From e9067d45a145670b3459139c7e415be8fa4c4aebe079b4589a76eaf929bb44bd Mon Sep 17 00:00:00 2001
From: Danilo Spinella <danilo.spinella@suse.com>
Date: Mon, 22 Jan 2024 15:44:30 +0000
Subject: [PATCH 1/2] Accepting request 1139665 from
 home:jsegitz:branches:Base:System

- Set safe permissions for crontab backups. Add
  * safe-backup-permissions.patch

OBS-URL: https://build.opensuse.org/request/show/1139665
OBS-URL: https://build.opensuse.org/package/show/Base:System/cronie?expand=0&rev=217
---
 cronie.changes                |  6 ++++++
 cronie.spec                   |  3 +++
 safe-backup-permissions.patch | 31 +++++++++++++++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 safe-backup-permissions.patch

diff --git a/cronie.changes b/cronie.changes
index 04c3d4a..1308707 100644
--- a/cronie.changes
+++ b/cronie.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jan 18 08:27:24 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
+
+- Set safe permissions for crontab backups. Add
+  * safe-backup-permissions.patch
+
 -------------------------------------------------------------------
 Thu Jan 11 17:52:56 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
 
diff --git a/cronie.spec b/cronie.spec
index 5ae531a..7643c1d 100644
--- a/cronie.spec
+++ b/cronie.spec
@@ -50,6 +50,8 @@ Patch13:        fix-manpage-replace-anacrontab-with-crontab.patch
 Patch14:        cronie-pam_config-nonlogin.diff
 # PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1218377
 Patch15:        test-for-etc-default-anacron.patch
+# PATCH-FIX-UPSTREAM jsegitz@suse.de https://github.com/cronie-crond/cronie/pull/172
+Patch16:        safe-backup-permissions.patch
 BuildRequires:  audit-devel
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -112,6 +114,7 @@ cp %{SOURCE7} ./cron_to_cronie.README
 %patch14 -p1
 %endif
 %patch15 -p1
+%patch16 -p1
 
 %build
 # fill macro CRON_VERSION it is used in top three lines of crontab file,should be reworked
diff --git a/safe-backup-permissions.patch b/safe-backup-permissions.patch
new file mode 100644
index 0000000..ed7e9d5
--- /dev/null
+++ b/safe-backup-permissions.patch
@@ -0,0 +1,31 @@
+Index: cronie-cronie-1.7.0/src/crontab.c
+===================================================================
+--- cronie-cronie-1.7.0.orig/src/crontab.c
++++ cronie-cronie-1.7.0/src/crontab.c
+@@ -520,6 +520,7 @@ static int backup_crontab(const char *cr
+ 	FILE *backup_file;
+ 	struct stat sb;
+ 	int retval = 0;
++	mode_t old_umask;
+ 	
+ 	/* create backup directory */
+ 	if ((env_value = getenv("XDG_CACHE_HOME")) != NULL) {
+@@ -590,6 +591,9 @@ static int backup_crontab(const char *cr
+ 		}
+ 	}
+ 	
++  // ensure backup file has strict permssions. Crontabs are not readable for
++  // other users and might contain sensitive information
++	old_umask = umask(0077);
+ 	if ((backup_file = fopen(backup_path, "w+")) == NULL) {
+ 		fprintf(stderr, "Failed to write to the backup file: ");
+ 		perror(backup_path);
+@@ -598,6 +602,8 @@ static int backup_crontab(const char *cr
+ 	}
+ 
+ 	swapback:
++	umask(old_umask);
++
+ 	if (swap_uids_back() < OK) {
+ 		perror("swapping uids back");
+ 		exit(ERROR_EXIT);

From 66fd5c96b49d9910db6df2cbd339d642535ab20efd5ae08c1194c4234ac68413 Mon Sep 17 00:00:00 2001
From: Danilo Spinella <danilo.spinella@suse.com>
Date: Mon, 22 Jan 2024 15:46:40 +0000
Subject: [PATCH 2/2] Accepting request 1140678 from
 home:dspinella:branches:Base:System

- Update to 1.7.1:
  * crond: Wait on finishing the job with -n option to check
    the exit status
  * crond: Do not set the return path to <> if non-default MAILFROM is set
  * /etc/sysconfig/crond and /etc/default/anacron files are optional
- Remove test-for-etc-default-anacron.patch

