pool/logrotate
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 81574 from home:vitezslav_cizek:branches:Base:System

Browse Source 
- update to 3.8.1
- dropped CVE patches as they were merged to upstream
- changelog
  - fixed 1 memory leak in prerotateSingleLog
  - do not redirect logrotate errors to /dev/null in cron script
  - fixed "size" directive parsing
  - handle situation when acl_get_fd is supported, but acl_set_fd is not
  - added "maxsize" directive (see man page)
  - added "dateyesterday" option (see man page)
  - fixed crash when config file had exactly 4096*N bytes
  - added WITH_ACL make option to link against -lacl and preserve ACLs
    during rotation
  - added "su" option to define user/group for rotation. Logrotate now
    skips directories which are world writable or writable by group
    which is not "root" unless "su" directive is used.
  - fixed CVE-2011-1098: race condition by creation of new files
  - fixed possible shell injection when using "shred" directive (CVE-2011-1154)
  - fixed escaping of file names within 'write state' action (CVE-2011-1155)
  - better 'size' directive description
  - fixed possible buffer-overflow when reading config files

OBS-URL: https://build.opensuse.org/request/show/81574
OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=18
This commit is contained in:
Michal Vyskocil 2011-09-13 09:24:51 +00:00 committed by Git OBS Bridge
parent 0ee507bd2a
commit a7ebe2d3f3
12 changed files with 156 additions and 418 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
logrotate-3.7.8-addextension.patch
View File

