pool/logrotate
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 81574 from home:vitezslav_cizek:branches:Base:System

Browse Source 
- update to 3.8.1
- dropped CVE patches as they were merged to upstream
- changelog
  - fixed 1 memory leak in prerotateSingleLog
  - do not redirect logrotate errors to /dev/null in cron script
  - fixed "size" directive parsing
  - handle situation when acl_get_fd is supported, but acl_set_fd is not
  - added "maxsize" directive (see man page)
  - added "dateyesterday" option (see man page)
  - fixed crash when config file had exactly 4096*N bytes
  - added WITH_ACL make option to link against -lacl and preserve ACLs
    during rotation
  - added "su" option to define user/group for rotation. Logrotate now
    skips directories which are world writable or writable by group
    which is not "root" unless "su" directive is used.
  - fixed CVE-2011-1098: race condition by creation of new files
  - fixed possible shell injection when using "shred" directive (CVE-2011-1154)
  - fixed escaping of file names within 'write state' action (CVE-2011-1155)
  - better 'size' directive description
  - fixed possible buffer-overflow when reading config files

OBS-URL: https://build.opensuse.org/request/show/81574
OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=18
This commit is contained in:
Michal Vyskocil 2011-09-13 09:24:51 +00:00 committed by Git OBS Bridge
parent 0ee507bd2a
commit a7ebe2d3f3
12 changed files with 156 additions and 418 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
logrotate-3.7.8-addextension.patch
View File

