import UBI cronie-1.7.0-12.el10

.gitignore

@@ -1,2 +1 @@
-SOURCES/cronie-1.5.2.tar.gz
-/cronie-1.5.2.tar.gz
+cronie-1.7.0.tar.gz

0001-Add-random-within-range-operator.patch

@@ -1,369 +0,0 @@
-From 0f1704a0f8c5fd2a4da6f530694bdd93a7ca3226 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?=
- <35430604+opohorel@users.noreply.github.com>
-Date: Mon, 8 Nov 2021 16:20:09 +0100
-Subject: [PATCH] Add random within range '~' operator
-
-With the operator one can specify for a job a random time or date within
-a specified range for a field.
-The random value is generated when the crontab where the job is
-specified, is loaded.
----
- man/crontab.5 |   9 ++
- src/entry.c   | 262 ++++++++++++++++++++++++++++++++------------------
- 2 files changed, 176 insertions(+), 95 deletions(-)
-
-diff --git a/man/crontab.5 b/man/crontab.5
-index a011c89..ba8f0c3 100644
---- a/man/crontab.5
-+++ b/man/crontab.5
-@@ -199,6 +199,15 @@ hyphen.  The specified range is inclusive.  For example, 8-11 for
- an 'hours' entry specifies execution at hours 8, 9, 10, and 11. The first
- number must be less than or equal to the second one.
- .PP
-+Randomization of the execution time within a range can be used.
-+A random number within a range specified as two numbers separated with
-+a tilde is picked.  The specified range is inclusive.
-+For example, 6~15 for a 'minutes' entry picks a random minute
-+within 6 to 15 range.  The random number is picked when crontab file is parsed.
-+The first number must be less than or equal to the second one. You might omit
-+one or both of the numbers specifying the range.  For example, ~ for a 'minutes'
-+entry picks a random minute within 0 to 59 range.
-+.PP
- Lists are allowed.  A list is a set of numbers (or ranges) separated by
- commas.  Examples: "1,2,5,9", "0-4,8-12".
- .PP
-diff --git a/src/entry.c b/src/entry.c
-index 92b55f5..9276f47 100644
---- a/src/entry.c
-+++ b/src/entry.c
-@@ -62,9 +62,22 @@ static const char *ecodes[] = {
- 	"out of memory"
- };
- 
-+typedef enum {
-+	R_START,
-+	R_AST,
-+	R_STEP,
-+	R_TERMS,
-+	R_NUM1,
-+	R_RANGE,
-+	R_RANGE_NUM2,
-+	R_RANDOM,
-+	R_RANDOM_NUM2,
-+	R_FINISH,
-+} range_state_t;
-+
- static int get_list(bitstr_t *, int, int, const char *[], int, FILE *),
--get_range(bitstr_t *, int, int, const char *[], int, FILE *),
--get_number(int *, int, const char *[], int, FILE *, const char *),
-+get_range(bitstr_t *, int, int, const char *[], FILE *),
-+get_number(int *, int, const char *[], FILE *),
- set_element(bitstr_t *, int, int, int);
- 
- void free_entry(entry * e) {
-@@ -449,11 +462,14 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
- 	/* process all ranges
- 	 */
- 	done = FALSE;
-+	/* unget ch to allow get_range() to process it properly 
-+	 */
-+	unget_char(ch, file);
- 	while (!done) {
--		if (EOF == (ch = get_range(bits, low, high, names, ch, file)))
-+		if (EOF == (ch = get_range(bits, low, high, names, file)))
- 			return (EOF);
- 		if (ch == ',')
--			ch = get_char(file);
-+			continue;
- 		else
- 			done = TRUE;
- 	}
-@@ -468,137 +484,193 @@ get_list(bitstr_t * bits, int low, int high, const char *names[],
- 	return (ch);
- }
- 
-+inline static int is_separator(int ch) {
-+	switch (ch) {
-+		case '\t':
-+		case '\n':
-+		case ' ':
-+		case ',':
-+			return 1;
-+		default:
-+			return 0;
-+	}
-+}
-+
-+
- 
- static int
- get_range(bitstr_t * bits, int low, int high, const char *names[],
--	int ch, FILE * file) {
-+		FILE * file) {
- 	/* range = number | number "-" number [ "/" number ]
-+	 *         | [number] "~" [number]
- 	 */
-+	
-+	int ch, i, num1, num2, num3;
- 
--	int i, num1, num2, num3;
-+	/* default value for step
-+	 */
-+	num3 = 1;
-+	range_state_t state = R_START;
-+
-+	while (state != R_FINISH && ((ch = get_char(file)) != EOF)) {
-+		switch (state) {
-+			case R_START:
-+				if (ch == '*') {
-+					num1 = low;
-+					num2 = high;
-+					state = R_AST;
-+					break;
-+				}
-+				if (ch == '~') {
-+					num1 = low;
-+					state = R_RANDOM;
-+					break;
-+				}
-+				unget_char(ch, file);
-+				if (get_number(&num1, low, names, file) != EOF) {
-+					state = R_NUM1;
-+					break;
-+				}
-+				return (EOF);
- 
--	Debug(DPARS | DEXT, ("get_range()...entering, exit won't show\n"));
-+			case R_AST:
-+				if (ch == '/') {
-+					state = R_STEP;
-+					break;
-+				}
-+				if (is_separator(ch)) {
-+					state = R_FINISH;
-+					break;
-+				}
-+				return (EOF);
- 
--		if (ch == '*') {
--		/* '*' means "first-last" but can still be modified by /step
--		 */
--		num1 = low;
--		num2 = high;
--		ch = get_char(file);
--		if (ch == EOF)
--			return (EOF);
--	}
--	else {
--		ch = get_number(&num1, low, names, ch, file, ",- \t\n");
--		if (ch == EOF)
--			return (EOF);
-+			case R_STEP:
-+				if (get_number(&num3, 0, PPC_NULL, file) != EOF) {
-+					state = R_TERMS;
-+					break;
-+				}
-+				return (EOF);
- 
--		if (ch != '-') {
--			/* not a range, it's a single number.
--			 */
--			if (EOF == set_element(bits, low, high, num1)) {
--				unget_char(ch, file);
-+			case R_TERMS:
-+				if (is_separator(ch)) {
-+					state = R_FINISH;
-+					break;
-+				}
- 				return (EOF);
--			}
--			return (ch);
--		}
--		else {
--			/* eat the dash
--			 */
--			ch = get_char(file);
--			if (ch == EOF)
-+
-+			case R_NUM1:
-+				if (ch == '-') {
-+					state = R_RANGE;
-+					break;
-+				}
-+				if (ch == '~') {
-+					state = R_RANDOM;
-+					break;
-+				}
-+				if (is_separator(ch)) {
-+					num2 = num1;
-+					state = R_FINISH;
-+					break;
-+				}
- 				return (EOF);
- 
--			/* get the number following the dash
--			 */
--			ch = get_number(&num2, low, names, ch, file, "/, \t\n");
--			if (ch == EOF || num1 > num2)
-+			case R_RANGE:
-+				if (get_number(&num2, low, names, file) != EOF) {
-+					state = R_RANGE_NUM2;
-+					break;
-+				}
- 				return (EOF);
--		}
--	}
- 
--	/* check for step size
--	 */
--	if (ch == '/') {
--		/* eat the slash
--		 */
--		ch = get_char(file);
--		if (ch == EOF)
--			return (EOF);
-+			case R_RANGE_NUM2:
-+				if (ch == '/') {
-+					state = R_STEP;
-+					break;
-+				}
-+				if (is_separator(ch)) {
-+					state = R_FINISH;
-+					break;
-+				}
-+				return (EOF);
- 
--		/* get the step size -- note: we don't pass the
--		 * names here, because the number is not an
--		 * element id, it's a step size.  'low' is
--		 * sent as a 0 since there is no offset either.
--		 */
--		ch = get_number(&num3, 0, PPC_NULL, ch, file, ", \t\n");
--		if (ch == EOF || num3 == 0)
--			return (EOF);
--	}
--	else {
--		/* no step.  default==1.
--		 */
--		num3 = 1;
-+			case R_RANDOM:
-+				if (is_separator(ch)) {
-+					num2 = high;
-+					state = R_FINISH;
-+				}
-+				else if (unget_char(ch, file),
-+						get_number(&num2, low, names, file) != EOF) {
-+					state = R_TERMS;
-+				}
-+				/* fail if couldn't find match on previous term
-+				 */
-+				else
-+					return (EOF);
-+
-+				/* if invalid random range was selected */
-+				if (num1 > num2)
-+					return (EOF);
-+
-+				/* select random number in range <num1, num2>
-+				 */
-+				num1 = num2 = random() % (num2 - num1 + 1) + num1;
-+				break;
-+
-+
-+			default:
-+				/* We should never get here
-+				 */
-+				return (EOF);
-+		}
- 	}
-+	if (state != R_FINISH || ch == EOF)
-+		return (EOF);
- 
--	/* range. set all elements from num1 to num2, stepping
--	 * by num3.  (the step is a downward-compatible extension
--	 * proposed conceptually by bob@acornrc, syntactically
--	 * designed then implemented by paul vixie).
--	 */
- 	for (i = num1; i <= num2; i += num3)
- 		if (EOF == set_element(bits, low, high, i)) {
- 			unget_char(ch, file);
- 			return (EOF);
- 		}
--
--	return (ch);
-+	return ch;
- }
- 
- static int
--get_number(int *numptr, int low, const char *names[], int ch, FILE * file,
--	const char *terms) {
-+get_number(int *numptr, int low, const char *names[], FILE * file) {
- 	char temp[MAX_TEMPSTR], *pc;
--	int len, i;
-+	int len, i, ch;
-+	char *endptr;
- 
- 	pc = temp;
- 	len = 0;
- 
--	/* first look for a number */
--	while (isdigit((unsigned char) ch)) {
-+	/* get all alnum characters available */
-+	while (isalnum((ch = get_char(file)))) {
- 		if (++len >= MAX_TEMPSTR)
- 			goto bad;
- 		*pc++ = (char)ch;
--		ch = get_char(file);
- 	}
--	*pc = '\0';
--	if (len != 0) {
--		/* got a number, check for valid terminator */
--		if (!strchr(terms, ch))
--			goto bad;
--		*numptr = atoi(temp);
--		return (ch);
-+	if (len == 0)
-+		goto bad;
-+
-+	unget_char(ch, file);
-+
-+	/* try to get number */
-+	*numptr = (int) strtol(temp, &endptr, 10);
-+	if (*endptr == '\0' && temp != endptr) {
-+		/* We have a number */
-+		return 0;
- 	}
- 
- 	/* no numbers, look for a string if we have any */
- 	if (names) {
--		while (isalpha((unsigned char) ch)) {
--			if (++len >= MAX_TEMPSTR)
--				goto bad;
--			*pc++ = (char)ch;
--			ch = get_char(file);
--		}
--		*pc = '\0';
--		if (len != 0 && strchr(terms, ch)) {
--			for (i = 0; names[i] != NULL; i++) {
--				Debug(DPARS | DEXT,
--					("get_num, compare(%s,%s)\n", names[i], temp));
--					if (!strcasecmp(names[i], temp)) {
--					*numptr = i + low;
--					return (ch);
--				}
-+		for (i = 0; names[i] != NULL; i++) {
-+			Debug(DPARS | DEXT, ("get_num, compare(%s,%s)\n", names[i], temp));
-+			if (strcasecmp(names[i], temp) == 0) {
-+				*numptr = i + low;
-+				return 0;
- 			}
- 		}
-+	} else {
-+		goto bad;
- 	}
- 
-   bad:
--- 
-2.35.1
-

