diff -Nru logrotate-3.19.0/aclocal.m4 logrotate-3.20.1/aclocal.m4 --- logrotate-3.19.0/aclocal.m4 2022-01-07 09:04:06.000000000 +0000 +++ logrotate-3.20.1/aclocal.m4 2022-05-25 15:28:14.000000000 +0000 @@ -1,4 +1,4 @@ -# generated automatically by aclocal 1.16.4 -*- Autoconf -*- +# generated automatically by aclocal 1.16.5 -*- Autoconf -*- # Copyright (C) 1996-2021 Free Software Foundation, Inc. @@ -35,7 +35,7 @@ [am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.16.4], [], +m4_if([$1], [1.16.5], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,7 +51,7 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.16.4])dnl +[AM_AUTOMAKE_VERSION([1.16.5])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) @@ -428,6 +428,10 @@ # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl +m4_ifdef([_$0_ALREADY_INIT], + [m4_fatal([$0 expanded multiple times +]m4_defn([_$0_ALREADY_INIT]))], + [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl diff -Nru logrotate-3.19.0/ChangeLog.md logrotate-3.20.1/ChangeLog.md --- logrotate-3.19.0/ChangeLog.md 2022-01-07 08:59:12.000000000 +0000 +++ logrotate-3.20.1/ChangeLog.md 2022-05-25 15:22:59.000000000 +0000 @@ -4,7 +4,22 @@ ## [UNRELEASED] -[UNRELEASED]: https://github.com/logrotate/logrotate/compare/3.19.0...master +[UNRELEASED]: https://github.com/logrotate/logrotate/compare/3.20.1...master + +## [3.20.1] - 2022-05-25 + - drop world-readable permission on state file even when ACLs are enabled (#446) + +[3.20.1]: https://github.com/logrotate/logrotate/compare/3.20.0...3.20.1 + +## [3.20.0] - 2022-05-25 + - fix potential DoS from unprivileged users via the state file ([CVE-2022-1348]) + - fix a misleading debug message with `copytruncate` and `rotate 0` (#443) + - add support for unsigned `time_t` (#438) + - do not lock state file `/dev/null` (#433) + +[CVE-2022-1348]: https://bugzilla.redhat.com/CVE-2022-1348 + +[3.20.0]: https://github.com/logrotate/logrotate/compare/3.19.0...3.20.0 ## [3.19.0] - 2022-01-07 - continue on `EINTR` in `compressLogFile()` (#430) diff -Nru logrotate-3.19.0/config.c logrotate-3.20.1/config.c --- logrotate-3.19.0/config.c 2022-01-06 16:11:00.000000000 +0000 +++ logrotate-3.20.1/config.c 2022-05-24 15:20:14.000000000 +0000 @@ -123,7 +123,7 @@ STATE_ERROR = 64, }; -static const char *defTabooExts[] = { +static const char *const defTabooExts[] = { ",v", ".bak", ".cfsaved", diff -Nru logrotate-3.19.0/configure logrotate-3.20.1/configure --- logrotate-3.19.0/configure 2022-01-07 09:04:06.000000000 +0000 +++ logrotate-3.20.1/configure 2022-05-25 15:28:14.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for logrotate 3.19.0. +# Generated by GNU Autoconf 2.71 for logrotate 3.20.1. # # # Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, @@ -607,8 +607,8 @@ # Identity of this package. PACKAGE_NAME='logrotate' PACKAGE_TARNAME='logrotate' -PACKAGE_VERSION='3.19.0' -PACKAGE_STRING='logrotate 3.19.0' +PACKAGE_VERSION='3.20.1' +PACKAGE_STRING='logrotate 3.20.1' PACKAGE_BUGREPORT='' PACKAGE_URL='https://github.com/logrotate/logrotate' @@ -1320,7 +1320,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures logrotate 3.19.0 to adapt to many kinds of systems. +\`configure' configures logrotate 3.20.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1391,7 +1391,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of logrotate 3.19.0:";; + short | recursive ) echo "Configuration of logrotate 3.20.1:";; esac cat <<\_ACEOF @@ -1504,7 +1504,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -logrotate configure 3.19.0 +logrotate configure 3.20.1 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -1839,7 +1839,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by logrotate $as_me 3.19.0, which was +It was created by logrotate $as_me 3.20.1, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -3111,7 +3111,7 @@ # Define the identity of the package. PACKAGE='logrotate' - VERSION='3.19.0' + VERSION='3.20.1' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -6931,7 +6931,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by logrotate $as_me 3.19.0, which was +This file was extended by logrotate $as_me 3.20.1, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -7000,7 +7000,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -logrotate config.status 3.19.0 +logrotate config.status 3.20.1 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff -Nru logrotate-3.19.0/debian/changelog logrotate-3.20.1/debian/changelog --- logrotate-3.19.0/debian/changelog 2022-01-24 15:37:01.000000000 +0000 +++ logrotate-3.20.1/debian/changelog 2022-05-26 14:33:29.000000000 +0000 @@ -1,12 +1,31 @@ -logrotate (3.19.0-1ubuntu1) jammy; urgency=low +logrotate (3.20.1-1ubuntu1) kinetic; urgency=medium - * Merge from Debian unstable (LP: #1958887). Remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/patches/ubuntu/logrotate.conf-use-group-adm.patch: - Use group 'adm' by default when rotating logs. + * debian/rules: fix sed syntax to not end up with a backup file. - -- Alexandre Ghiti Mon, 24 Jan 2022 16:37:01 +0100 + -- Marc Deslauriers Thu, 26 May 2022 10:33:29 -0400 + +logrotate (3.20.1-1) unstable; urgency=medium + + [ Jeremy Bicha ] + * Use group adm on Ubuntu for rotating logs + * debian/ubuntu-logrotate.conf: Update comment to /var/log/ + + [ Christian Göttsche ] + * New upstream version 3.20.1 + - fix potential DoS from unprivileged users via the state file + (CVE-2022-1348) + * d/patches: drop upstream applied one + * d/control: bump to std version 4.6.1 (no further changes) + * d/control: reduce mailx from Recommends to Suggests + + -- Christian Göttsche Thu, 26 May 2022 00:15:57 +0200 + +logrotate (3.19.0-2) unstable; urgency=medium + + * d/patches: cherry-pick commit skip locking /dev/null, + should fix FTBFS on GNU/Hurd + + -- Christian Göttsche Sun, 30 Jan 2022 16:15:24 +0100 logrotate (3.19.0-1) unstable; urgency=medium @@ -22,16 +41,6 @@ -- Christian Göttsche Fri, 07 Jan 2022 19:14:25 +0100 -logrotate (3.18.1-2ubuntu1) jammy; urgency=low - - * Merge from Debian unstable (LP: #1952602). Remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/patches/ubuntu/logrotate.conf-use-group-adm.patch: - Use group 'adm' by default when rotating logs. - - -- Alexandre Ghiti Sun, 17 Oct 2021 10:59:56 +0000 - logrotate (3.18.1-2) unstable; urgency=medium * Upload to unstable @@ -46,22 +55,6 @@ -- Christian Göttsche Sat, 22 May 2021 18:04:29 +0200 -logrotate (3.18.0-2ubuntu2) impish; urgency=medium - - * No-change rebuild to build packages with zstd compression. - - -- Matthias Klose Thu, 07 Oct 2021 12:20:17 +0200 - -logrotate (3.18.0-2ubuntu1) impish; urgency=medium - - * Merge from Debian unstable. Remaining Ubuntu changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/patches/ubuntu/logrotate.conf-use-group-adm.patch: - Use group 'adm' by default when rotating logs. - - -- Lukas Märdian Tue, 18 May 2021 11:09:21 +0200 - logrotate (3.18.0-2) unstable; urgency=medium * d/patches: cherry-pick relevant commits for Bullseye @@ -76,15 +69,6 @@ -- Christian Göttsche Sun, 28 Feb 2021 17:37:19 +0100 -logrotate (3.18.0-1ubuntu1) hirsute; urgency=low - - * Merge from Debian unstable. (LP: #1915211) Remaining Ubuntu changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/logrotate.conf: use group 'adm' by default when rotating logs. - - -- Matthieu Clemenceau Tue, 09 Feb 2021 15:50:53 -0600 - logrotate (3.18.0-1) unstable; urgency=medium * New upstream version 3.18.0 @@ -95,15 +79,6 @@ -- Christian Göttsche Fri, 08 Jan 2021 10:06:25 +0100 -logrotate (3.17.0-2ubuntu1) hirsute; urgency=low - - * Merge from Debian unstable. Remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/logrotate.conf: use group 'syslog' by default when rotating logs. - - -- Matthieu Clemenceau Tue, 01 Dec 2020 17:15:53 -0600 - logrotate (3.17.0-2) unstable; urgency=medium * d/patches: imported upstream applied patches @@ -120,17 +95,6 @@ -- Christian Göttsche