@ -1,17 +1,16 @@
Index: test/test
===================================================================
--- test/test.orig 2008-05-14 12:31:35.000000000 +0200
+++ test/test 2009-03-06 15:15:00.000000000 +0100
@@ -369,4 +369,27 @@
--- test/test.orig
+++ test/test
@@ -427,4 +427,26 @@ test.log 0
test.log.1 0 zero
EOF
rm -rf testdir
+
+# check rotation with extension appended to the filename
+cleanup 15
+cleanup 17
+
+preptest test.log 15 1 0
+$RLR test-config.15 --force
+preptest test.log 17 1 0
+$RLR test-config.17 --force
+
+checkoutput <<EOF
+test.log 0
@ -19,48 +18,22 @@ Index: test/test
+EOF
+
+# check rotation with extension moved after the number
+cleanup 16
+cleanup 18
+
+preptest test.log 16 1 0
+$RLR test-config.16 --force
+preptest test.log 18 1 0
+$RLR test-config.18 --force
+
+checkoutput <<EOF
+test.log 0
+test.1.log 0 zero
+EOF
+
cleanup
Index: test/test-config.16.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ test/test-config.16.in 2009-03-06 15:15:00.000000000 +0100
@@ -0,0 +1,8 @@
+create
+
+&DIR&/test.log {
+ monthly
+ rotate 1
+ addextension .log
+}
+
Index: test/test-config.15.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ test/test-config.15.in 2009-03-06 15:15:00.000000000 +0100
@@ -0,0 +1,8 @@
+create
+
+&DIR&/test.log {
+ monthly
+ rotate 1
+ addextension .newext
+}
+
# cleanup
Index: config.c
===================================================================
--- config.c.orig 2009-03-06 15:07:06.000000000 +0100
+++ config.c 2009-03-06 15:17:38.000000000 +0100
@@ -428,6 +428,7 @@
--- config.c.orig
+++ config.c
@@ -519,6 +519,7 @@ int readAllConfigPaths(const char **path
.last = NULL,
.logAddress = NULL,
.extension = NULL,
@ -68,37 +41,32 @@ Index: config.c
.compress_prog = NULL,
.uncompress_prog = NULL,
.compress_ext = NULL,
@@ -1158,6 +1159,24 @@
message(MESS_DEBUG, "extension is now %s\n",
newlog->extension);
@@ -1177,6 +1178,19 @@ static int readConfigFile(const char *co
message(MESS_DEBUG, "extension is now %s\n",
newlog->extension);
+ } else if (!strcmp(start, "addextension")) {
+ *endtag = oldchar, start = endtag;
+ } else if (!strcmp(key, "addextension")) {
+ if ((key = isolateValue
+ (configFile, lineNum, "addextension name", &start,
+ &buf, length)) != NULL) {
+ freeLogItem (addextension);
+ newlog->addextension = key;
+ key = NULL;
+ }
+ else continue;
+
+ freeLogItem (addextension);
+ message(MESS_DEBUG, "addextension is now %s\n",
+ newlog->addextension);
+
+ if (!isolateValue
+ (configFile, lineNum, "addextension name", &start,
+ &endtag)) {
+ oldchar = *endtag, *endtag = '\0';
+
+ newlog->addextension = strdup(start);
+
+ *endtag = oldchar, start = endtag;
+ }
+
+ message(MESS_DEBUG, "addextension is now %s\n",
+ newlog->addextension);
+
} else if (!strcmp(start, "compresscmd")) {
*endtag = oldchar, start = endtag;
} else if (!strcmp(key, "compresscmd")) {
freeLogItem (compress_prog);
Index: logrotate.8
===================================================================
--- logrotate.8.orig 2008-12-06 15:05:40.000000000 +0100
+++ logrotate.8 2009-03-06 15:15:00.000000000 +0100
@@ -144,6 +144,15 @@
a \fBlogrotate\fR configuration file:
--- logrotate.8.orig
+++ logrotate.8
@@ -248,6 +248,15 @@ appears after \fIext\fR. For example you
and want to rotate it to mylog.1.foo.gz instead of mylog.foo.1.gz.
.TP
+\fBaddextension \fIext\fR
@ -110,14 +78,14 @@ Index: logrotate.8
+appears after \fIext\fR.
+
+.TP
\fBcompress\fR
Old versions of log files are compressed with \fBgzip\fR(1) by default. See also
\fBnocompress\fR.
\fBifempty\fR
Rotate the log file even if it is empty, overriding the \fBnotifempty\fR
option (\fBifempty\fR is the default).
Index: logrotate.c
===================================================================
--- logrotate.c.orig 2009-03-06 15:07:06.000000000 +0100
+++ logrotate.c 2009-03-06 15:15:00.000000000 +0100
@@ -671,6 +671,24 @@
--- logrotate.c.orig
+++ logrotate.c
@@ -867,6 +867,24 @@ int prerotateSingleLog(struct logInfo *l
rotNames->baseName = strdup(ourBaseName(log->files[logNum]));
@ -139,14 +107,14 @@ Index: logrotate.c
+ }
+ }
+
oldName = alloca(PATH_MAX);
newName = alloca(PATH_MAX);
rotNames->disposeName = malloc(PATH_MAX);
if (log->extension &&
strncmp(&
(rotNames->
Index: logrotate.h
===================================================================
--- logrotate.h.orig 2009-03-06 15:07:06.000000000 +0100
+++ logrotate.h 2009-03-06 15:15:00.000000000 +0100
@@ -41,6 +41,7 @@
--- logrotate.h.orig
+++ logrotate.h
@@ -44,6 +44,7 @@ struct logInfo {
char *pre, *post, *first, *last;
char *logAddress;
char *extension;
@ -154,3 +122,27 @@ Index: logrotate.h
char *compress_prog;
char *uncompress_prog;
char *compress_ext;
Index: test/test-config.17.in
===================================================================
--- /dev/null
+++ test/test-config.17.in
@@ -0,0 +1,7 @@
+create
+
+&DIR&/test.log {
+ monthly
+ rotate 1
+ addextension .newext
+}
Index: test/test-config.18.in
===================================================================
--- /dev/null
+++ test/test-config.18.in
@@ -0,0 +1,7 @@
+create
+
+&DIR&/test.log {
+ monthly
+ rotate 1
+ addextension .log
+}