@ -1,17 +1,16 @@
Index: test/test Index: test/test
=================================================================== ===================================================================
--- test/test.orig 2008-05-14 12:31:35.000000000 +0200 --- test/test.orig
+++ test/test 2009-03-06 15:15:00.000000000 +0100 +++ test/test
@@ -369,4 +369,27 @@ @@ -427,4 +427,26 @@ test.log 0
test.log.1 0 zero
EOF EOF
rm -rf testdir
+
+# check rotation with extension appended to the filename +# check rotation with extension appended to the filename
+cleanup 15 +cleanup 17
+ +
+preptest test.log 15 1 0 +preptest test.log 17 1 0
+$RLR test-config.15 --force +$RLR test-config.17 --force
+ +
+checkoutput <<EOF +checkoutput <<EOF
+test.log 0 +test.log 0
@ -19,48 +18,22 @@ Index: test/test
+EOF +EOF
+ +
+# check rotation with extension moved after the number +# check rotation with extension moved after the number
+cleanup 16 +cleanup 18
+ +
+preptest test.log 16 1 0 +preptest test.log 18 1 0
+$RLR test-config.16 --force +$RLR test-config.18 --force
+ +
+checkoutput <<EOF +checkoutput <<EOF
+test.log 0 +test.log 0
+test.1.log 0 zero +test.1.log 0 zero
+EOF +EOF
+ +
cleanup # cleanup
Index: test/test-config.16.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ test/test-config.16.in 2009-03-06 15:15:00.000000000 +0100
@@ -0,0 +1,8 @@
+create
+
+&DIR&/test.log {
+ monthly
+ rotate 1
+ addextension .log
+}
+
Index: test/test-config.15.in
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ test/test-config.15.in 2009-03-06 15:15:00.000000000 +0100
@@ -0,0 +1,8 @@
+create
+
+&DIR&/test.log {
+ monthly
+ rotate 1
+ addextension .newext
+}
+
Index: config.c Index: config.c
=================================================================== ===================================================================
--- config.c.orig 2009-03-06 15:07:06.000000000 +0100 --- config.c.orig
+++ config.c 2009-03-06 15:17:38.000000000 +0100 +++ config.c
@@ -428,6 +428,7 @@ @@ -519,6 +519,7 @@ int readAllConfigPaths(const char **path
.last = NULL, .last = NULL,
.logAddress = NULL, .logAddress = NULL,
.extension = NULL, .extension = NULL,
@ -68,37 +41,32 @@ Index: config.c
.compress_prog = NULL, .compress_prog = NULL,
.uncompress_prog = NULL, .uncompress_prog = NULL,
.compress_ext = NULL, .compress_ext = NULL,
@@ -1158,6 +1159,24 @@ @@ -1177,6 +1178,19 @@ static int readConfigFile(const char *co
message(MESS_DEBUG, "extension is now %s\n", message(MESS_DEBUG, "extension is now %s\n",
newlog->extension); newlog->extension);
+ } else if (!strcmp(start, "addextension")) { + } else if (!strcmp(key, "addextension")) {
+ *endtag = oldchar, start = endtag; + if ((key = isolateValue
+ (configFile, lineNum, "addextension name", &start,
+ &buf, length)) != NULL) {
+ freeLogItem (addextension);
+ newlog->addextension = key;
+ key = NULL;
+ }
+ else continue;
+ +
+ freeLogItem (addextension); + message(MESS_DEBUG, "addextension is now %s\n",
+ newlog->addextension);
+ +
+ if (!isolateValue } else if (!strcmp(key, "compresscmd")) {
+ (configFile, lineNum, "addextension name", &start, freeLogItem (compress_prog);
+ &endtag)) {
+ oldchar = *endtag, *endtag = '\0';
+
+ newlog->addextension = strdup(start);
+
+ *endtag = oldchar, start = endtag;
+ }
+
+ message(MESS_DEBUG, "addextension is now %s\n",
+ newlog->addextension);
+
} else if (!strcmp(start, "compresscmd")) {
*endtag = oldchar, start = endtag;
Index: logrotate.8 Index: logrotate.8
=================================================================== ===================================================================
--- logrotate.8.orig 2008-12-06 15:05:40.000000000 +0100 --- logrotate.8.orig
+++ logrotate.8 2009-03-06 15:15:00.000000000 +0100 +++ logrotate.8
@@ -144,6 +144,15 @@ @@ -248,6 +248,15 @@ appears after \fIext\fR. For example you
a \fBlogrotate\fR configuration file: and want to rotate it to mylog.1.foo.gz instead of mylog.foo.1.gz.
.TP .TP
+\fBaddextension \fIext\fR +\fBaddextension \fIext\fR
@ -110,14 +78,14 @@ Index: logrotate.8
+appears after \fIext\fR. +appears after \fIext\fR.
+ +
+.TP +.TP
\fBcompress\fR \fBifempty\fR
Old versions of log files are compressed with \fBgzip\fR(1) by default. See also Rotate the log file even if it is empty, overriding the \fBnotifempty\fR
\fBnocompress\fR. option (\fBifempty\fR is the default).
Index: logrotate.c Index: logrotate.c
=================================================================== ===================================================================
--- logrotate.c.orig 2009-03-06 15:07:06.000000000 +0100 --- logrotate.c.orig
+++ logrotate.c 2009-03-06 15:15:00.000000000 +0100 +++ logrotate.c
@@ -671,6 +671,24 @@ @@ -867,6 +867,24 @@ int prerotateSingleLog(struct logInfo *l
rotNames->baseName = strdup(ourBaseName(log->files[logNum])); rotNames->baseName = strdup(ourBaseName(log->files[logNum]));
@ -139,14 +107,14 @@ Index: logrotate.c
+ } + }
+ } + }
+ +
oldName = alloca(PATH_MAX); if (log->extension &&
newName = alloca(PATH_MAX); strncmp(&
rotNames->disposeName = malloc(PATH_MAX); (rotNames->
Index: logrotate.h Index: logrotate.h
=================================================================== ===================================================================
--- logrotate.h.orig 2009-03-06 15:07:06.000000000 +0100 --- logrotate.h.orig
+++ logrotate.h 2009-03-06 15:15:00.000000000 +0100 +++ logrotate.h
@@ -41,6 +41,7 @@ @@ -44,6 +44,7 @@ struct logInfo {
char *pre, *post, *first, *last; char *pre, *post, *first, *last;
char *logAddress; char *logAddress;
char *extension; char *extension;
@ -154,3 +122,27 @@ Index: logrotate.h
char *compress_prog; char *compress_prog;
char *uncompress_prog; char *uncompress_prog;
char *compress_ext; char *compress_ext;
Index: test/test-config.17.in
===================================================================
--- /dev/null
+++ test/test-config.17.in
@@ -0,0 +1,7 @@
+create
+
+&DIR&/test.log {
+ monthly
+ rotate 1
+ addextension .newext
+}
Index: test/test-config.18.in
===================================================================
--- /dev/null
+++ test/test-config.18.in
@@ -0,0 +1,7 @@
+create
+
+&DIR&/test.log {
+ monthly
+ rotate 1
+ addextension .log
+}

