
- char buf[1024];
-diff -up at-3.1.16/daemon.h.noabort at-3.1.16/daemon.h
---- at-3.1.16/daemon.h.noabort 2014-09-30 08:29:02.000000000 +0200
-+++ at-3.1.16/daemon.h 2014-11-06 15:36:10.461660104 +0100
-@@ -13,5 +13,8 @@ __attribute__((noreturn))
- #endif
- perr (const char *fmt, ...);
-
-+void
-+lerr (const char *fmt, ...);
-+
- extern int daemon_debug;
- extern int daemon_foreground;
diff --git a/at-3.1.14-makefile.patch b/at-3.1.18-make.patch
similarity index 82%
rename from at-3.1.14-makefile.patch
rename to at-3.1.18-make.patch
index 816f335..171b63c 100644
--- a/at-3.1.14-makefile.patch
+++ b/at-3.1.18-make.patch
@@ -1,23 +1,23 @@
-diff -up at-3.1.14/Makefile.in.make at-3.1.14/Makefile.in
---- at-3.1.14/Makefile.in.make 2013-09-08 14:43:53.000000000 +0200
-+++ at-3.1.14/Makefile.in 2013-09-19 16:48:03.605192754 +0200
-@@ -67,13 +67,13 @@ LIST = Filelist Filelist.asc
+diff -up at-3.1.18/Makefile.in.make at-3.1.18/Makefile.in
+--- at-3.1.18/Makefile.in.make 2015-12-06 16:45:10.000000000 +0100
++++ at-3.1.18/Makefile.in 2016-03-23 12:38:15.652898579 +0100
+@@ -68,13 +68,13 @@ LIST = Filelist Filelist.asc
all: at atd atd.service atrun
at: $(ATOBJECTS)
- $(CC) $(LDFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
-+ $(CC) $(LDFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB)
++ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
rm -f $(CLONES)
$(LN_S) -f at atq
$(LN_S) -f at atrm
atd: $(RUNOBJECTS)
-- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB)
-+ $(CC) $(LDFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB)
+- $(CC) $(LDFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB)
++ $(CC) $(LDFLAGS) -pie -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB) $(SELINUXLIB)
y.tab.c y.tab.h: parsetime.y
$(YACC) -d parsetime.y
-@@ -88,38 +88,41 @@ atrun: atrun.in
+@@ -89,38 +89,41 @@ atrun: atrun.in
configure
.c.o:
@@ -32,11 +32,11 @@ diff -up at-3.1.14/Makefile.in.make at-3.1.14/Makefile.in
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir)
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
-+ $(INSTALL) root -m 755 -d $(IROOT)$(etcdir)
-+ $(INSTALL) root -m 755 -d $(IROOT)$(bindir)
-+ $(INSTALL) root -m 755 -d $(IROOT)$(sbindir)
-+ $(INSTALL) root -m 755 -d $(IROOT)$(docdir)
-+ $(INSTALL) root -m 755 -d $(IROOT)$(atdocdir)
++ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)
++ $(INSTALL) -m 755 -d $(IROOT)$(bindir)
++ $(INSTALL) -m 755 -d $(IROOT)$(sbindir)
++ $(INSTALL) -m 755 -d $(IROOT)$(docdir)
++ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir)
+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/
+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR)
+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
diff --git a/at-3.1.14-nitpicks.patch b/at-3.1.18-nitpicks.patch
similarity index 72%
rename from at-3.1.14-nitpicks.patch
rename to at-3.1.18-nitpicks.patch
index 6ad8e7a..2bcaebb 100644
--- a/at-3.1.14-nitpicks.patch
+++ b/at-3.1.18-nitpicks.patch
@@ -1,19 +1,7 @@
-diff -up at-3.1.14/at.1.in.nit at-3.1.14/at.1.in
---- at-3.1.14/at.1.in.nit 2013-09-08 14:43:53.000000000 +0200
-+++ at-3.1.14/at.1.in 2013-12-04 11:36:29.737279969 +0100
-@@ -204,7 +204,7 @@ queue for
- .BR batch .
- Queues with higher letters run with increased niceness. The special
- queue "=" is reserved for jobs which are currently running.