Mon, 02 Nov 2020 17:44:14 +0100 -logrotate (3.17.0-1ubuntu1) hirsute; urgency=medium - - * Merge from Debian unstable. Remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/logrotate.conf: use group 'syslog' by default when rotating logs. - * Dropped changes, included upstream: - - Chery-pick upstream patch to fix FTBFS with GCC 10 - - -- Balint Reczey Mon, 26 Oct 2020 18:24:33 +0100 - logrotate (3.17.0-1) unstable; urgency=medium * New upstream version 3.17.0 (Closes: #945097, #966016) @@ -228,51 +192,6 @@ -- Christian Göttsche Fri, 30 Aug 2019 20:37:13 +0200 -logrotate (3.14.0-4ubuntu5) groovy; urgency=medium - - * Chery-pick upstream patch to fix FTBFS with GCC 10 - - -- Balint Reczey Thu, 10 Sep 2020 18:15:41 +0200 - -logrotate (3.14.0-4ubuntu4) groovy; urgency=medium - - * No change rebuild against new CET ABI. - - -- Dimitri John Ledkov Fri, 10 Jul 2020 18:28:21 +0100 - -logrotate (3.14.0-4ubuntu3) disco; urgency=medium - - * Fix typo in 'adm' group name. - - -- Dimitri John Ledkov Mon, 21 Jan 2019 10:11:39 +0000 - -logrotate (3.14.0-4ubuntu2) disco; urgency=medium - - * Use group 'adm' instead of 'syslog' when rotating logs. LP: #1644996. - - -- Steve Langasek Thu, 17 Jan 2019 16:28:19 +0200 - -logrotate (3.14.0-4ubuntu1) cosmic; urgency=low - - * Merge from Debian unstable. Remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/logrotate.conf: use group 'syslog' by default when rotating logs. - * Dropped changes, included upstream: - - logrotate does not ever recover from a corrupted statefile - + d/p/do-not-treat-failure-of-readState-as-fatal.patch - * Dropped changes, no longer needed: - - debian/patches/manpage.patch: state file path now picked up dynamically - at build time. - * Dropped changes: - - debian/cron.daily: Clean non-existent log files from logrotate status - file. It is not immediately clear whether logrotate now does this - itself without help, but with the move to systemd timers this is no - longer an effective way to handle it. Debian bug #871592 suggests - that this is fixed upstream. - - -- Steve Langasek Tue, 18 Sep 2018 20:51:14 +0200 - logrotate (3.14.0-4) unstable; urgency=medium * d/control: @@ -332,28 +251,6 @@ -- Christian Göttsche Fri, 29 Jun 2018 11:26:00 +0200 -logrotate (3.11.0-0.1ubuntu1) artful; urgency=medium - - * Merge with Debian unstable. Remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/cron.daily: Clean non-existent log files from logrotate status - file. - - debian/logrotate.conf: use group 'syslog' by default when rotating logs. - - debian/patches/manpage.patch: fix state file path in FILES section - (LP #772214) - [ Refreshed ] - - logrotate does not ever recover from a corrupted statefile (LP #1709670) - + d/p/do-not-treat-failure-of-readState-as-fatal.patch - [ Refreshed to be an unmodified cherry-pick ] - * Drop: - - createOutputFile: rename already existing file (LP: #1630516) - + d/p/ubuntu/createOutputFile-eliminate-stat-open-TOCTOU-race.patch - + d/p/ubuntu/createOutputFile-rename-already-existing-file.patch - [ Fixed upstream ] - - -- Nishanth Aravamudan Mon, 21 Aug 2017 16:01:27 -0700 - logrotate (3.11.0-0.1) unstable; urgency=low * Non-maintainer upload @@ -364,40 +261,6 @@ -- Christoph Biedl Sat, 07 Jan 2017 19:54:50 +0100 -logrotate (3.8.7-2ubuntu4) artful; urgency=medium - - * logrotate does not ever recover from a corrupted statefile (LP: #1709670) - - d/p/do-not-treat-failure-of-readState-as-fatal.patch - (Backported from commit b9d82003002c98370e4131a7e43c76afcd23306a) - - -- Eric Desrochers Wed, 09 Aug 2017 11:39:36 -0700 - -logrotate (3.8.7-2ubuntu3) zesty; urgency=medium - - * createOutputFile: rename already existing file (LP: #1630516) - - d/p/ubuntu/createOutputFile-eliminate-stat-open-TOCTOU-race.patch - - d/p/ubuntu/createOutputFile-rename-already-existing-file.patch - - -- Christian Ehrhardt Wed, 22 Mar 2017 11:47:34 +0100 - -logrotate (3.8.7-2ubuntu2) wily; urgency=medium - - * debian/patches/manpage.patch: