Accepting request 979253 from home:stroeder:sys

- update to 3.20.1: * drop world-readable permission on state file even when ACLs are enabled (#446) - removed obsolete logrotate-CVE-2022-1348-follow-up.patch OBS-URL: https://build.opensuse.org/request/show/979253 OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=99
2022-05-26 08:12:18 +00:00 · 2022-05-26 08:12:18 +00:00 · 984bc9bc2d
commit 984bc9bc2d
parent 9e60884a44
7 changed files with 27 additions and 79 deletions
--- a/logrotate-3.20.0.tar.xz
+++ b/logrotate-3.20.0.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:99dbaf276c68b0bcde116aef4f11f160e87deb85686229c4f7e7ef7fcc8205fc
-size 166604
--- a/logrotate-3.20.0.tar.xz.asc
+++ b/logrotate-3.20.0.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmKN1uQACgkQhz2zdXKj
-ezbI5Q//csD93SMou3xT63QQsnflM7C//M4RYmnG2x5sNOJpq+xHN6VBkGE+k3HZ
-66QBiA7Pd55ooTkwoIvXbuqZDDV+ZR+FcFEd2HCYusOFtDzsKIVqaJ1HnUUFRABU
-2PHOmI4myISzndXMZmzaoINBMpAS/sNvveN9IJkRbNN7MV6OJt6P/IY+JoUaj62G
-NH0G5oGfXJcUjgod0X+nRZLFefjGlTCg0eNDv/1rnnIJYKKdCLGeYBX9XzRDT1l0
-hc++hTOGPpHEoF/bv4jGx1WU0tLyHnlt7WaXEbZl51bhJ3zySODCkmZicLFT02/5
-vXuBkWEwZfG6Kl3XXVODnPO0BMZ3NyWMjI4kbcTNq6cGr0siUtdpKajiJwnJnfdo
-kt54ZYju+zr/ENxWAWgrYCJfVRRaEBlKVFNCGAHmAK4D9EKgmPHGHZJ4qVQNhP/g
-pdMWP0gVjTGSxbscRF1MBQMuE3xApeumEKyihCk8j3P7jJnPV8l00Bo/nF7uvJqg
-eRyjw9ul/kwo5InjGHuXbAU0AWX0Y09gvBmDcadecENvHTtEUzXsRB2l2akO1g9Q
-XHts++17zWTT2nyqnlVrdmxJmY7F3BOkIg8k4hRNrS83rlPz38QwIax0I9gZhV0C
-47JcmuEtYr04s9zEY6JXjbdBegZy8DZOVhYVndD4uYftsVynEDE=
-=JLaC
-----END PGP SIGNATURE-----
--- a/logrotate-3.20.1.tar.xz
+++ b/logrotate-3.20.1.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:742f6d6e18eceffa49a4bacd933686d3e42931cfccfb694d7f6369b704e5d094
+size 166712
--- a/logrotate-3.20.1.tar.xz.asc
+++ b/logrotate-3.20.1.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmKOSz8ACgkQhz2zdXKj
+ezZHew/+Oc/4nfltNNFkK1FPmkfqNrehh69ho0AXDoR4Wtocyz9RTPL8Llfm4gEd
+As1vzySNbUoGTJfDdnrhHZbBkrcLknZ8di8lQu9hkh/n7jB83ZxOFrUQv1bt2xbJ
+W+Y3shL4X3TMdVkvsmH0o4VyMEJYcPMbuAUuLwPhRYTwgNCgwhSdb2xyYbsKyFYU
+mnrmqeYIy4sXtAv+JPZLogBXmhx9ZbKV4qBY9zPlwvXaKyqJu47bgoUcEH9Kf54C
+8f9k48+vJ8iyK3j4IAAjXqR/x+GCPQU0Px2Ft4KgFIMoC94IsUwEJQlZ08yzBL7s
+ohoJJ/+9rjJI45t1JYRYmPEcGj1CaB05CbwJOOEk+x4AfzkZj6dZ0vm8M7Ux6PNb
+eph/rOyEeAVxkUP17BdA9GmUTBgCM7nI4yFtXdY73qgMWBOUJR8iKbVqvL7/ke+7
+rpTg7qp5VRFOQ1uEyRxAnqpfNZJ5asnj0PV5jxydN6chpg95fb/Q15ycydHXI+XD
+LE7lLN0HhhMJTh5zttYFmoZzJ4EaO3F5WstTaKMu8s1/oOeEec1mfCnUgxM1K24V
+acHOJEf8XQsz1vBVU3tQcuWQqYt7WMHzO9Rj3Nqs9/lDpHRfXAczuFkmGTO1EA1w
+UaK2cdAgT2TfNfMmvKyYTWzIVFviF/A25jFK+eGDDL0rkh1DorI=
+=M/va
+-----END PGP SIGNATURE-----
--- a/logrotate-CVE-2022-1348-follow-up.patch
+++ b/logrotate-CVE-2022-1348-follow-up.patch
@ -1,56 +0,0 @@
-From addbd293242b0b78aa54f054e6c1d249451f137d Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Wed, 25 May 2022 09:55:02 +0200
-Subject: [PATCH] drop world-readable permission on state file
-
-... even when ACLs are enabled.  This is a follow-up to the fix