--.P
-+
- If a job is submitted to a queue designated with an uppercase letter, the
- job is treated as if it were submitted to batch at the time of the job.
- Once the time is reached, the batch processing rules with respect to load
-diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c
---- at-3.1.14/atd.c.nit 2013-12-04 11:36:29.733279967 +0100
-+++ at-3.1.14/atd.c 2013-12-04 11:38:44.551247496 +0100
-@@ -198,6 +198,18 @@ myfork()
+diff -up at-3.1.18/atd.c.nit at-3.1.18/atd.c
+--- at-3.1.18/atd.c.nit 2016-03-23 12:46:49.222277787 +0100
++++ at-3.1.18/atd.c 2016-03-23 12:47:50.521639804 +0100
+@@ -196,6 +196,18 @@ myfork()
#define fork myfork
#endif
@@ -31,8 +19,8 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c
+#endif
#ifdef WITH_SELINUX
- static int set_selinux_context(const char *name, const char *filename) {
-@@ -337,6 +349,9 @@ run_file(const char *filename, uid_t uid
+ static int
+@@ -339,6 +351,9 @@ run_file(const char *filename, uid_t uid
free(newname);
return;
}
@@ -42,7 +30,7 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c
/* Let's see who we mail to. Hopefully, we can read it from
* the command file; if not, send it to the owner, or, failing that,
* to root.
-@@ -505,6 +520,9 @@ run_file(const char *filename, uid_t uid
+@@ -507,6 +522,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
@@ -52,7 +40,7 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c
chdir("/");
execle("/bin/sh", "sh", (char *) NULL, nenvp);
-@@ -570,6 +588,9 @@ run_file(const char *filename, uid_t uid
+@@ -572,6 +590,9 @@ run_file(const char *filename, uid_t uid
if (setuid(uid) < 0)
perr("Cannot set user id");
@@ -62,7 +50,7 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c
chdir ("/");
#if defined(SENDMAIL)
-@@ -697,6 +718,7 @@ run_loop()
+@@ -699,6 +720,7 @@ run_loop()
* Let's remove the lockfile and reschedule.
*/
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
@@ -70,7 +58,7 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c
lock_name[0] = '=';
unlink(lock_name);
next_job = now;
-@@ -731,6 +753,7 @@ run_loop()
+@@ -733,6 +755,7 @@ run_loop()
run_batch++;
if (strcmp(batch_name, dirent->d_name) > 0) {
strncpy(batch_name, dirent->d_name, sizeof(batch_name));
@@ -78,3 +66,15 @@ diff -up at-3.1.14/atd.c.nit at-3.1.14/atd.c
batch_uid = buf.st_uid;
batch_gid = buf.st_gid;
batch_queue = queue;
+diff -up at-3.1.18/at.1.in.nit at-3.1.18/at.1.in
+--- at-3.1.18/at.1.in.nit 2015-12-06 16:45:10.000000000 +0100
++++ at-3.1.18/at.1.in 2016-03-23 12:46:49.226277876 +0100
+@@ -210,7 +210,7 @@ queue for
+ .BR batch .
+ Queues with higher letters run with increased niceness. The special
+ queue "=" is reserved for jobs which are currently running.
+-.P
++
+ If a job is submitted to a queue designated with an uppercase letter, the
+ job is treated as if it were submitted to batch at the time of the job.
+ Once the time is reached, the batch processing rules with respect to load
diff --git a/at-3.1.18-noabort.patch b/at-3.1.18-noabort.patch
new file mode 100644
index 0000000..1154fb9
--- /dev/null
+++ b/at-3.1.18-noabort.patch
@@ -0,0 +1,43 @@
+diff -up at-3.1.18/atd.c.noabort at-3.1.18/atd.c
+--- at-3.1.18/atd.c.noabort 2016-03-23 12:49:15.147520116 +0100
++++ at-3.1.18/atd.c 2016-03-23 12:49:15.148520138 +0100
+@@ -349,9 +349,12 @@ run_file(const char *filename, uid_t uid
+ */
+
+ pid = fork();
+- if (pid == -1)
+- perr("Cannot fork");
+-
++ if (pid == -1) {
++ lerr("Cannot fork for job execution");
++ free(mailname);
++ free(newname);
++ return;
++ }
+ else if (pid != 0) {
+ free(mailname);
+ free(newname);
+@@ -669,15 +672,19 @@ run_loop()
+ * up.
