From 2e84c784d59480bc9c3a2fe572c0f4cab28600c051d8fcffa82a3573d09ccd8c Mon Sep 17 00:00:00 2001 From: David Anes Date: Wed, 25 May 2022 14:10:05 +0000 Subject: [PATCH] Accepting request 979197 from home:stroeder:sys - update to 3.20.0: * fix potential DoS from unprivileged users via the state file (CVE-2022-1348) * fix a misleading debug message with copytruncate and rotate 0 (#443) * add support for unsigned time_t (#438) * do not lock state file /dev/null (#433) OBS-URL: https://build.opensuse.org/request/show/979197 OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=97 --- logrotate-3.19.0.tar.xz | 3 --- logrotate-3.19.0.tar.xz.asc | 16 ---------------- ...patch => logrotate-3.20.0-man_logrotate.patch | 15 +++------------ logrotate-3.20.0.tar.xz | 3 +++ logrotate-3.20.0.tar.xz.asc | 16 ++++++++++++++++ logrotate.changes | 9 +++++++++ logrotate.spec | 4 ++-- 7 files changed, 33 insertions(+), 33 deletions(-) delete mode 100644 logrotate-3.19.0.tar.xz delete mode 100644 logrotate-3.19.0.tar.xz.asc rename logrotate-3.19.0-man_logrotate.patch => logrotate-3.20.0-man_logrotate.patch (66%) create mode 100644 logrotate-3.20.0.tar.xz create mode 100644 logrotate-3.20.0.tar.xz.asc diff --git a/logrotate-3.19.0.tar.xz b/logrotate-3.19.0.tar.xz deleted file mode 100644 index c048e18..0000000 --- a/logrotate-3.19.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ddd5274d684c5c99ca724e8069329f343ebe376e07493d537d9effdc501214ba -size 166276 diff --git a/logrotate-3.19.0.tar.xz.asc b/logrotate-3.19.0.tar.xz.asc deleted file mode 100644 index 56560e2..0000000 --- a/logrotate-3.19.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmHYAiwACgkQhz2zdXKj -ezYGlA//cGjoPxXWWGpdY6RxUBf9LLVVdTObkcx5P/4IUalR1md49ysk3Cw8XrGG -SbhFgTmrW4l+0ZRLaGXsSqEqKrMyUhGxQfRAOZIoOg3f84pPTG5evPcc3Xlp0o/C -ki/SQdjregUdrizsASis9lqp5o94RtH5p5NcUjj2/C0vaH08WzVtasSXp7L+02an -ewCytUYQJT32Nzukg1v1mY/+9il2yA1cXqU6IEkJR4opXvZ4kq6PMe0+AuQs0MkD -3/qkWiP98RUmrWfx6lDUSSTOts3xmpuxzKwnRsaJk8rSAm4VSTDbfotPpjEQM0it -+XtOzCiMdRLZ5hUzIerPdTs4SY696Usy6c58cwH6ocYuC3KQjZB8zhKJ4vbLH3bm -c+AJM8KZ4ey5Dnexx4QXhS16dJDjS2682qBHOPCnXnR9b4S2N5HWQHj9M8pDiaAa -ftafvq/13k4yziXn+pkUyKA6Ytx9VfVBpsMLfVAeJ93Q5K4pDbXc6UX0YXMxy660 -Ca1yG4sXhK0O9m8qPLUzBhcvzn8evAt08IXB/eDCEcwpOlH3xvxZt5aFikBM6der -Am5w38WjecbNOEirKzBi6ksMPv/K1+6dTqMIIDkLIQchACV8kIIDjI3ptr50PhBn -QS06qD7Oiy+BJQ/fSGhJtlaVbbk1+w0EzuWXXqE8E8V5B5Um1Xw= -=pq5V ------END PGP SIGNATURE----- diff --git a/logrotate-3.19.0-man_logrotate.patch b/logrotate-3.20.0-man_logrotate.patch similarity index 66% rename from logrotate-3.19.0-man_logrotate.patch rename to logrotate-3.20.0-man_logrotate.patch index be46a01..537d8e9 100644 --- a/logrotate-3.19.0-man_logrotate.patch +++ b/logrotate-3.20.0-man_logrotate.patch @@ -1,6 +1,6 @@ -diff -Naur logrotate-3.19.0.orig/logrotate.8.in logrotate-3.19.0/logrotate.8.in ---- logrotate-3.19.0.orig/logrotate.8.in 2022-02-24 11:18:24.202811846 +0100 -+++ logrotate-3.19.0/logrotate.8.in 2022-02-24 11:28:25.137690351 +0100 +diff -ur logrotate-3.20.0.orig/logrotate.8.in logrotate-3.20.0/logrotate.8.in +--- logrotate-3.20.0.orig/logrotate.8.in 2022-03-31 14:00:36.000000000 +0200 ++++ logrotate-3.20.0/logrotate.8.in 2022-05-25 15:40:21.015424608 +0200 @@ -48,6 +48,17 @@ is given on the command line, every file in