diff --git a/logrotate-3.20.0.tar.xz b/logrotate-3.20.0.tar.xz deleted file mode 100644 index a182a86..0000000 --- a/logrotate-3.20.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:99dbaf276c68b0bcde116aef4f11f160e87deb85686229c4f7e7ef7fcc8205fc -size 166604 diff --git a/logrotate-3.20.0.tar.xz.asc b/logrotate-3.20.0.tar.xz.asc deleted file mode 100644 index 4fe0a59..0000000 --- a/logrotate-3.20.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmKN1uQACgkQhz2zdXKj -ezbI5Q//csD93SMou3xT63QQsnflM7C//M4RYmnG2x5sNOJpq+xHN6VBkGE+k3HZ -66QBiA7Pd55ooTkwoIvXbuqZDDV+ZR+FcFEd2HCYusOFtDzsKIVqaJ1HnUUFRABU -2PHOmI4myISzndXMZmzaoINBMpAS/sNvveN9IJkRbNN7MV6OJt6P/IY+JoUaj62G -NH0G5oGfXJcUjgod0X+nRZLFefjGlTCg0eNDv/1rnnIJYKKdCLGeYBX9XzRDT1l0 -hc++hTOGPpHEoF/bv4jGx1WU0tLyHnlt7WaXEbZl51bhJ3zySODCkmZicLFT02/5 -vXuBkWEwZfG6Kl3XXVODnPO0BMZ3NyWMjI4kbcTNq6cGr0siUtdpKajiJwnJnfdo -kt54ZYju+zr/ENxWAWgrYCJfVRRaEBlKVFNCGAHmAK4D9EKgmPHGHZJ4qVQNhP/g -pdMWP0gVjTGSxbscRF1MBQMuE3xApeumEKyihCk8j3P7jJnPV8l00Bo/nF7uvJqg -eRyjw9ul/kwo5InjGHuXbAU0AWX0Y09gvBmDcadecENvHTtEUzXsRB2l2akO1g9Q -XHts++17zWTT2nyqnlVrdmxJmY7F3BOkIg8k4hRNrS83rlPz38QwIax0I9gZhV0C -47JcmuEtYr04s9zEY6JXjbdBegZy8DZOVhYVndD4uYftsVynEDE= -=JLaC ------END PGP SIGNATURE----- diff --git a/logrotate-3.20.1.tar.xz b/logrotate-3.20.1.tar.xz new file mode 100644 index 0000000..c658bfb --- /dev/null +++ b/logrotate-3.20.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:742f6d6e18eceffa49a4bacd933686d3e42931cfccfb694d7f6369b704e5d094 +size 166712 diff --git a/logrotate-3.20.1.tar.xz.asc b/logrotate-3.20.1.tar.xz.asc new file mode 100644 index 0000000..3050d1a --- /dev/null +++ b/logrotate-3.20.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmKOSz8ACgkQhz2zdXKj +ezZHew/+Oc/4nfltNNFkK1FPmkfqNrehh69ho0AXDoR4Wtocyz9RTPL8Llfm4gEd +As1vzySNbUoGTJfDdnrhHZbBkrcLknZ8di8lQu9hkh/n7jB83ZxOFrUQv1bt2xbJ +W+Y3shL4X3TMdVkvsmH0o4VyMEJYcPMbuAUuLwPhRYTwgNCgwhSdb2xyYbsKyFYU +mnrmqeYIy4sXtAv+JPZLogBXmhx9ZbKV4qBY9zPlwvXaKyqJu47bgoUcEH9Kf54C +8f9k48+vJ8iyK3j4IAAjXqR/x+GCPQU0Px2Ft4KgFIMoC94IsUwEJQlZ08yzBL7s +ohoJJ/+9rjJI45t1JYRYmPEcGj1CaB05CbwJOOEk+x4AfzkZj6dZ0vm8M7Ux6PNb +eph/rOyEeAVxkUP17BdA9GmUTBgCM7nI4yFtXdY73qgMWBOUJR8iKbVqvL7/ke+7 +rpTg7qp5VRFOQ1uEyRxAnqpfNZJ5asnj0PV5jxydN6chpg95fb/Q15ycydHXI+XD +LE7lLN0HhhMJTh5zttYFmoZzJ4EaO3F5WstTaKMu8s1/oOeEec1mfCnUgxM1K24V +acHOJEf8XQsz1vBVU3tQcuWQqYt7WMHzO9Rj3Nqs9/lDpHRfXAczuFkmGTO1EA1w +UaK2cdAgT2TfNfMmvKyYTWzIVFviF/A25jFK+eGDDL0rkh1DorI= +=M/va +-----END PGP SIGNATURE----- diff --git a/logrotate-CVE-2022-1348-follow-up.patch b/logrotate-CVE-2022-1348-follow-up.patch deleted file mode 100644 index 7afc0a4..0000000 --- a/logrotate-CVE-2022-1348-follow-up.patch +++ /dev/null @@ -1,56 +0,0 @@ -From addbd293242b0b78aa54f054e6c1d249451f137d Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Wed, 25 May 2022 09:55:02 +0200 -Subject: [PATCH] drop world-readable permission on state file - -... even