+ */
+
+- if (stat(".", &buf) == -1)
+- perr("Cannot stat " ATJOB_DIR);
++ if (stat(".", &buf) == -1) {
++ lerr("Cannot stat " ATJOB_DIR);
++ return next_job;
++ }
+
+ if (nothing_to_do && buf.st_mtime <= last_chg)
+ return next_job;
+ last_chg = buf.st_mtime;
+
+- if ((spool = opendir(".")) == NULL)
+- perr("Cannot read " ATJOB_DIR);
++ if ((spool = opendir(".")) == NULL) {
++ lerr("Cannot read " ATJOB_DIR);
++ return next_job;
++ }
+
+ run_batch = 0;
+ nothing_to_do = 1;
diff --git a/at-3.1.14-pam.patch b/at-3.1.18-pam.patch
similarity index 79%
rename from at-3.1.14-pam.patch
rename to at-3.1.18-pam.patch
index aac72e8..7658767 100644
--- a/at-3.1.14-pam.patch
+++ b/at-3.1.18-pam.patch
@@ -1,6 +1,6 @@
-diff -up at-3.1.14/at.c.pam at-3.1.14/at.c
---- at-3.1.14/at.c.pam 2013-09-08 14:43:53.000000000 +0200
-+++ at-3.1.14/at.c 2013-12-04 11:09:56.165752053 +0100
+diff -up at-3.1.18/at.c.pam at-3.1.18/at.c
+--- at-3.1.18/at.c.pam 2015-12-06 16:45:10.000000000 +0100
++++ at-3.1.18/at.c 2016-03-23 12:40:10.694447117 +0100
@@ -144,18 +144,13 @@ sigc(int signo)
/* If the user presses ^C, remove the spool file and exit
*/
@@ -52,7 +52,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c
/* We've successfully created the file; let's set the flag so it
* gets removed in case of an interrupt or error.
*/
-@@ -654,7 +642,7 @@ process_jobs(int argc, char **argv, int
+@@ -670,7 +658,7 @@ process_jobs(int argc, char **argv, int
We need the unprivileged uid here since the file is owned by the real
(not effective) uid.
*/
@@ -61,7 +61,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c
if (queue == '=') {
fprintf(stderr, "Warning: deleting running job\n");
-@@ -663,8 +651,8 @@ process_jobs(int argc, char **argv, int
+@@ -679,8 +667,8 @@ process_jobs(int argc, char **argv, int
perr("Cannot unlink %.500s", dirent->d_name);
rc = EXIT_FAILURE;
}
@@ -71,7 +71,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c
done = 1;
break;
-@@ -674,7 +662,7 @@ process_jobs(int argc, char **argv, int
+@@ -690,7 +678,7 @@ process_jobs(int argc, char **argv, int
FILE *fp;
int ch;
@@ -80,7 +80,7 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c
fp = fopen(dirent->d_name, "r");
if (fp) {
-@@ -687,7 +675,7 @@ process_jobs(int argc, char **argv, int
+@@ -703,7 +691,7 @@ process_jobs(int argc, char **argv, int
perr("Cannot open %.500s", dirent->d_name);
rc = EXIT_FAILURE;
}
@@ -89,21 +89,21 @@ diff -up at-3.1.14/at.c.pam at-3.1.14/at.c
}
break;
-diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
---- at-3.1.14/atd.c.pam 2013-09-08 14:43:53.000000000 +0200
-+++ at-3.1.14/atd.c 2013-12-04 11:14:31.780617480 +0100
-@@ -83,6 +83,10 @@
- #include "getloadavg.h"
- #endif
+diff -up at-3.1.18/atd.c.pam at-3.1.18/atd.c
+--- at-3.1.18/atd.c.pam 2015-12-06 16:45:10.000000000 +0100
++++ at-3.1.18/atd.c 2016-03-23 12:43:31.990906478 +0100
+@@ -91,6 +91,10 @@ int selinux_enabled = 0;
+
+ /* Macros */
+#ifndef LOG_ATD
+#define LOG_ATD LOG_DAEMON
+#endif
+
- /* Macros */
-
#define BATCH_INTERVAL_DEFAULT 60
-@@ -108,7 +112,7 @@ static int run_as_daemon = 0;