that directory is used as a config file. @@ -19,15 +19,6 @@ diff -Naur logrotate-3.19.0.orig/logrotate.8.in logrotate-3.19.0/logrotate.8.in If no command line arguments are given, \fBlogrotate\fR will print version and copyright information, along with a short usage summary. If any errors occur while rotating logs, \fBlogrotate\fR will exit with -@@ -76,7 +87,7 @@ - acquires a lock on the state file, if it cannot be acquired \fBlogrotate\fR - will exit with value 3. The default state file is \fI@STATE_FILE_PATH@\fR. - If \fI/dev/null\fR is given as the state file, then \fBlogrotate\fR will --not try to write the state file. -+not try to lock or write the state file. - - .TP - \fB\-\-skip-state-lock\fR @@ -752,7 +763,8 @@ tab(:); l l l. diff --git a/logrotate-3.20.0.tar.xz b/logrotate-3.20.0.tar.xz new file mode 100644 index 0000000..a182a86 --- /dev/null +++ b/logrotate-3.20.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:99dbaf276c68b0bcde116aef4f11f160e87deb85686229c4f7e7ef7fcc8205fc +size 166604 diff --git a/logrotate-3.20.0.tar.xz.asc b/logrotate-3.20.0.tar.xz.asc new file mode 100644 index 0000000..4fe0a59 --- /dev/null +++ b/logrotate-3.20.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmKN1uQACgkQhz2zdXKj +ezbI5Q//csD93SMou3xT63QQsnflM7C//M4RYmnG2x5sNOJpq+xHN6VBkGE+k3HZ +66QBiA7Pd55ooTkwoIvXbuqZDDV+ZR+FcFEd2HCYusOFtDzsKIVqaJ1HnUUFRABU +2PHOmI4myISzndXMZmzaoINBMpAS/sNvveN9IJkRbNN7MV6OJt6P/IY+JoUaj62G +NH0G5oGfXJcUjgod0X+nRZLFefjGlTCg0eNDv/1rnnIJYKKdCLGeYBX9XzRDT1l0 +hc++hTOGPpHEoF/bv4jGx1WU0tLyHnlt7WaXEbZl51bhJ3zySODCkmZicLFT02/5 +vXuBkWEwZfG6Kl3XXVODnPO0BMZ3NyWMjI4kbcTNq6cGr0siUtdpKajiJwnJnfdo +kt54ZYju+zr/ENxWAWgrYCJfVRRaEBlKVFNCGAHmAK4D9EKgmPHGHZJ4qVQNhP/g +pdMWP0gVjTGSxbscRF1MBQMuE3xApeumEKyihCk8j3P7jJnPV8l00Bo/nF7uvJqg +eRyjw9ul/kwo5InjGHuXbAU0AWX0Y09gvBmDcadecENvHTtEUzXsRB2l2akO1g9Q +XHts++17zWTT2nyqnlVrdmxJmY7F3BOkIg8k4hRNrS83rlPz38QwIax0I9gZhV0C +47JcmuEtYr04s9zEY6JXjbdBegZy8DZOVhYVndD4uYftsVynEDE= +=JLaC +-----END PGP SIGNATURE----- diff --git a/logrotate.changes b/logrotate.changes index da7b547..528d46b 100644 --- a/logrotate.changes +++ b/logrotate.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Wed May 25 13:34:17 UTC 2022 - Michael Ströder + +- update to 3.20.0: + * fix potential DoS from unprivileged users via the state file (CVE-2022-1348) + * fix a misleading debug message with copytruncate and rotate 0 (#443) + * add support for unsigned time_t (#438) + * do not lock state file /dev/null (#433) + ------------------------------------------------------------------- Thu Feb 24 10:36:07 UTC 2022 - Stefan Schubert diff --git a/logrotate.spec b/logrotate.spec index 6f1cb38..80f8e33 100644 --- a/logrotate.spec +++ b/logrotate.spec @@ -19,7 +19,7 @@ %{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}} Name: logrotate -Version: 3.19.0 +Version: 3.20.0 Release: 0 Summary: Cron service for rotating, compressing, mailing and removing system log files License: GPL-2.0-or-later @@ -32,7 +32,7 @@ Source2: logrotate.default Source3: logrotate.service Source10: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc Source100: %{name}-rpmlintrc -Patch0: logrotate-3.19.0-man_logrotate.patch +Patch0: logrotate-3.20.0-man_logrotate.patch BuildRequires: acl BuildRequires: libacl-devel BuildRequires: pkgconfig