From a7ebe2d3f3a36042c1a2ce4d8e1a23776c8bc62a2dcf5e8dc65d992352b6d564 Mon Sep 17 00:00:00 2001 From: Michal Vyskocil Date: Tue, 13 Sep 2011 09:24:51 +0000 Subject: [PATCH] Accepting request 81574 from home:vitezslav_cizek:branches:Base:System - update to 3.8.1 - dropped CVE patches as they were merged to upstream - changelog - fixed 1 memory leak in prerotateSingleLog - do not redirect logrotate errors to /dev/null in cron script - fixed "size" directive parsing - handle situation when acl_get_fd is supported, but acl_set_fd is not - added "maxsize" directive (see man page) - added "dateyesterday" option (see man page) - fixed crash when config file had exactly 4096*N bytes - added WITH_ACL make option to link against -lacl and preserve ACLs during rotation - added "su" option to define user/group for rotation. Logrotate now skips directories which are world writable or writable by group which is not "root" unless "su" directive is used. - fixed CVE-2011-1098: race condition by creation of new files - fixed possible shell injection when using "shred" directive (CVE-2011-1154) - fixed escaping of file names within 'write state' action (CVE-2011-1155) - better 'size' directive description - fixed possible buffer-overflow when reading config files OBS-URL: https://build.opensuse.org/request/show/81574 OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=18 --- logrotate-3.7.8-addextension.patch | 148 ++++++++++++-------------- logrotate-3.7.8-autoext.patch | 75 +++++++------ logrotate-3.7.8-mess_err.patch | 8 +- logrotate-3.7.8-suse.patch | 19 ++-- logrotate-3.7.9-compressoptions.patch | 8 +- logrotate-3.7.9.tar.bz2 | 3 - logrotate-3.8.1.tar.gz | 3 + logrotate-CVE-2011-1098.patch | 33 ------ logrotate-CVE-2011-1155.patch | 96 ----------------- logrotate-shred-CVE-2011-1154.patch | 144 ------------------------- logrotate.changes | 24 +++++ logrotate.spec | 13 +-- 12 files changed, 156 insertions(+), 418 deletions(-) delete mode 100644 logrotate-3.7.9.tar.bz2 create mode 100644 logrotate-3.8.1.tar.gz delete mode 100644 logrotate-CVE-2011-1098.patch delete mode 100644 logrotate-CVE-2011-1155.patch delete mode 100644 logrotate-shred-CVE-2011-1154.patch diff --git a/logrotate-3.7.8-addextension.patch b/logrotate-3.7.8-addextension.patch index 71bcf60..da1a750 100644 --- a/logrotate-3.7.8-addextension.patch +++ b/logrotate-3.7.8-addextension.patch @@ -1,17 +1,16 @@ Index: test/test =================================================================== ---- test/test.orig 2008-05-14 12:31:35.000000000 +0200 -+++ test/test 2009-03-06 15:15:00.000000000 +0100 -@@ -369,4 +369,27 @@ +--- test/test.orig ++++ test/test +@@ -427,4 +427,26 @@ test.log 0 + test.log.1 0 zero EOF - rm -rf testdir -+ +# check rotation with extension appended to the filename -+cleanup 15 ++cleanup 17 + -+preptest test.log 15 1 0 -+$RLR test-config.15 --force ++preptest test.log 17 1 0 ++$RLR test-config.17 --force + +checkoutput <extension); +@@ -1177,6 +1178,19 @@ static int readConfigFile(const char *co + message(MESS_DEBUG, "extension is now %s\n", + newlog->extension); -+ } else if (!strcmp(start, "addextension")) { -+ *endtag = oldchar, start = endtag; ++ } else if (!strcmp(key, "addextension")) { ++ if ((key = isolateValue ++ (configFile, lineNum, "addextension name", &start, ++ &buf, length)) != NULL) { ++ freeLogItem (addextension); ++ newlog->addextension = key; ++ key = NULL; ++ } ++ else continue; + -+ freeLogItem (addextension); ++ message(MESS_DEBUG, "addextension is now %s\n", ++ newlog->addextension); + -+ if (!isolateValue -+ (configFile, lineNum, "addextension name", &start, -+ &endtag)) { -+ oldchar = *endtag, *endtag = '\0'; -+ -+ newlog->addextension = strdup(start); -+ -+ *endtag = oldchar, start = endtag; -+ } -+ -+ message(MESS_DEBUG, "addextension is now %s\n", -+ newlog->addextension); -+ - } else if (!strcmp(start, "compresscmd")) { - *endtag = oldchar, start = endtag; + } else if (!strcmp(key, "compresscmd")) { + freeLogItem (compress_prog); Index: logrotate.8 =================================================================== ---- logrotate.8.orig 2008-12-06 15:05:40.000000000 +0100 -+++ logrotate.8 2009-03-06 15:15:00.000000000 +0100 -@@ -144,6 +144,15 @@ - a \fBlogrotate\fR configuration file: +--- logrotate.8.orig ++++ logrotate.8 +@@ -248,6 +248,15 @@ appears after \fIext\fR. For example you + and want to rotate it to mylog.1.foo.gz instead of mylog.foo.1.gz. .TP +\fBaddextension \fIext\fR @@ -110,14 +78,14 @@ Index: logrotate.8 +appears after \fIext\fR. + +.TP - \fBcompress\fR - Old versions of log files are compressed with \fBgzip\fR(1) by default. See also - \fBnocompress\fR. + \fBifempty\fR + Rotate the log file even if it is empty, overriding the \fBnotifempty\fR + option (\fBifempty\fR is the default). Index: logrotate.c =================================================================== ---- logrotate.c.orig 2009-03-06 15:07:06.000000000 +0100 -+++ logrotate.c 2009-03-06 15:15:00.000000000 +0100 -@@ -671,6 +671,24 @@ +--- logrotate.c.orig ++++ logrotate.c +@@ -867,6 +867,24 @@ int prerotateSingleLog(struct logInfo *l rotNames->baseName = strdup(ourBaseName(log->files[logNum])); @@ -139,14 +107,14 @@ Index: logrotate.c + } + } + - oldName = alloca(PATH_MAX); - newName = alloca(PATH_MAX); - rotNames->disposeName = malloc(PATH_MAX); + if (log->extension && + strncmp(& + (rotNames-> Index: logrotate.h =================================================================== ---- logrotate.h.orig 2009-03-06 15:07:06.000000000 +0100 -+++ logrotate.h 2009-03-06 15:15:00.000000000 +0100 -@@ -41,6 +41,7 @@ +--- logrotate.h.orig ++++ logrotate.h +@@ -44,6 +44,7 @@ struct logInfo { char *pre, *post, *first, *last; char *logAddress; char *extension; @@ -154,3 +122,27 @@ Index: logrotate.h char *compress_prog; char *uncompress_prog; char *compress_ext; +Index: test/test-config.17.in +=================================================================== +--- /dev/null ++++ test/test-config.17.in +@@ -0,0 +1,7 @@ ++create ++ ++&DIR&/test.log { ++ monthly ++ rotate 1 ++ addextension .newext ++} +Index: test/test-config.18.in +=================================================================== +--- /dev/null ++++ test/test-config.18.in +@@ -0,0 +1,7 @@ ++create ++ ++&DIR&/test.log { ++ monthly ++ rotate 1 ++ addextension .log ++} diff --git a/logrotate-3.7.8-autoext.patch b/logrotate-3.7.8-autoext.patch index a9a187c..6dde180 100644 --- a/logrotate-3.7.8-autoext.patch +++ b/logrotate-3.7.8-autoext.patch @@ -1,40 +1,39 @@ Index: config.c =================================================================== ---- config.c.orig 2008-06-02 12:26:14.000000000 +0200 -+++ config.c 2009-03-06 14:21:45.000000000 +0100 -@@ -483,7 +483,7 @@ - static int readConfigFile(const char *configFile, struct logInfo *defConfig) - { - int fd; -- char *buf, *endtag; -+ char *buf, *endtag, *compresscmd_base; - char oldchar, foo; - off_t length; - int lineNum = 1; -@@ -1189,6 +1189,18 @@ - message(MESS_DEBUG, "compress_prog is now %s\n", - newlog->compress_prog); +--- config.c.orig ++++ config.c +@@ -583,6 +583,7 @@ static int readConfigFile(const char *co + char **scriptDest = NULL; + struct logInfo *newlog = defConfig; + char *start, *chptr; ++ char *compresscmd_base; + char *dirName; + struct group *group; + struct passwd *pw = NULL; +@@ -1205,6 +1206,18 @@ static int readConfigFile(const char *co + message(MESS_DEBUG, "compress_prog is now %s\n", + newlog->compress_prog); -+ compresscmd_base=strdup(basename(newlog->compress_prog)); -+ i=0; /* have to check whether we may do this! */ -+ /* we check whether we changed the compress_cmd. In case we use the apropriate extension -+ as listed in compress_cmd_list */ -+ while ((i>=0)&&(strcmp(compress_cmd_list[i][0], "EOLIST"))){ -+ if (0==strcmp(compress_cmd_list[i][0], compresscmd_base)){ -+ newlog->compress_ext=strdup((char *)compress_cmd_list[i][1]); -+ message(MESS_DEBUG, "compress_ext was changed to %s\n", newlog->compress_ext); -+ i=-10; /* terminate loop! */ -+ } -+ i++; -+ } - } else if (!strcmp(start, "uncompresscmd")) { - *endtag = oldchar, start = endtag; ++ compresscmd_base=strdup(basename(newlog->compress_prog)); ++ i=0; /* have to check whether we may do this! */ ++ /* we check whether we changed the compress_cmd. In case we use the apropriate extension ++ as listed in compress_cmd_list */ ++ while ((i>=0)&&(strcmp(compress_cmd_list[i][0], "EOLIST"))){ ++ if (0==strcmp(compress_cmd_list[i][0], compresscmd_base)){ ++ newlog->compress_ext=strdup((char *)compress_cmd_list[i][1]); ++ message(MESS_DEBUG, "compress_ext was changed to %s\n", newlog->compress_ext); ++ i=-10; /* terminate loop! */ ++ } ++ i++; ++ } + } else if (!strcmp(key, "uncompresscmd")) { + freeLogItem (uncompress_prog); Index: logrotate.c =================================================================== ---- logrotate.c.orig 2008-10-15 15:07:43.000000000 +0200 -+++ logrotate.c 2009-03-06 14:21:45.000000000 +0100 -@@ -54,6 +54,16 @@ +--- logrotate.c.orig ++++ logrotate.c +@@ -76,6 +76,16 @@ unsigned int hashSize; int numLogs = 0; int debug = 0; char *mailCommand = DEFAULT_MAIL_COMMAND; @@ -49,13 +48,13 @@ Index: logrotate.c +}; + time_t nowSecs = 0; - - static int shred_file(char *filename, struct logInfo *log); + static uid_t save_euid; + static gid_t save_egid; Index: logrotate.h =================================================================== ---- logrotate.h.orig 2008-05-09 09:28:59.000000000 +0200 -+++ logrotate.h 2009-03-06 14:21:45.000000000 +0100 -@@ -61,6 +61,9 @@ +--- logrotate.h.orig ++++ logrotate.h +@@ -66,6 +66,9 @@ TAILQ_HEAD(logInfoHead, logInfo) logs; extern int numLogs; extern int debug; @@ -63,5 +62,5 @@ Index: logrotate.h +extern const char * compress_cmd_list[][2]; + int readAllConfigPaths(const char **paths); - - #endif + #if !defined(asprintf) + int asprintf(char **string_ptr, const char *format, ...); diff --git a/logrotate-3.7.8-mess_err.patch b/logrotate-3.7.8-mess_err.patch index 0bb420e..d7b5ada 100644 --- a/logrotate-3.7.8-mess_err.patch +++ b/logrotate-3.7.8-mess_err.patch @@ -1,10 +1,10 @@ Index: logrotate.c =================================================================== ---- logrotate.c.orig 