fix state file path in FILES section - (LP: #772214) - - -- Andrey Bondarenko Tue, 01 Sep 2015 11:56:43 +0500 - -logrotate (3.8.7-2ubuntu1) wily; urgency=low - - * Merge from Debian unstable. Remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/cron.daily: Clean non-existent log files from logrotate status - file. - - debian/logrotate.conf: use group 'syslog' by default when rotating logs. - - -- Steve Langasek Thu, 21 May 2015 16:58:31 -0700 - logrotate (3.8.7-2) unstable; urgency=low * New patch: @@ -407,17 +270,6 @@ -- Paul Martin Tue, 05 May 2015 23:18:48 +0100 -logrotate (3.8.7-1ubuntu1) trusty; urgency=medium - - * Merge from Debian unstable, remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/cron.daily: Clean non-existent log files from logrotate status - file. - - debian/logrotate.conf: use group 'syslog' by default when rotating logs. - - -- Steve Langasek Wed, 22 Jan 2014 11:05:42 -0800 - logrotate (3.8.7-1) unstable; urgency=low * New patch: @@ -429,24 +281,6 @@ -- Paul Martin Fri, 17 Jan 2014 09:46:01 +0000 -logrotate (3.8.6-1ubuntu2) trusty; urgency=low - - * debian/logrotate.conf: use group 'syslog' by default when rotating logs, - otherwise logrotate will refuse to rotate logs in /var/log whose owning - group is now syslog instead of root. LP: #1258202. - - -- Steve Langasek Thu, 05 Dec 2013 10:35:47 -0800 - -logrotate (3.8.6-1ubuntu1) trusty; urgency=low - - * Resynchronise with Debian. Remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/cron.daily: Clean non-existent log files from logrotate status - file. - - -- Colin Watson Tue, 29 Oct 2013 08:20:39 -0700 - logrotate (3.8.6-1) unstable; urgency=low * New upstream release @@ -524,23 +358,6 @@ -- Paul Martin Wed, 24 Apr 2013 14:29:30 +0100 -logrotate (3.8.3-3ubuntu2) raring; urgency=low - - * Use correct compiler when cross-building. - * Honour DEB_BUILD_OPTIONS=nocheck. - - -- Colin Watson Sat, 01 Dec 2012 01:24:57 +0000 - -logrotate (3.8.3-3ubuntu1) raring; urgency=low - - * Resynchronise with Debian. Remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don't configure an MTA by default. - - debian/cron.daily: Clean non-existent log files from logrotate status - file. - - -- Colin Watson Tue, 27 Nov 2012 18:33:50 +0000 - logrotate (3.8.3-3) unstable; urgency=low * Remove acl from Build-Depends. Buildd servers don't support ACLs @@ -704,55 +521,6 @@ * Update standards version to 3.9.2 (no changes). -- Paul Martin Wed, 22 Jun 2011 15:51:46 +0100 -logrotate (3.7.8-6ubuntu6) quantal; urgency=low - - * Rebuild for new armel compiler default of ARMv5t. - - -- Colin Watson Tue, 02 Oct 2012 16:36:26 +0100 - -logrotate (3.7.8-6ubuntu5) oneiric; urgency=low - - * cron.daily: ensure that the status file exists to avoid error messages - in cron mail. LP: #785670 - - -- Reinhard Tartler Tue, 04 Oct 2011 18:23:34 +0200 - -logrotate (3.7.8-6ubuntu4) oneiric; urgency=low - - * SECURITY UPDATE: arbitrary code execution via shell metacharacters in - log filename - - debian/patches/CVE-2011-1154.patch: improve shred logic in - logrotate.c. - - CVE-2011-1154 - * SECURITY UPDATE: denial of service via invalid characters in log - filename - - debian/patches/CVE-2011-1155.patch: properly escape filenames in - logrotate.c. - - CVE-2011-1155 - - -- Marc Deslauriers Fri, 17 Jun 2011 13:36:27 -0400 - -logrotate (3.7.8-6ubuntu3) natty; urgency=low - - * cron.daily: Fixing a shell redirection error - - -- Ahmed Kamal Sun, 13 Mar 2011 02:21:08 +0200 - -logrotate (3.7.8-6ubuntu2) natty; urgency=low - - * cron.daily: Added ability to clean non existent log files from - logrotate status file (LP: #730504) - - -- Ahmed Kamal Sat, 12 Mar 2011 14:58:38 +0200 - -logrotate (3.7.8-6ubuntu1) maverick; urgency=low - - * Merge from debian unstable (LP: #554823), remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don'c configure an MTA by default. - - -- Lorenzo De Liso Wed, 14 Jul 2010 19:34:54 +0200 - logrotate (3.7.8-6) unstable; urgency=low * New patch: @@ -772,21 +540,6 @@ -- Paul Martin Sat, 20 Mar 2010 19:37:26 +0000 -logrotate (3.7.8-4ubuntu2) lucid; urgency=low - - * rebuild rest of main for armel armv7/thumb2 optimization; - UbuntuSpec:mobile-lucid-arm-gcc-v7-thumb2 - - -- Alexander Sack Sun, 07 Mar 2010 00:56:16 +0100 - -logrotate (3.7.8-4ubuntu1) karmic; urgency=low - - * Merge from debian unstable, remaining changes: LP: #414347 - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don'c configure an MTA by default. - - -- Bhavani Shankar Sun, 16 Aug 2009 12:40:24 +0530 - logrotate (3.7.8-4) unstable; urgency=high * New patch: @@ -844,24 +597,6 @@ -- Paul Martin Tue, 04 Aug 2009 15:18:18 +0100 -logrotate (3.7.7-5ubuntu1) karmic; urgency=low - - * Merge from debian unstable, remaining changes: LP: #410660 - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don'c configure an MTA by default. - - -- Bhavani Shankar Sat, 08 Aug 2009 17:00:10 +0530 - -logrotate (3.7.7-5) unstable; urgency=high - - * Backport patch from 3.7.8-3 (in experimental): - + nofollow.patch: If a logfile is a symlink, it may be read when - being compressed, being copied (copy, copytruncate) or mailed. - Secure data (eg. password files) may be exposed. Thanks to - Florian Zumbiehl for getting me thinking about this one. - - -- Paul Martin Thu, 06 Aug 2009 16:41:26 +0100 - logrotate (3.7.7-4) unstable; urgency=low * Update location of upstream in debian/copyright. @@ -874,28 +609,6 @@ -- Paul Martin Sun, 18 Jan 2009 00:48:49 +0000 -logrotate (3.7.7-3ubuntu1) jaunty; urgency=low - - * Merge from debian unstable, remaining changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used - on request, and we don'c configure an MTA by default. - - -- Chuck Short Sun, 18 Jan 2009 05:51:34 +0000 - -logrotate (3.7.7-3) unstable; urgency=low - - * Fix sharedcycles. (Closes: #512152) - - -- Paul Martin Sun, 18 Jan 2009 00:48:49 +0000 - -logrotate (3.7.7-2ubuntu1) jaunty; urgency=low - - * Merge from debian unstable, remaining changes: LP: #313461 - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used on - request, and we don't configure an MTA by default. - - -- Bhavani Shankar Sat, 03 Jan 2009 19:08:07 +0530 - logrotate (3.7.7-2) unstable; urgency=low * Upload to unstable. @@ -907,14 +620,6 @@ -- Paul Martin Wed, 17 Dec 2008 13:12:27 +0000 -logrotate (3.7.7-1ubuntu1) jaunty; urgency=low - - * Merge with Debian experimental (LP: #64964). Remaining Ubuntu changes: - - debian/control: Drop mailx to Suggests for Ubuntu; it's only used on - request, and we don't configure an MTA by default. - - -- Martin Pitt Fri, 07 Nov 2008 14:57:09 +0100 - logrotate (3.7.7-1) experimental; urgency=low * New upstream release (based on upstream 3.7.7-1) diff -Nru logrotate-3.19.0/debian/control logrotate-3.20.1/debian/control --- logrotate-3.19.0/debian/control 2022-01-24 15:37:01.000000000 +0000 +++ logrotate-3.20.1/debian/control 2022-05-26 14:33:29.000000000 +0000 @@ -11,7 +11,7 @@ Vcs-Browser: https://salsa.debian.org/debian/logrotate Vcs-Git: https://salsa.debian.org/debian/logrotate.git Homepage: https://github.com/logrotate/logrotate -Standards-Version: 4.6.0 +Standards-Version: 4.6.1 Rules-Requires-Root: no Package: logrotate diff -Nru logrotate-3.19.0/debian/patches/series logrotate-3.20.1/debian/patches/series --- logrotate-3.19.0/debian/patches/series 2022-01-24 15:37:01.000000000 +0000 +++ logrotate-3.20.1/debian/patches/series 2022-05-25 22:15:57.000000000 +0000 @@ -1,4 +1,3 @@ debian/skip-cronjob-when-running-with-systemd.patch debian/logrotate.conf-disable-dateext-on-Debian.patch -ubuntu/logrotate.conf-use-group-adm.patch debian/replace-ELF-header-in-test-case.patch diff -Nru logrotate-3.19.0/debian/patches/ubuntu/logrotate.conf-use-group-adm.patch logrotate-3.20.1/debian/patches/ubuntu/logrotate.conf-use-group-adm.patch --- logrotate-3.19.0/debian/patches/ubuntu/logrotate.conf-use-group-adm.patch 2022-01-24 15:37:01.000000000 +0000 +++ logrotate-3.20.1/debian/patches/ubuntu/logrotate.conf-use-group-adm.