0001-Do-not-leak-file-descriptors-in-backup_crontab.patch

@@ -0,0 +1,64 @@
+From dd6426f80011aa83a6b43f3ea592a1052690bc09 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
+Date: Wed, 26 Jun 2024 16:08:44 +0200
+Subject: [PATCH] Do not leak file descriptors in backup_crontab
+
+Originally, if anything went wrong during the backup,
+the early return caused the crontab_file and possibly backup_file
+pointers to leak.
+
+Issue found by static scanner.
+---
+ src/crontab.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/src/crontab.c b/src/crontab.c
+index 5318e71..ec624c7 100644
+--- a/src/crontab.c
++++ b/src/crontab.c
+@@ -562,6 +562,7 @@ static int backup_crontab(const char *crontab_path) {
+ 	
+ 	if (swap_uids() == -1) {
+ 		perror("swapping uids");
++		(void) fclose(crontab_file);
+ 		exit(ERROR_EXIT);
+ 	}
+ 
+@@ -584,22 +585,29 @@ static int backup_crontab(const char *crontab_path) {
+ 	swapback:
+ 	if (swap_uids_back() < OK) {
+ 		perror("swapping uids back");
++		if (backup_file != NULL) {
++			(void) fclose(backup_file);
++		}
++		(void) fclose(crontab_file);
+ 		exit(ERROR_EXIT);
+ 	}
+ 
+ 	if (retval != 0)
+-		return retval;
++		goto cleanup;
+ 
+ 	if (EOF != ch)
+ 		while (EOF != (ch = get_char(crontab_file)))
+ 			putc(ch, backup_file);
+ 
+-	(void) fclose(crontab_file);
+-	(void) fclose(backup_file);
+-
+ 	printf("Backup of %s's previous crontab saved to %s\n", User, backup_path);
+ 
+-	return 0;
++cleanup:
++	if (backup_file != NULL) {
++		(void) fclose(backup_file);
++	}
++	(void) fclose(crontab_file);
++
++	return retval;
+ }
+ 
+ static void check_error(const char *msg) {
+-- 
+2.47.0
+