2009-03-06 15:20:25.000000000 +0100 -+++ logrotate.c 2009-03-06 15:24:07.000000000 +0100 -@@ -997,7 +997,7 @@ +--- logrotate.c.orig ++++ logrotate.c +@@ -1206,7 +1206,7 @@ int prerotateSingleLog(struct logInfo *l } - snprintf(destFile, PATH_MAX, "%s%s", rotNames->finalName, compext); + asprintf(&destFile, "%s%s", rotNames->finalName, compext); if (!stat(destFile, &fst_buf)) { - message(MESS_DEBUG, + message(MESS_ERROR, diff --git a/logrotate-3.7.8-suse.patch b/logrotate-3.7.8-suse.patch index 500ffe8..c10bf73 100644 --- a/logrotate-3.7.8-suse.patch +++ b/logrotate-3.7.8-suse.patch @@ -2,12 +2,12 @@ Index: Makefile =================================================================== --- Makefile.orig +++ Makefile -@@ -63,7 +63,7 @@ ifneq ($(STATEFILE),) +@@ -81,7 +81,7 @@ ifneq ($(STATEFILE),) endif BINDIR = $(BASEDIR)/sbin --MANDIR = $(BASEDIR)/man -+MANDIR = $(BASEDIR)/share/man +-MANDIR ?= $(BASEDIR)/man ++MANDIR ?= $(BASEDIR)/share/man #-------------------------------------------------------------------------- @@ -18,27 +18,28 @@ Index: examples/logrotate.cron @@ -1,8 +1,23 @@ #!/bin/sh --/usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1 +-/usr/sbin/logrotate /etc/logrotate.conf -EXITVALUE=$? +-if [ $EXITVALUE != 0 ]; then +- /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" +# exit immediately if there is another instance running +if checkproc /usr/sbin/logrotate; then + /bin/logger -p cron.warning -t logrotate "ALERT another instance of logrotate is running - exiting" -+ exit 1; -+fi; ++ exit 1 + fi + +TMPF=`mktemp /tmp/logrotate.XXXXXXXXXX` + +/usr/sbin/logrotate /etc/logrotate.conf 2>&1 | tee $TMPF +EXITVALUE=${PIPESTATUS[0]} + - if [ $EXITVALUE != 0 ]; then -- /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" ++if [ $EXITVALUE != 0 ]; then + # wait a sec, we might just have restarted syslog + sleep 1 + # tell what went wrong + /bin/logger -p cron.warning -t logrotate "ALERT exited abnormally with [$EXITVALUE]" + /bin/logger -p cron.warning -t logrotate -f $TMPF - fi ++ fi + +rm -f $TMPF exit 0 diff --git a/logrotate-3.7.9-compressoptions.patch b/logrotate-3.7.9-compressoptions.patch index 9cdcf1e..5f1d86a 100644 --- a/logrotate-3.7.9-compressoptions.patch +++ b/logrotate-3.7.9-compressoptions.patch @@ -1,8 +1,8 @@ -Index: logrotate-3.7.9/config.c +Index: logrotate-3.8.1/config.c =================================================================== ---- logrotate-3.7.9.orig/config.c -+++ logrotate-3.7.9/config.c -@@ -101,7 +139,9 @@ static char *readPath(const char *config +--- logrotate-3.8.1.orig/config.c ++++ logrotate-3.8.1/config.c +@@ -192,7 +192,9 @@ static char *readPath(const char *config chptr = start; while( (len = mbrtowc(&pwc, chptr, strlen(chptr), NULL)) != 0 ) { diff --git a/logrotate-3.7.9.tar.bz2 b/logrotate-3.7.9.tar.bz2 deleted file mode 100644 index fad2e7e..0000000 --- a/logrotate-3.7.9.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:916a934a096af34c83fa664fa77036d5b6cf4f6b265fe6dcffa25ce51cc702e0 -size 39181 diff --git a/logrotate-3.8.1.tar.gz b/logrotate-3.8.1.tar.gz new file mode 100644 index 0000000..d9e8a59 --- /dev/null +++ b/logrotate-3.