+ #define CHECK_INTERVAL 3600
+
+@@ -114,7 +118,7 @@ static int run_as_daemon = 0;
static volatile sig_atomic_t term_signal = 0;
@@ -112,7 +112,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
#include <security/pam_appl.h>
static pam_handle_t *pamh = NULL;
-@@ -117,15 +121,7 @@ static const struct pam_conv conv = {
+@@ -123,15 +127,7 @@ static const struct pam_conv conv = {
NULL
};
@@ -129,7 +129,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
/* Signal handlers */
RETSIGTYPE
-@@ -220,7 +216,7 @@ run_file(const char *filename, uid_t uid
+@@ -292,7 +288,7 @@ run_file(const char *filename, uid_t uid
char fmt[64];
unsigned long jobno;
int rc;
@@ -138,7 +138,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
int retcode;
#endif
-@@ -377,17 +373,11 @@ run_file(const char *filename, uid_t uid
+@@ -449,17 +445,11 @@ run_file(const char *filename, uid_t uid
fstat(fd_out, &buf);
size = buf.st_size;
@@ -161,7 +161,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
#endif
close(STDIN_FILENO);
-@@ -401,7 +391,14 @@ run_file(const char *filename, uid_t uid
+@@ -473,7 +463,14 @@ run_file(const char *filename, uid_t uid
else if (pid == 0) {
char *nul = NULL;
char **nenvp = &nul;
@@ -176,7 +176,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
/* Set up things for the child; we want standard input from the
* input file, and standard output and error sent to our output file.
*/
-@@ -420,8 +417,6 @@ run_file(const char *filename, uid_t uid
+@@ -492,8 +489,6 @@ run_file(const char *filename, uid_t uid
close(fd_in);
close(fd_out);
@@ -184,8 +184,8 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
-
nice((tolower((int) queue) - 'a' + 1) * 2);
- if (initgroups(pentry->pw_name, pentry->pw_gid))
-@@ -435,9 +430,9 @@ run_file(const char *filename, uid_t uid
+ #ifdef WITH_SELINUX
+@@ -514,9 +509,9 @@ run_file(const char *filename, uid_t uid
chdir("/");
@@ -198,7 +198,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
PRIV_END
}
/* We're the parent. Let's wait.
-@@ -450,14 +445,6 @@ run_file(const char *filename, uid_t uid
+@@ -529,14 +524,6 @@ run_file(const char *filename, uid_t uid
*/
waitpid(pid, (int *) NULL, 0);
@@ -213,7 +213,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
/* Send mail. Unlink the output file after opening it, so it
* doesn't hang around after the run.
*/
-@@ -488,8 +475,13 @@ run_file(const char *filename, uid_t uid
+@@ -567,8 +554,13 @@ run_file(const char *filename, uid_t uid
unlink(newname);
free(newname);
@@ -227,7 +227,7 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
PRIV_START
if (initgroups(pentry->pw_name, pentry->pw_gid))
-@@ -511,7 +503,20 @@ run_file(const char *filename, uid_t uid
+@@ -590,7 +582,20 @@ run_file(const char *filename, uid_t uid
perr("Exec failed for mail command");
PRIV_END
@@ -248,9 +248,9 @@ diff -up at-3.1.14/atd.c.pam at-3.1.14/atd.c
exit(EXIT_SUCCESS);
}
-diff -up at-3.1.14/config.h.in.pam at-3.1.14/config.h.in
---- at-3.1.14/config.h.in.pam 2013-09-08 14:43:53.000000000 +0200
-+++ at-3.1.14/config.h.in 2013-12-04 11:09:56.165752053 +0100