75
logrotate-3.7.8-autoext.patch
View File

@ -1,40 +1,39 @@
Index: config.c
===================================================================
--- config.c.orig 2008-06-02 12:26:14.000000000 +0200
+++ config.c 2009-03-06 14:21:45.000000000 +0100
@@ -483,7 +483,7 @@
static int readConfigFile(const char *configFile, struct logInfo *defConfig)
{
int fd;
- char *buf, *endtag;
+ char *buf, *endtag, *compresscmd_base;
char oldchar, foo;
off_t length;
int lineNum = 1;
@@ -1189,6 +1189,18 @@
message(MESS_DEBUG, "compress_prog is now %s\n",
newlog->compress_prog);
--- config.c.orig
+++ config.c
@@ -583,6 +583,7 @@ static int readConfigFile(const char *co
char **scriptDest = NULL;
struct logInfo *newlog = defConfig;
char *start, *chptr;
+ char *compresscmd_base;
char *dirName;
struct group *group;
struct passwd *pw = NULL;
@@ -1205,6 +1206,18 @@ static int readConfigFile(const char *co
message(MESS_DEBUG, "compress_prog is now %s\n",
newlog->compress_prog);
+ compresscmd_base=strdup(basename(newlog->compress_prog));
+ i=0; /* have to check whether we may do this! */
+ /* we check whether we changed the compress_cmd. In case we use the apropriate extension
+ as listed in compress_cmd_list */
+ while ((i>=0)&&(strcmp(compress_cmd_list[i][0], "EOLIST"))){
+ if (0==strcmp(compress_cmd_list[i][0], compresscmd_base)){
+ newlog->compress_ext=strdup((char *)compress_cmd_list[i][1]);
+ message(MESS_DEBUG, "compress_ext was changed to %s\n", newlog->compress_ext);
+ i=-10; /* terminate loop! */
+ }
+ i++;
+ }
} else if (!strcmp(start, "uncompresscmd")) {
*endtag = oldchar, start = endtag;
+ compresscmd_base=strdup(basename(newlog->compress_prog));
+ i=0; /* have to check whether we may do this! */
+ /* we check whether we changed the compress_cmd. In case we use the apropriate extension
+ as listed in compress_cmd_list */
+ while ((i>=0)&&(strcmp(compress_cmd_list[i][0], "EOLIST"))){
+ if (0==strcmp(compress_cmd_list[i][0], compresscmd_base)){
+ newlog->compress_ext=strdup((char *)compress_cmd_list[i][1]);
+ message(MESS_DEBUG, "compress_ext was changed to %s\n", newlog->compress_ext);
+ i=-10; /* terminate loop! */
+ }
+ i++;
+ }
} else if (!strcmp(key, "uncompresscmd")) {
freeLogItem (uncompress_prog);
Index: logrotate.c
===================================================================
--- logrotate.c.orig 2008-10-15 15:07:43.000000000 +0200
+++ logrotate.c 2009-03-06 14:21:45.000000000 +0100
@@ -54,6 +54,16 @@
--- logrotate.c.orig
+++ logrotate.c
@@ -76,6 +76,16 @@ unsigned int hashSize;
int numLogs = 0;
int debug = 0;
char *mailCommand = DEFAULT_MAIL_COMMAND;
@ -49,13 +48,13 @@ Index: logrotate.c
+};
+
time_t nowSecs = 0;
static int shred_file(char *filename, struct logInfo *log);
static uid_t save_euid;
static gid_t save_egid;
Index: logrotate.h
===================================================================
--- logrotate.h.orig 2008-05-09 09:28:59.000000000 +0200
+++ logrotate.h 2009-03-06 14:21:45.000000000 +0100
@@ -61,6 +61,9 @@
--- logrotate.h.orig
+++ logrotate.h
@@ -66,6 +66,9 @@ TAILQ_HEAD(logInfoHead, logInfo) logs;
extern int numLogs;
extern int debug;
@ -63,5 +62,5 @@ Index: logrotate.h
+extern const char * compress_cmd_list[][2];
+
int readAllConfigPaths(const char **paths);
#endif
#if !defined(asprintf)
int asprintf(char **string_ptr, const char *format, ...);