0001-crontab-Fix-backup-failure-when-cache-directory-mis.patch

@@ -0,0 +1,40 @@
+From 8ad9e9179ec806ec1031c94b218ae6ef9dc11c28 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= <opohorel@redhat.com>
+Date: Wed, 2 Jul 2025 11:58:41 +0200
+Subject: [PATCH] crontab: Fix backup failure when ~/.cache directory missing
+
+Create ~/.cache parent directory before creating ~/.cache/crontab backup
+directory to prevent "mkdir: No such file or directory" errors when users
+edit crontabs and their cache directory doesn't exist.
+---
+ src/crontab.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/crontab.c b/src/crontab.c
+index c11dc81..f6fae67 100644
+--- a/src/crontab.c
++++ b/src/crontab.c
+@@ -578,7 +578,20 @@ static int backup_crontab(const char *crontab_path) {
+ 		exit(ERROR_EXIT);
+ 	}
+ 
++	/* Try to create parent directory if needed */
+ 	if (stat(backup_dir, &sb) < OK && errno == ENOENT) {
++		char *last_slash = strrchr(backup_dir, '/');
++		if (last_slash && last_slash != backup_dir) {
++			char parent_dir[MAX_FNAME];
++			size_t parent_len = last_slash - backup_dir;
++			
++			if (parent_len < sizeof(parent_dir)) {
++				strncpy(parent_dir, backup_dir, parent_len);
++				parent_dir[parent_len] = '\0';
++				mkdir(parent_dir, 0755);
++			}
++		}
++
+ 		if (OK != mkdir(backup_dir, 0755)) {
+ 			fprintf(stderr, "%s: ", backup_dir);
+ 			perror("mkdir");
+-- 
+2.50.1
+

0002-get_number-Add-missing-NUL-termination-for-the-scann.patch

@@ -1,25 +0,0 @@
-From 07bf4b9037de19b580cfa24f5ad023b56725b285 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Wed, 5 Jan 2022 19:17:18 +0100
-Subject: [PATCH 2/4] get_number: Add missing NUL termination for the scanned
- string
-
----
- src/entry.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/entry.c b/src/entry.c
-index f2bb717..15ce9b5 100644
---- a/src/entry.c
-+++ b/src/entry.c
-@@ -666,6 +666,7 @@ get_number(int *numptr, int low, const char *names[], FILE * file) {
- 			goto bad;
- 		*pc++ = (char)ch;
- 	}
-+	*pc = '\0';
- 	if (len == 0)
- 		goto bad;
- 
--- 
-2.35.1
-

0003-Fix-regression-in-handling-x-crontab-entries.patch

@@ -1,28 +0,0 @@
-From 299ef06ea4371afa97301cec64dc8f21c4f7b11b Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Tue, 22 Mar 2022 14:35:48 +0100
-Subject: [PATCH 3/4] Fix regression in handling */x crontab entries
-
-Fixes #102
----
- src/entry.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/entry.c b/src/entry.c
-index 15ce9b5..e9e258b 100644
---- a/src/entry.c
-+++ b/src/entry.c
-@@ -563,7 +563,9 @@ get_range(bitstr_t * bits, int low, int high, const char *names[],
- 				return (EOF);
- 
- 			case R_STEP:
--				if (get_number(&num3, 0, PPC_NULL, file) != EOF) {
-+				unget_char(ch, file);
-+				if (get_number(&num3, 0, PPC_NULL, file) != EOF
-+				    && num3 != 0) {
- 					state = R_TERMS;
- 					break;
- 				}
--- 
-2.35.1
-

0004-Fix-regression-in-handling-1-5-crontab-entries.patch

@@ -1,24 +0,0 @@
-From 62e53f1cdb9c1e12a01ee7814c92cd937d50328d Mon Sep 17 00:00:00 2001
-From: w30023233 <wangyuhang27@huawei.com>
-Date: Wed, 23 Mar 2022 15:40:01 +0800
-Subject: [PATCH 4/4] Fix regression in handling 1-5 crontab entries
-
----
- src/entry.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/entry.c b/src/entry.c
-index e9e258b..bb7cb62 100644
---- a/src/entry.c
-+++ b/src/entry.c
-@@ -595,6 +595,7 @@ get_range(bitstr_t * bits, int low, int high, const char *names[],
- 				return (EOF);
- 
- 			case R_RANGE:
-+				unget_char(ch, file);
- 				if (get_number(&num2, low, names, file) != EOF) {
- 					state = R_RANGE_NUM2;
- 					break;
--- 
-2.35.1
-

cronie-1.5.2-context-role.patch

@@ -1,41 +0,0 @@
-From 1f866530f5b3c49012c61b299f3c4e1dceff2a71 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 18 Oct 2018 14:25:58 +0200
-Subject: [PATCH] Use the role from the crond context for system job contexts.
-
-New SELinux policy added multiple roles for the system_u user on crond_t.
-The default context returned from get_default_context_with_level() is now
-unconfined_t instead of system_cronjob_t which is incorrect for system cron
-jobs.
-We use the role to limit the default context to system_cronjob_t.
----
- src/security.c | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/security.c b/src/security.c
-index d1bdc7f..5213cf3 100644
---- a/src/security.c
-+++ b/src/security.c
-@@ -505,6 +505,7 @@ get_security_context(const char *name, int crontab_fd,
- 		retval = get_default_context_with_level(seuser, level, NULL, &scontext);
- 	}
- 	else {
-+		const char *current_user, *current_role;
- 		if (getcon(&current_context_str) < 0) {
- 			log_it(name, getpid(), "getcon FAILED", "", 0);
- 			return (security_getenforce() > 0);
-@@ -517,8 +518,9 @@ get_security_context(const char *name, int crontab_fd,
- 			return (security_getenforce() > 0);
- 		}
- 
--		const char *current_user = context_user_get(current_context);
--		retval = get_default_context_with_level(current_user, level, NULL, &scontext);
-+		current_user = context_user_get(current_context);
-+		current_role = context_role_get(current_context);
-+		retval = get_default_context_with_rolelevel(current_user, current_role, level, NULL, &scontext);
- 
- 		freecon(current_context_str);
- 		context_free(current_context);
--- 
-2.14.5
-