+diff -up at-3.1.18/config.h.in.pam at-3.1.18/config.h.in
+--- at-3.1.18/config.h.in.pam 2015-12-06 16:45:10.000000000 +0100
++++ at-3.1.18/config.h.in 2016-03-23 12:40:10.695447139 +0100
@@ -68,8 +68,8 @@
/* Define to 1 if you have the <nlist.h> header file. */
#undef HAVE_NLIST_H
@@ -262,9 +262,9 @@ diff -up at-3.1.14/config.h.in.pam at-3.1.14/config.h.in
/* Define to 1 if you have the `pstat_getdynamic' function. */
#undef HAVE_PSTAT_GETDYNAMIC
-diff -up at-3.1.14/configure.ac.pam at-3.1.14/configure.ac
---- at-3.1.14/configure.ac.pam 2013-09-08 14:43:53.000000000 +0200
-+++ at-3.1.14/configure.ac 2013-12-04 11:09:56.165752053 +0100
+diff -up at-3.1.18/configure.ac.pam at-3.1.18/configure.ac
+--- at-3.1.18/configure.ac.pam 2015-12-06 16:45:10.000000000 +0100
++++ at-3.1.18/configure.ac 2016-03-23 12:45:27.885473913 +0100
@@ -78,7 +78,7 @@ AC_FUNC_GETLOADAVG
AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
AC_CHECK_HEADERS(security/pam_appl.h, [
@@ -285,12 +285,24 @@ diff -up at-3.1.14/configure.ac.pam at-3.1.14/configure.ac
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
+AC_SUBST(PAMLIB)
+
- AC_MSG_CHECKING(groupname to run under)
- AC_ARG_WITH(daemon_groupname,
- [ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ],
-diff -up at-3.1.14/perm.c.pam at-3.1.14/perm.c
---- at-3.1.14/perm.c.pam 2013-09-08 14:43:53.000000000 +0200
-+++ at-3.1.14/perm.c 2013-12-04 11:09:56.165752053 +0100
+ AC_ARG_WITH(selinux,
+ [ --with-selinux Define to run with selinux],
+ AC_DEFINE(WITH_SELINUX, 1, [Define if you are building with_selinux]),
+diff -up at-3.1.18/Makefile.in.pam at-3.1.18/Makefile.in
+--- at-3.1.18/Makefile.in.pam 2016-03-23 12:55:30.000000000 +0100
++++ at-3.1.18/Makefile.in 2016-03-23 12:57:58.347145148 +0100
+@@ -68,7 +68,7 @@ LIST = Filelist Filelist.asc
+ all: at atd atd.service atrun
+
+ at: $(ATOBJECTS)
+- $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
++ $(CC) $(LDFLAGS) -pie -o at $(ATOBJECTS) $(LIBS) $(LEXLIB) $(PAMLIB)
+ rm -f $(CLONES)
+ $(LN_S) -f at atq
+ $(LN_S) -f at atrm
+diff -up at-3.1.18/perm.c.pam at-3.1.18/perm.c
+--- at-3.1.18/perm.c.pam 2015-12-06 16:45:10.000000000 +0100
++++ at-3.1.18/perm.c 2016-03-23 12:40:10.695447139 +0100
@@ -51,6 +51,14 @@
#define PRIV_END while(0)
#endif
@@ -355,9 +367,9 @@ diff -up at-3.1.14/perm.c.pam at-3.1.14/perm.c
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
if (allow==0 || allow==1)
return allow;
-diff -up at-3.1.14/privs.h.pam at-3.1.14/privs.h
---- at-3.1.14/privs.h.pam 2013-09-08 14:43:53.000000000 +0200
-+++ at-3.1.14/privs.h 2013-12-04 11:09:56.166752054 +0100
+diff -up at-3.1.18/privs.h.pam at-3.1.18/privs.h
+--- at-3.1.18/privs.h.pam 2015-12-06 16:45:10.000000000 +0100
++++ at-3.1.18/privs.h 2016-03-23 12:40:10.695447139 +0100
@@ -144,3 +144,63 @@ extern gid_t real_gid, effective_gid, da
#error "Cannot implement user ID swapping without setreuid or setresuid"
#endif
diff --git a/at-3.1.18-utc-dst.patch b/at-3.1.18-utc-dst.patch
new file mode 100644
index 0000000..3a2a40b
--- /dev/null
+++ b/at-3.1.18-utc-dst.patch
@@ -0,0 +1,24 @@