8
logrotate-3.7.8-mess_err.patch
View File

@ -1,10 +1,10 @@
Index: logrotate.c
===================================================================
--- logrotate.c.orig 2009-03-06 15:20:25.000000000 +0100
+++ logrotate.c 2009-03-06 15:24:07.000000000 +0100
@@ -997,7 +997,7 @@
--- logrotate.c.orig
+++ logrotate.c
@@ -1206,7 +1206,7 @@ int prerotateSingleLog(struct logInfo *l
}
snprintf(destFile, PATH_MAX, "%s%s", rotNames->finalName, compext);
asprintf(&destFile, "%s%s", rotNames->finalName, compext);
if (!stat(destFile, &fst_buf)) {
- message(MESS_DEBUG,
+ message(MESS_ERROR,

19
logrotate-3.7.8-suse.patch
View File

@ -2,12 +2,12 @@ Index: Makefile
===================================================================
--- Makefile.orig
+++ Makefile
@@ -63,7 +63,7 @@ ifneq ($(STATEFILE),)
@@ -81,7 +81,7 @@ ifneq ($(STATEFILE),)
endif
BINDIR = $(BASEDIR)/sbin
-MANDIR = $(BASEDIR)/man
+MANDIR = $(BASEDIR)/share/man
-MANDIR ?= $(BASEDIR)/man
+MANDIR ?= $(BASEDIR)/share/man
#--------------------------------------------------------------------------
@ -18,27 +18,28 @@ Index: examples/logrotate.cron
@@ -1,8 +1,23 @@
#!/bin/sh
-/usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1
-/usr/sbin/logrotate /etc/logrotate.conf
-EXITVALUE=$?
-if [ $EXITVALUE != 0 ]; then
- /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+# exit immediately if there is another instance running
+if checkproc /usr/sbin/logrotate; then
+ /bin/logger -p cron.warning -t logrotate "ALERT another instance of logrotate is running - exiting"
+ exit 1;
+fi;
+ exit 1
fi
+
+TMPF=`mktemp /tmp/logrotate.XXXXXXXXXX`
+
+/usr/sbin/logrotate /etc/logrotate.conf 2>&1 | tee $TMPF
+EXITVALUE=${PIPESTATUS[0]}
+
if [ $EXITVALUE != 0 ]; then
- /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+if [ $EXITVALUE != 0 ]; then
+ # wait a sec, we might just have restarted syslog
+ sleep 1
+ # tell what went wrong
+ /bin/logger -p cron.warning -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+ /bin/logger -p cron.warning -t logrotate -f $TMPF
fi
+ fi
+
+rm -f $TMPF
exit 0

8
logrotate-3.7.9-compressoptions.patch
View File

@ -1,8 +1,8 @@
Index: logrotate-3.7.9/config.c
Index: logrotate-3.8.1/config.c
===================================================================
--- logrotate-3.7.9.orig/config.c
+++ logrotate-3.7.9/config.c
@@ -101,7 +139,9 @@ static char *readPath(const char *config
--- logrotate-3.8.1.orig/config.c
+++ logrotate-3.8.1/config.c
@@ -192,7 +192,9 @@ static char *readPath(const char *config
chptr = start;
while( (len = mbrtowc(&pwc, chptr, strlen(chptr), NULL)) != 0 ) {

3
logrotate-3.7.9.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:916a934a096af34c83fa664fa77036d5b6cf4f6b265fe6dcffa25ce51cc702e0
size 39181

3
logrotate-3.8.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c12471e70ae8bc923bd5c4f25e8fd6483b68c6301f3cd79f7cfe37bc5b370169
size 48827

