rpms
/
logrotate
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta
...
pull from: rpms:i10cs
Branches Tags
rpms:i10c-beta
rpms:c10-beta
rpms:i10cs
rpms:cs10
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i9c-beta
rpms:c9-beta

No commits in common. 'c9' and 'i10cs' have entirely different histories.
c9 ... i10cs

11 changed files with 450 additions and 1606 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/logrotate-3.18.0.tar.xz SOURCES/logrotate-3.22.0.tar.xz

2
.logrotate.metadata
Unescape View File

@ -1 +1 @@
6b9aa5efd4551377e9869e8d3303d90a946566f6 SOURCES/logrotate-3.18.0.tar.xz 682ada0694f18c300d6df322cd46b95aafa9510a SOURCES/logrotate-3.22.0.tar.xz

615
SOURCES/0001-logrotate-3.18.0-fix-resource-leaks.patch
Unescape View File

@ -1,615 +0,0 @@
From 471cf0a6a90e5d45f116f404e1276ea730dbece6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 26 Mar 2021 17:18:09 +0100
Subject: [PATCH 1/9] Do not report OOM incorrectly
In case there is no file in the set to rotate `calloc(0, ...)` is called
, which might return NULL.
Order the check for a zero number of files first, to void calling calloc
with a size of zero.
Upstream-commit: 7b65b267d73970eb59061be907c8c35b4396ada9
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
logrotate.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/logrotate.c b/logrotate.c
index 507c85a..a8c8480 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -2212,11 +2212,6 @@ static int rotateLogSet(const struct logInfo *log, int force)
struct logState **state;
struct logNames **rotNames;
- logHasErrors = calloc(log->numFiles, sizeof(int));
- if (!logHasErrors) {
- message_OOM();
- return 1;
- }
message(MESS_DEBUG, "\nrotating pattern: %s ", log->pattern);
if (force) {
message(MESS_DEBUG, "forced from command line ");
@@ -2277,10 +2272,15 @@ static int rotateLogSet(const struct logInfo *log, int force)
if (log->numFiles == 0) {
message(MESS_DEBUG, "No logs found. Rotation not needed.\n");
- free(logHasErrors);
return 0;
}
+ logHasErrors = calloc(log->numFiles, sizeof(int));
+ if (!logHasErrors) {
+ message_OOM();
+ return 1;
+ }
+
if (log->flags & LOG_FLAG_SU) {
if (switch_user(log->suUid, log->suGid) != 0) {
free(logHasErrors);
--
2.30.2
From 96203f4cdc64e2df3d203231bd1247424a20875e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 19 Apr 2021 15:35:37 +0200
Subject: [PATCH 2/9] Unify asprintf usage
Unify the error checking of asprintf(3).
Also reset the target string pointer to NULL on error, if it is non-
local, since the content is undefined according to the specification.
Also fix potential NULL-pointer usage in sprintf(3):
logrotate.c:1595:
rotNames->dirName = malloc(strlen(ld) + strlen(log->oldDir) + 2);
sprintf(rotNames->dirName, "%s/%s", ld, log->oldDir);
Upstream-commit: 5afcdeecc5a3bfe07671a3c05c7a301da9206ccd
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 28 +++++++++++++---------------
logrotate.c | 9 ++++++---
2 files changed, 19 insertions(+), 18 deletions(-)
diff --git a/config.c b/config.c
index df2d90b..19dcfce 100644
--- a/config.c
+++ b/config.c
@@ -815,21 +815,19 @@ int readAllConfigPaths(const char **paths)
for (i = 0; i < defTabooCount; i++) {
- int bytes;
char *pattern = NULL;
/* generate a pattern by concatenating star (wildcard) to the
* suffix literal
*/
- bytes = asprintf(&pattern, "*%s", defTabooExts[i]);
- if (bytes != -1) {
- tabooPatterns[i] = pattern;
- tabooCount++;
- } else {
+ if (asprintf(&pattern, "*%s", defTabooExts[i]) < 0) {
free_2d_array(tabooPatterns, tabooCount);
message_OOM();
return 1;
}
+
+ tabooPatterns[i] = pattern;
+ tabooCount++;
}
for (file = paths; *file; file++) {
@@ -1421,7 +1419,6 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
}
while (*endtag) {
- int bytes;
char *pattern = NULL;
chptr = endtag;
@@ -1437,10 +1434,11 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
RAISE_ERROR();
}
tabooPatterns = tmp;
- bytes = asprintf(&pattern, "*%.*s", (int)(chptr - endtag), endtag);
+ if (asprintf(&pattern, "*%.*s", (int)(chptr - endtag), endtag) < 0) {
+ message_OOM();
+ RAISE_ERROR();
+ }
- /* should test for malloc() failure */
- assert(bytes != -1);
tabooPatterns[tabooCount] = pattern;
tabooCount++;
}
@@ -1481,7 +1479,6 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
}
while (*endtag) {
- int bytes;
char *pattern = NULL;
char **tmp;
@@ -1496,10 +1493,11 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
RAISE_ERROR();
}
tabooPatterns = tmp;
- bytes = asprintf(&pattern, "%.*s", (int)(chptr - endtag), endtag);
+ if (asprintf(&pattern, "%.*s", (int)(chptr - endtag), endtag) < 0) {
+ message_OOM();
+ RAISE_ERROR();
+ }
- /* should test for malloc() failure */
- assert(bytes != -1);
tabooPatterns[tabooCount] = pattern;
tabooCount++;
@@ -1540,7 +1538,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
env_home = pwd->pw_dir;
}
- if (asprintf(&new_key, "%s/%s", env_home, key + 2) == -1) {
+ if (asprintf(&new_key, "%s/%s", env_home, key + 2) < 0) {
message_OOM();
RAISE_ERROR();
}
diff --git a/logrotate.c b/logrotate.c
index a8c8480..e294352 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -1576,9 +1576,9 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
ld = dirname(logpath);
if (log->oldDir) {
if (log->oldDir[0] != '/') {
- rotNames->dirName =
- malloc(strlen(ld) + strlen(log->oldDir) + 2);
- sprintf(rotNames->dirName, "%s/%s", ld, log->oldDir);
+ if (asprintf(&rotNames->dirName, "%s/%s", ld, log->oldDir) < 0) {
+ rotNames->dirName = NULL;
+ }
} else
rotNames->dirName = strdup(log->oldDir);
} else
@@ -1983,6 +1983,7 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
if (asprintf(&(rotNames->finalName), "%s/%s%s%s", rotNames->dirName,
rotNames->baseName, dext_str, fileext) < 0) {
message_OOM();
+ rotNames->finalName = NULL;
return 1;
}
if (asprintf(&destFile, "%s%s", rotNames->finalName, compext) < 0) {
@@ -2001,6 +2002,7 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
if (asprintf(&(rotNames->finalName), "%s/%s.%d%s", rotNames->dirName,
rotNames->baseName, logStart, fileext) < 0) {
message_OOM();
+ rotNames->finalName = NULL;
}
}
@@ -2084,6 +2086,7 @@ static int rotateSingleLog(const struct logInfo *log, unsigned logNum,
free(rotNames->disposeName);
if (asprintf(&rotNames->disposeName, "%s%s", rotNames->finalName, ext) < 0) {
message_OOM();
+ rotNames->disposeName = NULL;
return 1;
}
--
2.30.2
From 3cf921e0d58993b064cd6d52b44835008345f498 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 19 Apr 2021 15:40:19 +0200
Subject: [PATCH 3/9] Update custom asprintf implementation
Check for vsnprintf(3) failures.
Silence conversion warnings.
Do not call exit(2) on allocation failure, but return -1 like the
specification says. All callers check the return value, since they
need to handle standard asprintf(3) implementations.
Upstream-commit: f917b31dbb47992bf5c5342c7312ddb2e64efc40
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/config.c b/config.c
index 19dcfce..0d79980 100644
--- a/config.c
+++ b/config.c
@@ -61,24 +61,20 @@ int asprintf(char **string_ptr, const char *format, ...)
va_start(arg, format);
size = vsnprintf(NULL, 0, format, arg);
- size++;
va_end(arg);
- va_start(arg, format);
- str = malloc(size);
+ if (size < 0) {
+ return -1;
+ }
+ str = malloc((size_t)size + 1);
if (str == NULL) {
- va_end(arg);
- /*
- * Strictly speaking, GNU asprintf doesn't do this,
- * but the caller isn't checking the return value.
- */
- message_OOM();
- exit(1);
+ return -1;
}
- rv = vsnprintf(str, size, format, arg);
+ va_start(arg, format);
+ rv = vsnprintf(str, (size_t)size + 1, format, arg);
va_end(arg);
*string_ptr = str;
- return (rv);
+ return rv;
}
#endif
--
2.30.2
From ace9818a606a0c96bb6e4da479ed151650b8fa3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 19 Apr 2021 15:45:55 +0200
Subject: [PATCH 4/9] Use asprintf instead of split malloc + sprintf
Use asprintf(3) instead of split usage of malloc(3) and sprintf(3) to
reduce the chance of potential size inconsistencies.
Upstream-commit: 001352baa924f021748513b6d09d37eca754d5cc
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 5 ++---
logrotate.c | 25 ++++++++++++-------------
2 files changed, 14 insertions(+), 16 deletions(-)
diff --git a/config.c b/config.c
index 0d79980..2905ff7 100644
--- a/config.c
+++ b/config.c
@@ -1886,13 +1886,12 @@ duperror:
continue;
}
}
- ld = malloc(strlen(dirName) + strlen(newlog->oldDir) + 2);
- if (ld == NULL) {
+ if (asprintf(&ld, "%s/%s", dirName, newlog->oldDir) < 0) {
message_OOM();
free(dirpath);
goto error;
}
- sprintf(ld, "%s/%s", dirName, newlog->oldDir);
+
free(dirpath);
if (newlog->oldDir[0] != '/') {
diff --git a/logrotate.c b/logrotate.c
index e294352..a72329e 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -1810,15 +1810,6 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
}
}
- /* adding 2 due to / and \0 being added by snprintf */
- rotNames->firstRotated =
- malloc(strlen(rotNames->dirName) + strlen(rotNames->baseName) +
- strlen(fileext) + strlen(compext) + DATEEXT_LEN + 2 );
- if (rotNames->firstRotated == NULL) {
- message_OOM();
- return 1;
- }
-
if (log->flags & LOG_FLAG_DATEEXT) {
/* glob for compressed files with our pattern
* and compress ext */
@@ -1882,9 +1873,13 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
rotNames->disposeName = NULL;
}
/* firstRotated is most recently created/compressed rotated log */
- sprintf(rotNames->firstRotated, "%s/%s%s%s%s",
+ if (asprintf(&rotNames->firstRotated, "%s/%s%s%s%s",
rotNames->dirName, rotNames->baseName, dext_str, fileext,
- (log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext);
+ (log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext) < 0) {
+ message_OOM();
+ rotNames->firstRotated = NULL;
+ return 1;
+ }
globfree(&globResult);
free(glob_pattern);
} else {
@@ -1915,9 +1910,13 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
}
}
- sprintf(rotNames->firstRotated, "%s/%s.%d%s%s", rotNames->dirName,
+ if (asprintf(&rotNames->firstRotated, "%s/%s.%d%s%s", rotNames->dirName,
rotNames->baseName, logStart, fileext,
- (log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext);
+ (log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext) < 0) {
+ message_OOM();
+ rotNames->firstRotated = NULL;
+ return 1;
+ }
for (i = rotateCount + logStart - 1; (i >= 0) && !hasErrors; i--) {
free(newName);
--
2.30.2
From e8a655ef1977add152d79c4dc8148fe7b1c9bca2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 19 Apr 2021 17:52:48 +0200
Subject: [PATCH 5/9] Mark read-only string variable const
Prevent it accidentally being passed to free(3) or similar.
Upstream-commit: 2231aba823ff6e5a18d996e81ef63df0871224dd
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
logrotate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/logrotate.c b/logrotate.c
index a72329e..7d49261 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -1567,7 +1567,7 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
state->lastRotated = now;
{
- char *ld;
+ const char *ld;
char *logpath = strdup(log->files[logNum]);
if (logpath == NULL) {
message_OOM();
--
2.30.2
From c06f20f781c74b2256e8f1757433db7e043b4ddf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 19 Apr 2021 17:59:21 +0200
Subject: [PATCH 6/9] Limit scope of variable
Limit the scope of a variable, by splitting it into several distinct
block scope variables.
This makes some asprintf(3) calls obsolete, and improves readability by
splitting the purpose of the variable.
Upstream-commit: b37fb75f569b3ddde30dd85184ea160f63abb7d5
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
logrotate.c | 19 ++++++++-----------
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/logrotate.c b/logrotate.c
index 7d49261..962ac55 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -1529,7 +1529,6 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
struct logState *state, struct logNames *rotNames)
{
struct tm now;
- char *oldName = NULL;
const char *compext = "";
const char *fileext = "";
int hasErrors = 0;
@@ -1770,11 +1769,8 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
sortGlobResult(&globResult, strlen(rotNames->dirName) + 1 + strlen(rotNames->baseName), dformat);
for (glob_count = 0; glob_count < globResult.gl_pathc && !hasErrors; glob_count++) {
struct stat sbprev;
+ const char *oldName = globResult.gl_pathv[glob_count];
- if (asprintf(&oldName, "%s", (globResult.gl_pathv)[glob_count]) < 0) {
- message_OOM();
- return 1;
- }
if (stat(oldName, &sbprev)) {
if (errno == ENOENT)
message(MESS_DEBUG, "previous log %s does not exist\n", oldName);
@@ -1783,7 +1779,6 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
} else {
hasErrors = compressLogFile(oldName, log, &sbprev);
}
- free(oldName);
}
} else {
message(MESS_DEBUG,
@@ -1793,6 +1788,7 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
free(glob_pattern);
} else {
struct stat sbprev;
+ char *oldName;
if (asprintf(&oldName, "%s/%s.%d%s", rotNames->dirName,
rotNames->baseName, logStart, fileext) < 0) {
message_OOM();
@@ -1853,16 +1849,14 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
}
if (mail_out != (size_t)-1) {
/* oldName is oldest Backup found (for unlink later) */
- if (asprintf(&oldName, "%s", (globResult.gl_pathv)[mail_out]) < 0) {
- message_OOM();
- return 1;
- }
+ const char *oldName = globResult.gl_pathv[mail_out];
rotNames->disposeName = strdup(oldName);
if (rotNames->disposeName == NULL) {
message_OOM();
+ globfree(&globResult);
+ free(glob_pattern);
return 1;
}
- free(oldName);
} else {
free(rotNames->disposeName);
rotNames->disposeName = NULL;
@@ -1878,6 +1872,8 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
(log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext) < 0) {
message_OOM();
rotNames->firstRotated = NULL;
+ globfree(&globResult);
+ free(glob_pattern);
return 1;
}
globfree(&globResult);
@@ -1885,6 +1881,7 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
} else {
int i;
char *newName = NULL;
+ char *oldName;
if (rotateCount == -1) {
rotateCount = findLastRotated(rotNames, fileext, compext);
--
2.30.2
From 1a1eb69e6c4ae403edceb411cb0bbc80473e2527 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 20 Apr 2021 17:41:16 +0200
Subject: [PATCH 7/9] Free memory on noolddir configuration
Consider the following configuration:
olddir /var/log/foo
noolddir
Do not leak the memory of the initial olddir path.
Upstream-commit: 59e8e321d3221a3beaf7b9c99b17d5cb7dbcfaf0
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config.c b/config.c
index 2905ff7..b7406f5 100644
--- a/config.c
+++ b/config.c
@@ -1134,7 +1134,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
if (newlog->dateformat == NULL)
continue;
} else if (!strcmp(key, "noolddir")) {
- newlog->oldDir = NULL;
+ freeLogItem(oldDir);
} else if (!strcmp(key, "mailfirst")) {
newlog->flags |= LOG_FLAG_MAILFIRST;
} else if (!strcmp(key, "maillast")) {
--
2.30.2
From 4aabfd0fe19832ba1df8919356d1d2d4b463937d Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 3 May 2021 15:14:09 +0200
Subject: [PATCH 8/9] readConfigFile: release `globerr_msg` on all code paths
This eliminates the following reports by Coverity:
Error: RESOURCE_LEAK (CWE-772):
logrotate-3.18.0.18_7a4d/config.c:1798: alloc_arg: "asprintf" allocates memory that is stored into "globerr_msg". [Note: The source code implementation of the function has been overridden by a builtin model.]
logrotate-3.18.0.18_7a4d/config.c:2116: leaked_storage: Variable "globerr_msg" going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK (CWE-772):
logrotate-3.18.0.18_7a4d/config.c:1798: alloc_arg: "asprintf" allocates memory that is stored into "globerr_msg". [Note: The source code implementation of the function has been overridden by a builtin model.]
logrotate-3.18.0.18_7a4d/config.c:2122: leaked_storage: Variable "globerr_msg" going out of scope leaks the storage it points to.
Closes: https://github.com/logrotate/logrotate/pull/387
Upstream-commit: 97f841be2bb52b9ac00cd564a6eb0a853d1017bd
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/config.c b/config.c
index b7406f5..91fd412 100644
--- a/config.c
+++ b/config.c
@@ -2086,12 +2086,14 @@ next_state: ;
munmap(buf, length);
close(fd);
+ free(globerr_msg);
return logerror;
error:
/* free is a NULL-safe operation */
free(key);
munmap(buf, length);
close(fd);
+ free(globerr_msg);
return 1;
}
--
2.30.2
From b5610cd1b0bc2cf9ab887007a953fbf6340cb150 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 3 May 2021 15:17:59 +0200
Subject: [PATCH 9/9] prerotateSingleLog: release `oldName` on all code paths
This eliminates the following reports by Coverity:
Error: RESOURCE_LEAK (CWE-772):
logrotate-3.18.0.18_7a4d/logrotate.c:1911: alloc_arg: "asprintf" allocates memory that is stored into "oldName". [Note: The source code implementation of the function has been overridden by a builtin model.]
logrotate-3.18.0.18_7a4d/logrotate.c:1919: noescape: Resource "oldName" is not freed or pointed-to in "strdup".
logrotate-3.18.0.18_7a4d/logrotate.c:1922: leaked_storage: Variable "oldName" going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK (CWE-772):
logrotate-3.18.0.18_7a4d/logrotate.c:1911: alloc_arg: "asprintf" allocates memory that is stored into "oldName". [Note: The source code implementation of the function has been overridden by a builtin model.]
logrotate-3.18.0.18_7a4d/logrotate.c:1919: noescape: Resource "oldName" is not freed or pointed-to in "strdup".
logrotate-3.18.0.18_7a4d/logrotate.c:1931: leaked_storage: Variable "oldName" going out of scope leaks the storage it points to.
Closes: https://github.com/logrotate/logrotate/pull/387
Upstream-commit: 85bc130b19344a3d9c8b472142df14ddcd0a166d
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
logrotate.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/logrotate.c b/logrotate.c
index 962ac55..d3f2825 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -1903,6 +1903,7 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
rotNames->disposeName = strdup(oldName);
if (rotNames->disposeName == NULL) {
message_OOM();
+ free(oldName);
return 1;
}
}
@@ -1911,6 +1912,7 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
rotNames->baseName, logStart, fileext,
(log->flags & LOG_FLAG_DELAYCOMPRESS) ? "" : compext) < 0) {
message_OOM();
+ free(oldName);
rotNames->firstRotated = NULL;
return 1;
}
--
2.30.2

