Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package logrotate for openSUSE:Factory
checked in at 2022-05-26 18:44:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/logrotate (Old)
and /work/SRC/openSUSE:Factory/.logrotate.new.2254 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "logrotate"
Thu May 26 18:44:00 2022 rev:72 rq:979299 version:3.20.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/logrotate/logrotate.changes 2022-03-11
21:40:03.098017666 +0100
+++ /work/SRC/openSUSE:Factory/.logrotate.new.2254/logrotate.changes
2022-05-26 18:44:07.449182450 +0200
@@ -1,0 +2,26 @@
+Wed May 25 20:06:20 UTC 2022 - Michael Str??der <mich...@stroeder.com>
+
+- update to 3.20.1:
+ * drop world-readable permission on state file even when ACLs are enabled
(#446)
+- removed obsolete logrotate-CVE-2022-1348-follow-up.patch
+
+-------------------------------------------------------------------
+Wed May 25 15:31:32 UTC 2022 - David Anes <david.a...@suse.com>
+
+- Security fix: (bsc#1199652, CVE-2022-1348)
+ * Add follow-up upstream patch for the introduced fix.
+ * Added patch logrotate-CVE-2022-1348-follow-up.patch
+
+- Update patch:
+ * logrotate-3.19.0-man_logrotate.patch ->
logrotate-3.20.0-man_logrotate.patch
+
+-------------------------------------------------------------------
+Wed May 25 13:34:17 UTC 2022 - Michael Str??der <mich...@stroeder.com>
+
+- update to 3.20.0:
+ * fix potential DoS from unprivileged users via the state file
(CVE-2022-1348)
+ * fix a misleading debug message with copytruncate and rotate 0 (#443)
+ * add support for unsigned time_t (#438)
+ * do not lock state file /dev/null (#433)
+
+-------------------------------------------------------------------
Old:
----
logrotate-3.19.0-man_logrotate.patch
logrotate-3.19.0.tar.xz
logrotate-3.19.0.tar.xz.asc
New:
----
logrotate-3.20.0-man_logrotate.patch
logrotate-3.20.1.tar.xz
logrotate-3.20.1.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ logrotate.spec ++++++
--- /var/tmp/diff_new_pack.BaUBfJ/_old 2022-05-26 18:44:08.073183178 +0200
+++ /var/tmp/diff_new_pack.BaUBfJ/_new 2022-05-26 18:44:08.077183182 +0200
@@ -19,7 +19,7 @@
%{!?_distconfdir: %global _distconfdir %{_prefix}%{_sysconfdir}}
Name: logrotate
-Version: 3.19.0
+Version: 3.20.1
Release: 0
Summary: Cron service for rotating, compressing, mailing and removing
system log files
License: GPL-2.0-or-later
@@ -32,8 +32,9 @@
Source3: logrotate.service
Source10:
https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc
Source100: %{name}-rpmlintrc
-Patch0: logrotate-3.19.0-man_logrotate.patch
+Patch0: logrotate-3.20.0-man_logrotate.patch
BuildRequires: acl
+BuildRequires: automake
BuildRequires: libacl-devel
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libselinux)
@@ -52,9 +53,10 @@
%prep
%setup -q
-%patch0 -p1
+%autopatch -p1
%build
+autoreconf -f -i
%configure \
--disable-silent-rules \
--with-state-file-path=%{_localstatedir}/lib/misc/logrotate.status \
++++++ logrotate-3.19.0-man_logrotate.patch ->
logrotate-3.20.0-man_logrotate.patch ++++++
--- /work/SRC/openSUSE:Factory/logrotate/logrotate-3.19.0-man_logrotate.patch
2022-03-11 21:40:03.078017652 +0100
+++
/work/SRC/openSUSE:Factory/.logrotate.new.2254/logrotate-3.20.0-man_logrotate.patch
2022-05-26 18:44:07.293182268 +0200
@@ -1,6 +1,6 @@
-diff -Naur logrotate-3.19.0.orig/logrotate.8.in logrotate-3.19.0/logrotate.8.in
---- logrotate-3.19.0.orig/logrotate.8.in 2022-02-24 11:18:24.202811846
+0100
-+++ logrotate-3.19.0/logrotate.8.in 2022-02-24 11:28:25.137690351 +0100
+diff -ur logrotate-3.20.0.orig/logrotate.8.in logrotate-3.20.0/logrotate.8.in
+--- logrotate-3.20.0.orig/logrotate.8.in 2022-03-31 14:00:36.000000000
+0200
++++ logrotate-3.20.0/logrotate.8.in 2022-05-25 15:40:21.015424608 +0200
@@ -48,6 +48,17 @@
is given on the command line, every file in that directory is used as
a config file.