cronie-1.5.2-create-pid-files.patch

@@ -1,26 +0,0 @@
-From 0570c2cd979bc9ce1da6a873089e89dbca900a1f Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Tue, 7 May 2019 14:45:53 +0200
-Subject: [PATCH] Revert "Avoid creating pid files when crond doesn't fork"
-
-This reverts commit 5b285b46b88dc63689c6a56542cb2ba81f861b66.
-The PID file is useful to avoid running multiple crond instances
-at once.
----
- src/misc.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/misc.c b/src/misc.c
-index 42153b8..faf6ffb 100644
---- a/src/misc.c
-+++ b/src/misc.c
-@@ -315,9 +315,6 @@ void acquire_daemonlock(int closeflag) {
- 		return;
- 	}
- 
--	if (NoFork == 1)
--		return; //move along, nothing to do here...
--
- 	if (fd == -1) {
- 		pidfile = _PATH_CRON_PID;
- 		/* Initial mode is 0600 to prevent flock() race/DoS. */

cronie-1.5.2-restart-on-failure.patch

@@ -1,13 +0,0 @@
-diff -ru cronie-1.5.2/contrib/cronie.systemd cronie-1.5.2_patched/contrib/cronie.systemd
---- cronie-1.5.2/contrib/cronie.systemd	2018-11-27 15:26:46.797288342 +0100
-+++ cronie-1.5.2_patched/contrib/cronie.systemd	2018-11-27 15:26:19.479159225 +0100
-@@ -7,6 +7,8 @@
- ExecStart=/usr/sbin/crond -n $CRONDARGS
- ExecReload=/bin/kill -HUP $MAINPID
- KillMode=process
-+Restart=on-failure
-+RestartSec=30s
- 
- [Install]
- WantedBy=multi-user.target
-

cronie-1.5.2-use-pam-system-auth.patch

@@ -1,26 +0,0 @@
-From 978a00ea7ac92852c153ebb3b2152886730ca51c Mon Sep 17 00:00:00 2001
-From: Marcel Plch <mplch@redhat.com>
-Date: Fri, 7 Dec 2018 15:01:19 +0100
-Subject: [PATCH] Use system-auth instead of password-auth for PAM
- authentication (#25)
-
----
- pam/crond | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/pam/crond b/pam/crond
-index 91964aa..560529d 100644
---- a/pam/crond
-+++ b/pam/crond
-@@ -4,8 +4,8 @@
- #
- # Although no PAM authentication is called, auth modules
- # are used for credential setting
--auth       include    password-auth
-+auth       include    system-auth
- account    required   pam_access.so
--account    include    password-auth
-+account    include    system-auth
- session    required   pam_loginuid.so
--session    include    password-auth
-+session    include    system-auth

cronie.spec

@@ -1,3 +1,13 @@
+## START: Set by rpmautospec
+## (rpmautospec version 0.6.5)
+## RPMAUTOSPEC: autorelease, autochangelog
+%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
+    release_number = 12;
+    base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
+    print(release_number + base_release_number - 1);
+}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
+## END: Set by rpmautospec
+
 %bcond_without selinux
 %bcond_without pam
 %bcond_without audit
@@ -5,13 +15,29 @@
 
 Summary:   Cron daemon for executing programs at set times
 Name:      cronie
-Version:   1.5.2
-Release:   10%{?dist}
-License:   MIT and BSD and ISC and GPLv2+
-Group:     System Environment/Base
+Version:   1.7.0
+Release:   %autorelease
+License:   GPL-2.0-or-later AND BSD-3-Clause AND BSD-2-Clause AND ISC AND LGPL-2.1-or-later
 URL:       https://github.com/cronie-crond/cronie
 Source0:   https://github.com/cronie-crond/cronie/releases/download/cronie-%{version}/cronie-%{version}.tar.gz
 
+# https://github.com/cronie-crond/cronie/pull/163
+Patch:     n_option_wait_on_finnishing_grandchild_process.patch
+
+# https://github.com/cronie-crond/cronie/pull/184
+Patch:     0001-Do-not-leak-file-descriptors-in-backup_crontab.patch
+
+# https://github.com/cronie-crond/cronie/pull/161
+Patch:     re-introduce-the-test-for-existence-of-file.patch
+
+# https://github.com/cronie-crond/cronie/pull/200
+# https://github.com/cronie-crond/cronie/pull/201
+Patch:     fix-range-parsing.patch
+Patch:     move_parsing_code.patch
+
+# https://github.com/cronie-crond/cronie/pull/206
+Patch:     0001-crontab-Fix-backup-failure-when-cache-directory-mis.patch
+
 Requires:  dailyjobs
 
 %if %{with selinux}
@@ -28,34 +54,17 @@ Buildrequires: audit-libs-devel >= 1.4.1
 
 BuildRequires:    gcc
 BuildRequires:    systemd
+BuildRequires:    make
 Obsoletes:        %{name}-sysvinit
 
 Requires(post):   coreutils sed
-Requires(post):   systemd
-Requires(preun):  systemd
-Requires(postun): systemd
-Requires(post):   systemd
 
-# Some parts of code could result in a memory leak.
-Patch0:     fix-memory-leaks.patch
-# Some parts of code could result in undefined behavior.
-Patch1:     fix-unsafe-code.patch
-# Use correct selinux role
-Patch2:     cronie-1.5.2-context-role.patch
-# Make systemd restart crond when it fails.
-Patch3:     cronie-1.5.2-restart-on-failure.patch
-# Revert "Avoid creating pid files when crond doesn't fork"
-Patch4:     cronie-1.5.2-create-pid-files.patch
-# Use system-auth in PAM (rhbz#2005526)
-Patch5:     cronie-1.5.2-use-pam-system-auth.patch
-# Add support for "~" ("random within range") + regression fixing patches (rhbz#1832510)
-Patch6:     0001-Add-random-within-range-operator.patch
-Patch7:     0002-get_number-Add-missing-NUL-termination-for-the-scann.patch
-Patch8:     0003-Fix-regression-in-handling-x-crontab-entries.patch
-Patch9:     0004-Fix-regression-in-handling-1-5-crontab-entries.patch
-# Optimization to close fds from /proc/self/fd in case of high nofile limit after fork
-# https://github.com/cronie-crond/cronie/commit/e3682c7135b9176b60d226c60ee4e78cf1ab711b
-Patch10:     optimization_to_close_fds.patch
+%if 0%{?fedora} && 0%{?fedora} < 28 || 0%{?rhel} && 0%{?rhel} < 8
+%{?systemd_requires}
+%else
+%{?systemd_ordering} # does not exist on Fedora27/RHEL7
+%endif
+
 
 %description
 Cronie contains the standard UNIX daemon crond that runs specified programs at
@@ -66,7 +75,6 @@ SELinux.
 %package anacron
 Summary:   Utility for running regular jobs
 Requires:  crontabs
-Group:     System Environment/Base
 Provides:  dailyjobs
 Provides:  anacron = 2.4
 Obsoletes: anacron <= 2.3
@@ -86,7 +94,6 @@ for better utilization of resources shared among multiple systems.
 