62
SOURCES/0002-logrotate-3.18.0-copytruncate-doc.patch
Unescape View File

@ -1,62 +0,0 @@
From 4810afca1223099c1546da8d73d653c0d1eff96e Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 27 Apr 2021 18:36:30 +0200
Subject: [PATCH 1/2] logrotate.8: unify documentation of
copy/copytruncate/renamecopy
Bug: https://bugzilla.redhat.com/1934629
Closes: https://github.com/logrotate/logrotate/pull/386
Upstream-commit: 6ac9fe5759678b4c2b312eea490ebbae25092213
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
logrotate.8.in | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/logrotate.8.in b/logrotate.8.in
index f27c279..8064d68 100644
--- a/logrotate.8.in
+++ b/logrotate.8.in
@@ -411,7 +411,8 @@ Make a copy of the log file, but don't change the original at all.
This option can be used, for instance, to make a snapshot of the current
log file, or when some other utility needs to truncate or parse the file.
When this option is used, the \fBcreate\fR option will have no effect,
-as the old log file stays in place.
+as the old log file stays in place. The \fBcopy\fR option allows storing
+rotated log files on the different devices using \fBolddir\fR directive.
.TP
\fBnocopy\fR
@@ -427,7 +428,9 @@ and thus might continue writing (appending) to the previous log file forever.
Note that there is a very small time slice between copying the file and
truncating it, so some logging data might be lost.
When this option is used, the \fBcreate\fR option will have no effect,
-as the old log file stays in place.
+as the old log file stays in place. The \fBcopytruncate\fR option allows
+storing rotated log files on the different devices using \fBolddir\fR
+directive.
.TP
\fBnocopytruncate\fR
@@ -438,9 +441,14 @@ Do not truncate the original log file in place after creating a copy
\fBrenamecopy\fR
Log file is renamed to temporary filename in the same directory by adding
".tmp" extension to it. After that, \fBpostrotate\fR script is run
-and log file is copied from temporary filename to final filename. This allows
-storing rotated log files on the different devices using \fBolddir\fR
-directive. In the end, temporary filename is removed.
+and log file is copied from temporary filename to final filename. In the end,
+temporary filename is removed. The \fBrenamecopy\fR option allows storing
+rotated log files on the different devices using \fBolddir\fR directive.
+
+.TP
+\fBnorenamecopy\fR
+Do not rename and copy the original log file
+(this overrides the \fBrenamecopy\fR option).
.TP
\fBshred\fR
--
2.30.2