@@ -19,15 +19,6 @@
If no command line arguments are given, \fBlogrotate\fR will print
version and copyright information, along with a short usage summary. If
any errors occur while rotating logs, \fBlogrotate\fR will exit with
-@@ -76,7 +87,7 @@
- acquires a lock on the state file, if it cannot be acquired \fBlogrotate\fR
- will exit with value 3. The default state file is \fI@STATE_FILE_PATH@\fR.
- If \fI/dev/null\fR is given as the state file, then \fBlogrotate\fR will
--not try to write the state file.
-+not try to lock or write the state file.
-
- .TP
- \fB\-\-skip-state-lock\fR
@@ -752,7 +763,8 @@
tab(:);
l l l.
++++++ logrotate-3.19.0.tar.xz -> logrotate-3.20.1.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/.tarball-version
new/logrotate-3.20.1/.tarball-version
--- old/logrotate-3.19.0/.tarball-version 2022-01-07 10:04:13.000000000
+0100
+++ new/logrotate-3.20.1/.tarball-version 2022-05-25 17:28:25.000000000
+0200
@@ -1 +1 @@
-3.19.0
+3.20.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/.version
new/logrotate-3.20.1/.version
--- old/logrotate-3.19.0/.version 2022-01-07 10:04:13.000000000 +0100
+++ new/logrotate-3.20.1/.version 2022-05-25 17:28:25.000000000 +0200
@@ -1 +1 @@
-3.19.0
+3.20.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/ChangeLog.md
new/logrotate-3.20.1/ChangeLog.md
--- old/logrotate-3.19.0/ChangeLog.md 2022-01-07 09:59:12.000000000 +0100
+++ new/logrotate-3.20.1/ChangeLog.md 2022-05-25 17:22:59.000000000 +0200
@@ -4,7 +4,22 @@
## [UNRELEASED]
-[UNRELEASED]: https://github.com/logrotate/logrotate/compare/3.19.0...master
+[UNRELEASED]: https://github.com/logrotate/logrotate/compare/3.20.1...master
+
+## [3.20.1] - 2022-05-25
+ - drop world-readable permission on state file even when ACLs are enabled
(#446)
+
+[3.20.1]: https://github.com/logrotate/logrotate/compare/3.20.0...3.20.1
+
+## [3.20.0] - 2022-05-25
+ - fix potential DoS from unprivileged users via the state file
([CVE-2022-1348])
+ - fix a misleading debug message with `copytruncate` and `rotate 0` (#443)
+ - add support for unsigned `time_t` (#438)
+ - do not lock state file `/dev/null` (#433)
+
+[CVE-2022-1348]: https://bugzilla.redhat.com/CVE-2022-1348
+
+[3.20.0]: https://github.com/logrotate/logrotate/compare/3.19.0...3.20.0
## [3.19.0] - 2022-01-07
- continue on `EINTR` in `compressLogFile()` (#430)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/Makefile.in
new/logrotate-3.20.1/Makefile.in
--- old/logrotate-3.19.0/Makefile.in 2022-01-07 10:04:07.000000000 +0100
+++ new/logrotate-3.20.1/Makefile.in 2022-05-25 17:28:14.000000000 +0200
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.16.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2021 Free Software Foundation, Inc.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/README.md
new/logrotate-3.20.1/README.md
--- old/logrotate-3.19.0/README.md 2022-01-07 09:32:42.000000000 +0100
+++ new/logrotate-3.20.1/README.md 2022-05-25 17:21:10.000000000 +0200
@@ -6,10 +6,12 @@
The latest release is:
-*
[logrotate-3.19.0](https://github.com/logrotate/logrotate/releases/download/3.19.0/logrotate-3.19.0.tar.xz)
([sig](https://github.com/logrotate/logrotate/releases/download/3.19.0/logrotate-3.19.0.tar.xz.asc))
([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.19.0))
+*
[logrotate-3.20.1](https://github.com/logrotate/logrotate/releases/download/3.20.1/logrotate-3.20.1.tar.xz)