OBS-URL: https://build.opensuse.org/request/show/1140678
OBS-URL: https://build.opensuse.org/package/show/Base:System/cronie?expand=0&rev=218
---
 cronie-1.7.0.tar.gz                |  3 ---
 cronie-1.7.1.tar.gz                |  3 +++
 cronie.changes                     | 10 ++++++++++
 cronie.spec                        |  5 +----
 test-for-etc-default-anacron.patch | 26 --------------------------
 5 files changed, 14 insertions(+), 33 deletions(-)
 delete mode 100644 cronie-1.7.0.tar.gz
 create mode 100644 cronie-1.7.1.tar.gz
 delete mode 100644 test-for-etc-default-anacron.patch

diff --git a/cronie-1.7.0.tar.gz b/cronie-1.7.0.tar.gz
deleted file mode 100644
index 340094a..0000000
--- a/cronie-1.7.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:956c6a722ad7fc332b96ecc2f8374236825a7c6f4a48dcaf7d23b0f17670cdcc
-size 153390
diff --git a/cronie-1.7.1.tar.gz b/cronie-1.7.1.tar.gz
new file mode 100644
index 0000000..5c072a4
--- /dev/null
+++ b/cronie-1.7.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:535b96894c52e679085e1d8b36794308c162b1e8dac29031c02f678effc523e1
+size 154050
diff --git a/cronie.changes b/cronie.changes
index 1308707..265bd67 100644
--- a/cronie.changes
+++ b/cronie.changes
@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jan 22 15:39:47 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Update to 1.7.1:
+  * crond: Wait on finishing the job with -n option to check
+    the exit status
+  * crond: Do not set the return path to <> if non-default MAILFROM is set
+  * /etc/sysconfig/crond and /etc/default/anacron files are optional
+- Remove test-for-etc-default-anacron.patch
+
 -------------------------------------------------------------------
 Thu Jan 18 08:27:24 UTC 2024 - Johannes Segitz <jsegitz@suse.com>
 
diff --git a/cronie.spec b/cronie.spec
index 7643c1d..6448555 100644
--- a/cronie.spec
+++ b/cronie.spec
@@ -22,7 +22,7 @@
   %define _fillupdir %{_localstatedir}/adm/fillup-templates
 %endif
 Name:           cronie
-Version:        1.7.0
+Version:        1.7.1
 Release:        0
 Summary:        Cron Daemon
 License:        BSD-3-Clause AND GPL-2.0-only AND MIT
@@ -48,8 +48,6 @@ Patch5:         cronie-crond_pid.diff
 Patch13:        fix-manpage-replace-anacrontab-with-crontab.patch
 # PATCH-FEATURE-OPENSUSE user common-session-nonlogin
 Patch14:        cronie-pam_config-nonlogin.diff
-# PATCH-FIX-UPSTREAM danilo.spinella@suse.com bsc#1218377
-Patch15:        test-for-etc-default-anacron.patch
 # PATCH-FIX-UPSTREAM jsegitz@suse.de https://github.com/cronie-crond/cronie/pull/172
 Patch16:        safe-backup-permissions.patch
 BuildRequires:  audit-devel
@@ -113,7 +111,6 @@ cp %{SOURCE7} ./cron_to_cronie.README
 %if 0%{?suse_version} > 1500
 %patch14 -p1
 %endif
-%patch15 -p1
 %patch16 -p1
 
 %build
diff --git a/test-for-etc-default-anacron.patch b/test-for-etc-default-anacron.patch
deleted file mode 100644
index 7fc64ac..0000000
--- a/test-for-etc-default-anacron.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 7700b1465d32ddb1d3988e9af852af6f0f5cd66e Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail@eworm.de>
-Date: Mon, 16 Oct 2023 10:14:33 +0200
-Subject: [PATCH] re-introduce the test for existence of file
-
-If the file does not exist it exits early with error... Let's source
-only if files acutually does exist. We still have a sane default.
----
- contrib/0anacron | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/contrib/0anacron b/contrib/0anacron
-index 090219a..5379e41 100644
---- a/contrib/0anacron
-+++ b/contrib/0anacron
-@@ -8,7 +8,9 @@ if [ `date +%Y%m%d` = "$day" ]; then
- fi
- 
- # Check whether run on battery should be allowed
--. /etc/default/anacron
-+if test -r /etc/default/anacron; then
-+    . /etc/default/anacron
-+fi
- 
- if [ "$ANACRON_RUN_ON_BATTERY_POWER" != "yes" ]; then
-