-of CVE-2022-1348.  It has no impact on security but makes the state
-file locking work again in more cases.
-
-Closes: https://github.com/logrotate/logrotate/pull/446
---
- logrotate.c       | 10 +++++++---
- test/test-0048.sh |  1 +
- 2 files changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/logrotate.c b/logrotate.c
-index b57b64b..2350672 100644
--- a/logrotate.c
-+++ b/logrotate.c
-@@ -2593,6 +2593,7 @@ static int writeState(const char *stateFilename)
-     struct tm now;
-     time_t now_time, last_time;
-     char *prevCtx;
-+    int force_mode = 0;
- 
-     if (!strcmp(stateFilename, "/dev/null"))
-         /* explicitly asked not to write the state file */
-@@ -2664,10 +2665,13 @@ static int writeState(const char *stateFilename)
- 
-     close(fdcurr);
- 
-    /* drop world-readable flag to prevent others from locking */
-    sb.st_mode &= ~(mode_t)S_IROTH;
-+    if (sb.st_mode & (mode_t)S_IROTH) {
-+        /* drop world-readable flag to prevent others from locking */
-+        sb.st_mode &= ~(mode_t)S_IROTH;
-+        force_mode = 1;
-+    }
- 
-    fdsave = createOutputFile(tmpFilename, O_RDWR, &sb, prev_acl, 0);
-+    fdsave = createOutputFile(tmpFilename, O_RDWR, &sb, prev_acl, force_mode);
- #ifdef WITH_ACL
-     if (prev_acl) {
-         acl_free(prev_acl);
-diff --git a/test/test-0048.sh b/test/test-0048.sh
-index 98f17c1..25c4c05 100755
--- a/test/test-0048.sh
-+++ b/test/test-0048.sh
-@@ -18,6 +18,7 @@ cat > state << EOF
- logrotate state -- version 2
- EOF
- 
-+chmod 0640 state
- setfacl -m u:nobody:rwx state
- 
- $RLR test-config.48 || exit 23
--- a/logrotate.changes
+++ b/logrotate.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed May 25 20:06:20 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- update to 3.20.1:
+  * drop world-readable permission on state file even when ACLs are enabled (#446)
+- removed obsolete logrotate-CVE-2022-1348-follow-up.patch
+
 -------------------------------------------------------------------
 Wed May 25 15:31:32 UTC 2022 - David Anes <david.anes@suse.com>

--- a/logrotate.spec
+++ b/logrotate.spec
@ -19,7 +19,7 @@
 %{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}}

 Name:           logrotate
-Version:        3.20.0
+Version:        3.20.1
 Release:        0
 Summary:        Cron service for rotating, compressing, mailing and removing system log files
 License:        GPL-2.0-or-later
@ -33,9 +33,6 @@ Source3:        logrotate.service
 Source10:       https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc
 Source100:      %{name}-rpmlintrc
 Patch0:         logrotate-3.20.0-man_logrotate.patch
-# PATCH FIX UPSTREAM (bsc#1199652, CVE-2022-1348) insecure permissions for state file creation
-# follow up patch for CVE: https://github.com/logrotate/logrotate/pull/446
-Patch1:         logrotate-CVE-2022-1348-follow-up.patch
 BuildRequires:  acl
 BuildRequires:  automake
 BuildRequires:  libacl-devel