 %package noanacron
 Summary:   Utility for running simple regular jobs in old cron style
-Group:     System Environment/Base
 Provides:  dailyjobs
 Requires:  crontabs
 Requires:  %{name} = %{version}-%{release}
@@ -96,19 +103,7 @@ Old style of running {hourly,daily,weekly,monthly}.jobs without anacron. No
 extra features.
 
 %prep
-%setup -q
-
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
-%patch10 -p1
+%autosetup -p1
 
 %build
 %configure \
@@ -128,10 +123,10 @@ extra features.
 --enable-pie \
 --enable-relro
 
-make %{?_smp_mflags} V=2
+%make_build V=2
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT DESTMAN=$RPM_BUILD_ROOT%{_mandir}
+%make_install DESTMAN=$RPM_BUILD_ROOT%{_mandir}
 mkdir -pm700 $RPM_BUILD_ROOT%{_localstatedir}/spool/cron
 mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/
 mkdir -pm755 $RPM_BUILD_ROOT%{_sysconfdir}/cron.d/
@@ -153,17 +148,16 @@ touch $RPM_BUILD_ROOT/var/spool/anacron/cron.monthly
 install -m 644 contrib/dailyjobs $RPM_BUILD_ROOT/%{_sysconfdir}/cron.d/dailyjobs
 
 # install systemd initscript
-mkdir -p $RPM_BUILD_ROOT/lib/systemd/system/
-install -m 644 contrib/cronie.systemd $RPM_BUILD_ROOT/lib/systemd/system/crond.service
+install -m 644 -D contrib/cronie.systemd $RPM_BUILD_ROOT/usr/lib/systemd/system/crond.service
 
 %post
 # run after an installation
 %systemd_post crond.service
 
 %post anacron
-[ -e /var/spool/anacron/cron.daily ] || touch /var/spool/anacron/cron.daily 2>/dev/null || :
-[ -e /var/spool/anacron/cron.weekly ] || touch /var/spool/anacron/cron.weekly 2>/dev/null || :
-[ -e /var/spool/anacron/cron.monthly ] || touch /var/spool/anacron/cron.monthly 2>/dev/null || :
+[ -e /var/spool/anacron/cron.daily ] || install -m 0600 -D /dev/null /var/spool/anacron/cron.daily 2>/dev/null || :
+[ -e /var/spool/anacron/cron.weekly ] || install -m 0600 -D /dev/null /var/spool/anacron/cron.weekly 2>/dev/null || :
+[ -e /var/spool/anacron/cron.monthly ] || install -m 0600 -D /dev/null /var/spool/anacron/cron.monthly 2>/dev/null || :
 
 %preun
 # run before a package is removed
@@ -220,7 +214,7 @@ exit 0
 %config(noreplace) %{_sysconfdir}/sysconfig/crond
 %config(noreplace,missingok) %{_sysconfdir}/cron.deny
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/0hourly
-%attr(0644,root,root) /lib/systemd/system/crond.service
+%attr(0644,root,root) /usr/lib/systemd/system/crond.service
 
 %files anacron
 %{_sbindir}/anacron
@@ -237,42 +231,122 @@ exit 0
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs
 
 %changelog
-* Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-10
-- Bump release because of CI issues
-- Related: RHEL-2609
+## START: Generated by rpmautospec
+* Tue Aug 12 2025 Ondřej Pohořelský <opohorel@redhat.com> - 1.7.0-12
+- Crontab fix backup failure
 
-* Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-9
-- Add `optimization_to_close_fds.patch`
-- Resolves: RHEL-2609
+* Wed May 14 2025 Ondřej Pohořelský <opohorel@redhat.com> - 1.7.0-11
+- Move parsing code before separator check
 
-* Mon Jul 11 2022 Jan Staněk <jstanek@redhat.com> - 1.5.2-8
+* Wed Apr 23 2025 Ondřej Pohořelský <opohorel@redhat.com> - 1.7.0-10
+- Fix range parsing
+
+* Wed Dec 11 2024 Ondřej Pohořelský <opohorel@redhat.com> - 1.7.0-9
+- Reintroduce file existence check and fix timestamp file permissions
+
+* Wed Nov 06 2024 Ondřej Pohořelský <opohorel@redhat.com> - 1.7.0-8
+- Resolve RHEL SAST issues
+
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.7.0-7
+- Bump release for October 2024 mass rebuild:
+
+* Thu Aug 01 2024 Jakub Heger <jheger@redhat.com> - 1.7.0-6
+- Setup gating for c10s
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.7.0-5
+- Bump release for June 2024 mass rebuild
+
+* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Tue Jan 02 2024 Ondřej Pohořelský <opohorel@redhat.com> - 1.7.0-2
+- Adds -n option: wait on finnishing grandchild process
+
+* Tue Oct 17 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.7.0-1
+- update to 1.7.0
+
+* Fri Oct 06 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.6.1-9
+- Add -n option for crontab entries
+
+* Fri Oct 06 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.6.1-8
+- Fixes indentation for one BuildRequire
+
+* Mon Sep 11 2023 Jan Staněk <jstanek@redhat.com> - 1.6.1-6
+- Migrated to SPDX license
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jun 28 2022 Jan Staněk <jstanek@redhat.com> - 1.6.1-2
 - Set 'missingok' for /etc/cron.deny to not recreate it on update
 
-* Mon May 02 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-7
- - Add support for "~" ("random within range") 
-  Resolves: rhbz#1832510
- 
-* Mon Sep 20 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-6
-- Use system-auth for PAM authentication
-  Resolves: rhbz#2005526
+* Mon May 02 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.6.1-1
+- New upstream release 1.6.1
 
-* Fri Sep 03 2021 Jan Staněk <jstanek@redhat.com> - 1.5.2-5
-- Create PID files even when crond does not fork
-  Resolves: rhbz#1926300
+* Tue Mar 22 2022 Ondřej Pohořelský <opohorel@redhat.com> - 1.6.0-1
+- New upstream release 1.6.0
 