33
logrotate-CVE-2011-1098.patch
View File

@ -1,33 +0,0 @@
Index: logrotate-3.7.9/logrotate.c
===================================================================
--- logrotate-3.7.9.orig/logrotate.c
+++ logrotate-3.7.9/logrotate.c
@@ -204,7 +204,9 @@ int createOutputFile(char *fileName, int
{
int fd;
- fd = open(fileName, flags, sb->st_mode);
+ unlink(fileName);
+ fd = open(fileName, (flags | O_EXCL | O_NOFOLLOW),
+ (S_IRUSR | S_IWUSR) & sb->st_mode);
if (fd < 0) {
message(MESS_ERROR, "error creating output file %s: %s\n",
fileName, strerror(errno));
@@ -316,7 +318,7 @@ static int compressLogFile(char *name, s
}
outFile =
- createOutputFile(compressedName, O_RDWR | O_CREAT | O_TRUNC, sb);
+ createOutputFile(compressedName, O_RDWR | O_CREAT, sb);
if (outFile < 0) {
close(inFile);
return 1;
@@ -495,7 +497,7 @@ static int copyTruncate(char *currLog, c
}
#endif
fdsave =
- createOutputFile(saveLog, O_WRONLY | O_CREAT | O_TRUNC, sb);
+ createOutputFile(saveLog, O_WRONLY | O_CREAT, sb);
#ifdef WITH_SELINUX
if (selinux_enabled) {
setfscreatecon_raw(prev_context);

96
logrotate-CVE-2011-1155.patch
View File

@ -1,96 +0,0 @@
Index: logrotate.c
===================================================================
--- logrotate.c.orig
+++ logrotate.c
@@ -36,6 +36,12 @@ int selinux_enforce = 0;
#define GLOB_ABORTED GLOB_ABEND
#endif
+#ifdef PATH_MAX
+#define STATEFILE_BUFFER_SIZE 2 * PATH_MAX + 16
+#else
+#define STATEFILE_BUFFER_SIZE 4096
+#endif
+
struct logState {
char *fn;
struct tm lastRotated; /* only tm.mon, tm_mday, tm_year are good! */
@@ -82,6 +88,34 @@ static int globerr(const char *pathname,
return 1;
}
+static void unescape(char *arg)
+{
+ char *p = arg;
+ char *next;
+ char escaped;
+ while ((next = strchr(p, '\\')) != NULL) {
+
+ p = next;
+
+ switch (p[1]) {
+ case 'n':
+ escaped = '\n';
+ break;
+ case '\\':
+ escaped = '\\';
+ break;
+ default:
+ ++p;
+ continue;
+ }
+
+ /* Overwrite the backslash with the intended character,
+ * and shift everything down one */
+ *p++ = escaped;
+ memmove(p, p+1, 1 + strlen(p+1));
+ }
+}
+
#define HASH_SIZE_MIN 64
static int allocateHash(void)
{
@@ -1467,7 +1501,13 @@ static int writeState(char *stateFilenam
for (chptr = p->fn; *chptr; chptr++) {
switch (*chptr) {
case '"':
+ case '\\':
fputc('\\', f);
+ break;
+ case '\n':
+ fputc('\\', f);
+ fputc('n', f);
+ continue;
}
fputc(*chptr, f);
@@ -1488,7 +1528,8 @@ static int writeState(char *stateFilenam
static int readState(char *stateFilename)
{
FILE *f;
- char buf[1024];
+ char buf[STATEFILE_BUFFER_SIZE];
+ char *filename;
const char **argv;
int argc;
int year, month, day;
@@ -1599,7 +1640,10 @@ static int readState(char *stateFilename
year -= 1900, month -= 1;
- if ((st = findState(argv[0])) == NULL)
+ filename = strdup(argv[0]);
+ unescape(filename);
+
+ if ((st = findState(filename)) == NULL)
return 1;
st->lastRotated.tm_mon = month;
@@ -1611,6 +1655,7 @@ static int readState(char *stateFilename
st->lastRotated = *localtime(&lr_time);
free(argv);
+ free(filename);
}
fclose(f);