75
logrotate-3.7.8-autoext.patch
View File

@ -1,40 +1,39 @@
Index: config.c Index: config.c
=================================================================== ===================================================================
--- config.c.orig 2008-06-02 12:26:14.000000000 +0200 --- config.c.orig
+++ config.c 2009-03-06 14:21:45.000000000 +0100 +++ config.c
@@ -483,7 +483,7 @@ @@ -583,6 +583,7 @@ static int readConfigFile(const char *co
static int readConfigFile(const char *configFile, struct logInfo *defConfig) char **scriptDest = NULL;
{ struct logInfo *newlog = defConfig;
int fd; char *start, *chptr;
- char *buf, *endtag; + char *compresscmd_base;
+ char *buf, *endtag, *compresscmd_base; char *dirName;
char oldchar, foo; struct group *group;
off_t length; struct passwd *pw = NULL;
int lineNum = 1; @@ -1205,6 +1206,18 @@ static int readConfigFile(const char *co
@@ -1189,6 +1189,18 @@ message(MESS_DEBUG, "compress_prog is now %s\n",
message(MESS_DEBUG, "compress_prog is now %s\n", newlog->compress_prog);
newlog->compress_prog);
+ compresscmd_base=strdup(basename(newlog->compress_prog)); + compresscmd_base=strdup(basename(newlog->compress_prog));
+ i=0; /* have to check whether we may do this! */ + i=0; /* have to check whether we may do this! */
+ /* we check whether we changed the compress_cmd. In case we use the apropriate extension + /* we check whether we changed the compress_cmd. In case we use the apropriate extension
+ as listed in compress_cmd_list */ + as listed in compress_cmd_list */
+ while ((i>=0)&&(strcmp(compress_cmd_list[i][0], "EOLIST"))){ + while ((i>=0)&&(strcmp(compress_cmd_list[i][0], "EOLIST"))){
+ if (0==strcmp(compress_cmd_list[i][0], compresscmd_base)){ + if (0==strcmp(compress_cmd_list[i][0], compresscmd_base)){
+ newlog->compress_ext=strdup((char *)compress_cmd_list[i][1]); + newlog->compress_ext=strdup((char *)compress_cmd_list[i][1]);
+ message(MESS_DEBUG, "compress_ext was changed to %s\n", newlog->compress_ext); + message(MESS_DEBUG, "compress_ext was changed to %s\n", newlog->compress_ext);
+ i=-10; /* terminate loop! */ + i=-10; /* terminate loop! */
+ } + }
+ i++; + i++;
+ } + }
} else if (!strcmp(start, "uncompresscmd")) { } else if (!strcmp(key, "uncompresscmd")) {
*endtag = oldchar, start = endtag; freeLogItem (uncompress_prog);
Index: logrotate.c Index: logrotate.c
=================================================================== ===================================================================
--- logrotate.c.orig 2008-10-15 15:07:43.000000000 +0200 --- logrotate.c.orig
+++ logrotate.c 2009-03-06 14:21:45.000000000 +0100 +++ logrotate.c
@@ -54,6 +54,16 @@ @@ -76,6 +76,16 @@ unsigned int hashSize;
int numLogs = 0; int numLogs = 0;
int debug = 0; int debug = 0;
char *mailCommand = DEFAULT_MAIL_COMMAND; char *mailCommand = DEFAULT_MAIL_COMMAND;
@ -49,13 +48,13 @@ Index: logrotate.c
+}; +};
+ +
time_t nowSecs = 0; time_t nowSecs = 0;
static uid_t save_euid;
static int shred_file(char *filename, struct logInfo *log); static gid_t save_egid;
Index: logrotate.h Index: logrotate.h
=================================================================== ===================================================================
--- logrotate.h.orig 2008-05-09 09:28:59.000000000 +0200 --- logrotate.h.orig
+++ logrotate.h 2009-03-06 14:21:45.000000000 +0100 +++ logrotate.h
@@ -61,6 +61,9 @@ @@ -66,6 +66,9 @@ TAILQ_HEAD(logInfoHead, logInfo) logs;
extern int numLogs; extern int numLogs;
extern int debug; extern int debug;
@ -63,5 +62,5 @@ Index: logrotate.h
+extern const char * compress_cmd_list[][2]; +extern const char * compress_cmd_list[][2];
+ +
int readAllConfigPaths(const char **paths); int readAllConfigPaths(const char **paths);
#if !defined(asprintf)
#endif int asprintf(char **string_ptr, const char *format, ...);

