Accepting request 979299 from Base:System

OBS-URL: https://build.opensuse.org/request/show/979299
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/logrotate?expand=0&rev=72

logrotate-3.19.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ddd5274d684c5c99ca724e8069329f343ebe376e07493d537d9effdc501214ba
-size 166276

logrotate-3.19.0.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmHYAiwACgkQhz2zdXKj
-ezYGlA//cGjoPxXWWGpdY6RxUBf9LLVVdTObkcx5P/4IUalR1md49ysk3Cw8XrGG
-SbhFgTmrW4l+0ZRLaGXsSqEqKrMyUhGxQfRAOZIoOg3f84pPTG5evPcc3Xlp0o/C
-ki/SQdjregUdrizsASis9lqp5o94RtH5p5NcUjj2/C0vaH08WzVtasSXp7L+02an
-ewCytUYQJT32Nzukg1v1mY/+9il2yA1cXqU6IEkJR4opXvZ4kq6PMe0+AuQs0MkD
-3/qkWiP98RUmrWfx6lDUSSTOts3xmpuxzKwnRsaJk8rSAm4VSTDbfotPpjEQM0it
-+XtOzCiMdRLZ5hUzIerPdTs4SY696Usy6c58cwH6ocYuC3KQjZB8zhKJ4vbLH3bm
-c+AJM8KZ4ey5Dnexx4QXhS16dJDjS2682qBHOPCnXnR9b4S2N5HWQHj9M8pDiaAa
-ftafvq/13k4yziXn+pkUyKA6Ytx9VfVBpsMLfVAeJ93Q5K4pDbXc6UX0YXMxy660
-Ca1yG4sXhK0O9m8qPLUzBhcvzn8evAt08IXB/eDCEcwpOlH3xvxZt5aFikBM6der
-Am5w38WjecbNOEirKzBi6ksMPv/K1+6dTqMIIDkLIQchACV8kIIDjI3ptr50PhBn
-QS06qD7Oiy+BJQ/fSGhJtlaVbbk1+w0EzuWXXqE8E8V5B5Um1Xw=
-=pq5V
------END PGP SIGNATURE-----

logrotate-3.20.0-man_logrotate.patch

@@ -1,6 +1,6 @@
-diff -Naur logrotate-3.19.0.orig/logrotate.8.in logrotate-3.19.0/logrotate.8.in
---- logrotate-3.19.0.orig/logrotate.8.in	2022-02-24 11:18:24.202811846 +0100
-+++ logrotate-3.19.0/logrotate.8.in	2022-02-24 11:28:25.137690351 +0100
+diff -ur logrotate-3.20.0.orig/logrotate.8.in logrotate-3.20.0/logrotate.8.in
+--- logrotate-3.20.0.orig/logrotate.8.in	2022-03-31 14:00:36.000000000 +0200
++++ logrotate-3.20.0/logrotate.8.in	2022-05-25 15:40:21.015424608 +0200
 @@ -48,6 +48,17 @@
  is given on the command line, every file in that directory is used as
  a config file.
@@ -19,15 +19,6 @@ diff -Naur logrotate-3.19.0.orig/logrotate.8.in logrotate-3.19.0/logrotate.8.in
  If no command line arguments are given, \fBlogrotate\fR will print
  version and copyright information, along with a short usage summary.  If
  any errors occur while rotating logs, \fBlogrotate\fR will exit with
-@@ -76,7 +87,7 @@
- acquires a lock on the state file, if it cannot be acquired \fBlogrotate\fR
- will exit with value 3.  The default state file is \fI@STATE_FILE_PATH@\fR.
- If \fI/dev/null\fR is given as the state file, then \fBlogrotate\fR will
--not try to write the state file.
-+not try to lock or write the state file.
- 
- .TP
- \fB\-\-skip-state-lock\fR
 @@ -752,7 +763,8 @@
  tab(:);
  l l l.