144
logrotate-shred-CVE-2011-1154.patch
View File

@ -1,144 +0,0 @@
Index: logrotate.c
===================================================================
--- logrotate.c.orig
+++ logrotate.c
@@ -71,7 +71,7 @@ const char * compress_cmd_list[][2] = {
time_t nowSecs = 0;
-static int shred_file(char *filename, struct logInfo *log);
+static int shred_file(int fd, char *filename, struct logInfo *log);
static int globerr(const char *pathname, int theerr)
{
@@ -233,58 +233,78 @@ int createOutputFile(char *fileName, int
return fd;
}
-#define SHRED_CALL "shred -u "
-#define SHRED_COUNT_FLAG "-n "
#define DIGITS 10
+
/* unlink, but try to call shred from GNU fileutils */
-static int shred_file(char *filename, struct logInfo *log)
+static int shred_file(int fd, char *filename, struct logInfo *log)
{
- int len, ret;
- char *cmd;
char count[DIGITS]; /* that's a lot of shredding :) */
+ const char **fullCommand;
+ int id = 0;
+ int status;
if (!(log->flags & LOG_FLAG_SHRED)) {
return unlink(filename);
}
- len = strlen(filename) + strlen(SHRED_CALL);
- len += strlen(SHRED_COUNT_FLAG) + DIGITS;
- cmd = malloc(len);
+ message(MESS_DEBUG, "Using shred to remove the file %s\n", filename);
- if (!cmd) {
- message(MESS_ERROR, "malloc error while shredding");
- return unlink(filename);
+ if (log->shred_cycles != 0) {
+ fullCommand = alloca(sizeof(*fullCommand) * 6);
+ }
+ else {
+ fullCommand = alloca(sizeof(*fullCommand) * 4);
}
- strcpy(cmd, SHRED_CALL);
+ fullCommand[id++] = "shred";
+ fullCommand[id++] = "-u";
+
if (log->shred_cycles != 0) {
- strcat(cmd, SHRED_COUNT_FLAG);
+ fullCommand[id++] = "-n";
snprintf(count, DIGITS - 1, "%d", log->shred_cycles);
- strcat(count, " ");
- strcat(cmd, count);
+ fullCommand[id++] = count;
}
- strcat(cmd, filename);
- ret = system(cmd);
- free(cmd);
- if (ret != 0) {
- message(MESS_ERROR, "Failed to shred %s\n, trying unlink", filename);
- if (ret != -1) {
- message(MESS_NORMAL, "Shred returned %d\n", ret);
+ fullCommand[id++] = "-";
+ fullCommand[id++] = NULL;
+
+ if (!fork()) {
+ dup2(fd, 1);
+ close(fd);
+
+ execvp(fullCommand[0], (void *) fullCommand);
+ exit(1);
}
+
+ wait(&status);
+
+ if (!WIFEXITED(status) || WEXITSTATUS(status)) {
+ message(MESS_ERROR, "Failed to shred %s\n, trying unlink", filename);
return unlink(filename);
- } else {
- return ret;
}
+
+ /* We have to unlink it after shred anyway,
+ * because it doesn't remove the file itself */
+ return unlink(filename);
}
static int removeLogFile(char *name, struct logInfo *log)
{
+ int fd;
message(MESS_DEBUG, "removing old log %s\n", name);
- if (!debug && shred_file(name, log)) {
+ if ((fd = open(name, O_RDWR)) < 0) {
+ message(MESS_ERROR, "error opening %s: %s\n",
+ name, strerror(errno));
+ return 1;
+ }
+
+ if (!debug && shred_file(fd, name, log)) {
message(MESS_ERROR, "Failed to remove old log %s: %s\n",
name, strerror(errno));
+ close(fd);
return 1;
}
+
+ close(fd);
return 0;
}
@@ -312,7 +332,7 @@ static int compressLogFile(char *name, s
compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2);
sprintf(compressedName, "%s%s", name, log->compress_ext);
- if ((inFile = open(name, O_RDONLY)) < 0) {
+ if ((inFile = open(name, O_RDWR)) < 0) {
message(MESS_ERROR, "unable to open %s for compression\n", name);
return 1;
}
@@ -334,7 +354,6 @@ static int compressLogFile(char *name, s
exit(1);
}
- close(inFile);
close(outFile);
wait(&status);
@@ -350,7 +369,8 @@ static int compressLogFile(char *name, s
/* If we can't change atime/mtime, it's not a disaster.
It might possibly fail under SELinux. */
- shred_file(name, log);
+ shred_file(inFile, name, log);
+ close(inFile);
return 0;
}