-* Wed Jun 12 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-4
-- Make crond restart on failure
-- Resolves: rhbz#1715137
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.7-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 
-* Mon May 20 2019 Marcel Plch <mplch@redhat.com> - 1.5.2-3
-- use role from the current context for system crontabs
-- Resolves: rhbz#1708557
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 
-* Fri Sep 07 2018 Marcel Plch <mplch@redhat.com> - 1.5.2-2
-- Covscan issues review
-- Fix potential memory leaks
-- Fix unsafe code
-- Resolves: rhbz#1602467
+* Fri Apr 30 2021 Jan Staněk <jstanek@redhat.com> - 1.5.7-2
+- Address issues found by static scanners
+
+* Mon Mar 29 2021 Tomáš Mráz <tmraz@fedoraproject.org> - 1.5.7-1
+- new upstream release 1.5.7 with bug fixes and enhancements
+
+* Wed Mar 17 2021 Tomáš Mráz <tmraz@fedoraproject.org> - 1.5.6-1
+- new upstream release 1.5.6 with bug fixes and enhancements
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.5.5-3
+- Use make macros
+- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Oct 31 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.5-1
+- new upstream release 1.5.5 with multiple bug fixes and improvements
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Mon Mar 18 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.4-1
+- new upstream release 1.5.4 with regression fix
+
+* Fri Mar 15 2019 Tomáš Mráz <tmraz@redhat.com> - 1.5.3-1
+- new upstream release 1.5.3 fixing CVE-2019-9704 and CVE-2019-9705
+
+* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Fri Nov 30 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-4
+- Do not hard-require systemd as crond is used in containers without
+  systemd (#1654659)
+
+* Wed Oct 31 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-3
+- use role from the current context for system crontabs (#1639381)
+
+* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
 * Thu May  3 2018 Tomáš Mráz <tmraz@redhat.com> - 1.5.2-1
 - new upstream release 1.5.2
@@ -576,3 +650,5 @@ exit 0
 * Tue Jan  8 2008 Marcela Maslanova <mmaslano@redhat.com> - 1.0-1
 - packaging cronie
 - thank's for help with packaging to my reviewers
+
+## END: Generated by rpmautospec

fix-memory-leaks.patch

@@ -1,140 +0,0 @@
-diff -ru cronie-1.5.2/anacron/readtab.c cronie-1.5.2_patched/anacron/readtab.c
---- cronie-1.5.2/anacron/readtab.c	2017-09-14 13:53:21.000000000 +0200
-+++ cronie-1.5.2_patched/anacron/readtab.c	2018-09-07 15:13:17.752498050 +0200
-@@ -134,8 +134,19 @@
- 
-     var_len = (int)strlen(env_var);
-     val_len = (int)strlen(value);
-+    if (!var_len) {
-+        return;
-+    }
-+
-     er = obstack_alloc(&tab_o, sizeof(env_rec));
-+    if (er == NULL) {
-+        die_e("Cannot allocate memory.");
-+    }
-+
-     er->assign = obstack_alloc(&tab_o, var_len + 1 + val_len + 1);
-+    if (er->assign == NULL) {
-+        die_e("Cannot allocate memory.");
-+    }
-     strcpy(er->assign, env_var);
-     er->assign[var_len] = '=';
-     strcpy(er->assign + var_len + 1, value);
-@@ -167,15 +178,24 @@
- 	return;
-     }
-     jr = obstack_alloc(&tab_o, sizeof(job_rec));
-+    if (jr == NULL) {
-+        die_e("Cannot allocate memory.");
-+    }
-     jr->period = period;
-     jr->named_period = 0;
-     delay += random_number;
-     jr->delay = delay;
-     jr->tab_line = line_num;
-     jr->ident = obstack_alloc(&tab_o, ident_len + 1);
-+    if (jr->ident == NULL) {
-+        die_e("Cannot allocate memory.");
-+    }
-     strcpy(jr->ident, ident);
-     jr->arg_num = job_arg_num(ident);
-     jr->command = obstack_alloc(&tab_o, command_len + 1);
-+    if (jr->command == NULL) {
-+        die_e("Cannot allocate memory.");
-+    }
-     strcpy(jr->command, command);
-     jr->job_pid = jr->mailer_pid = 0;
-     if (last_job_rec != NULL) last_job_rec->next = jr;
-@@ -208,6 +228,9 @@
-     }
- 
-     jr = obstack_alloc(&tab_o, sizeof(job_rec));
-+    if (jr == NULL) {
-+        die_e("Cannot allocate memory.");
-+    }
-     if (!strncmp ("@monthly", periods, 8)) {
- 		jr->named_period = 1;
-     } else if (!strncmp("@yearly", periods, 7) || !strncmp("@annually", periods, 9) || !strncmp(/* backwards compat misspelling */"@annualy", periods, 8)) {
-@@ -225,9 +248,15 @@
-     jr->delay = delay;
-     jr->tab_line = line_num;
-     jr->ident = obstack_alloc(&tab_o, ident_len + 1);
-+    if (jr->ident == NULL) {
-+        die_e("Cannot allocate memory.");
-+    }
-     strcpy(jr->ident, ident);
-     jr->arg_num = job_arg_num(ident);
-     jr->command = obstack_alloc(&tab_o, command_len + 1);
-+    if (jr->command == NULL) {
-+        die_e("Cannot allocate memory.");
-+    }
-     strcpy(jr->command, command);
-     jr->job_pid = jr->mailer_pid = 0;
-     if (last_job_rec != NULL) last_job_rec->next = jr;
-diff -ru cronie-1.5.2/anacron/runjob.c cronie-1.5.2_patched/anacron/runjob.c
---- cronie-1.5.2/anacron/runjob.c	2018-01-24 17:02:33.000000000 +0100
-+++ cronie-1.5.2_patched/anacron/runjob.c	2018-09-07 15:13:17.752498050 +0200
-@@ -104,9 +104,44 @@
- static void
- xputenv(const char *s)
- {
--    char *copy = strdup (s);
--    if (!copy) die_e("Not enough memory to set the environment");
--    if (putenv(copy)) die_e("Can't set the environment");
-+    char *name = NULL, *val = NULL;
-+    char *eq_ptr;
-+    const char *errmsg;
-+    size_t eq_index;
-+
-+    if (s == NULL) {
-+        die_e("Invalid environment string");
-+    }
-+
-+    eq_ptr = strchr(s, '=');
-+    if (eq_ptr == NULL) {
-+        die_e("Invalid environment string");
-+    }
-+
-+    eq_index = (size_t) (eq_ptr - s);
-+
-+    name = malloc((eq_index + 1) * sizeof(char));
-+    if (name == NULL) {
-+        die_e("Not enough memory to set the environment");
-+    }
-+
-+    val = malloc((strlen(s) - eq_index) * sizeof(char));
-+    if (val == NULL) {
-+        die_e("Not enough memory to set the environment");
-+    }
-+
-+    strncpy(name, s, eq_index);
-+    name[eq_index] = '\0';
-+    strcpy(val, s + eq_index + 1);
-+
-+    if (setenv(name, val, 1)) {
-+        die_e("Can't set the environment");
-+    }
-+
-+    free(name);
-+    free(val);
-+    return;
-+
- }
- 
- static void
-diff -ru cronie-1.5.2/src/entry.c cronie-1.5.2_patched/src/entry.c
---- cronie-1.5.2/src/entry.c	2017-09-14 13:53:21.000000000 +0200
-+++ cronie-1.5.2_patched/src/entry.c	2018-09-07 15:13:17.752498050 +0200
-@@ -131,8 +131,10 @@
- 			goto eof;
- 		}
- 		ch = get_char(file);
--		if (ch == EOF)
-+		if (ch == EOF) {
-+			free(e);
- 			return NULL;
-+		}
- 	}
- 
- 	if (ch == '@') {