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -Description: Use group 'adm' instead of 'syslog' when rotating logs. -Author: Lukas Märdian -Origin: vendor -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logrotate/+bug/1644996 -Forwarded: not-needed -Last-Update: 2021-05-18 ---- - ---- logrotate-3.18.0.orig/examples/logrotate.conf -+++ logrotate-3.18.0/examples/logrotate.conf -@@ -5,6 +5,10 @@ - # rotate log files weekly - weekly - -+# use the adm group by default, since this is the owning group -+# of /var/log/syslog. -+su root adm -+ - # keep 4 weeks worth of backlogs - rotate 4 - diff -Nru logrotate-3.19.0/debian/rules logrotate-3.20.1/debian/rules --- logrotate-3.19.0/debian/rules 2022-01-24 15:37:01.000000000 +0000 +++ logrotate-3.20.1/debian/rules 2022-05-26 14:33:29.000000000 +0000 @@ -10,3 +10,11 @@ --enable-werror \ --with-state-file-path=/var/lib/logrotate/status \ --with-default-mail-command=/usr/bin/mail + +# Add Ubuntu customization to line 6 +# because that's where Ubuntu had been adding these lines +execute_after_dh_install: +ifeq ($(shell dpkg-vendor --query vendor),Ubuntu) + sed -i -e "6r debian/ubuntu-logrotate.conf" \ + debian/logrotate/etc/logrotate.conf +endif diff -Nru logrotate-3.19.0/debian/ubuntu-logrotate.conf logrotate-3.20.1/debian/ubuntu-logrotate.conf --- logrotate-3.19.0/debian/ubuntu-logrotate.conf 1970-01-01 00:00:00.000000000 +0000 +++ logrotate-3.20.1/debian/ubuntu-logrotate.conf 2022-05-25 22:15:57.000000000 +0000 @@ -0,0 +1,4 @@ + +# use the adm group by default, since this is the owning group +# of /var/log/. +su root adm diff -Nru logrotate-3.19.0/logrotate.8 logrotate-3.20.1/logrotate.8 --- logrotate-3.19.0/logrotate.8 2022-01-07 09:04:10.000000000 +0000 +++ logrotate-3.20.1/logrotate.8 2022-05-25 15:28:20.000000000 +0000 @@ -1,4 +1,4 @@ -.TH LOGROTATE 8 "3.19.0" "Linux" "System Administrator's Manual" +.TH LOGROTATE 8 "3.20.1" "Linux" "System Administrator's Manual" .\" Per groff_man(7), the TQ macro should be copied from an-ext.tmac when .\" not running under groff. That's not quite right; not all groff .\" installations include this macro. So bring it in with another name @@ -76,7 +76,7 @@ acquires a lock on the state file, if it cannot be acquired \fBlogrotate\fR will exit with value 3. The default state file is \fI/var/lib/logrotate.status\fR. If \fI/dev/null\fR is given as the state file, then \fBlogrotate\fR will -not try to write the state file. +not try to lock or write the state file. .TP \fB\-\-skip-state-lock\fR diff -Nru logrotate-3.19.0/logrotate.8.in logrotate-3.20.1/logrotate.8.in --- logrotate-3.19.0/logrotate.8.in 2021-10-06 14:06:15.000000000 +0000 +++ logrotate-3.20.1/logrotate.8.in 2022-03-31 12:00:36.000000000 +0000 @@ -76,7 +76,7 @@ acquires a lock on the state file, if it cannot be acquired \fBlogrotate\fR will exit with value 3. The default state file is \fI@STATE_FILE_PATH@\fR. If \fI/dev/null\fR is given as the state file, then \fBlogrotate\fR will -not try to write the state file. +not try to lock or write the state file. .TP \fB\-\-skip-state-lock\fR diff -Nru logrotate-3.19.0/logrotate.c logrotate-3.20.1/logrotate.c --- logrotate-3.19.0/logrotate.c 2022-01-06 16:31:39.000000000 +0000 +++ logrotate-3.20.1/logrotate.c 2022-05-25 15:19:45.000000000 +0000 @@ -1248,7 +1248,7 @@ int rc = 1; int fdcurr = -1, fdsave = -1; - message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog); + message(MESS_DEBUG, "%scopying %s to %s\n", skip_copy ? "skip " : "", currLog, saveLog); if (!debug) { /* read access is sufficient for 'copy' but not for 'copytruncate' */ @@ -1338,10 +1338,10 @@ } /* return by how many days the date was advanced but ignore exact time */ -static time_t daysElapsed(const struct tm *now, const struct tm *last) +static long daysElapsed(const struct tm *now, const struct tm *last) { - const time_t diff = mktimeFromDateOnly(now) - mktimeFromDateOnly(last); - return