89
SOURCES/0003-logrotate-3.18.0-renamecopy-excl.patch
Unescape View File

@ -1,89 +0,0 @@
From 337eb1492f8b694542d704c7a4612e3211f717e5 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 27 Apr 2021 20:52:32 +0200
Subject: [PATCH 2/2] make `renamecopy` and `copytruncate` override each other
These option cannot work together. This rule prevents unnecessary
rotation failure in case one of the options comes from the global
configuration and the other one from log-specific configuration.
Bug: https://bugzilla.redhat.com/1934601
Closes: https://github.com/logrotate/logrotate/pull/386
Upstream-commit: fe53a0efd21c11dbe9705564f92f5d9aa6bf855e
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 2 ++
logrotate.8.in | 3 ++-
test/test-config.24.in | 3 +++
test/test-config.58.in | 3 +++
4 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/config.c b/config.c
index 91fd412..1bca9e4 100644
--- a/config.c
+++ b/config.c
@@ -1106,10 +1106,12 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
newlog->flags &= ~LOG_FLAG_SHAREDSCRIPTS;
} else if (!strcmp(key, "copytruncate")) {
newlog->flags |= LOG_FLAG_COPYTRUNCATE;
+ newlog->flags &= ~LOG_FLAG_TMPFILENAME;
} else if (!strcmp(key, "nocopytruncate")) {
newlog->flags &= ~LOG_FLAG_COPYTRUNCATE;
} else if (!strcmp(key, "renamecopy")) {
newlog->flags |= LOG_FLAG_TMPFILENAME;
+ newlog->flags &= ~LOG_FLAG_COPYTRUNCATE;
} else if (!strcmp(key, "norenamecopy")) {
newlog->flags &= ~LOG_FLAG_TMPFILENAME;
} else if (!strcmp(key, "copy")) {
diff --git a/logrotate.8.in b/logrotate.8.in
index 8064d68..f0aa23f 100644
--- a/logrotate.8.in
+++ b/logrotate.8.in
@@ -430,7 +430,7 @@ truncating it, so some logging data might be lost.
When this option is used, the \fBcreate\fR option will have no effect,
as the old log file stays in place. The \fBcopytruncate\fR option allows
storing rotated log files on the different devices using \fBolddir\fR
-directive.
+directive. The \fBcopytruncate\fR option implies \fBnorenamecopy\fR.
.TP
\fBnocopytruncate\fR
@@ -444,6 +444,7 @@ Log file is renamed to temporary filename in the same directory by adding
and log file is copied from temporary filename to final filename. In the end,
temporary filename is removed. The \fBrenamecopy\fR option allows storing
rotated log files on the different devices using \fBolddir\fR directive.
+The \fBrenamecopy\fR option implies \fBnocopytruncate\fR.
.TP
\fBnorenamecopy\fR
diff --git a/test/test-config.24.in b/test/test-config.24.in
index 35cfcd3..7a2a760 100644
--- a/test/test-config.24.in
+++ b/test/test-config.24.in
@@ -1,5 +1,8 @@
create
+# will be overridden by copytruncate
+renamecopy
+
&DIR&/test*.log {
daily
copytruncate
diff --git a/test/test-config.58.in b/test/test-config.58.in
index 34906da..79058be 100644
--- a/test/test-config.58.in
+++ b/test/test-config.58.in
@@ -1,5 +1,8 @@
create
+# will be overridden by renamecopy
+copytruncate
+
&DIR&/test.log {
renamecopy
weekly
--
2.30.2

253
SOURCES/0004-logrotate-3.18.0-CVE-2022-1348.patch
Unescape View File

@ -1,253 +0,0 @@
From 53e0dc4a8ddcb169b0ba36472de03f4366f45159 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 29 Mar 2022 21:06:54 +0200
Subject: [PATCH 1/3] skip locking if state file is world-readable
Fixes: CVE-2022-1348 - potential DoS from unprivileged users via the state file
Bug: https://bugzilla.redhat.com/CVE-2022-1348
Upstream-commit: 1f76a381e2caa0603ae3dbc51ed0f1aa0d6658b9
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
logrotate.c | 24 ++++++++++++++++++++++--
logrotate.spec.in | 3 +--
test/Makefile.am | 1 +
test/test-0087.sh | 1 +
test/test-0092.sh | 19 +++++++++++++++++++
test/test-config.92.in | 4 ++++
6 files changed, 48 insertions(+), 4 deletions(-)
create mode 100755 test/test-0092.sh
create mode 100644 test/test-config.92.in
diff --git a/logrotate.c b/logrotate.c
index d3f2825..78153b3 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -2565,6 +2565,9 @@ static int writeState(const char *stateFilename)
close(fdcurr);
+ /* drop world-readable flag to prevent others from locking */
+ sb.st_mode &= ~(mode_t)S_IROTH;
+
fdsave = createOutputFile(tmpFilename, O_RDWR | O_CREAT | O_TRUNC, &sb, prev_acl, 0);
#ifdef WITH_ACL
if (prev_acl) {
@@ -2898,15 +2901,16 @@ static int readState(const char *stateFilename)
static int lockState(const char *stateFilename, int skip_state_lock)
{
+ struct stat sb;
int lockFd = open(stateFilename, O_RDWR | O_CLOEXEC);
if (lockFd == -1) {
if (errno == ENOENT) {
message(MESS_DEBUG, "Creating stub state file: %s\n",
stateFilename);
- /* create a stub state file with mode 0644 */
+ /* create a stub state file with mode 0640 */
lockFd = open(stateFilename, O_CREAT | O_EXCL | O_WRONLY,
- S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH);
+ S_IWUSR | S_IRUSR | S_IRGRP);
if (lockFd == -1) {
message(MESS_ERROR, "error creating stub state file %s: %s\n",
stateFilename, strerror(errno));
@@ -2926,6 +2930,22 @@ static int lockState(const char *stateFilename, int skip_state_lock)
return 0;
}
+ if (fstat(lockFd, &sb) == -1) {
+ message(MESS_ERROR, "error stat()ing state file %s: %s\n",
+ stateFilename, strerror(errno));
+ close(lockFd);
+ return 1;
+ }
+
+ if (sb.st_mode & S_IROTH) {
+ message(MESS_ERROR, "state file %s is world-readable and thus can"
+ " be locked from other unprivileged users."
+ " Skipping lock acquisition...\n",
+ stateFilename);
+ close(lockFd);
+ return 0;
+ }
+
if (flock(lockFd, LOCK_EX | LOCK_NB) == -1) {
if (errno == EWOULDBLOCK) {
message(MESS_ERROR, "state file %s is already locked\n"
diff --git a/logrotate.spec.in b/logrotate.spec.in
index 92e1d97..3caabf2 100644
--- a/logrotate.spec.in
+++ b/logrotate.spec.in
@@ -41,7 +41,6 @@ install -p -m 644 examples/logrotate.conf $RPM_BUILD_ROOT%{_sysconfdir}/logrotat
install -p -m 644 examples/btmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/btmp
install -p -m 644 examples/wtmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/wtmp
install -p -m 755 examples/logrotate.cron $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/logrotate
-touch $RPM_BUILD_ROOT%{_localstatedir}/lib/logrotate.status
%clean
rm -rf $RPM_BUILD_ROOT
@@ -55,4 +54,4 @@ rm -rf $RPM_BUILD_ROOT
%attr(0755, root, root) %{_sysconfdir}/cron.daily/logrotate
%attr(0644, root, root) %config(noreplace) %{_sysconfdir}/logrotate.conf
%attr(0755, root, root) %{_sysconfdir}/logrotate.d
-%attr(0644, root, root) %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/logrotate.status
+%ghost %attr(0640, root, root) %verify(not size md5 mtime) %{_localstatedir}/lib/logrotate.status
diff --git a/test/Makefile.am b/test/Makefile.am
index 914fe65..d6fb7c8 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -87,6 +87,7 @@ TEST_CASES = \
test-0086.sh \
test-0087.sh \
test-0088.sh \
+ test-0092.sh \
test-0100.sh \
test-0101.sh
diff --git a/test/test-0087.sh b/test/test-0087.sh
index 91e5266..aeff2c6 100755
--- a/test/test-0087.sh
+++ b/test/test-0087.sh
@@ -8,6 +8,7 @@ cleanup 87
preptest test.log 87 1
touch state
+chmod 0640 state
$RLR test-config.87 -f &
diff --git a/test/test-0092.sh b/test/test-0092.sh
new file mode 100755
index 0000000..be52e14
--- /dev/null
+++ b/test/test-0092.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+. ./test-common.sh
+
+# check state file locking
+cleanup 92
+
+preptest test.log 92 1
+
+touch state
+chmod 0644 state
+flock state -c "sleep 10" &
+
+$RLR -f test-config.92 || exit 23
+
+checkoutput <<EOF
+test.log 0
+test.log.1 0 zero
+EOF
diff --git a/test/test-config.92.in b/test/test-config.92.in
new file mode 100644
index 0000000..ac93900
--- /dev/null
+++ b/test/test-config.92.in
@@ -0,0 +1,4 @@
+&DIR&/test.log {
+ rotate 1
+ create
+}
--
2.35.3
From 0d2d770cc5aa7bf14e84a2832249eeeb391b0b8a Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Wed, 25 May 2022 09:55:02 +0200
Subject: [PATCH 2/3] drop world-readable permission on state file
... even when ACLs are enabled. This is a follow-up to the fix
of CVE-2022-1348. It has no impact on security but makes the state
file locking work again in more cases.
Closes: https://github.com/logrotate/logrotate/pull/446
Upstream-commit: addbd293242b0b78aa54f054e6c1d249451f137d
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
logrotate.c | 10 +++++++---
test/test-0048.sh | 1 +
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/logrotate.c b/logrotate.c
index 78153b3..8d49f26 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -2498,6 +2498,7 @@ static int writeState(const char *stateFilename)
struct tm now;
time_t now_time, last_time;
char *prevCtx;
+ int force_mode = 0;
localtime_r(&nowSecs, &now);
@@ -2565,10 +2566,13 @@ static int writeState(const char *stateFilename)
close(fdcurr);
- /* drop world-readable flag to prevent others from locking */
- sb.st_mode &= ~(mode_t)S_IROTH;
+ if (sb.st_mode & (mode_t)S_IROTH) {
+ /* drop world-readable flag to prevent others from locking */
+ sb.st_mode &= ~(mode_t)S_IROTH;
+ force_mode = 1;
+ }
- fdsave = createOutputFile(tmpFilename, O_RDWR | O_CREAT | O_TRUNC, &sb, prev_acl, 0);
+ fdsave = createOutputFile(tmpFilename, O_RDWR | O_CREAT | O_TRUNC, &sb, prev_acl, force_mode);
#ifdef WITH_ACL
if (prev_acl) {
acl_free(prev_acl);
diff --git a/test/test-0048.sh b/test/test-0048.sh
index 62d606b..06b255a 100755
--- a/test/test-0048.sh
+++ b/test/test-0048.sh
@@ -18,6 +18,7 @@ cat > state << EOF
logrotate state -- version 2
EOF
+chmod 0640 state
setfacl -m u:nobody:rwx state
$RLR test-config.48
--
2.35.3
From 105ed9f433a3aaf1aec93318aa9c8811b59d7b23 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 27 May 2022 09:56:07 +0200
Subject: [PATCH 3/3] lockState: do not print `error:` when exit code is
unaffected
Closes: https://github.com/logrotate/logrotate/pull/448
Upstream-commit: 31cf1099ab8514dfcae5a980bc77352edd5292f8
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
logrotate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/logrotate.c b/logrotate.c
index 27deaf3..77db8c2 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -2942,8 +2942,8 @@ static int lockState(const char *stateFilename, int skip_state_lock)
}
if (sb.st_mode & S_IROTH) {
- message(MESS_ERROR, "state file %s is world-readable and thus can"
- " be locked from other unprivileged users."
+ message(MESS_NORMAL, "warning: state file %s is world-readable"
+ " and thus can be locked from other unprivileged users."
" Skipping lock acquisition...\n",
stateFilename);
close(lockFd);
--
2.35.3