([sig](https://github.com/logrotate/logrotate/releases/download/3.20.1/logrotate-3.20.1.tar.xz.asc))
([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.20.1))
Previous releases:
+*
[logrotate-3.20.0](https://github.com/logrotate/logrotate/releases/download/3.20.0/logrotate-3.20.0.tar.xz)
([sig](https://github.com/logrotate/logrotate/releases/download/3.20.0/logrotate-3.20.0.tar.xz.asc))
([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.20.0))
+*
[logrotate-3.19.0](https://github.com/logrotate/logrotate/releases/download/3.19.0/logrotate-3.19.0.tar.xz)
([sig](https://github.com/logrotate/logrotate/releases/download/3.19.0/logrotate-3.19.0.tar.xz.asc))
([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.19.0))
*
[logrotate-3.18.1](https://github.com/logrotate/logrotate/releases/download/3.18.1/logrotate-3.18.1.tar.xz)
([sig](https://github.com/logrotate/logrotate/releases/download/3.18.1/logrotate-3.18.1.tar.xz.asc))
([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.18.1))
*
[logrotate-3.18.0](https://github.com/logrotate/logrotate/releases/download/3.18.0/logrotate-3.18.0.tar.xz)
([sig](https://github.com/logrotate/logrotate/releases/download/3.18.0/logrotate-3.18.0.tar.xz.asc))
([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.18.0))
*
[logrotate-3.17.0](https://github.com/logrotate/logrotate/releases/download/3.17.0/logrotate-3.17.0.tar.xz)
([sig](https://github.com/logrotate/logrotate/releases/download/3.17.0/logrotate-3.17.0.tar.xz.asc))
([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.17.0))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/aclocal.m4
new/logrotate-3.20.1/aclocal.m4
--- old/logrotate-3.19.0/aclocal.m4 2022-01-07 10:04:06.000000000 +0100
+++ new/logrotate-3.20.1/aclocal.m4 2022-05-25 17:28:14.000000000 +0200
@@ -1,4 +1,4 @@
-# generated automatically by aclocal 1.16.4 -*- Autoconf -*-
+# generated automatically by aclocal 1.16.5 -*- Autoconf -*-
# Copyright (C) 1996-2021 Free Software Foundation, Inc.
@@ -35,7 +35,7 @@
[am__api_version='1.16'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
-m4_if([$1], [1.16.4], [],
+m4_if([$1], [1.16.5], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@@ -51,7 +51,7 @@
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
-[AM_AUTOMAKE_VERSION([1.16.4])dnl
+[AM_AUTOMAKE_VERSION([1.16.5])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
@@ -428,6 +428,10 @@
# release and drop the old call support.
AC_DEFUN([AM_INIT_AUTOMAKE],
[AC_PREREQ([2.65])dnl
+m4_ifdef([_$0_ALREADY_INIT],
+ [m4_fatal([$0 expanded multiple times
+]m4_defn([_$0_ALREADY_INIT]))],
+ [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl
dnl Autoconf wants to disallow AM_ names. We explicitly allow
dnl the ones we care about.
m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/config.c
new/logrotate-3.20.1/config.c
--- old/logrotate-3.19.0/config.c 2022-01-06 17:11:00.000000000 +0100
+++ new/logrotate-3.20.1/config.c 2022-05-24 17:20:14.000000000 +0200
@@ -123,7 +123,7 @@
STATE_ERROR = 64,
};
-static const char *defTabooExts[] = {
+static const char *const defTabooExts[] = {
",v",
".bak",
".cfsaved",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/configure
new/logrotate-3.20.1/configure
--- old/logrotate-3.19.0/configure 2022-01-07 10:04:06.000000000 +0100
+++ new/logrotate-3.20.1/configure 2022-05-25 17:28:14.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for logrotate 3.19.0.
+# Generated by GNU Autoconf 2.71 for logrotate 3.20.1.