diff / (24 * 3600); + const double diff = difftime(mktimeFromDateOnly(now),mktimeFromDateOnly(last)); + return (long) (diff / (24 * 3600)); } static int findNeedRotating(const struct logInfo *log, unsigned logNum, int force) @@ -1443,7 +1443,7 @@ message(MESS_DEBUG, " log does not need rotating " "(log size is below the 'size' threshold)\n"); } - } else if (mktime(&state->lastRotated) - mktime(&now) > (25 * 3600)) { + } else if (difftime(mktime(&state->lastRotated), mktime(&now)) > (25 * 3600)) { /* 25 hours allows for DST changes as well as geographical moves */ message(MESS_ERROR, "log %s last rotated in the future -- rotation forced\n", @@ -1453,7 +1453,7 @@ state->lastRotated.tm_mon != now.tm_mon || state->lastRotated.tm_mday != now.tm_mday || state->lastRotated.tm_hour != now.tm_hour) { - time_t days; + long days; switch (log->criterium) { case ROT_WEEKLY: days = daysElapsed(&now, &state->lastRotated); @@ -1532,7 +1532,7 @@ "('minsize' directive is used and the log " "size is smaller than the minsize value)\n"); } - if (log->rotateMinAge && log->rotateMinAge * DAY_SECONDS >= nowSecs - sb.st_mtime) { + if (log->rotateMinAge && log->rotateMinAge * DAY_SECONDS >= difftime(nowSecs, sb.st_mtime)) { state->doRotate = 0; message(MESS_DEBUG, " log does not need rotating " "('minage' directive is used and the log " @@ -1925,7 +1925,7 @@ if (((globResult.gl_pathc >= (size_t)rotateCount) && (glob_count <= (globResult.gl_pathc - (size_t)rotateCount))) || ((log->rotateAge > 0) && - (((nowSecs - fst_buf.st_mtime) / DAY_SECONDS) + ((difftime(nowSecs, fst_buf.st_mtime) / DAY_SECONDS) > log->rotateAge))) { if (mail_out != (size_t)-1) { char *mailFilename = @@ -2039,7 +2039,7 @@ continue; } - if (((nowSecs - fst_buf.st_mtime) / DAY_SECONDS) > log->rotateAge) { + if ((difftime(nowSecs, fst_buf.st_mtime) / DAY_SECONDS) > log->rotateAge) { if (!hasErrors && log->logAddress) hasErrors = mailLogWrapper(oldName, mailCommand, logNum, log); @@ -2593,6 +2593,7 @@ struct tm now; time_t now_time, last_time; char *prevCtx; + int force_mode = 0; if (!strcmp(stateFilename, "/dev/null")) /* explicitly asked not to write the state file */ @@ -2664,7 +2665,13 @@ close(fdcurr); - fdsave = createOutputFile(tmpFilename, O_RDWR, &sb, prev_acl, 0); + if (sb.st_mode & (mode_t)S_IROTH) { + /* drop world-readable flag to prevent others from locking */ + sb.st_mode &= ~(mode_t)S_IROTH; + force_mode = 1; + } + + fdsave = createOutputFile(tmpFilename, O_RDWR, &sb, prev_acl, force_mode); #ifdef WITH_ACL if (prev_acl) { acl_free(prev_acl); @@ -3000,15 +3007,22 @@ static int lockState(const char *stateFilename, int skip_state_lock) { - int lockFd = open(stateFilename, O_RDWR | O_CLOEXEC); + int lockFd; + struct stat sb; + + if (!strcmp(stateFilename, "/dev/null")) { + return 0; + } + + lockFd = open(stateFilename, O_RDWR | O_CLOEXEC); if (lockFd == -1) { if (errno == ENOENT) { message(MESS_DEBUG, "Creating stub state file: %s\n", stateFilename); - /* create a stub state file with mode 0644 */ + /* create a stub state file with mode 0640 */ lockFd = open(stateFilename, O_CREAT | O_EXCL | O_WRONLY, - S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH); + S_IWUSR | S_IRUSR | S_IRGRP); if (lockFd == -1) { message(MESS_ERROR, "error creating stub state file %s: %s\n", stateFilename, strerror(errno)); @@ -3026,6 +3040,22 @@ stateFilename); close(lockFd); return 0; + } + + if (fstat(lockFd, &sb) == -1) { + message(MESS_ERROR, "error stat()ing state file %s: %s\n", + stateFilename, strerror(errno)); + close(lockFd); + return 1; + } + + if (sb.st_mode & S_IROTH) { + message(MESS_ERROR, "state file %s is world-readable and thus can" + " be locked from other unprivileged users." + " Skipping lock acquisition...