fix-range-parsing.patch

@@ -0,0 +1,26 @@
+From d037042129eacdd9d7760d74437842ee5a2d116e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= <opohorel@redhat.com>
+Date: Tue, 11 Mar 2025 15:12:38 +0100
+Subject: [PATCH] get_range() fix range parsing for Sunday as 0 or 7
+
+In fc8b0e5, we changed how the ranges are parsed. This created a
+regression for parsing Sunday at the end of the range. This commit adds
+the logic to correctly handle Sunday as the end of the range.
+---
+ src/entry.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/entry.c b/src/entry.c
+index a2077e8..30bedb3 100644
+--- a/src/entry.c
++++ b/src/entry.c
+@@ -642,6 +642,9 @@ get_range(bitstr_t * bits, int low, int high, const char *names[],
+ 					state = R_FINISH;
+ 					break;
+ 				}
++				if (low_ > high_ && high_ == 0) {
++					high_ = 7;
++				}
+ 				return (EOF);
+ 
+ 			case R_RANDOM:

fix-unsafe-code.patch

@@ -1,117 +0,0 @@
-diff -ru cronie-1.5.2/src/cronnext.c cronie-1.5.2_patched/src/cronnext.c
---- cronie-1.5.2/src/cronnext.c	2018-05-03 18:41:12.000000000 +0200
-+++ cronie-1.5.2_patched/src/cronnext.c	2018-09-07 15:17:54.555924440 +0200
-@@ -71,13 +71,13 @@
- /*
-  * print entry flags
-  */
--char *flagname[]= {
--	[MIN_STAR] =	"MIN_STAR",
--	[HR_STAR] =	"HR_STAR",
--	[DOM_STAR] =	"DOM_STAR",
--	[DOW_STAR] =	"DOW_STAR",
--	[WHEN_REBOOT] =	"WHEN_REBOOT",
--	[DONT_LOG] =	"DONT_LOG"
-+const char *flagname[]= {
-+	"MIN_STAR",
-+	"HR_STAR",
-+	"DOM_STAR",
-+	"DOW_STAR",
-+	"WHEN_REBOOT",
-+	"DONT_LOG"
- };
- 
- void printflags(char *indent, int flags) {
-@@ -85,8 +85,8 @@
- 	int first = 1;
- 
- 	printf("%s    flagnames:", indent);
--	for (f = 1; f < sizeof(flagname);  f = f << 1)
--		if (flags & f) {
-+	for (f = 0; f < sizeof(flagname)/sizeof(char *);  f++)
-+		if (flags & (int)1 << f) {
- 			printf("%s%s", first ? " " : "|", flagname[f]);
- 			first = 0;
- 		}
-diff -ru cronie-1.5.2/src/do_command.c cronie-1.5.2_patched/src/do_command.c
---- cronie-1.5.2/src/do_command.c	2017-09-14 13:53:21.000000000 +0200
-+++ cronie-1.5.2_patched/src/do_command.c	2018-09-07 15:17:54.555924440 +0200
-@@ -418,7 +418,7 @@
- 			if (mailto && safe_p(usernm, mailto)
- 				&& strncmp(MailCmd,"off",3) && !SyslogOutput) {
- 				char **env;
--				char mailcmd[MAX_COMMAND];
-+				char mailcmd[MAX_COMMAND+1]; /* +1 for terminator */
- 				char hostname[MAXHOSTNAMELEN];
- 				char *content_type = env_get("CONTENT_TYPE", jobenv),
- 					*content_transfer_encoding =
-@@ -434,7 +434,7 @@
- 					}
- 				}
- 				else {
--					strncpy(mailcmd, MailCmd, MAX_COMMAND);
-+					strncpy(mailcmd, MailCmd, MAX_COMMAND+1);
- 				}
- 				if (!(mail = cron_popen(mailcmd, "w", e->pwd, jobenv))) {
- 					perror(mailcmd);
-diff -ru cronie-1.5.2/src/env.c cronie-1.5.2_patched/src/env.c
---- cronie-1.5.2/src/env.c	2017-09-14 13:53:21.000000000 +0200
-+++ cronie-1.5.2_patched/src/env.c	2018-09-07 15:17:54.554924435 +0200
-@@ -63,7 +63,7 @@
- 		for (i = 0; i < count; i++)
- 			if ((p[i] = strdup(envp[i])) == NULL) {
- 				save_errno = errno;
--				while (--i >= 0)
-+				while (i-- > 0)
- 					free(p[i]);
- 				free(p);
- 				errno = save_errno;
-@@ -263,7 +263,9 @@
- 	}
- 	if (state != FINI && state != EQ2 && !(state == VALUE && !quotechar)) {
- 		Debug(DPARS, ("load_env, not an env var, state = %d\n", state));
--			fseek(f, filepos, 0);
-+			if (fseek(f, filepos, 0)) {
-+                return ERR;
-+           }
- 		Set_LineNum(fileline);
- 		return (FALSE);
- 	}
-diff -ru cronie-1.5.2/src/globals.h cronie-1.5.2_patched/src/globals.h
---- cronie-1.5.2/src/globals.h	2017-01-17 16:53:50.000000000 +0100
-+++ cronie-1.5.2_patched/src/globals.h	2018-09-07 15:17:54.555924440 +0200
-@@ -77,7 +77,7 @@
- XTRN time_t	StartTime;
- XTRN int	NoFork;
- XTRN int        PermitAnyCrontab;
--XTRN char       MailCmd[MAX_COMMAND];
-+XTRN char       MailCmd[MAX_COMMAND+1]; /* +1 for terminator */
- XTRN char       cron_default_mail_charset[MAX_ENVSTR];
- XTRN int        EnableClustering;
- XTRN int	ChangePath;
-diff -ru cronie-1.5.2/src/security.c cronie-1.5.2_patched/src/security.c
---- cronie-1.5.2/src/security.c	2017-09-14 13:29:47.000000000 +0200
-+++ cronie-1.5.2_patched/src/security.c	2018-09-07 15:17:54.554924435 +0200
-@@ -417,7 +417,7 @@
- 		}
- 	}
- 
--	if (strcmp(u->scontext, ucontext)) {
-+	if (!ucontext || strcmp(u->scontext, ucontext)) {
- 		if (!cron_authorize_range(u->scontext, ucontext)) {
- 			if (security_getenforce() > 0) {
- # ifdef WITH_AUDIT
-diff -ru cronie-1.5.2/src/user.c cronie-1.5.2_patched/src/user.c
---- cronie-1.5.2/src/user.c	2017-01-17 16:53:50.000000000 +0100
-+++ cronie-1.5.2_patched/src/user.c	2018-09-07 15:17:54.555924440 +0200
-@@ -44,6 +44,10 @@
- free_user (user * u) {
- 	entry *e, *ne;
- 
-+	if (!u) {
-+		return;
-+	}
-+
- 	free(u->name);
- 	free(u->tabname);
- 	for (e = u->crontab; e != NULL; e = ne)	{