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c12471e70ae8bc923bd5c4f25e8fd6483b68c6301f3cd79f7cfe37bc5b370169 +size 48827 diff --git a/logrotate-CVE-2011-1098.patch b/logrotate-CVE-2011-1098.patch deleted file mode 100644 index 9ad4c60..0000000 --- a/logrotate-CVE-2011-1098.patch +++ /dev/null @@ -1,33 +0,0 @@ -Index: logrotate-3.7.9/logrotate.c -=================================================================== ---- logrotate-3.7.9.orig/logrotate.c -+++ logrotate-3.7.9/logrotate.c -@@ -204,7 +204,9 @@ int createOutputFile(char *fileName, int - { - int fd; - -- fd = open(fileName, flags, sb->st_mode); -+ unlink(fileName); -+ fd = open(fileName, (flags | O_EXCL | O_NOFOLLOW), -+ (S_IRUSR | S_IWUSR) & sb->st_mode); - if (fd < 0) { - message(MESS_ERROR, "error creating output file %s: %s\n", - fileName, strerror(errno)); -@@ -316,7 +318,7 @@ static int compressLogFile(char *name, s - } - - outFile = -- createOutputFile(compressedName, O_RDWR | O_CREAT | O_TRUNC, sb); -+ createOutputFile(compressedName, O_RDWR | O_CREAT, sb); - if (outFile < 0) { - close(inFile); - return 1; -@@ -495,7 +497,7 @@ static int copyTruncate(char *currLog, c - } - #endif - fdsave = -- createOutputFile(saveLog, O_WRONLY | O_CREAT | O_TRUNC, sb); -+ createOutputFile(saveLog, O_WRONLY | O_CREAT, sb); - #ifdef WITH_SELINUX - if (selinux_enabled) { - setfscreatecon_raw(prev_context); diff --git a/logrotate-CVE-2011-1155.patch b/logrotate-CVE-2011-1155.patch deleted file mode 100644 index ba10d1d..0000000 --- a/logrotate-CVE-2011-1155.patch +++ /dev/null @@ -1,96 +0,0 @@ -Index: logrotate.c -=================================================================== ---- logrotate.c.orig -+++ logrotate.c -@@ -36,6 +36,12 @@ int selinux_enforce = 0; - #define GLOB_ABORTED GLOB_ABEND - #endif - -+#ifdef PATH_MAX -+#define STATEFILE_BUFFER_SIZE 2 * PATH_MAX + 16 -+#else -+#define STATEFILE_BUFFER_SIZE 4096 -+#endif -+ - struct logState { - char *fn; - struct tm lastRotated; /* only tm.mon, tm_mday, tm_year are good! */ -@@ -82,6 +88,34 @@ static int globerr(const char *pathname, - return 1; - } - -+static void unescape(char *arg) -+{ -+ char *p = arg; -+ char *next; -+ char escaped; -+ while ((next = strchr(p, '\\')) != NULL) { -+ -+ p = next; -+ -+ switch (p[1]) { -+ case 'n': -+ escaped = '\n'; -+ break; -+ case '\\': -+ escaped = '\\'; -+ break; -+ default: -+ ++p; -+ continue; -+ } -+ -+ /* Overwrite the backslash with the intended character, -+ * and shift everything down one */ -+ *p++ = escaped; -+ memmove(p, p+1, 1 + strlen(p+1)); -+ } -+} -+ - #define HASH_SIZE_MIN 64 - static int allocateHash(void) - { -@@ -1467,7 +1501,13 @@ static int writeState(char *stateFilenam - for (chptr = p->fn; *chptr; chptr++) { - switch (*chptr) { - case '"': -+ case '\\': - fputc('\\', f); -+ break; -+ case '\n': -+ fputc('\\', f); -+ fputc('n', f); -+ continue; - } - - fputc(*chptr, f); -@@ -1488,7 +1528,8 @@ static int writeState(char *stateFilenam - static int readState(char *stateFilename) - { - FILE *f; -- char buf[1024]; -+ char buf[STATEFILE_BUFFER_SIZE]; -+ char *filename; - const char **argv; - int argc; - int year, month, day; -@@ -1599,7 +1640,10 @@ static int readState(char *stateFilename - - year -= 1900, month -= 1; - -- if ((st = findState(argv[0])) == NULL) -+ filename = strdup(argv[0]); -+ unescape(filename); -+ -+ if ((st = findState(filename)) == NULL) - return 1; - - st->lastRotated.tm_mon = month; -@@ -1611,6 +1655,7 @@ static int readState(char *stateFilename - st->lastRotated = *localtime(&lr_time); - - free(argv); -+ free(filename); - } - - fclose(f); diff --git a/logrotate-shred-CVE-2011-1154.patch b/logrotate-shred-CVE-2011-1154.patch deleted file mode 100644 index 1105567..0000000 --- a/logrotate-shred-CVE-2011-1154.patch +++ /dev/null @@ -1,144 +0,0 @@ -Index: logrotate.c -=================================================================== ---- logrotate.c.orig -+++ logrotate.c -@@ -71,7 +71,7 @@ const char * compress_cmd_list[][2] = { - - time_t nowSecs = 0; - --static int shred_file(char *filename, struct logInfo *log); -+static int shred_file(int fd, char *filename, struct logInfo *log); - - static int globerr(const char *pathname, int theerr) - { -@@ -233,58 +233,78 @@ int createOutputFile(char *fileName, int - return fd; - } - --#define SHRED_CALL "shred -u " --#define SHRED_COUNT_FLAG "-n " - #define DIGITS 10 -+ - /* unlink, but try to call shred from GNU fileutils */ --static int shred_file(char *filename, struct logInfo *log) -+static int shred_file(int fd, char *filename, struct logInfo *log) - { -- int len, ret; -- char *cmd; - char count[DIGITS]; /* that's a lot of shredding :) */ -+ const char **fullCommand; -+ int id = 0; -+ int status; - - if (!(log->flags & LOG_FLAG_SHRED)) { - return unlink(filename); - } - -- len = strlen(filename) + strlen(SHRED_CALL); -- len += strlen(SHRED_COUNT_FLAG) + DIGITS; -- cmd = malloc(len); -+ message(MESS_DEBUG, "Using shred to remove the file %s\n", filename); - -- if (!cmd) { -- message(MESS_ERROR, "malloc error while shredding"); -- return unlink(filename); -+ if (log->shred_cycles != 0) { -+ fullCommand = alloca(sizeof(*fullCommand) * 6); -+ } -+ else { -+ fullCommand = alloca(sizeof(*fullCommand) * 4); - } -- strcpy(cmd, SHRED_CALL); -+ fullCommand[id++] = "shred"; -+ fullCommand[id++] = "-u"; -+ - if (log->shred_cycles != 0) { -- strcat(cmd, SHRED_COUNT_FLAG); -+ fullCommand[id++] = "-n"; - snprintf(count, DIGITS - 1, "%d", log->shred_cycles); -- strcat(count, " "); -- strcat(cmd, count); -+ fullCommand[id++] = count; - } -- strcat(cmd, filename); -- ret = system(cmd); -- free(cmd); -- if (ret != 0) { -- message(MESS_ERROR, "Failed to shred %s\n, trying unlink", filename); -- if (ret != -1) { -- message(MESS_NORMAL, "Shred returned %d\n", ret); -+ fullCommand[id++] = "-"; -+ fullCommand[id++] = NULL; -+ -+ if (!fork()) { -+ dup2(fd, 1); -+ close(fd); -+ -+ execvp(fullCommand[0], (void *) fullCommand); -+ exit(1); - } -+ -+ wait(&status); -+ -+ if (!WIFEXITED(status) || WEXITSTATUS(status)) { -+ message(MESS_ERROR, "Failed to shred %s\n, trying unlink", filename); - return unlink(filename); -- } else { -- return ret; - } -+ -+ /* We have to unlink it after shred anyway, -+ * because it doesn't remove the file itself */ -+ return unlink(filename); - } - - static int removeLogFile(char *name, struct logInfo *log) - { -+ int fd; - message(MESS_DEBUG, "removing old log %s\n", name); - -- if (!debug && shred_file(name, log)) { -+ if ((fd = open(name, O_RDWR)) < 0) { -+ message(MESS_ERROR, "error opening %s: %s\n", -+ name, strerror(errno)); -+ return 1; -+ } -+ -+ if (!debug && shred_file(fd, name, log)) { - message(MESS_ERROR, "Failed to remove old log %s: %s\n", - name, strerror(errno)); -+ close(fd); - return 1; - } -+ -+ close(fd); - return 0; - } - -@@ -312,7 +332,7 @@ static int compressLogFile(char *name, s - compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2); - sprintf(compressedName, "%s%s", name, log->compress_ext); - -- if ((inFile = open(name, O_RDONLY)) < 0) { -+ if ((inFile = open(name, O_RDWR)) < 0) { - message(MESS_ERROR, "unable to open %s for compression\n", name); - return 1; - } -@@ -334,7 +354,6 @@ static int compressLogFile(char *name, s - exit(1); - } - -- close(inFile); - close(outFile); - - wait(&status); -@@ -350,7 +369,8 @@ static int compressLogFile(char *name, s - /* If we can't change atime/mtime, it's not a disaster. - It might possibly fail under SELinux. */ - -- shred_file(name, log); -+ shred_file(inFile, name, log); -+ close(inFile); - - return 0; - } diff --git a/logrotate.changes b/logrotate.changes index fd9cb28..fee9788 100644 --- a/logrotate.changes +++ b/logrotate.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Wed Sep 7 14:30:29 UTC 2011 - vcizek@suse.com + +- update to 3.8.1 +- dropped CVE patches as they were merged to upstream +- changelog + - fixed 1 memory leak in prerotateSingleLog + - do not redirect logrotate errors to /dev/null in cron script + - fixed "size" directive parsing + - handle situation when acl_get_fd is supported, but acl_set_fd is not + - added "maxsize" directive (see man page) + - added "dateyesterday" option (see man page) + - fixed crash when config file had exactly 4096*N bytes + - added WITH_ACL make option to link against -lacl and preserve ACLs + during rotation + - added "su" option to define user/group for rotation. Logrotate now + skips directories which are world writable or writable by group + which is not "root" unless "su" directive is used. + - fixed CVE-2011-1098: race condition by creation of new files + - fixed possible shell injection when using "shred" directive (CVE-2011-1154) + - fixed escaping of file names within 'write state' action (CVE-2011-1155) + - better 'size' directive description + - fixed possible buffer-overflow when reading config files + ------------------------------------------------------------------- Wed Sep 7 12:51:41 UTC 2011 - vcizek@suse.com diff --git a/logrotate.spec b/logrotate.spec index 6ed8d81..999a0ae 100644 --- a/logrotate.spec +++ b/logrotate.spec @@ -19,21 +19,19 @@ Url: https://fedorahosted.org/releases/l/o/logrotate Name: logrotate -Version: 3.7.9 +Version: 3.8.1 Release: 12 License: GPLv2+ Summary: Rotate, compress, remove, and mail system log files Group: System/Base -Source: %{name}-%{version}.tar.bz2 +Source: %{name}-%{version}.tar.gz Source100: %{name}-rpmlintrc Patch0: logrotate-3.7.8-suse.patch Patch1: logrotate-3.7.8-conf.patch Patch2: logrotate-3.7.8-autoext.patch Patch3: logrotate-3.7.8-addextension.patch Patch4: logrotate-3.7.8-mess_err.patch -Patch5: logrotate-CVE-2011-1098.patch -Patch6: logrotate-shred-CVE-2011-1154.patch -Patch7: logrotate-CVE-2011-1155.patch +# PATCH-FIX-UPSTREAM allow separated compressoptions (bnc#711780) Patch8: logrotate-3.7.9-compressoptions.patch BuildRequires: libselinux-devel BuildRequires: popt-devel @@ -59,9 +57,6 @@ daily cron job. %patch2 %patch3 %patch4 -%patch5 -p1 -%patch6 -%patch7 %patch8 -p1 %build @@ -81,7 +76,7 @@ install -m 644 examples/logrotate.wtmp %{buildroot}%{_sysconfdir}/logrotate.d/wt %post %{remove_and_set MAX_DAYS_FOR_LOG_FILES} if [ -f /etc/logrotate.d/aaa_base ] ; then - echo "Saving old logrotate system confguration" + echo "Saving old logrotate system configuration" mv -v /etc/logrotate.d/aaa_base /etc/logrotate.d.aaa_base.save fi