556
SOURCES/0005-logrotate-3.18.0-stricter-config-parser.patch
Unescape View File

@ -1,556 +0,0 @@
From 6db706b51af0a6f6ce28bceaefb4157347d2fa18 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 20 Apr 2021 17:41:10 +0200
Subject: [PATCH 1/6] Log if keyword is not properly separated
The man page states
Values are separated from directives by whitespace and/or an
optional =.
But logrotate does accept no separator, like
rotate7
Log those occurrences with a normal severity, as this usage is not
intended.
Upstream-commit: 2b588b5ec2e5c27bee857c4abeddafa6a9602ebc
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/config.c b/config.c
index 1bca9e4..8049211 100644
--- a/config.c
+++ b/config.c
@@ -1088,6 +1088,11 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
key = isolateWord(&start, &buf, length);
if (key == NULL)
continue;
+ if (!isspace((unsigned char)*start)) {
+ message(MESS_NORMAL, "%s:%d keyword '%s' not properly"
+ " separated, found %#x\n",
+ configFile, lineNum, key, *start);
+ }
if (!strcmp(key, "compress")) {
newlog->flags |= LOG_FLAG_COMPRESS;
} else if (!strcmp(key, "nocompress")) {
--
2.38.1
From 2a22bf99b41e737fcd8c986be5c4fb761ab101c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 20 Apr 2021 17:41:12 +0200
Subject: [PATCH 2/6] Log error on keyword parse failure
isolateWord() only fails on OOM and EOF.
Upstream-commit: 326179a901b0a8d10e902cae0abab0c68d7abc98
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/config.c b/config.c
index 8049211..fd6e026 100644
--- a/config.c
+++ b/config.c
@@ -1086,8 +1086,11 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
if (isalpha((unsigned char)*start)) {
free(key);
key = isolateWord(&start, &buf, length);
- if (key == NULL)
+ if (key == NULL) {
+ message(MESS_ERROR, "%s:%d failed to parse keyword\n",
+ configFile, lineNum);
continue;
+ }
if (!isspace((unsigned char)*start)) {
message(MESS_NORMAL, "%s:%d keyword '%s' not properly"
" separated, found %#x\n",
--
2.38.1
From d3b2d0d058d41dd7efccadff8506285af791711c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 20 Apr 2021 17:41:20 +0200
Subject: [PATCH 3/6] Fail on parse error of required option value
Fail on a parse error of a required option value of the directives
include, extension, addextension, rotate, start, minage, maxage,
shredcycles and su.
Failing is better than silently skipping a directive and running with an
undesired configuration.
Upstream-commit: 906ea11981cb1842538c4aaed395885fda693e47
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 49 ++++++++++++++++++++++++++++++-------------------
1 file changed, 30 insertions(+), 19 deletions(-)
diff --git a/config.c b/config.c
index fd6e026..227feec 100644
--- a/config.c
+++ b/config.c
@@ -1154,8 +1154,11 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
mode_t tmp_mode = NO_MODE;
free(key);
key = isolateLine(&start, &buf, length);
- if (key == NULL)
- continue;
+ if (key == NULL) {
+ message(MESS_ERROR, "%s:%d failed to parse su option value\n",
+ configFile, lineNum);
+ RAISE_ERROR();
+ }
rv = readModeUidGid(configFile, lineNum, key, "su",
&tmp_mode, &newlog->suUid,
@@ -1268,13 +1271,14 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
free(key);
key = isolateValue(configFile, lineNum, "shred cycles",
&start, &buf, length);
- if (key == NULL)
- continue;
+ if (key == NULL) {
+ RAISE_ERROR();
+ }
newlog->shred_cycles = (int)strtoul(key, &chptr, 0);
if (*chptr || newlog->shred_cycles < 0) {
message(MESS_ERROR, "%s:%d bad shred cycles '%s'\n",
configFile, lineNum, key);
- goto error;
+ RAISE_ERROR();
}
} else if (!strcmp(key, "hourly")) {
set_criterium(&newlog->criterium, ROT_HOURLY, &criterium_set);
@@ -1309,8 +1313,9 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
free(key);
key = isolateValue(configFile, lineNum, "rotate count", &start,
&buf, length);
- if (key == NULL)
- continue;
+ if (key == NULL) {
+ RAISE_ERROR();
+ }
newlog->rotateCount = (int)strtol(key, &chptr, 0);
if (*chptr || newlog->rotateCount < -1) {
message(MESS_ERROR,
@@ -1322,8 +1327,9 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
free(key);
key = isolateValue(configFile, lineNum, "start count", &start,
&buf, length);
- if (key == NULL)
- continue;
+ if (key == NULL) {
+ RAISE_ERROR();
+ }
newlog->logStart = (int)strtoul(key, &chptr, 0);
if (*chptr || newlog->logStart < 0) {
message(MESS_ERROR, "%s:%d bad start count '%s'\n",
@@ -1334,8 +1340,9 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
free(key);
key = isolateValue(configFile, lineNum, "minage count", &start,
&buf, length);
- if (key == NULL)
- continue;
+ if (key == NULL) {
+ RAISE_ERROR();
+ }
newlog->rotateMinAge = (int)strtoul(key, &chptr, 0);
if (*chptr || newlog->rotateMinAge < 0) {
message(MESS_ERROR, "%s:%d bad minimum age '%s'\n",
@@ -1346,8 +1353,9 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
free(key);
key = isolateValue(configFile, lineNum, "maxage count", &start,
&buf, length);
- if (key == NULL)
- continue;
+ if (key == NULL) {
+ RAISE_ERROR();
+ }
newlog->rotateAge = (int)strtoul(key, &chptr, 0);
if (*chptr || newlog->rotateAge < 0) {
message(MESS_ERROR, "%s:%d bad maximum age '%s'\n",
@@ -1519,8 +1527,9 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
free(key);
key = isolateValue(configFile, lineNum, "include", &start,
&buf, length);
- if (key == NULL)
- continue;
+ if (key == NULL) {
+ RAISE_ERROR();
+ }
if (key[0] == '~' && key[1] == '/') {
/* replace '~' with content of $HOME cause low-level functions
@@ -1582,8 +1591,9 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
free(key);
key = isolateValue(configFile, lineNum, "extension name", &start,
&buf, length);
- if (key == NULL)
- continue;
+ if (key == NULL) {
+ RAISE_ERROR();
+ }
freeLogItem (extension);
newlog->extension = key;
key = NULL;
@@ -1593,8 +1603,9 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
free(key);
key = isolateValue(configFile, lineNum, "addextension name", &start,
&buf, length);
- if (key == NULL)
- continue;
+ if (key == NULL) {
+ RAISE_ERROR();
+ }
freeLogItem (addextension);
newlog->addextension = key;
key = NULL;
--
2.38.1
From 69d2febc6e6e81e34d944b1652144df2e154965d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 26 Jul 2021 19:35:00 +0200
Subject: [PATCH 4/6] Do not warn on key value pair separated by only an equal
sign
Do not warn if a configuration directive is specified with the key and
value separated by just an equal sign, like:
size=+2048k
The warning is intended for the usage of:
size2048k
Fixes: 2b588b5e ("Log if keyword is not properly separated")
Fixes: #410
Upstream-commit: a98c38bc867ec59e00625b48262bb3334c8f5728
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config.c b/config.c
index 227feec..6eb94d4 100644
--- a/config.c
+++ b/config.c
@@ -1091,7 +1091,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
configFile, lineNum);
continue;
}
- if (!isspace((unsigned char)*start)) {
+ if (!isspace((unsigned char)*start) && *start != '=') {
message(MESS_NORMAL, "%s:%d keyword '%s' not properly"
" separated, found %#x\n",
configFile, lineNum, key, *start);
--
2.38.1
From 3a1f8e746b2753efe7472580b1db4395553b1d34 Mon Sep 17 00:00:00 2001
From: Felix Wilhelm <fwilhelm@google.com>
Date: Thu, 21 Oct 2021 09:47:57 +0000
Subject: [PATCH 5/6] config.c: enforce stricter parsing of config files
Abort parsing of config files that contain invalid lines.
This makes it harder to abuse logrotate for privilege escalation
attacks where an attacker can partially control a privileged file write.
Upstream-commit: 124e4ca6532b0fe823fa2ec145294547b3aaeb4b
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
config.c | 7 ++++---
test/Makefile.am | 4 +++-
test/test-0102.sh | 16 ++++++++++++++++
test/test-0103.sh | 16 ++++++++++++++++
test/test-config.102.in | 10 ++++++++++
test/test-config.103.in | 12 ++++++++++++
6 files changed, 61 insertions(+), 4 deletions(-)
create mode 100755 test/test-0102.sh
create mode 100755 test/test-0103.sh
create mode 100644 test/test-config.102.in
create mode 100644 test/test-config.103.in
diff --git a/config.c b/config.c
index 6eb94d4..c0fd4ff 100644
--- a/config.c
+++ b/config.c
@@ -1089,12 +1089,13 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
if (key == NULL) {
message(MESS_ERROR, "%s:%d failed to parse keyword\n",
configFile, lineNum);
- continue;
+ RAISE_ERROR();
}
if (!isspace((unsigned char)*start) && *start != '=') {
- message(MESS_NORMAL, "%s:%d keyword '%s' not properly"
+ message(MESS_ERROR, "%s:%d keyword '%s' not properly"
" separated, found %#x\n",
configFile, lineNum, key, *start);
+ RAISE_ERROR();
}
if (!strcmp(key, "compress")) {
newlog->flags |= LOG_FLAG_COMPRESS;
@@ -1973,7 +1974,7 @@ duperror:
message(MESS_ERROR, "%s:%d lines must begin with a keyword "
"or a filename (possibly in double quotes)\n",
configFile, lineNum);
- state = STATE_SKIP_LINE;
+ RAISE_ERROR();
}
break;
case STATE_SKIP_LINE:
diff --git a/test/Makefile.am b/test/Makefile.am
index d6fb7c8..cd357e5 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -89,7 +89,9 @@ TEST_CASES = \
test-0088.sh \
test-0092.sh \
test-0100.sh \
- test-0101.sh
+ test-0101.sh \
+ test-0102.sh \
+ test-0103.sh
EXTRA_DIST = \
compress \
diff --git a/test/test-0102.sh b/test/test-0102.sh
new file mode 100755
index 0000000..d2550a5
--- /dev/null
+++ b/test/test-0102.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+. ./test-common.sh
+
+cleanup 102
+
+# ------------------------------- Test 102 ------------------------------------
+# test invalid config file with binary content
+preptest test.log 102 1
+
+$RLR test-config.102 --force
+
+if [ $? -eq 0 ]; then
+ echo "No error, but there should be one."
+ exit 3
+fi
diff --git a/test/test-0103.sh b/test/test-0103.sh
new file mode 100755
index 0000000..bccd8ed
--- /dev/null
+++ b/test/test-0103.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+. ./test-common.sh
+
+cleanup 103
+
+# ------------------------------- Test 103 ------------------------------------
+# test invalid config file with unknown keywords
+preptest test.log 103 1
+
+$RLR test-config.103 --force
+
+if [ $? -eq 0 ]; then
+ echo "No error, but there should be one."
+ exit 3
+fi
diff --git a/test/test-config.102.in b/test/test-config.102.in
new file mode 100644
index 0000000..cbca4c4
--- /dev/null
+++ b/test/test-config.102.in
@@ -0,0 +1,10 @@
+ELF
+
+&DIR&/test.log {
+ daily
+ size=0
+
+firstaction
+ /bin/sh -c "echo test123"
+ endscript
+}
diff --git a/test/test-config.103.in b/test/test-config.103.in
new file mode 100644
index 0000000..ef4d19c
--- /dev/null
+++ b/test/test-config.103.in
@@ -0,0 +1,12 @@
+random noise
+a b c d
+a::x
+
+&DIR&/test.log {
+ daily
+ size=0
+
+firstaction
+ /bin/sh -c "echo test123"
+ endscript
+}
--
2.38.1
From 2ad71221cd9e485e4d45df4f28b47072491df120 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 13 Dec 2021 21:47:16 +0100
Subject: [PATCH 6/6] Add more testcases for stricter configuration parsing
Upstream-commit: 9cbc22b91caff6cfbd1378737c62276bd9ffe3e7
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
test/Makefile.am | 4 +++-
test/test-0102.sh | 5 +++++
test/test-0103.sh | 5 +++++
test/test-0104.sh | 19 +++++++++++++++++++
test/test-0105.sh | 25 +++++++++++++++++++++++++
test/test-config.104.in | 8 ++++++++
test/test-config.105.in | 8 ++++++++
7 files changed, 73 insertions(+), 1 deletion(-)
create mode 100755 test/test-0104.sh
create mode 100755 test/test-0105.sh
create mode 100644 test/test-config.104.in
create mode 100644 test/test-config.105.in
diff --git a/test/Makefile.am b/test/Makefile.am
index cd357e5..f1a0062 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -91,7 +91,9 @@ TEST_CASES = \
test-0100.sh \
test-0101.sh \
test-0102.sh \
- test-0103.sh
+ test-0103.sh \
+ test-0104.sh \
+ test-0105.sh
EXTRA_DIST = \
compress \
diff --git a/test/test-0102.sh b/test/test-0102.sh
index d2550a5..367bde9 100755
--- a/test/test-0102.sh
+++ b/test/test-0102.sh
@@ -14,3 +14,8 @@ if [ $? -eq 0 ]; then
echo "No error, but there should be one."
exit 3
fi
+
+checkoutput <<EOF
+test.log 0 zero
+test.log.1 0 first
+EOF
diff --git a/test/test-0103.sh b/test/test-0103.sh
index bccd8ed..32a3c19 100755
--- a/test/test-0103.sh
+++ b/test/test-0103.sh
@@ -14,3 +14,8 @@ if [ $? -eq 0 ]; then
echo "No error, but there should be one."
exit 3
fi
+
+checkoutput <<EOF
+test.log 0 zero
+test.log.1 0 first
+EOF
diff --git a/test/test-0104.sh b/test/test-0104.sh
new file mode 100755
index 0000000..e3c0009
--- /dev/null
+++ b/test/test-0104.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+. ./test-common.sh
+
+cleanup 104
+
+# ------------------------------- Test 104 ------------------------------------
+# test config with unknown (new?) keyword
+preptest test1.log 104 1
+preptest test2.log 104 1
+
+$RLR test-config.104 --force || exit 23
+
+checkoutput <<EOF
+test1.log 0
+test1.log.1 0 zero
+test2.log 0
+test2.log.1 0 zero
+EOF
diff --git a/test/test-0105.sh b/test/test-0105.sh
new file mode 100755
index 0000000..b51e9be
--- /dev/null
+++ b/test/test-0105.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+. ./test-common.sh
+
+cleanup 105
+
+# ------------------------------- Test 105 ------------------------------------
+# test config with garbage keyword bails out
+preptest test1.log 105 1
+preptest test2.log 105 1
+
+$RLR test-config.105 --force
+
+if [ $? -eq 0 ]; then
+ echo "No error, but there should be one."
+ exit 3
+fi
+
+
+checkoutput <<EOF
+test1.log 0 zero
+test1.log.1 0 first
+test2.log 0
+test2.log.1 0 zero
+EOF
diff --git a/test/test-config.104.in b/test/test-config.104.in
new file mode 100644
index 0000000..988d902
--- /dev/null
+++ b/test/test-config.104.in
@@ -0,0 +1,8 @@
+&DIR&/test1.log {
+ newkeyword
+ rotate 1
+}
+
+&DIR&/test2.log {
+ rotate 1
+}
diff --git a/test/test-config.105.in b/test/test-config.105.in
new file mode 100644
index 0000000..bfab9b9
--- /dev/null
+++ b/test/test-config.105.in
@@ -0,0 +1,8 @@
+&DIR&/test1.log {
+ g@rbag€[]+#*
+ rotate 1
+}
+
+&DIR&/test2.log {
+ rotate 1
+}
--
2.38.1

