a7ebe2d3f3
- update to 3.8.1
- dropped CVE patches as they were merged to upstream
- changelog
- fixed 1 memory leak in prerotateSingleLog
- do not redirect logrotate errors to /dev/null in cron script
- fixed "size" directive parsing
- handle situation when acl_get_fd is supported, but acl_set_fd is not
- added "maxsize" directive (see man page)
- added "dateyesterday" option (see man page)
- fixed crash when config file had exactly 4096*N bytes
- added WITH_ACL make option to link against -lacl and preserve ACLs
during rotation
- added "su" option to define user/group for rotation. Logrotate now
skips directories which are world writable or writable by group
which is not "root" unless "su" directive is used.
- fixed CVE-2011-1098: race condition by creation of new files
- fixed possible shell injection when using "shred" directive (CVE-2011-1154)
- fixed escaping of file names within 'write state' action (CVE-2011-1155)
- better 'size' directive description
- fixed possible buffer-overflow when reading config files
OBS-URL: https://build.opensuse.org/request/show/81574
OBS-URL: https://build.opensuse.org/package/show/Base:System/logrotate?expand=0&rev=18
16 lines
714 B
Diff
16 lines
714 B
Diff
Index: logrotate-3.8.1/config.c
|
|
===================================================================
|
|
--- logrotate-3.8.1.orig/config.c
|
|
+++ logrotate-3.8.1/config.c
|
|
@@ -192,7 +192,9 @@ static char *readPath(const char *config
|
|
chptr = start;
|
|
|
|
while( (len = mbrtowc(&pwc, chptr, strlen(chptr), NULL)) != 0 ) {
|
|
- if( len == (size_t)(-1) || len == (size_t)(-2) || !iswprint(pwc) || iswblank(pwc) ) {
|
|
+ if( len == (size_t)(-1) || len == (size_t)(-2) || !iswprint(pwc) ||
|
|
+ /* allow more compress options separated by whitespace */
|
|
+ ( strcmp(key, "compressoptions") && iswblank(pwc) ) ) {
|
|
message(MESS_ERROR, "%s:%d bad %s path %s\n",
|
|
configFile, lineNum, key, start);
|
|
return NULL;
|