8
logrotate-3.7.8-mess_err.patch
View File

@ -1,10 +1,10 @@
Index: logrotate.c Index: logrotate.c
=================================================================== ===================================================================
--- logrotate.c.orig 2009-03-06 15:20:25.000000000 +0100 --- logrotate.c.orig
+++ logrotate.c 2009-03-06 15:24:07.000000000 +0100 +++ logrotate.c
@@ -997,7 +997,7 @@ @@ -1206,7 +1206,7 @@ int prerotateSingleLog(struct logInfo *l
} }
snprintf(destFile, PATH_MAX, "%s%s", rotNames->finalName, compext); asprintf(&destFile, "%s%s", rotNames->finalName, compext);
if (!stat(destFile, &fst_buf)) { if (!stat(destFile, &fst_buf)) {
- message(MESS_DEBUG, - message(MESS_DEBUG,
+ message(MESS_ERROR, + message(MESS_ERROR,

19
logrotate-3.7.8-suse.patch
View File

@ -2,12 +2,12 @@ Index: Makefile
=================================================================== ===================================================================
--- Makefile.orig --- Makefile.orig
+++ Makefile +++ Makefile
@@ -63,7 +63,7 @@ ifneq ($(STATEFILE),) @@ -81,7 +81,7 @@ ifneq ($(STATEFILE),)
endif endif
BINDIR = $(BASEDIR)/sbin BINDIR = $(BASEDIR)/sbin
-MANDIR = $(BASEDIR)/man -MANDIR ?= $(BASEDIR)/man
+MANDIR = $(BASEDIR)/share/man +MANDIR ?= $(BASEDIR)/share/man
#-------------------------------------------------------------------------- #--------------------------------------------------------------------------
@ -18,27 +18,28 @@ Index: examples/logrotate.cron
@@ -1,8 +1,23 @@ @@ -1,8 +1,23 @@
#!/bin/sh #!/bin/sh
-/usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1 -/usr/sbin/logrotate /etc/logrotate.conf
-EXITVALUE=$? -EXITVALUE=$?
-if [ $EXITVALUE != 0 ]; then
- /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+# exit immediately if there is another instance running +# exit immediately if there is another instance running
+if checkproc /usr/sbin/logrotate; then +if checkproc /usr/sbin/logrotate; then
+ /bin/logger -p cron.warning -t logrotate "ALERT another instance of logrotate is running - exiting" + /bin/logger -p cron.warning -t logrotate "ALERT another instance of logrotate is running - exiting"
+ exit 1; + exit 1
+fi; fi
+ +
+TMPF=`mktemp /tmp/logrotate.XXXXXXXXXX` +TMPF=`mktemp /tmp/logrotate.XXXXXXXXXX`
+ +
+/usr/sbin/logrotate /etc/logrotate.conf 2>&1 | tee $TMPF +/usr/sbin/logrotate /etc/logrotate.conf 2>&1 | tee $TMPF
+EXITVALUE=${PIPESTATUS[0]} +EXITVALUE=${PIPESTATUS[0]}
+ +
if [ $EXITVALUE != 0 ]; then +if [ $EXITVALUE != 0 ]; then
- /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+ # wait a sec, we might just have restarted syslog + # wait a sec, we might just have restarted syslog
+ sleep 1 + sleep 1
+ # tell what went wrong + # tell what went wrong
+ /bin/logger -p cron.warning -t logrotate "ALERT exited abnormally with [$EXITVALUE]" + /bin/logger -p cron.warning -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
+ /bin/logger -p cron.warning -t logrotate -f $TMPF + /bin/logger -p cron.warning -t logrotate -f $TMPF
fi + fi
+ +
+rm -f $TMPF +rm -f $TMPF
exit 0 exit 0

8
logrotate-3.7.9-compressoptions.patch
View File

@ -1,8 +1,8 @@
Index: logrotate-3.7.9/config.c Index: logrotate-3.8.1/config.c
=================================================================== ===================================================================
--- logrotate-3.7.9.orig/config.c --- logrotate-3.8.1.orig/config.c
+++ logrotate-3.7.9/config.c +++ logrotate-3.8.1/config.c
@@ -101,7 +139,9 @@ static char *readPath(const char *config @@ -192,7 +192,9 @@ static char *readPath(const char *config
chptr = start; chptr = start;
while( (len = mbrtowc(&pwc, chptr, strlen(chptr), NULL)) != 0 ) { while( (len = mbrtowc(&pwc, chptr, strlen(chptr), NULL)) != 0 ) {