#
#
# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation,
@@ -607,8 +607,8 @@
# Identity of this package.
PACKAGE_NAME='logrotate'
PACKAGE_TARNAME='logrotate'
-PACKAGE_VERSION='3.19.0'
-PACKAGE_STRING='logrotate 3.19.0'
+PACKAGE_VERSION='3.20.1'
+PACKAGE_STRING='logrotate 3.20.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL='https://github.com/logrotate/logrotate'
@@ -1320,7 +1320,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures logrotate 3.19.0 to adapt to many kinds of systems.
+\`configure' configures logrotate 3.20.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1391,7 +1391,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of logrotate 3.19.0:";;
+ short | recursive ) echo "Configuration of logrotate 3.20.1:";;
esac
cat <<\_ACEOF
@@ -1504,7 +1504,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-logrotate configure 3.19.0
+logrotate configure 3.20.1
generated by GNU Autoconf 2.71
Copyright (C) 2021 Free Software Foundation, Inc.
@@ -1839,7 +1839,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by logrotate $as_me 3.19.0, which was
+It was created by logrotate $as_me 3.20.1, which was
generated by GNU Autoconf 2.71. Invocation command line was
$ $0$ac_configure_args_raw
@@ -3111,7 +3111,7 @@
# Define the identity of the package.
PACKAGE='logrotate'
- VERSION='3.19.0'
+ VERSION='3.20.1'
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
@@ -6931,7 +6931,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by logrotate $as_me 3.19.0, which was
+This file was extended by logrotate $as_me 3.20.1, which was
generated by GNU Autoconf 2.71. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -7000,7 +7000,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config='$ac_cs_config_escaped'
ac_cs_version="\\
-logrotate config.status 3.19.0
+logrotate config.status 3.20.1
configured by $0, generated by GNU Autoconf 2.71,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/logrotate.8
new/logrotate-3.20.1/logrotate.8
--- old/logrotate-3.19.0/logrotate.8 2022-01-07 10:04:10.000000000 +0100
+++ new/logrotate-3.20.1/logrotate.8 2022-05-25 17:28:20.000000000 +0200
@@ -1,4 +1,4 @@
-.TH LOGROTATE 8 "3.19.0" "Linux" "System Administrator's Manual"
+.TH LOGROTATE 8 "3.20.1" "Linux" "System Administrator's Manual"
.\" Per groff_man(7), the TQ macro should be copied from an-ext.tmac when
.\" not running under groff. That's not quite right; not all groff
.\" installations include this macro. So bring it in with another name
@@ -76,7 +76,7 @@
acquires a lock on the state file, if it cannot be acquired \fBlogrotate\fR
will exit with value 3. The default state file is
\fI/var/lib/logrotate.status\fR.
If \fI/dev/null\fR is given as the state file, then \fBlogrotate\fR will
-not try to write the state file.
+not try to lock or write the state file.
.TP
\fB\-\-skip-state-lock\fR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/logrotate.8.in
new/logrotate-3.20.1/logrotate.8.in
--- old/logrotate-3.19.0/logrotate.8.in 2021-10-06 16:06:15.000000000 +0200
+++ new/logrotate-3.20.1/logrotate.8.in 2022-03-31 14:00:36.000000000 +0200
@@ -76,7 +76,7 @@
acquires a lock on the state file, if it cannot be acquired \fBlogrotate\fR
will exit with value 3. The default state file is \fI@STATE_FILE_PATH@\fR.
If \fI/dev/null\fR is given as the state file, then \fBlogrotate\fR will
-not try to write the state file.
+not try to lock or write the state file.