gating.yaml

@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier1.functional}

move_parsing_code.patch

@@ -0,0 +1,36 @@
+From e6c2853856c3103a4add4c3673b3306cc21d341e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= <opohorel@redhat.com>
+Date: Wed, 7 May 2025 13:25:19 +0200
+Subject: [PATCH] get_range() move parsing code before separator check
+
+In the previous commit the parsing fix was added after a separator check
+by accident, making it not execute properly. This commit moves it into the
+right place.
+---
+ src/entry.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/entry.c b/src/entry.c
+index 30bedb3..da1a02c 100644
+--- a/src/entry.c
++++ b/src/entry.c
+@@ -638,13 +638,13 @@ get_range(bitstr_t * bits, int low, int high, const char *names[],
+ 					state = R_STEP;
+ 					break;
+ 				}
++				if (low_ > high_ && high_ == 0) {
++					high_ = 7;
++				}
+ 				if (is_separator(ch)) {
+ 					state = R_FINISH;
+ 					break;
+ 				}
+-				if (low_ > high_ && high_ == 0) {
+-					high_ = 7;
+-				}
+ 				return (EOF);
+ 
+ 			case R_RANDOM:
+-- 
+2.49.0
+

n_option_wait_on_finnishing_grandchild_process.patch

@@ -0,0 +1,25 @@
+From 5cf85f8cbb816ff1df5b317d6f8559b67e1993dd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= <opohorel@redhat.com>
+Date: Wed, 25 Oct 2023 10:58:46 +0200
+Subject: [PATCH] -n option: wait on finnishing grandchild process
+
+With `WNOHANG` we skip sending the email when waitpid() returns 0,
+which happens if the process is still running. Instead, using `0`
+parameter will wait for the process to actually stop running.
+---
+ src/do_command.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/do_command.c b/src/do_command.c
+index d7ca840..2ada913 100644
+--- a/src/do_command.c
++++ b/src/do_command.c
+@@ -579,7 +579,7 @@ static int child_process(entry * e, char **jobenv) {
+ 			if (mail && e->flags & MAIL_WHEN_ERR) {
+ 				int jobstatus = -1;
+ 				if (jobpid > 0) {
+-					while (waitpid(jobpid, &jobstatus, WNOHANG) == -1) {
++					while (waitpid(jobpid, &jobstatus, 0) == -1) {
+ 						if (errno == EINTR) continue;
+ 						log_it("CRON", getpid(), "error", "invalid job pid", errno);
+ 						break;

optimization_to_close_fds.patch

@@ -1,40 +0,0 @@
---- ./src/do_command.c	2023-09-07 09:40:32.016272074 +0200
-+++ ./src/do_command.c	2023-09-07 09:43:04.938995232 +0200
-@@ -30,6 +30,7 @@
- #include <string.h>
- #include <sys/wait.h>
- #include <unistd.h>
-+#include <dirent.h>
- 
- #include "externs.h"
- #include "funcs.h"
-@@ -239,10 +240,26 @@
- 		{
- 			char *shell = env_get("SHELL", jobenv);
- 			int fd, fdmax = getdtablesize();
-+			DIR *dir;
-+			struct dirent *dent;
- 
--			/* close all unwanted open file descriptors */
--			for(fd = STDERR + 1; fd < fdmax; fd++) {
--				close(fd);
-+			/*
-+			 * if /proc is mounted, we can optimize what fd can be closed,
-+			 * but if it isn't available, fall back to the previous behavior.
-+			 */
-+			if ((dir = opendir("/proc/self/fd")) != NULL) {
-+				while ((dent = readdir(dir)) != NULL) {
-+					if (!strcmp(dent->d_name, ".") || !strcmp(dent->d_name, ".."))
-+						continue;
-+					fd = atoi(dent->d_name);
-+					if (fd > STDERR_FILENO)
-+						close(fd);
-+					}
-+			} else {
-+				/* close all unwanted open file descriptors */
-+				for(fd = STDERR + 1; fd < fdmax; fd++) {
-+					close(fd);
-+				}
- 			}
- 
- #if DEBUGGING

re-introduce-the-test-for-existence-of-file.patch

@@ -0,0 +1,26 @@
+From 7700b1465d32ddb1d3988e9af852af6f0f5cd66e Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail@eworm.de>
+Date: Mon, 16 Oct 2023 10:14:33 +0200
+Subject: [PATCH] re-introduce the test for existence of file
+
+If the file does not exist it exits early with error... Let's source
+only if files acutually does exist. We still have a sane default.
+---
+ contrib/0anacron | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/0anacron b/contrib/0anacron
+index 090219a..5379e41 100644
+--- a/contrib/0anacron
++++ b/contrib/0anacron
+@@ -8,7 +8,9 @@ if [ `date +%Y%m%d` = "$day" ]; then
+ fi
+ 
+ # Check whether run on battery should be allowed
+-. /etc/default/anacron
++if test -r /etc/default/anacron; then
++    . /etc/default/anacron
++fi
+ 
+ if [ "$ANACRON_RUN_ON_BATTERY_POWER" != "yes" ]; then
+ 

sources

@@ -1 +1 @@
-SHA512 (cronie-1.5.2.tar.gz) = e306b4b8388bff0181ca4b3f15b81c0881d727b0f502c28204e8325359c49baeb1b1a4a5751ffc11eb5ebdeefe42704b77f6727f029c60c99c70b9885f6b4d18
+SHA512 (cronie-1.7.0.tar.gz) = a8e6688a164540e2cd3741c58813b6684c4c22a04806bcc8ba028a9ff72f986f165715ac3663bd34133af6566bdbd272a3e7be893f139e315aef35b2dbeb622f