when ACLs are enabled. This is a follow-up to the fix -of CVE-2022-1348. It has no impact on security but makes the state -file locking work again in more cases. - -Closes: https://github.com/logrotate/logrotate/pull/446 ---- - logrotate.c | 10 +++++++--- - test/test-0048.sh | 1 + - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/logrotate.c b/logrotate.c -index b57b64b..2350672 100644 ---- a/logrotate.c -+++ b/logrotate.c -@@ -2593,6 +2593,7 @@ static int writeState(const char *stateFilename) - struct tm now; - time_t now_time, last_time; - char *prevCtx; -+ int force_mode = 0; - - if (!strcmp(stateFilename, "/dev/null")) - /* explicitly asked not to write the state file */ -@@ -2664,10 +2665,13 @@ static int writeState(const char *stateFilename) - - close(fdcurr); - -- /* drop world-readable flag to prevent others from locking */ -- sb.st_mode &= ~(mode_t)S_IROTH; -+ if (sb.st_mode & (mode_t)S_IROTH) { -+ /* drop world-readable flag to prevent others from locking */ -+ sb.st_mode &= ~(mode_t)S_IROTH; -+ force_mode = 1; -+ } - -- fdsave = createOutputFile(tmpFilename, O_RDWR, &sb, prev_acl, 0); -+ fdsave = createOutputFile(tmpFilename, O_RDWR, &sb, prev_acl, force_mode); - #ifdef WITH_ACL - if (prev_acl) { - acl_free(prev_acl); -diff --git a/test/test-0048.sh b/test/test-0048.sh -index 98f17c1..25c4c05 100755 ---- a/test/test-0048.sh -+++ b/test/test-0048.sh -@@ -18,6 +18,7 @@ cat > state << EOF - logrotate state -- version 2 - EOF - -+chmod 0640 state - setfacl -m u:nobody:rwx state - - $RLR test-config.48 || exit 23 diff --git a/logrotate.changes b/logrotate.changes index 4f2498b..810e483 100644 --- a/logrotate.changes +++ b/logrotate.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed May 25 20:06:20 UTC 2022 - Michael Ströder + +- update to 3.20.1: + * drop world-readable permission on state file even when ACLs are enabled (#446) +- removed obsolete logrotate-CVE-2022-1348-follow-up.patch + ------------------------------------------------------------------- Wed May 25 15:31:32 UTC 2022 - David Anes diff --git a/logrotate.spec b/logrotate.spec index 840df57..bd3e95c 100644 --- a/logrotate.spec +++ b/logrotate.spec @@ -19,7 +19,7 @@ %{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}} Name: logrotate -Version: 3.20.0 +Version: 3.20.1 Release: 0 Summary: Cron service for rotating, compressing, mailing and removing system log files License: GPL-2.0-or-later @@ -33,9 +33,6 @@ Source3: logrotate.service Source10: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc Source100: %{name}-rpmlintrc Patch0: logrotate-3.20.0-man_logrotate.patch -# PATCH FIX UPSTREAM (bsc#1199652, CVE-2022-1348) insecure permissions for state file creation -# follow up patch for CVE: https://github.com/logrotate/logrotate/pull/446 -Patch1: logrotate-CVE-2022-1348-follow-up.patch BuildRequires: acl BuildRequires: automake BuildRequires: libacl-devel