184
SOURCES/001-Avoid-opening-log-file-for-getting-SELinux-context.patch
Unescape View File

@ -0,0 +1,184 @@
From 5f3274417c0cfa54841f2817eb9a3c5168846ec1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Sat, 3 Aug 2024 19:07:38 +0200
Subject: [PATCH] Avoid opening log file for getting SELinux context
Currently setSecCtxByName() uses open_logfile() to get a file descriptor
to the current log file to retrieve its security context.
open_logfile() performs additional checks, like whether the file is a
regular file, which alter the control flow between systems with SELinux
enabled and disabled. This can be observed in the reported issue #632.
Use lgetfilecon_raw() instead to have the same behavior for SELinux
enabled and disabled systems and delay the checks for invalid log files
to code executed in both cases.
Closes: #632
(cherry picked from commit e4a833015eb5590cf86a6a78895ff399174ade4f)
---
logrotate.c | 89 ++++++++++++++++++++++++++++++-----------------------
1 file changed, 51 insertions(+), 38 deletions(-)
diff --git a/logrotate.c b/logrotate.c
index 1292b46..40b5295 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -360,27 +360,9 @@ static int movefd(int oldfd, int newfd)
return rc;
}
-static int setSecCtx(int fdSrc, const char *src, char **pPrevCtx)
-{
#ifdef WITH_SELINUX
- char *srcCtx;
- *pPrevCtx = NULL;
-
- if (!selinux_enabled)
- /* pretend success */
- return 0;
-
- /* read security context of fdSrc */
- if (fgetfilecon_raw(fdSrc, &srcCtx) < 0) {
- if (errno == ENOTSUP)
- /* pretend success */
- return 0;
-
- message(MESS_ERROR, "getting file context %s: %s\n", src,
- strerror(errno));
- return selinux_enforce;
- }
-
+static int setSecCtx(char *srcCtx, char **pPrevCtx)
+{
/* save default security context for restoreSecCtx() */
if (getfscreatecon_raw(pPrevCtx) < 0) {
message(MESS_ERROR, "getting default context: %s\n", strerror(errno));
@@ -400,37 +382,68 @@ static int setSecCtx(int fdSrc, const char *src, char **pPrevCtx)
message(MESS_DEBUG, "set default create context to %s\n", srcCtx);
freecon(srcCtx);
+
+ return 0;
+}
+#endif /* WITH_SELINUX */
+
+static int setSecCtxByFd(int fdSrc, const char *src, char **pPrevCtx)
+{
+#ifdef WITH_SELINUX
+ char *srcCtx;
+ *pPrevCtx = NULL;
+
+ if (!selinux_enabled)
+ /* pretend success */
+ return 0;
+
+ /* read security context of fdSrc */
+ if (fgetfilecon_raw(fdSrc, &srcCtx) < 0) {
+ if (errno == ENOTSUP)
+ /* pretend success */
+ return 0;
+
+ message(MESS_ERROR, "getting file context %s: %s\n", src,
+ strerror(errno));
+ return selinux_enforce;
+ }
+
+ return setSecCtx(srcCtx, pPrevCtx);
#else
(void) fdSrc;
(void) src;
(void) pPrevCtx;
-#endif
return 0;
+#endif /* WITH_SELINUX */
}
-static int setSecCtxByName(const char *src, const struct logInfo *log, char **pPrevCtx)
+static int setSecCtxByName(const char *src, char **pPrevCtx)
{
- int hasErrors = 0;
#ifdef WITH_SELINUX
- int fd;
+ char *srcCtx;
+ *pPrevCtx = NULL;
if (!selinux_enabled)
/* pretend success */
return 0;
- fd = open_logfile(src, log, 0);
- if (fd < 0) {
- message(MESS_ERROR, "error opening %s: %s\n", src, strerror(errno));
- return 1;
+ /* read security context of src */
+ if (lgetfilecon_raw(src, &srcCtx) < 0) {
+ if (errno == ENOTSUP)
+ /* pretend success */
+ return 0;
+
+ message(MESS_ERROR, "getting file context %s: %s\n", src,
+ strerror(errno));
+ return selinux_enforce;
}
- hasErrors = setSecCtx(fd, src, pPrevCtx);
- close(fd);
+
+ return setSecCtx(srcCtx, pPrevCtx);
#else
(void) src;
- (void) log;
(void) pPrevCtx;
-#endif
- return hasErrors;
+ return 0;
+#endif /* WITH_SELINUX */
}
static void restoreSecCtx(char **pPrevCtx)
@@ -853,7 +866,7 @@ static int compressLogFile(const char *name, const struct logInfo *log, const st
return 1;
}
- if (setSecCtx(inFile, name, &prevCtx) != 0) {
+ if (setSecCtxByFd(inFile, name, &prevCtx) != 0) {
/* error msg already printed */
close(inFile);
return 1;
@@ -1290,7 +1303,7 @@ static int copyTruncate(const char *currLog, const char *saveLog, const struct s
if (!skip_copy) {
char *prevCtx;
- if (setSecCtx(fdcurr, currLog, &prevCtx) != 0) {
+ if (setSecCtxByFd(fdcurr, currLog, &prevCtx) != 0) {
/* error msg already printed */
goto fail;
}
@@ -1888,7 +1901,7 @@ static int prerotateSingleLog(const struct logInfo *log, unsigned logNum,
message(MESS_DEBUG, "dateext suffix '%s'\n", dext_str);
message(MESS_DEBUG, "glob pattern '%s'\n", dext_pattern);
- if (setSecCtxByName(log->files[logNum], log, &prev_context) != 0) {
+ if (setSecCtxByName(log->files[logNum], &prev_context) != 0) {
/* error msg already printed */
return 1;
}
@@ -2169,7 +2182,7 @@ static int rotateSingleLog(const struct logInfo *log, unsigned logNum,
if (!hasErrors) {
if (!(log->flags & (LOG_FLAG_COPYTRUNCATE | LOG_FLAG_COPY))) {
- if (setSecCtxByName(log->files[logNum], log, &savedContext) != 0) {
+ if (setSecCtxByName(log->files[logNum], &savedContext) != 0) {
/* error msg already printed */
return 1;
}
@@ -2711,7 +2724,7 @@ static int writeState(const char *stateFilename)
/* get attributes, to assign them to the new state file */
- if (setSecCtx(fdcurr, stateFilename, &prevCtx) != 0) {
+ if (setSecCtxByFd(fdcurr, stateFilename, &prevCtx) != 0) {
/* error msg already printed */
free(tmpFilename);
close(fdcurr);
--
2.46.2