3
logrotate-3.7.9.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:916a934a096af34c83fa664fa77036d5b6cf4f6b265fe6dcffa25ce51cc702e0
size 39181

3
logrotate-3.8.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c12471e70ae8bc923bd5c4f25e8fd6483b68c6301f3cd79f7cfe37bc5b370169
size 48827

33
logrotate-CVE-2011-1098.patch
View File

@ -1,33 +0,0 @@
Index: logrotate-3.7.9/logrotate.c
===================================================================
--- logrotate-3.7.9.orig/logrotate.c
+++ logrotate-3.7.9/logrotate.c
@@ -204,7 +204,9 @@ int createOutputFile(char *fileName, int
{
int fd;
- fd = open(fileName, flags, sb->st_mode);
+ unlink(fileName);
+ fd = open(fileName, (flags | O_EXCL | O_NOFOLLOW),
+ (S_IRUSR | S_IWUSR) & sb->st_mode);
if (fd < 0) {
message(MESS_ERROR, "error creating output file %s: %s\n",
fileName, strerror(errno));
@@ -316,7 +318,7 @@ static int compressLogFile(char *name, s
}
outFile =
- createOutputFile(compressedName, O_RDWR | O_CREAT | O_TRUNC, sb);
+ createOutputFile(compressedName, O_RDWR | O_CREAT, sb);
if (outFile < 0) {
close(inFile);
return 1;
@@ -495,7 +497,7 @@ static int copyTruncate(char *currLog, c
}
#endif
fdsave =
- createOutputFile(saveLog, O_WRONLY | O_CREAT | O_TRUNC, sb);
+ createOutputFile(saveLog, O_WRONLY | O_CREAT, sb);
#ifdef WITH_SELINUX
if (selinux_enabled) {
setfscreatecon_raw(prev_context);

96
logrotate-CVE-2011-1155.patch
View File

@ -1,96 +0,0 @@
Index: logrotate.c
===================================================================
--- logrotate.c.orig
+++ logrotate.c
@@ -36,6 +36,12 @@ int selinux_enforce = 0;
#define GLOB_ABORTED GLOB_ABEND
#endif
+#ifdef PATH_MAX
+#define STATEFILE_BUFFER_SIZE 2 * PATH_MAX + 16
+#else
+#define STATEFILE_BUFFER_SIZE 4096
+#endif
+
struct logState {
char *fn;
struct tm lastRotated; /* only tm.mon, tm_mday, tm_year are good! */
@@ -82,6 +88,34 @@ static int globerr(const char *pathname,
return 1;
}
+static void unescape(char *arg)
+{
+ char *p = arg;
+ char *next;
+ char escaped;
+ while ((next = strchr(p, '\\')) != NULL) {
+
+ p = next;
+
+ switch (p[1]) {
+ case 'n':
+ escaped = '\n';
+ break;
+ case '\\':
+ escaped = '\\';
+ break;
+ default:
+ ++p;
+ continue;
+ }
+
+ /* Overwrite the backslash with the intended character,
+ * and shift everything down one */
+ *p++ = escaped;
+ memmove(p, p+1, 1 + strlen(p+1));
+ }
+}
+
#define HASH_SIZE_MIN 64
static int allocateHash(void)
{
@@ -1467,7 +1501,13 @@ static int writeState(char *stateFilenam
for (chptr = p->fn; *chptr; chptr++) {
switch (*chptr) {
case '"':
+ case '\\':
fputc('\\', f);
+ break;
+ case '\n':
+ fputc('\\', f);
+ fputc('n', f);
+ continue;
}
fputc(*chptr, f);
@@ -1488,7 +1528,8 @@ static int writeState(char *stateFilenam
static int readState(char *stateFilename)
{
FILE *f;
- char buf[1024];
+ char buf[STATEFILE_BUFFER_SIZE];
+ char *filename;
const char **argv;
int argc;
int year, month, day;
@@ -1599,7 +1640,10 @@ static int readState(char *stateFilename
year -= 1900, month -= 1;
- if ((st = findState(argv[0])) == NULL)
+ filename = strdup(argv[0]);
+ unescape(filename);
+
+ if ((st = findState(filename)) == NULL)
return 1;
st->lastRotated.tm_mon = month;
@@ -1611,6 +1655,7 @@ static int readState(char *stateFilename
st->lastRotated = *localtime(&lr_time);
free(argv);
+ free(filename);
}
fclose(f);