.TP
\fB\-\-skip-state-lock\fR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/logrotate.c
new/logrotate-3.20.1/logrotate.c
--- old/logrotate-3.19.0/logrotate.c 2022-01-06 17:31:39.000000000 +0100
+++ new/logrotate-3.20.1/logrotate.c 2022-05-25 17:19:45.000000000 +0200
@@ -1248,7 +1248,7 @@
int rc = 1;
int fdcurr = -1, fdsave = -1;
- message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog);
+ message(MESS_DEBUG, "%scopying %s to %s\n", skip_copy ? "skip " : "",
currLog, saveLog);
if (!debug) {
/* read access is sufficient for 'copy' but not for 'copytruncate' */
@@ -1338,10 +1338,10 @@
}
/* return by how many days the date was advanced but ignore exact time */
-static time_t daysElapsed(const struct tm *now, const struct tm *last)
+static long daysElapsed(const struct tm *now, const struct tm *last)
{
- const time_t diff = mktimeFromDateOnly(now) - mktimeFromDateOnly(last);
- return diff / (24 * 3600);
+ const double diff =
difftime(mktimeFromDateOnly(now),mktimeFromDateOnly(last));
+ return (long) (diff / (24 * 3600));
}
static int findNeedRotating(const struct logInfo *log, unsigned logNum, int
force)
@@ -1443,7 +1443,7 @@
message(MESS_DEBUG, " log does not need rotating "
"(log size is below the 'size' threshold)\n");
}
- } else if (mktime(&state->lastRotated) - mktime(&now) > (25 * 3600)) {
+ } else if (difftime(mktime(&state->lastRotated), mktime(&now)) > (25 *
3600)) {
/* 25 hours allows for DST changes as well as geographical moves */
message(MESS_ERROR,
"log %s last rotated in the future -- rotation forced\n",
@@ -1453,7 +1453,7 @@
state->lastRotated.tm_mon != now.tm_mon ||
state->lastRotated.tm_mday != now.tm_mday ||
state->lastRotated.tm_hour != now.tm_hour) {
- time_t days;
+ long days;
switch (log->criterium) {
case ROT_WEEKLY:
days = daysElapsed(&now, &state->lastRotated);
@@ -1532,7 +1532,7 @@
"('minsize' directive is used and the log "
"size is smaller than the minsize value)\n");
}
- if (log->rotateMinAge && log->rotateMinAge * DAY_SECONDS >= nowSecs -
sb.st_mtime) {
+ if (log->rotateMinAge && log->rotateMinAge * DAY_SECONDS >=
difftime(nowSecs, sb.st_mtime)) {
state->doRotate = 0;
message(MESS_DEBUG, " log does not need rotating "
"('minage' directive is used and the log "
@@ -1925,7 +1925,7 @@
if (((globResult.gl_pathc >= (size_t)rotateCount) &&
(glob_count <= (globResult.gl_pathc - (size_t)rotateCount)))
|| ((log->rotateAge > 0)
&&
- (((nowSecs - fst_buf.st_mtime) / DAY_SECONDS)
+ ((difftime(nowSecs, fst_buf.st_mtime) /
DAY_SECONDS)
> log->rotateAge))) {
if (mail_out != (size_t)-1) {
char *mailFilename =
@@ -2039,7 +2039,7 @@
continue;
}
- if (((nowSecs - fst_buf.st_mtime) / DAY_SECONDS) >
log->rotateAge) {
+ if ((difftime(nowSecs, fst_buf.st_mtime) / DAY_SECONDS) >
log->rotateAge) {
if (!hasErrors && log->logAddress)
hasErrors = mailLogWrapper(oldName, mailCommand,
logNum, log);
@@ -2593,6 +2593,7 @@
struct tm now;
time_t now_time, last_time;
char *prevCtx;
+ int force_mode = 0;
if (!strcmp(stateFilename, "/dev/null"))
/* explicitly asked not to write the state file */
@@ -2664,7 +2665,13 @@
close(fdcurr);
- fdsave = createOutputFile(tmpFilename, O_RDWR, &sb, prev_acl, 0);
+ if (sb.st_mode & (mode_t)S_IROTH) {
+ /* drop world-readable flag to prevent others from locking */
+ sb.st_mode &= ~(mode_t)S_IROTH;
+ force_mode = 1;
+ }
+
+ fdsave = createOutputFile(tmpFilename, O_RDWR, &sb, prev_acl, force_mode);
#ifdef WITH_ACL
if (prev_acl) {
acl_free(prev_acl);
@@ -3000,15 +3007,22 @@
static int lockState(const char *stateFilename, int skip_state_lock)
{
- int lockFd = open(stateFilename, O_RDWR | O_CLOEXEC);
+ int lockFd;
+ struct stat sb;
+
+ if (!strcmp(stateFilename, "/dev/null")) {
+ return 0;
+ }
+
+ lockFd = open(stateFilename, O_RDWR | O_CLOEXEC);
if (lockFd == -1) {
if (errno == ENOENT) {
message(MESS_DEBUG, "Creating stub state file: %s\n",
stateFilename);
- /* create a stub state file with mode 0644 */
+ /* create a stub state file with mode 0640 */
lockFd = open(stateFilename, O_CREAT | O_EXCL | O_WRONLY,
- S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH);
+ S_IWUSR | S_IRUSR | S_IRGRP);
if (lockFd == -1) {
message(MESS_ERROR, "error creating stub state file %s: %s\n",
stateFilename, strerror(errno));
@@ -3026,6 +3040,22 @@
stateFilename);
close(lockFd);
return 0;
+ }
+
+ if (fstat(lockFd, &sb) == -1) {
+ message(MESS_ERROR, "error stat()ing state file %s: %s\n",
+ stateFilename, strerror(errno));
+ close(lockFd);
+ return 1;
+ }
+
+ if (sb.st_mode & S_IROTH) {
+ message(MESS_ERROR, "state file %s is world-readable and thus can"
+ " be locked from other unprivileged users."