179
SOURCES/cgzones.pgp
Unescape View File

@ -0,0 +1,179 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: pgp.mit.edu
mQINBFmr5WEBEACsbVDGAx8dLby3CUhMGsi2AzWSqejm+98B5OWiOFJ0VqDY2TB7T3dDy5Pb
3X7tgp8QZGi8xwpQlw1iF0jYRxzp8MyB56ikNOpMBhxJPPcPpAy0cha+4nLlvCsvUQgYdKOq
fHEHMEYohB5p0h/68P7VUydk1iTc9IbMXhpXyF/jwTuN0aV2WqzF4261MRVmQJoOFDHFd9F/
6YdE4GP0vyuuLewPNARVVYqWsjM6Eun0OxN0sjfD/KZ5e5Icwt6AlQZmHE7NRF38okVeVE2h
PQ/prLeFYzp+wmACB/ryF1PWIrAID+VXBa/cLN5VRNFCCfHGAAiqQizWgdUvvXn/DWjRDhA3
/Gm0vwCb4kv2OvaJMg/RyRw/Gw5qjpuMBbuVKH7yw5YKeJSWU/gd+oiJOlojeO2K2bqeRHxQ
OfjtNhJtCSnmuQ+3Tv97uy2owdqOmIYh57Gjf4C2IqPPpm3dUwCHtr1ApX9pQurGPvKtPCIu
y/1jSsv7EyQvu6RLlmreQb/WNCVp3hUcceKyXPxx+6+nu1TZd7PMK1jnBKeipkqQaaaI/Wzi
OVM6TZVRfiem8TmS+hRcm2nTOzbH6ZQVEoXLyMSqBMB4wr74lYF3tr20LRRs9jq53U71ryPH
e+ancLhF4feJI//wUM7/OgZSsAytnoPD9Mmk0PccLkiZ/rcKIwARAQABtCxDaHJpc3RpYW4g
R8O2dHRzY2hlIDxjZ3pvbmVzQGdvb2dsZW1haWwuY29tPokCVAQTAQgAPgIbAwULCQgHAgYV
CAkKCwIEFgIDAQIeAQIXgBYhBI7M3xIQCthNou5+v8eM5zejw+KOBQJdaU41BQkFnpxUAAoJ
EMeM5zejw+KO0AQP/iEv6xD0IIb/HlEgjn8VW33PZGG1UdjlBsS1hGhYQpNAko8MrW6gLTLq
MHOEjdEQGYa0ToyxRqvED+JprsimlUPnYmD83jfqIJ9e+xUWy+pmqHsP//4VLruDJIQcp8hx
m8fpZGzj3cZWmMQvhxtFVqfoXFh4FI7WCngyB6oWoxpkR9OqIWQpDAgzzfpKTuscwvtPeD9N
2kIvwFN07b1Plf59cWCYeMSAGZbemFq9n1jZLNLRKmkl9puInRAi4kySAACAYEclcrK25M2s
ziUUZN0h+b7PKmzoeUsRV9f/u76vdIzQtozFVsMYU2MDBqvpd+12z3ZJczCZLJt2HLk4dV19
r5mB+Ewnff/3ktKEB5ChIuoPxn5UuASJMfX8ChawhRKN8krpoTiqWb1glL771hEGrevDkS12
02BUho+7L6bYGVZOTnRSRRRjCxNkO3zeCg/TQKGMDrTa9y3ljFhUUIp+cChk5A6H9GOUfFvl
W1FeD65kfPfX5vONCaiQKMHJS0OBXFJxJabTuHu3bNr4vnNMHw9alBxeUWEVbBiclSwa50Mj
RZBC562FlNHjN3xgsBQ0wrxMLT8j2RFoz7GIPWa0QoYEcZ84BTJk3mIUXwcrtCMlPgf8TCn1
HEEs6ww8nSvCqj+63EQKFjkGHOSiQhBS2RwZE35+zIgDW+8R8k2PiQJUBBMBCAA+AhsDBQsJ
CAcCBhUICQoLAgQWAgMBAh4BAheAFiEEjszfEhAK2E2i7n6/x4znN6PD4o4FAl8oYNcFCQdd
rvYACgkQx4znN6PD4o5fdQ//SSvYIU4f5y7D0IFK8wMUnfoWHu9DJ8s0TBtspbQxd7VK6Tu9
Ci28LfAZMzxgA8sk5alRGemmlUeVrxJEDNe8QinLHxkrq4dsrDeDI+i3KvTKmgEP7D4hM1rN
twaclHpmVwAj79gNGxxGcdvyqlpWHvdqhoysJv29nfl/SE8ZSv2e8TTNIh0ENuj/gKbEZgKh
m23QdDwOAeBsqv2G/xjca7438VAaRPFSbAXOEsfIyLFidRQSN0p56C+agJs3ziD5xaERSnkd
gaNcCw+bVJ7ksCV0REYr6Z9KiaHU7s7cqVyp2lg3spU0TZC8e4S6rZtaE2zS6duPJupm+He/
UG/lR45I6NH/17B+baeDbkF3rkMDktLxfGEfqexg2uLHNDUun6/4d2IQKOTpcK87+7nCtOH5
0HBQgZuVcU+/jozlNy6UunIMj8QFwF7KBtD2AptL6VGNyx+Tc2b2nO0krKgb+SC/z4pK1O4t
D8DyPp/OfVq54SY7eRJQu6S9dgh41LHb1r7IGpm2tLP/BUpr1koLMy2VD+U/8/L0fUhYaeS0
R/LhtmUUOOkF0d9Vzq0ffz9HGDtiFEfZH3YOeXCNnEz3wRVduVRATtbAmLg288tbrtokUmPG
1NNAfAKn+6mlnktOiKBCOknI9NnBUaQYldFuXvELZuDMaB16sOMxBdXx7RyJAlQEEwEIAD4C
GwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQSOzN8SEArYTaLufr/HjOc3o8PijgUCYRqF
eQUJCU/TmAAKCRDHjOc3o8PijvonD/4rHrRbJYZu8Amj+jZTx67ZLLmB7j1GHww9aw07m+fh
+n6JiSeBKZVJJMcAKtxzq/6KJBjbAqC/Hltnc/4JqN52847JfScNyLwp3fQ4s9J4oMu75hQs
7nsunlaMlwFCD4kTZ9fvCFn9QYXq51T9eULOls1nlkYy9ICiOePC46vsPiDveNKaRBVlf+X+
3aayjtQqLA72sXfgtNho/D+9QX5ab7mrzmhBNjXJuTVKWfP/xqGgFeOJL6JUVh82astejLNp
VYqPj2HABchjnveCRxjDKTJvZCQr2lhcRIApQ6S1PXHSoNTDQguFx+j6wMc9P6Lq735NWpoj
bFKhCjzcgsZ6piDsqjG+PMbMOz+TYZPVoQ3Wn2fH6E7hSZJei5asgt5x7+jQcbCfsqGDpiuK
vo4cti0AxoxKmLwlCVyimtAmHOM13JAbANgHPIMckInxzszCfPJPfD9VWjy+ia2QYsJ/Vxrp
LGs5xz+2zLOk7MAqeIWH1Rd7aKbAwCrzaYi3qZ8Ysc3raCR7jGyjwRiOCy8wjIaNL9/kmL+4
CedaHEbSaehLu3dYl3XQqQZcNJLbU1Sgr64jjcsttANxWc3YR4+gVuQ0ePZgGi0WU1d8F1IJ
8t7wDsCj5gtO1WylCpWTnlGmXj2wyRVjTF+OspKW9VknmzbnPbc5Bc9c51EVNL3uXYkCVAQT
AQgAPgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgBYhBI7M3xIQCthNou5+v8eM5zejw+KO
BQJi+9DbBQkLMR76AAoJEMeM5zejw+KOWnYQAKvDO9ku9MBHv8jrS6o8xYyRruiHzbWIHIBz
DH0GRCitVcMyKrepFy/ovp0HdqF1eF2rnVLeqw6oiTavdiz3EBOgKCOIadZ8ZxbjIJ8Pr3Xe
CnKTOqxsTb9BhNJ3KUKDGZfQjIhI/ZPvTiru2SCqNWaupVsdLO5hSsbW5Qvg0kDtXg0WtOqF
3nCRQw5WbyIe87ggaXptnImSaoq3KApeY+H3W27DBfVrbyvVe/to2Ymvf+O8k6+oACoFmqMt
Bu6Ag99L9as/elRPNmq6YFX5+cMh7jOPBM5OevQV6xmplwPMTSPGiTkmuaKwS1wuHmy6zyvc
YjbKif7hWCYWiBiUDSF0Yem7odSCRGwz/bC2ylO6hAdiWVKiri+5VH7Hvxrz20Hq9KY8TLV0
vN9jHlQ/0h5UsY1UYrTLxYbFqQu14BCwc0UsWB3AMvxFSSfNYZm3A2GVnYCpcA4k9RFePipA
ZD/IHQOZbvzwf4+5kNmkqiT1eId4ZgWImoAhcXIhv+LYFVXc04vv1IYshHASHF4gtRomve02
hSs2NH4RNUx47dvEgQYz78pkkU+sO0f8ZOV/Q2WdcKPoRHk6zMlJJYwO2U67GV81CcS0dqQF
fHClGQwnRqU9gC0OMR4BPB+8wMfUMmc3FmNPNnpojFTyCEj50ITGZdGHGLeE2/AFCozK3cEA
iQJUBBMBCAA+AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEjszfEhAK2E2i7n6/x4zn
N6PD4o4FAmTg0nYFCQ0WIJUACgkQx4znN6PD4o4frA/9E9ymcrjNOfkIjYORRtHP+KgAKrY+
RQNw3XGdrLmFC0w0Zn35b6kjDDJDnEECSrBoB8FuL/gP+4Si9FB5KBe1OigxrelLXr2DDE+e
tcHIHZ1z1s5MLW36QN73NYil/Zm/Hs97BLs2CGVBOta545R4/1jfT1LxtJJ2+pXnssgtglQ+
IdaPh1ZcwS8Kd3M+ABpajKqkqHAouDUZVsQAGdzOMuq24JFKZa9Dkw8RL4u5I3Uc1MgcaQG7
YDs3KPBkM00whr7euLNn7tITWFQtCijKUP/TFG0UsX72/qXBuN9rCoVPU+hS9SjMlr5JhvEY
jUAkiFwa1g5IDaNHXP78cjO1Zy6DmU1G3LAnIGwnwpc2HV7RTw3ZevW0x3+bRceQWcSVmrxz
IkKL2ptecURoU3hOzn9Vs3oJk5Q4R1q786YlQfI9EZyVTCHgT7Od8GPremQrzEWGH7be1fah
DwiQzkk/TvFZp7fqc+20XHA0ANcm55cWHbZxKdvzvDidBtq973Q8RoNpBDs89Pged4Stj8Ae
rjRVeffwDg20HUeLTekzHPAae1iniaDyq6Z5t401q/DDKSoX8SNINrZbT7zNDnxKnGNTA+jV
RVzjKgxNUUWXWDrSfBeS4EcmyWMsirdiBt5OrwrHbr4MHEyeyths5GOG/qPD2OEpg1TLzwiV
lgKt612JAlQEEwEIAD4CGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQSOzN8SEArYTaLu
fr/HjOc3o8PijgUCZc4tFwUJDgN7NgAKCRDHjOc3o8Pijo52D/9M0RSFo9M4GdGM+qgDZtnJ
vaDtrr1SCncuOVhuZ+wiGAi1+lHvsniKLBRK00sZJvyQNzX6Yu2I2eU+MWN+S0RM9FKiP1hT
3v7T960GQTxoR6TICYYcm9paQ4QrsN8SZKdcK2MTRzZMMUGF/0tB+7GQwFVc9S+ox/NFWZ6X
UGClweFof+edWCGbuTdCtLsCEEjJ5lComOQLmRVDRmgZk2uu1uDcPoAbt3qvEm3WkcVJbToo
6Rz11Rea3dPf9kdIHVN1jJkTVwOWbuWEc/otxxGjLRmjRGOutJMRiNOg4NrLGQOpElgRGdxN
ElE9fR6QkB/uQKo4yD40l5rDbdMVjdUyJOZba7PL29r4iGEmJy6dJuZD9mG7bowqr/VrD+S0
O1P2GqDEePRa5YbyMJTJ33w7wyrtRoe/CoU5B7r2b56kAIN0Iz8s6gm0SmsgMF1YVNg/4vdK
DbhN3yHU05PtMsUjjaXFh7Djwyb+c+fbVY8sZYnnpWdgk5Ns8ZYAgKUiINo3SRtjKdjT9rbv
6Vtl4de09mA9wFJhFbKC7ZBA2iZ2jcOOyh2xm9Q3axvuF6r8SjQ/bCnamBYwnZzvD32XHPyQ
Ig+YsMwVrmRVjEg2PLUen2A+DTXpUq+KYMU2D4gBuZWvjwaZ1aLwJ8TDRTYFVBpq0lnsXpVr
j2TnYTUaV7JVBIkCVAQTAQgAPhYhBI7M3xIQCthNou5+v8eM5zejw+KOBQJZq+VhAhsDBQkB
4TOABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEMeM5zejw+KOGb4P/RUH9QBQphI+3nTQ
Yyp1PFvF8orC9DcINjxFV/RiyPfSYzH8ubhEWVOMH9uYEox93y2f2l2o+//4dX38QQFrd/DC
8QxYfSc/uIB5/jCwvr5wqDq2AvgO0Wg9JtE9dB5pBhYEsWDlHQCb2zGHlATg3iXxd3mVpLmc
9kgiOrAT5KvJuvB68mMB0uf6dlqL96ZY9Z/iOnhITuSi6EybLXhD2y8rG3u+o9r23BtxavPZ
OJqkHPPCzs9mOuMxaf6atRFd0bPDcGfT+68q8zhwUzhrLSfc1YWd5tY9aFrc8Nzduv2v6AGW
mm3qYp6SFRN8LSMN/KawFSHexKGlEdvh7C5Ho18CqQCTOQCx55vAKnjgV1kzqOqz9iSoqjSj
ZxwZj4YqQ3IISUHukoyFO+8efSH/fswwbuxDdTIemHGG3rMg97aT+G4RylTkA/hLq1MUy7yo