+diff -up at-3.1.18/parsetime.y.dst at-3.1.18/parsetime.y
+--- at-3.1.18/parsetime.y.dst 2015-12-06 16:45:10.000000000 +0100
++++ at-3.1.18/parsetime.y 2015-07-01 13:53:14.088881926 +0200
+@@ -476,8 +476,8 @@ parsetime(time_t currtime, int argc, cha
+ exectm = *localtime(&currtime);
+ currtime -= exectm.tm_sec;
+ exectm.tm_sec = 0;
+- exectm.tm_isdst = -1;
+ memcpy(&currtm,&exectm,sizeof(currtm));
++ exectm.tm_isdst = -1;
+ time_only = 0;
+ yearspec = 0;
+
+@@ -503,8 +503,8 @@ parsetime(time_t currtime, int argc, cha
+ return 0;
+ if (isgmt) {
+ exectime -= timezone;
+- if (currtm.tm_isdst && !exectm.tm_isdst)
+- exectime -= 3600;
++ if (exectm.tm_isdst)
++ exectime += 3600;
+ }
+ if (exectime < currtime)
+ panic("refusing to create job destined in the past");
diff --git a/at.spec b/at.spec
index 985d45c..33a5152 100644
--- a/at.spec
+++ b/at.spec
@@ -2,8 +2,8 @@
Summary: Job spooling tools
Name: at
-Version: 3.1.16
-Release: 8%{?dist}
+Version: 3.1.18
+Release: 1%{?dist}
# http://packages.debian.org/changelogs/pool/main/a/at/current/copyright
# + install-sh is MIT license with changes under Public Domain
License: GPLv3+ and GPLv2+ and ISC and MIT and Public Domain
@@ -17,19 +17,19 @@ Source3: atd.sysconf
Source5: atd.systemd
Patch0: at-aarch64.patch
-Patch1: at-3.1.14-makefile.patch
-Patch2: at-3.1.14-pam.patch
-Patch3: at-3.1.14-selinux.patch
+Patch1: at-3.1.18-make.patch
+Patch2: at-3.1.18-pam.patch
Patch4: at-3.1.14-opt_V.patch
Patch5: at-3.1.14-shell.patch
-Patch6: at-3.1.14-nitpicks.patch
+Patch6: at-3.1.18-nitpicks.patch
Patch8: at-3.1.14-fix_no_export.patch
Patch9: at-3.1.14-mailwithhostname.patch
Patch10: at-3.1.14-usePOSIXtimers.patch
Patch12: at-3.1.14-wrong_format.patch
-Patch13: at-3.1.16-noabort.patch
+Patch13: at-3.1.18-noabort.patch
Patch14: at-3.1.16-fclose-error.patch
Patch15: at-3.1.16-clear-nonjobs.patch
+Patch16: at-3.1.18-utc-dst.patch
BuildRequires: fileutils /etc/init.d
BuildRequires: flex flex-static bison autoconf
@@ -63,12 +63,11 @@ need to be repeated at the same time every day/week, etc. you should
use crontab instead.
%prep
-%setup -q
+%setup -c -q
cp %{SOURCE1} .
%patch0 -p1 -b .arm
%patch1 -p1 -b .make
%patch2 -p1 -b .pam
-%patch3 -p1 -b .selinux
%patch4 -p1 -b .opt_V
%patch5 -p1 -b .shell
%patch6 -p1 -b .nit
@@ -79,6 +78,7 @@ cp %{SOURCE1} .
%patch13 -p1 -b .noabort
%patch14 -p1 -b .fclose
%patch15 -p1 -b .clear-nojobs
+%patch16 -p1 -b .dst
%build
# patch9 touches configure.in
@@ -176,6 +176,10 @@ chown daemon:daemon %{_localstatedir}/spool/at/.SEQ
%attr(0644,root,root) /%{_unitdir}/atd.service
%changelog
+* Wed Mar 23 2016 Tomáš Mráz <tmraz@redhat.com> - 3.1.18-1
+- new upstream release
+- correct the DST correction when using UTC time specification (#1320322)
+
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.1.16-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
diff --git a/sources b/sources
index 117a254..16baf64 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d05da75d9b75d93917ffb16ab48b1e19 at_3.1.16.orig.tar.gz
+f67a7aab557cd5b4a1311079a08acebe at_3.1.18.orig.tar.gz