144
logrotate-shred-CVE-2011-1154.patch
View File

@ -1,144 +0,0 @@
Index: logrotate.c
===================================================================
--- logrotate.c.orig
+++ logrotate.c
@@ -71,7 +71,7 @@ const char * compress_cmd_list[][2] = {
time_t nowSecs = 0;
-static int shred_file(char *filename, struct logInfo *log);
+static int shred_file(int fd, char *filename, struct logInfo *log);
static int globerr(const char *pathname, int theerr)
{
@@ -233,58 +233,78 @@ int createOutputFile(char *fileName, int
return fd;
}
-#define SHRED_CALL "shred -u "
-#define SHRED_COUNT_FLAG "-n "
#define DIGITS 10
+
/* unlink, but try to call shred from GNU fileutils */
-static int shred_file(char *filename, struct logInfo *log)
+static int shred_file(int fd, char *filename, struct logInfo *log)
{
- int len, ret;
- char *cmd;
char count[DIGITS]; /* that's a lot of shredding :) */
+ const char **fullCommand;
+ int id = 0;
+ int status;
if (!(log->flags & LOG_FLAG_SHRED)) {
return unlink(filename);
}
- len = strlen(filename) + strlen(SHRED_CALL);
- len += strlen(SHRED_COUNT_FLAG) + DIGITS;
- cmd = malloc(len);
+ message(MESS_DEBUG, "Using shred to remove the file %s\n", filename);
- if (!cmd) {
- message(MESS_ERROR, "malloc error while shredding");
- return unlink(filename);
+ if (log->shred_cycles != 0) {
+ fullCommand = alloca(sizeof(*fullCommand) * 6);
+ }
+ else {
+ fullCommand = alloca(sizeof(*fullCommand) * 4);
}
- strcpy(cmd, SHRED_CALL);
+ fullCommand[id++] = "shred";
+ fullCommand[id++] = "-u";
+
if (log->shred_cycles != 0) {
- strcat(cmd, SHRED_COUNT_FLAG);
+ fullCommand[id++] = "-n";
snprintf(count, DIGITS - 1, "%d", log->shred_cycles);
- strcat(count, " ");
- strcat(cmd, count);
+ fullCommand[id++] = count;
}
- strcat(cmd, filename);
- ret = system(cmd);
- free(cmd);
- if (ret != 0) {
- message(MESS_ERROR, "Failed to shred %s\n, trying unlink", filename);
- if (ret != -1) {
- message(MESS_NORMAL, "Shred returned %d\n", ret);
+ fullCommand[id++] = "-";
+ fullCommand[id++] = NULL;
+
+ if (!fork()) {
+ dup2(fd, 1);
+ close(fd);
+
+ execvp(fullCommand[0], (void *) fullCommand);
+ exit(1);
}
+
+ wait(&status);
+
+ if (!WIFEXITED(status) || WEXITSTATUS(status)) {
+ message(MESS_ERROR, "Failed to shred %s\n, trying unlink", filename);
return unlink(filename);
- } else {
- return ret;
}
+
+ /* We have to unlink it after shred anyway,
+ * because it doesn't remove the file itself */
+ return unlink(filename);
}
static int removeLogFile(char *name, struct logInfo *log)
{
+ int fd;
message(MESS_DEBUG, "removing old log %s\n", name);
- if (!debug && shred_file(name, log)) {
+ if ((fd = open(name, O_RDWR)) < 0) {
+ message(MESS_ERROR, "error opening %s: %s\n",
+ name, strerror(errno));
+ return 1;
+ }
+
+ if (!debug && shred_file(fd, name, log)) {
message(MESS_ERROR, "Failed to remove old log %s: %s\n",
name, strerror(errno));
+ close(fd);
return 1;
}
+
+ close(fd);
return 0;
}
@@ -312,7 +332,7 @@ static int compressLogFile(char *name, s
compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2);
sprintf(compressedName, "%s%s", name, log->compress_ext);
- if ((inFile = open(name, O_RDONLY)) < 0) {
+ if ((inFile = open(name, O_RDWR)) < 0) {
message(MESS_ERROR, "unable to open %s for compression\n", name);
return 1;
}
@@ -334,7 +354,6 @@ static int compressLogFile(char *name, s
exit(1);
}
- close(inFile);
close(outFile);
wait(&status);
@@ -350,7 +369,8 @@ static int compressLogFile(char *name, s
/* If we can't change atime/mtime, it's not a disaster.
It might possibly fail under SELinux. */
- shred_file(name, log);
+ shred_file(inFile, name, log);
+ close(inFile);
return 0;
}