+ " Skipping lock acquisition...\n",
+ stateFilename);
+ close(lockFd);
+ return 0;
}
if (flock(lockFd, LOCK_EX | LOCK_NB) == -1) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/logrotate.spec
new/logrotate-3.20.1/logrotate.spec
--- old/logrotate-3.19.0/logrotate.spec 2022-01-07 10:04:10.000000000 +0100
+++ new/logrotate-3.20.1/logrotate.spec 2022-05-25 17:28:20.000000000 +0200
@@ -1,6 +1,6 @@
Summary: Rotates, compresses, removes and mails system log files
Name: logrotate
-Version: 3.19.0
+Version: 3.20.1
Release: 1%{?dist}
License: GPLv2+
Group: System Environment/Base
@@ -41,7 +41,6 @@
install -p -m 644 examples/btmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/btmp
install -p -m 644 examples/wtmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/wtmp
install -p -m 755 examples/logrotate.cron
$RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/logrotate
-touch $RPM_BUILD_ROOT%{_localstatedir}/lib/logrotate.status
%clean
rm -rf $RPM_BUILD_ROOT
@@ -55,4 +54,4 @@
%attr(0755, root, root) %{_sysconfdir}/cron.daily/logrotate
%attr(0644, root, root) %config(noreplace) %{_sysconfdir}/logrotate.conf
%attr(0755, root, root) %{_sysconfdir}/logrotate.d
-%attr(0644, root, root) %verify(not size md5 mtime) %config(noreplace)
%{_localstatedir}/lib/logrotate.status
+%ghost %attr(0640, root, root) %verify(not size md5 mtime)
%{_localstatedir}/lib/logrotate.status
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/logrotate.spec.in
new/logrotate-3.20.1/logrotate.spec.in
--- old/logrotate-3.19.0/logrotate.spec.in 2019-10-14 14:10:31.000000000
+0200
+++ new/logrotate-3.20.1/logrotate.spec.in 2022-05-25 09:06:46.000000000
+0200
@@ -41,7 +41,6 @@
install -p -m 644 examples/btmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/btmp
install -p -m 644 examples/wtmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/wtmp
install -p -m 755 examples/logrotate.cron
$RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/logrotate
-touch $RPM_BUILD_ROOT%{_localstatedir}/lib/logrotate.status
%clean
rm -rf $RPM_BUILD_ROOT
@@ -55,4 +54,4 @@
%attr(0755, root, root) %{_sysconfdir}/cron.daily/logrotate
%attr(0644, root, root) %config(noreplace) %{_sysconfdir}/logrotate.conf
%attr(0755, root, root) %{_sysconfdir}/logrotate.d
-%attr(0644, root, root) %verify(not size md5 mtime) %config(noreplace)
%{_localstatedir}/lib/logrotate.status
+%ghost %attr(0640, root, root) %verify(not size md5 mtime)
%{_localstatedir}/lib/logrotate.status
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/test/Makefile.am
new/logrotate-3.20.1/test/Makefile.am
--- old/logrotate-3.19.0/test/Makefile.am 2022-01-06 17:11:00.000000000
+0100
+++ new/logrotate-3.20.1/test/Makefile.am 2022-05-25 09:06:46.000000000
+0200
@@ -90,6 +90,7 @@
test-0089.sh \
test-0090.sh \
test-0091.sh \
+ test-0092.sh \
test-0100.sh \
test-0101.sh \
test-0102.sh \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/test/Makefile.in
new/logrotate-3.20.1/test/Makefile.in
--- old/logrotate-3.19.0/test/Makefile.in 2022-01-07 10:04:07.000000000
+0100
+++ new/logrotate-3.20.1/test/Makefile.in 2022-05-25 17:28:14.000000000
+0200
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.16.4 from Makefile.am.