gRooumecyxw+P3epLRCZIhIjtBFKpUtKUHL2eR4f9TkPT/CprkQ/9X/idur9y3NEx4Ux5Q2q
T3xJ5SbGckXZD0i/l8lagOrQbM9cLE18LZP2hEdWcoE9JwMwkBLslOWeD12lryUbGCzU5gEf
bRaRijqvLxkAHRlUEMzScpeG0S1Qpja/o0msH0MuugkJ13XgHC1wVVmp7Cj8LL+iz3MJNlgg
VENUCsycUnnryL9gry7SuQINBFmr5WEBEADR7DRcyFe5dFk9ZWzlHRoE1ehf3I3T5/oS8285
I4xQ95ga1GWqo7OaOQJXkz0iihcdpQ0JYDE02r4YdaCbkXx6skGk+jNyMKVopc8Wl2qt1i3n
zztxkjshK1mxYFHBFNit/pEm6pW/XfPozvRcnxVw1H0udG/MQM8Qaa10uOy86dNlUYiXgXj7
tkWEzr33swIcqEyGWdBTA6e1T6JhNs+bnqyliOPunpUaUNoTuFAEP6ALlkrNG2j7WjK80AmF
MjpYsRu9MMXxLu/ZXmie/3dze+qub46LItXFIlVwAciNHmdzHEOqS3uBwgZ95ChJbcbAUOz6
zVjNGckJf0xvz1qtqjS6ZUVdSf4eubtAAQETsQ3IVF84zqJZFsXSG4A0A9cpzY85GiFq6b1M
PUaJUDBXYDAnlEzg95wOxWiLJ2FYWsTBxmW3jFZPlTi/1V+qhQ3zDDwJjdMGKRgvSxeLB0Vd
lXHYju3eO/ata8jnZUdvJVztYCSGsfHUfQLRKAy6GuMhAYdfTEJZYUNIzaaXCE9xz6ICROOh
WYSpQym6BympaX0hToth5mvs1EGtGwprYCNO3NYJLOjibxMf6YnrxljV1sImVAQiMfX3tbXt
mP2HCcKAOAjjl89uWCX0alzKpzuktPh+aJGxB98VcP0ZFDWTraQpUNtEkriujQFDeAqhiwAR
AQABiQI8BBgBCAAmAhsMFiEEjszfEhAK2E2i7n6/x4znN6PD4o4FAl1pTqgFCQWenMcACgkQ
x4znN6PD4o7QVw//bfU5nslOQ3mA+DZq2CFGQUHy0AsglKCO6OFJAl2ycgtYoLgvN3NKa9Sg
/zBFxANhcySrXv1nu0tmiCd0mSTtwZyx7okFNeiSiW4nwx8Pp4ZS+hRkUNAorz8f/GgWQ0Z8
eAC3O/VKzCtKztSB0sb1HkIvH0YhUcIOTmT7gQ0L2eyyo9PY68POp49k5oZpOLS49Kv+qY+d
Giq4+NQyYjq8+N1aNHPB5Xk2xN5pxzpOnIZpjD3i6nxv5qDpDuwmVMcLqG7+Ra7TUAO55TY2
OXZpQr3OmGpt3lRzt/xURHz8qzwP2WEUm2tKpTswzdHWsB71TGoYbzws/bFJIHkSYjDA6ia+
yT7WxG/4bSKP7ruZ0DmFfOh1x7MTtVkE+8nWi0p4fM/VtfK6IZGTJs5izA5LcSJRL1eAIDfn
xKumYG/7jDALyu8CHaZdy+oOE5Y8qgaGUjxBWlT606aiqY2yE3xxbci2gEZoule5E4fUJzAj
Exy0Kyr+u5H0KuUyp/JRIYP/U8VH0JHNvYhvaF57ZJrJpXZgjCPtV16x9A9/NOCQh0NVdYCH
kD5Wd9tPVvp8W2mT9LPi1v+C6iTq2KHOn94qKcFL0RNvKRicqIZKd4DWRWaDW5cjzoN5FWIG
Grz8tibCGFegvTOUECmAMw8zVTz+MtcAcqIf8Y+SO/yy5MUL3AeJAjwEGAEIACYCGwwWIQSO
zN8SEArYTaLufr/HjOc3o8PijgUCXyhg7wUJB12vDgAKCRDHjOc3o8Pijr2KD/4lk80ZoYlJ
EvEbihv+13Yx4VmT4aLEJbq31GHGK6mXHCN74hi+wOiIFisr3yVOtKDHdDsXoThmWTCUHuaz
UNg7NUTGWT5ASMX0MP1Pz0ix0IqNG2MsqCgcggqSVHwdkyyAxz/Rq4uxlKwehQA0+526bGbh
ZnGaNz6hnFeXnxTCC05WP/FiOBS2cth9NZZmhIUjYsXirkuLZJG/HTK0Li/UiVXyeIfzUoCl
wVd/M7a4WUCJQPdNW0HTSL1WRpAEahsJrQ1JiFzCobLWBwt91l5Y0AuAtYlIkpadPeDK5wlM
3u4sJbfqNyZwGHDlT1IpOv0pEqjHlIPa0cv13Zss8+smBNd7EbHwdT9jUOm6r+NmJ7vamfXA
Mir+L4t8/TBLqTvaRqYEdzDHkoaVRH5o6FzJ35HsaSvNVM/V5QPbyqS1sWxjczydC1Kg+jFm
jNVAlDJnUq9ar7f4/R8sGc9DjRtu/0ID18yuulspIbOPeom5bfLNj3LZaD39MgRXWSDNpMA/
oVJ9snPCypUk+DHhnvusLC/F03Dap4sK+/giZ7e3V2Luyhe2qtezKSOUKdSziPK9DJ/hW23N
1phnp4HcruQRv2yklPLLEonujNBP52RUApCuqCKb7CiEdXqYO4ePZcU47ej08fRg5gtI7WR0
anRWrYCb8/5yEUkSuSutukoO84kCPAQYAQgAJgIbDBYhBI7M3xIQCthNou5+v8eM5zejw+KO
BQJhGoWcBQkJT9O7AAoJEMeM5zejw+KOp58P/Ai/fKyMLAWaL6FItXn+Rmp93qfhgW0SFmq+
7tkcXEb8t2CZ22Bc+/h0J84d4Rf7hwIpq4NlH82Bbu+eTQPYVyKyPYurUHRiB7sQHG71MVqi
rxy5muB7gU+LGoI/oMCLFpo145sbF9H4YM1INeEJxFsL016cHCcYdKJZHegDypWyCR4XbP4U
NAGjoIUl+6I6oYb8ikAgHIkhIuhRn0mVmfbgRB+dpUtch8xky/cKSyAveifBpuY5b+RilQaH
xVsB9sHYgBYbzjpbFCvZD4E3cQvbFRk5prDFtXn9w7QKyeRQ6bxICIO6merGSYYSaGqctmIC
AtDA/3JamrSk/jNKi2J3tnWXtKSDMORM1FxcA95XjuNxHEti/Rwh6eyx82tyt9dAcBdC/zZo
hCPbgdaTjiFb5LrK6qAQy5+ZAU3HG2YDBK+fbaX94d62x7ArhSD5p6EuXvGOvkFH4uQ+sJaB
y31K/58fAg9udeRmCqRrlZAmEYqmtBeODZ5nDFaa3MoZd4KOBI2fgKW/47D9uEdpAmT6sz8N
KBlcQ3E8Ajo6JMl0XRaLkg/4p/rAHgvNFll2BP57hKJ7Ct7Nhaq5Kq7l/96BAVBLuSlWdVGH
FRvNTWLnyVA1Jla93uQOUZtA7Xfrx3CKMpZrRaXdLoUDh/jbivAG40axzG0TrPsmQJPQnssY
iQI8BBgBCAAmAhsMFiEEjszfEhAK2E2i7n6/x4znN6PD4o4FAmL70O0FCQsxHwwACgkQx4zn
N6PD4o4f5g/+PH57I6Ot8wCcyYGoZ34Ro8tTPVklOM0N83AV47ajUhJiFTf+sQ5l+GmTlLBf
RHWZNOfktYTeXDkkRHm9CeCYIO/JZ6Tz4+hFs1tFak6XSTi8N1DA4Rzld/H64oM5rGri8mwQ
o+TYXZiCiOO94RiRGuFutbKMAegS7sUv7Eis8ZkkayHNaom14AD9T/RPdxOtgL4WyKH1NADc
6WzlxlU9jN81RSPNbxXFqoNJmCQvrQ2800tBjonJzozKOlLMNgXZrdYsSBJLcQ1CzrnV8vvh
sD62SNW9h1g7YNZF1IH3Yz9xlvJPBGFEDDueXf+oN4vtMla7TZOlxZO/Z1wKEKSbnx5vhoXb
8wDreIISG8xvlf7f9F3XvLPBtQBaKSMp0DpAzeR+tJCsynGkbMEtr4anS/0DLhzSl2Ec4Mi1
R7P5kouttEmFQj9O1/P+8EnGBlBA2NBJ77NSLz05mqIkcpdOqcOt8FeHHxnWJMAgV865Ofqy
YSjHZNr3zbxb7dmLuXkAtrxOvHjDQfEPnwRcEJWyAYYQflkWO2dQ9FA5mqmhgishf2bussVG
k8GJX4a5FUHXGSDuyLtl3OFGrgLq4/SP3OhCW4sPffECCwCQ3j6CMPv4P43zk7Wap1Vs4fUV
ByDVQ3PtR5wtP3dGFlaAAuQP3pRIlwEqt/Cxqlgs7NMQ1NeJAjwEGAEIACYCGwwWIQSOzN8S
EArYTaLufr/HjOc3o8PijgUCZODShQUJDRYgpAAKCRDHjOc3o8PijmLiD/sGmu5H+9S6Bcll
ykB+F6Sy34/BBDUDmQJ5aebvumS7sepT4EGPGW8FRl2WDMBy47n1WqqfZSm2fqFrsqk3ct6W
tAe3/s3crP/Ajyzd+36bWrAjaX0hn/j195xpVM908Em7Ir2SwIRmRXT6VvUi76hzzXNQ0MzW
zrcldqwoEVspylqvJ3tM7f/B/j1TOY6DE+cm0vfU2Fe8xQydzoXbzPVsL5sig67sobnrAN4r
7uIVWqjEVW7N/yecIs8OB2Yh6zvtg9xqUYk/fudq4Rpe8F5oconBI+CD/dlAvxsawUvEgnFi
50MXN/ZLjmZRHIujVdcVGiqrhMBAxESXS3ZmAy2GzfPVyiUpbLutES61DPZZnlCsL0DiLV0b
jLDgJAUMpmZ+kY41anlYwSH6gZDkbrCEg+hMzNL/UWdXweywQkLjOLBETbFH1BH/4wuK9ENr
SCCbvW9Nktpx2EwzlseHk/83fRFLbNdMyGWxhxP7QxnOBDMoEnbbEoCtIvOXYKaZNd+WGATx
wa8ebo3muKV0KybiCYPG9lMjoxR5HjytLFItWKobfZeE0WgpJbjQb6L8KmyghPEsIo1F86lk
yaLN4/kuP0NiK48y8nXrgoDy4OUjakqEvZGjQzIwQ0/hNMgstDWuwRdNoVBR7rjqjt6BbXV8
yYxA+Vj/vc9S36holPuk+4kCPAQYAQgAJgIbDBYhBI7M3xIQCthNou5+v8eM5zejw+KOBQJl
zi0IBQkOA3snAAoJEMeM5zejw+KOQPEQAJAHo0ST5Vj/gjeOCvUX9ZuvLz4OSaplabJmz5Cn
5v9pQd8Hq9VOrcBLePw2B230WEfZwKOsL/cj3BZaMRIdKaCO3Ev/ZFj+JOMcEOKPW40AJSNy
b2RNiRAzHF+YcqRMA/y/xcugzO8mX82catEyu+SStBfCfKQQIDsaX0dSaDIprBoIhPmBeaQT
jVRyQYUnWjU6AKvCadJbxYE+vJsbh86jS6XFbPLo/Y6WEfUn9+LnZyX5ufk0iwKf/Bh1ln9N
ibRzsu2Pqq9kTqgessi2B+YZYfOyygicDP+rPouSmVOrtN8Q1/c04lWMPFPtghsFf+2yzS6Q
bwr7GwkabOfs9NsHOhjZIvYX54fR7cEwnymNr9BzU30d2fN6Nh0G8+VIrXNdE/vt8NXM+70d
R1tOJ9ba4zP5gbnP5OFlQ82ibvK9//WOQ0GtBFNiqjuiplkbjQHGgwcdtzTncYIpzjFFJETH
sjtudn8q/91jKOEqLNIGphiieVcR4BYEMLR/UH7wed3LUB77qCJkfTiPYQSPiXhV2+RMx4zJ
8t6Alm/gk6qKfAPU7jatIW+POZUKTN6WVJ8Qwv/+ddlLM0RIoN2afOERAf13tZ+0oQzObns+
G2Dir97bN8zkydkhOXoCwUDL2gBT+MYEeFQXGfwkgciclboFRKuAEyeNoaftkT5TgDdHiQI8
BBgBCAAmFiEEjszfEhAK2E2i7n6/x4znN6PD4o4FAlmr5WECGwwFCQHhM4AACgkQx4znN6PD
4o65Eg/+LEIQsPFjdxu14Z3NC/ySnGeZMO+nZj8gWw7lgpbpnz6ryokQZfPsme+LZsG2b9wm
DSCBKcYZjb96ZOD1B0j8Y7/tl5Pk9epVCuOt/DqFNGw9lF52yMi7LhcM3vgjKDTnyaWCQliX
ahAzLvjrbFO0upp/KoY5r/LE0Km6yEbqO/PFnuyvgAIM8N3+43s6X5FIYuCpDG08unl0CvLJ
b3GZ4xlrToPYTrPCHbavhbExaI6I8s96nrQw6yUX4aGulw0gZaFlKWyirbGQ9rQUr5F0eLJc
FfpD3IEA5TE1UElSZTNxWOrsnTtLJe3JztpSmVQwGoVz1Y4JR6NGdlvD1kKRqBk9Rad8+qHh
6yBdeL1zRdc9SdaVgYenO6xR6ul6n+f+pmwUe/Kt5Oa7kKaFH2YE5g1Qlx8QBgunpAnDVhr9
PToQF0Xl0r012B0P3ZVesOF2GFhQ44tDoajORXOHoYUTChWd8KAVl2T6eRi3h0Zc73I1hZlc
f11QakGAKM0OKS2eaMNHTFqlH29whOjjCH5NSg20t5LzWaAHmgU+tEIsefwpuCa+fUzYEErC
iK6nxdPKISn15P55A3m/j2r+wUClAgsUszStFd60miHEGfVZpuawMso12lax9ZM1u39GnR3T
Dm+IYvXY8UZ/DxbxeftrA3V5b80+uvnAzllkzbwvhK0=
=JFa+
-----END PGP PUBLIC KEY BLOCK-----