24
logrotate.changes
View File

@ -1,3 +1,27 @@
-------------------------------------------------------------------
Wed Sep 7 14:30:29 UTC 2011 - vcizek@suse.com
- update to 3.8.1
- dropped CVE patches as they were merged to upstream
- changelog
- fixed 1 memory leak in prerotateSingleLog
- do not redirect logrotate errors to /dev/null in cron script
- fixed "size" directive parsing
- handle situation when acl_get_fd is supported, but acl_set_fd is not
- added "maxsize" directive (see man page)
- added "dateyesterday" option (see man page)
- fixed crash when config file had exactly 4096*N bytes
- added WITH_ACL make option to link against -lacl and preserve ACLs
during rotation
- added "su" option to define user/group for rotation. Logrotate now
skips directories which are world writable or writable by group
which is not "root" unless "su" directive is used.
- fixed CVE-2011-1098: race condition by creation of new files
- fixed possible shell injection when using "shred" directive (CVE-2011-1154)
- fixed escaping of file names within 'write state' action (CVE-2011-1155)
- better 'size' directive description
- fixed possible buffer-overflow when reading config files
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Sep 7 12:51:41 UTC 2011 - vcizek@suse.com Wed Sep 7 12:51:41 UTC 2011 - vcizek@suse.com

13
logrotate.spec
View File

@ -19,21 +19,19 @@
Url: https://fedorahosted.org/releases/l/o/logrotate Url: https://fedorahosted.org/releases/l/o/logrotate
Name: logrotate Name: logrotate
Version: 3.7.9 Version: 3.8.1
Release: 12 Release: 12
License: GPLv2+ License: GPLv2+
Summary: Rotate, compress, remove, and mail system log files Summary: Rotate, compress, remove, and mail system log files
Group: System/Base Group: System/Base
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.gz
Source100: %{name}-rpmlintrc Source100: %{name}-rpmlintrc
Patch0: logrotate-3.7.8-suse.patch Patch0: logrotate-3.7.8-suse.patch
Patch1: logrotate-3.7.8-conf.patch Patch1: logrotate-3.7.8-conf.patch
Patch2: logrotate-3.7.8-autoext.patch Patch2: logrotate-3.7.8-autoext.patch
Patch3: logrotate-3.7.8-addextension.patch Patch3: logrotate-3.7.8-addextension.patch
Patch4: logrotate-3.7.8-mess_err.patch Patch4: logrotate-3.7.8-mess_err.patch
Patch5: logrotate-CVE-2011-1098.patch # PATCH-FIX-UPSTREAM allow separated compressoptions (bnc#711780)
Patch6: logrotate-shred-CVE-2011-1154.patch
Patch7: logrotate-CVE-2011-1155.patch
Patch8: logrotate-3.7.9-compressoptions.patch Patch8: logrotate-3.7.9-compressoptions.patch
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: popt-devel BuildRequires: popt-devel
@ -59,9 +57,6 @@ daily cron job.
%patch2 %patch2
%patch3 %patch3
%patch4 %patch4
%patch5 -p1
%patch6
%patch7
%patch8 -p1 %patch8 -p1
%build %build
@ -81,7 +76,7 @@ install -m 644 examples/logrotate.wtmp %{buildroot}%{_sysconfdir}/logrotate.d/wt
%post %post
%{remove_and_set MAX_DAYS_FOR_LOG_FILES} %{remove_and_set MAX_DAYS_FOR_LOG_FILES}
if [ -f /etc/logrotate.d/aaa_base ] ; then if [ -f /etc/logrotate.d/aaa_base ] ; then
echo "Saving old logrotate system confguration" echo "Saving old logrotate system configuration"
mv -v /etc/logrotate.d/aaa_base /etc/logrotate.d.aaa_base.save mv -v /etc/logrotate.d/aaa_base /etc/logrotate.d.aaa_base.save
fi fi