+# Makefile.in generated by automake 1.16.5 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2021 Free Software Foundation, Inc.
@@ -519,6 +519,7 @@
test-0089.sh \
test-0090.sh \
test-0091.sh \
+ test-0092.sh \
test-0100.sh \
test-0101.sh \
test-0102.sh \
@@ -1362,6 +1363,13 @@
$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
--log-file $$b.log --trs-file $$b.trs \
$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS)
-- $(LOG_COMPILE) \
+ "$$tst" $(AM_TESTS_FD_REDIRECT)
+test-0092.sh.log: test-0092.sh
+ @p='test-0092.sh'; \
+ b='test-0092.sh'; \
+ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
+ --log-file $$b.log --trs-file $$b.trs \
+ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS)
-- $(LOG_COMPILE) \
"$$tst" $(AM_TESTS_FD_REDIRECT)
test-0100.sh.log: test-0100.sh
@p='test-0100.sh'; \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/test/test-0018.sh
new/logrotate-3.20.1/test/test-0018.sh
--- old/logrotate-3.19.0/test/test-0018.sh 2021-06-11 15:12:52.000000000
+0200
+++ new/logrotate-3.20.1/test/test-0018.sh 2022-05-09 10:44:06.000000000
+0200
@@ -14,7 +14,7 @@
EOF
(echo "gzip -f -9") | diff -u - compress-args
-egrep -q '^LOGROTATE_COMPRESSED_FILENAME=.+/test.log.1$' compress-env
+grep -Eq '^LOGROTATE_COMPRESSED_FILENAME=.+/test.log.1$' compress-env
if [ $? != 0 ]; then
echo "LOGROTATE_COMPRESSED_FILENAME environment variable not found."
cat compress-env
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/test/test-0048.sh
new/logrotate-3.20.1/test/test-0048.sh
--- old/logrotate-3.19.0/test/test-0048.sh 2021-06-11 15:12:52.000000000
+0200
+++ new/logrotate-3.20.1/test/test-0048.sh 2022-05-25 17:19:45.000000000
+0200
@@ -18,6 +18,7 @@
logrotate state -- version 2
EOF
+chmod 0640 state
setfacl -m u:nobody:rwx state
$RLR test-config.48 || exit 23
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/test/test-0087.sh
new/logrotate-3.20.1/test/test-0087.sh
--- old/logrotate-3.19.0/test/test-0087.sh 2021-01-05 14:01:16.000000000
+0100
+++ new/logrotate-3.20.1/test/test-0087.sh 2022-05-25 09:06:46.000000000
+0200
@@ -8,6 +8,7 @@
preptest test.log 87 1
touch state
+chmod 0640 state
$RLR test-config.87 -f &
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/test/test-0092.sh
new/logrotate-3.20.1/test/test-0092.sh
--- old/logrotate-3.19.0/test/test-0092.sh 1970-01-01 01:00:00.000000000
+0100
+++ new/logrotate-3.20.1/test/test-0092.sh 2022-05-25 09:32:42.000000000
+0200
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+. ./test-common.sh
+
+# check state file locking
+cleanup 92
+
+preptest test.log 92 1
+
+touch state
+chmod 0644 state
+flock state -c "sleep 10" &
+
+$RLR -f test-config.92 || exit 23
+
+checkoutput <<EOF
+test.log 0
+test.log.1 0 zero
+EOF
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logrotate-3.19.0/test/test-config.92.in
new/logrotate-3.20.1/test/test-config.92.in
--- old/logrotate-3.19.0/test/test-config.92.in 1970-01-01 01:00:00.000000000
+0100
+++ new/logrotate-3.20.1/test/test-config.92.in 2022-05-25 09:06:46.000000000
+0200
@@ -0,0 +1,4 @@
+&DIR&/test.log {
+ rotate 1
+ create
+}