24
logrotate.changes
View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Wed Sep 7 14:30:29 UTC 2011 - vcizek@suse.com
- update to 3.8.1
- dropped CVE patches as they were merged to upstream
- changelog
- fixed 1 memory leak in prerotateSingleLog
- do not redirect logrotate errors to /dev/null in cron script
- fixed "size" directive parsing
- handle situation when acl_get_fd is supported, but acl_set_fd is not
- added "maxsize" directive (see man page)
- added "dateyesterday" option (see man page)
- fixed crash when config file had exactly 4096*N bytes
- added WITH_ACL make option to link against -lacl and preserve ACLs
during rotation
- added "su" option to define user/group for rotation. Logrotate now
skips directories which are world writable or writable by group
which is not "root" unless "su" directive is used.
- fixed CVE-2011-1098: race condition by creation of new files
- fixed possible shell injection when using "shred" directive (CVE-2011-1154)
- fixed escaping of file names within 'write state' action (CVE-2011-1155)
- better 'size' directive description
- fixed possible buffer-overflow when reading config files
-------------------------------------------------------------------
Wed Sep 7 12:51:41 UTC 2011 - vcizek@suse.com

13
logrotate.spec
View File

@ -19,21 +19,19 @@
Url: https://fedorahosted.org/releases/l/o/logrotate
Name: logrotate
Version: 3.7.9
Version: 3.8.1
Release: 12
License: GPLv2+
Summary: Rotate, compress, remove, and mail system log files
Group: System/Base
Source: %{name}-%{version}.tar.bz2
Source: %{name}-%{version}.tar.gz
Source100: %{name}-rpmlintrc
Patch0: logrotate-3.7.8-suse.patch
Patch1: logrotate-3.7.8-conf.patch
Patch2: logrotate-3.7.8-autoext.patch
Patch3: logrotate-3.7.8-addextension.patch
Patch4: logrotate-3.7.8-mess_err.patch
Patch5: logrotate-CVE-2011-1098.patch
Patch6: logrotate-shred-CVE-2011-1154.patch
Patch7: logrotate-CVE-2011-1155.patch
# PATCH-FIX-UPSTREAM allow separated compressoptions (bnc#711780)
Patch8: logrotate-3.7.9-compressoptions.patch
BuildRequires: libselinux-devel
BuildRequires: popt-devel
@ -59,9 +57,6 @@ daily cron job.
%patch2
%patch3
%patch4
%patch5 -p1
%patch6
%patch7
%patch8 -p1
%build
@ -81,7 +76,7 @@ install -m 644 examples/logrotate.wtmp %{buildroot}%{_sysconfdir}/logrotate.d/wt
%post
%{remove_and_set MAX_DAYS_FOR_LOG_FILES}
if [ -f /etc/logrotate.d/aaa_base ] ; then
echo "Saving old logrotate system confguration"
echo "Saving old logrotate system configuration"
mv -v /etc/logrotate.d/aaa_base /etc/logrotate.d.aaa_base.save
fi