16
SOURCES/logrotate-3.22.0.tar.xz.asc
Unescape View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjszfEhAK2E2i7n6/x4znN6PD4o4FAmZbQTIACgkQx4znN6PD
4o73dRAAks06NHExbdj4Ih4NvQ0TXzm6cPXBEjq+gv3bc/HpHKsgcUmmrXwA7bU2
S78FmycscJ5F0yvqtVBySmThIdoNU2b03rNtXWT6a3PjUKjQq8oPGB7dsxFhwQDn
dczL5FR1sOQ4tLcLlCx7gud6tegF6iA8YESNWZlJPx9gK1NgvEgdqK7iCR2UFp24
X/u1bztBd6xN3Tequor5ttMJlsU2vrbSHB4aX0r16yd4nAakihVs0p8hNSPb1/b+
zw/Uy0sLBMID7Fid9VYaAX5m8C9XhVUzqUM+06cCgIRvicC7x34pmC8a8WkVSQtB
IxpDHO4ZPdHMG5LEuLXY1pObzWaN6J5fhIXwsEkmydYdzuOTDAaWGjGvG9F00Bwu
1B4Oq0KBt5xNyFCLkVwHxBJUgMRG+avZudT6uJrbmmpRgYLcVA60D/MDWtk0YpUd
S7soYLyg3tAgmpru0bhB6IaSIvhf0PVX8Gf7j9mMSAlr6q7cjJTF03RPZcQ/SCYr
2wwN/aoCquN+yn6chC91yKdkJIaDD10maNtp5UU+OKgaIGvGr+xNreHm2W/zblSv
h1Oh3dPLzggiLo3s0mMMC19jadGv0lyNwV9QiWuaslzw8B/gRH+3BkGgg0sydS1f
LVWtjHLd2ygIojBx5Ubi0rYX206OlWtgB9zZbFsIJCfLGCS/2W0=
=K4ql
-----END PGP SIGNATURE-----

98
SPECS/logrotate.spec
Unescape View File

@ -1,31 +1,26 @@
Summary: Rotates, compresses, removes and mails system log files Summary: Rotates, compresses, removes and mails system log files
Name: logrotate Name: logrotate
Version: 3.18.0 Version: 3.22.0
Release: 8%{?dist} Release: 4%{?dist}
License: GPLv2+ License: GPL-2.0-or-later
URL: https://github.com/logrotate/logrotate URL: https://github.com/logrotate/logrotate
Source0: https://github.com/logrotate/logrotate/releases/download/%{version}/logrotate-%{version}.tar.xz Source0: https://github.com/logrotate/logrotate/releases/download/%{version}/logrotate-%{version}.tar.xz
Source1: rwtab Source1: https://github.com/logrotate/logrotate/releases/download/%{version}/logrotate-%{version}.tar.xz.asc
# fix resource leaks reported by Coverity # gpg --keyserver pgp.mit.edu --recv-key 8ECCDF12100AD84DA2EE7EBFC78CE737A3C3E28E
Patch: 0001-logrotate-3.18.0-fix-resource-leaks.patch # gpg --output cgzones.pgp --armor --export cgzones@googlemail.com
Source2: cgzones.pgp
# unify documentation of copy/copytruncate/renamecopy (#1934629) Source3: rwtab
Patch: 0002-logrotate-3.18.0-copytruncate-doc.patch
# make `renamecopy` and `copytruncate` override each other (#1934601) # https://github.com/logrotate/logrotate/pull/633
Patch: 0003-logrotate-3.18.0-renamecopy-excl.patch Patch001: 001-Avoid-opening-log-file-for-getting-SELinux-context.patch
# fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
Patch: 0004-logrotate-3.18.0-CVE-2022-1348.patch
# enforce stricter parsing of config files (#2148925)
Patch: 0005-logrotate-3.18.0-stricter-config-parser.patch
BuildRequires: acl BuildRequires: acl
BuildRequires: automake BuildRequires: automake
BuildRequires: gcc BuildRequires: gcc
BuildRequires: git BuildRequires: git
BuildRequires: gnupg2
BuildRequires: libacl-devel BuildRequires: libacl-devel
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: make BuildRequires: make
@ -46,6 +41,7 @@ Install the logrotate package if you need a utility to deal with the
log files on your system. log files on your system.
%prep %prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%autosetup -S git %autosetup -S git
cat >> .gitignore << EOF cat >> .gitignore << EOF
@ -82,7 +78,7 @@ install -p -m 644 examples/logrotate.{service,timer} $RPM_BUILD_ROOT%{_unitdir}/
# Make sure logrotate is able to run on read-only root # Make sure logrotate is able to run on read-only root
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d
install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/logrotate install -m644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/logrotate
%pre %pre
# If /var/lib/logrotate/logrotate.status does not exist, create it and copy # If /var/lib/logrotate/logrotate.status does not exist, create it and copy
@ -122,27 +118,71 @@ fi
%config(noreplace) %{_sysconfdir}/rwtab.d/logrotate %config(noreplace) %{_sysconfdir}/rwtab.d/logrotate
%changelog %changelog
* Tue Dec 20 2022 Kamil Dudka <kdudka@redhat.com> - 3.18.0-8 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.22.0-4
- enforce stricter parsing of config files (#2148925) - Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 3.22.0-3
- Rebuilt for MSVSphere 10
* Tue Oct 01 2024 Jan Macku <jamacku@redhat.com> - 3.22.0-3
- Fix test_0112.sh fails on SELinux-enabled systems (RHEL-61155)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.22.0-2
- Bump release for June 2024 mass rebuild
* Mon Jun 10 2024 Jan Macku <jamacku@redhat.com> - 3.22.0-1
- new upstream version 3.22.0
- release signed with new key (cgzones.pgp)
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.21.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.21.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.21.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri May 27 2022 Kamil Dudka <kdudka@redhat.com> - 3.18.0-7 * Wed Mar 22 2023 Lukáš Zaoral <lzaoral@redhat.com> - 3.21.0-3
- migrated to SPDX license
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.21.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Dec 13 2022 Kamil Dudka <kdudka@redhat.com> - 3.21.0-1
- new upstream version 3.21.0
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.20.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri May 27 2022 Kamil Dudka <kdudka@redhat.com> - 3.20.1-2
- lockState: do not print `error:` when exit code is unaffected (#2090926) - lockState: do not print `error:` when exit code is unaffected (#2090926)
* Wed May 25 2022 Kamil Dudka <kdudka@redhat.com> - 3.18.0-6 * Wed May 25 2022 Kamil Dudka <kdudka@redhat.com> - 3.20.1-1
- fix potential DoS from unprivileged users via the state file (CVE-2022-1348) - new upstream version 3.20.1, which fixes the following security issue:
CVE-2022-1348 - potential DoS from unprivileged users via the state file
* Tue Mar 15 2022 Kamil Dudka <kdudka@redhat.com> - 3.19.0-3
- verify GPG signature of upstream tarball when building the package
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> * Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.19.0-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Related: rhbz#1991688
* Tue May 04 2021 Kamil Dudka <kdudka@redhat.com> - 3.18.0-4 * Fri Jan 07 2022 Kamil Dudka <kdudka@redhat.com> - 3.19.0-1
- new upstream version 3.19.0
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.18.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri May 21 2021 Kamil Dudka <kdudka@redhat.com> - 3.18.1-1
- new upstream version 3.18.1
* Tue May 04 2021 Kamil Dudka <kdudka@redhat.com> - 3.18.0-3
- make `renamecopy` and `copytruncate` override each other (#1934601) - make `renamecopy` and `copytruncate` override each other (#1934601)
- unify documentation of copy/copytruncate/renamecopy (#1934629) - unify documentation of copy/copytruncate/renamecopy (#1934629)
- fix resource leaks reported by Coverity - fix resource leaks reported by Coverity
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.18.0-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.18.0-2 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.18.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

Write Preview
Loading…
Cancel
Save