logrotate-3.20.1.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:742f6d6e18eceffa49a4bacd933686d3e42931cfccfb694d7f6369b704e5d094
+size 166712

logrotate-3.20.1.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmKOSz8ACgkQhz2zdXKj
+ezZHew/+Oc/4nfltNNFkK1FPmkfqNrehh69ho0AXDoR4Wtocyz9RTPL8Llfm4gEd
+As1vzySNbUoGTJfDdnrhHZbBkrcLknZ8di8lQu9hkh/n7jB83ZxOFrUQv1bt2xbJ
+W+Y3shL4X3TMdVkvsmH0o4VyMEJYcPMbuAUuLwPhRYTwgNCgwhSdb2xyYbsKyFYU
+mnrmqeYIy4sXtAv+JPZLogBXmhx9ZbKV4qBY9zPlwvXaKyqJu47bgoUcEH9Kf54C
+8f9k48+vJ8iyK3j4IAAjXqR/x+GCPQU0Px2Ft4KgFIMoC94IsUwEJQlZ08yzBL7s
+ohoJJ/+9rjJI45t1JYRYmPEcGj1CaB05CbwJOOEk+x4AfzkZj6dZ0vm8M7Ux6PNb
+eph/rOyEeAVxkUP17BdA9GmUTBgCM7nI4yFtXdY73qgMWBOUJR8iKbVqvL7/ke+7
+rpTg7qp5VRFOQ1uEyRxAnqpfNZJ5asnj0PV5jxydN6chpg95fb/Q15ycydHXI+XD
+LE7lLN0HhhMJTh5zttYFmoZzJ4EaO3F5WstTaKMu8s1/oOeEec1mfCnUgxM1K24V
+acHOJEf8XQsz1vBVU3tQcuWQqYt7WMHzO9Rj3Nqs9/lDpHRfXAczuFkmGTO1EA1w
+UaK2cdAgT2TfNfMmvKyYTWzIVFviF/A25jFK+eGDDL0rkh1DorI=
+=M/va
+-----END PGP SIGNATURE-----

logrotate.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Wed May 25 20:06:20 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- update to 3.20.1:
+  * drop world-readable permission on state file even when ACLs are enabled (#446)
+- removed obsolete logrotate-CVE-2022-1348-follow-up.patch
+
+-------------------------------------------------------------------
+Wed May 25 15:31:32 UTC 2022 - David Anes <david.anes@suse.com>
+
+- Security fix: (bsc#1199652, CVE-2022-1348)
+  * Add follow-up upstream patch for the introduced fix.
+  * Added patch logrotate-CVE-2022-1348-follow-up.patch
+
+- Update patch:
+  * logrotate-3.19.0-man_logrotate.patch -> logrotate-3.20.0-man_logrotate.patch
+
+-------------------------------------------------------------------
+Wed May 25 13:34:17 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- update to 3.20.0:
+  * fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
+  * fix a misleading debug message with copytruncate and rotate 0 (#443)
+  * add support for unsigned time_t (#438)
+  * do not lock state file /dev/null (#433)
+
 -------------------------------------------------------------------
 Thu Feb 24 10:36:07 UTC 2022 - Stefan Schubert <schubi@suse.de>
 

logrotate.spec

@@ -19,7 +19,7 @@
 %{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}}
 
 Name:           logrotate
-Version:        3.19.0
+Version:        3.20.1
 Release:        0
 Summary:        Cron service for rotating, compressing, mailing and removing system log files
 License:        GPL-2.0-or-later
@@ -32,8 +32,9 @@ Source2:        logrotate.default
 Source3:        logrotate.service
 Source10:       https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc
 Source100:      %{name}-rpmlintrc
-Patch0:         logrotate-3.19.0-man_logrotate.patch
+Patch0:         logrotate-3.20.0-man_logrotate.patch
 BuildRequires:  acl
+BuildRequires:  automake
 BuildRequires:  libacl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(libselinux)
@@ -52,9 +53,10 @@ It manages plain files only and is not involved in systemd's journal rotation.
 
 %prep
 %setup -q
-%patch0 -p1
+%autopatch -p1
 
 %build
+autoreconf -f -i
 %configure \
     --disable-silent-rules \
     --with-state-file-path=%{_localstatedir}/lib/misc/logrotate.status \