\n", + stateFilename); + close(lockFd); + return 0; } if (flock(lockFd, LOCK_EX | LOCK_NB) == -1) { diff -Nru logrotate-3.19.0/logrotate.spec logrotate-3.20.1/logrotate.spec --- logrotate-3.19.0/logrotate.spec 2022-01-07 09:04:10.000000000 +0000 +++ logrotate-3.20.1/logrotate.spec 2022-05-25 15:28:20.000000000 +0000 @@ -1,6 +1,6 @@ Summary: Rotates, compresses, removes and mails system log files Name: logrotate -Version: 3.19.0 +Version: 3.20.1 Release: 1%{?dist} License: GPLv2+ Group: System Environment/Base @@ -41,7 +41,6 @@ install -p -m 644 examples/btmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/btmp install -p -m 644 examples/wtmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/wtmp install -p -m 755 examples/logrotate.cron $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/logrotate -touch $RPM_BUILD_ROOT%{_localstatedir}/lib/logrotate.status %clean rm -rf $RPM_BUILD_ROOT @@ -55,4 +54,4 @@ %attr(0755, root, root) %{_sysconfdir}/cron.daily/logrotate %attr(0644, root, root) %config(noreplace) %{_sysconfdir}/logrotate.conf %attr(0755, root, root) %{_sysconfdir}/logrotate.d -%attr(0644, root, root) %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/logrotate.status +%ghost %attr(0640, root, root) %verify(not size md5 mtime) %{_localstatedir}/lib/logrotate.status diff -Nru logrotate-3.19.0/logrotate.spec.in logrotate-3.20.1/logrotate.spec.in --- logrotate-3.19.0/logrotate.spec.in 2019-10-14 12:10:31.000000000 +0000 +++ logrotate-3.20.1/logrotate.spec.in 2022-05-25 07:06:46.000000000 +0000 @@ -41,7 +41,6 @@ install -p -m 644 examples/btmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/btmp install -p -m 644 examples/wtmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/wtmp install -p -m 755 examples/logrotate.cron $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/logrotate -touch $RPM_BUILD_ROOT%{_localstatedir}/lib/logrotate.status %clean rm -rf $RPM_BUILD_ROOT @@ -55,4 +54,4 @@ %attr(0755, root, root) %{_sysconfdir}/cron.daily/logrotate %attr(0644, root, root) %config(noreplace) %{_sysconfdir}/logrotate.conf %attr(0755, root, root) %{_sysconfdir}/logrotate.d -%attr(0644, root, root) %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/logrotate.status +%ghost %attr(0640, root, root) %verify(not size md5 mtime) %{_localstatedir}/lib/logrotate.status diff -Nru logrotate-3.19.0/Makefile.in logrotate-3.20.1/Makefile.in --- logrotate-3.19.0/Makefile.in 2022-01-07 09:04:07.000000000 +0000 +++ logrotate-3.20.1/Makefile.in 2022-05-25 15:28:14.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.16.4 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. diff -Nru logrotate-3.19.0/README.md logrotate-3.20.1/README.md --- logrotate-3.19.0/README.md 2022-01-07 08:32:42.000000000 +0000 +++ logrotate-3.20.1/README.md 2022-05-25 15:21:10.000000000 +0000 @@ -6,10 +6,12 @@ The latest release is: -* [logrotate-3.19.0](https://github.com/logrotate/logrotate/releases/download/3.19.0/logrotate-3.19.0.tar.xz) ([sig](https://github.com/logrotate/logrotate/releases/download/3.19.0/logrotate-3.19.0.tar.xz.asc)) ([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.19.0)) +* [logrotate-3.20.1](https://github.com/logrotate/logrotate/releases/download/3.20.1/logrotate-3.20.1.tar.xz) ([sig](https://github.com/logrotate/logrotate/releases/download/3.20.1/logrotate-3.20.1.tar.xz.asc)) ([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.20.1)) Previous releases: +* [logrotate-3.20.0](https://github.com/logrotate/logrotate/releases/download/3.20.0/logrotate-3.20.0.tar.xz) ([sig](https://github.com/logrotate/logrotate/releases/download/3.20.0/logrotate-3.20.0.tar.xz.asc)) ([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.20.0)) +* [logrotate-3.19.0](https://github.com/logrotate/logrotate/releases/download/3.19.0/logrotate-3.19.0.tar.xz) ([sig](https://github.com/logrotate/logrotate/releases/download/3.19.0/logrotate-3.19.0.tar.xz.asc)) ([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.19.0)) * [logrotate-3.18.1](https://github.com/logrotate/logrotate/releases/download/3.18.1/logrotate-3.18.1.tar.xz) ([sig](https://github.com/logrotate/logrotate/releases/download/3.18.1/logrotate-3.18.1.tar.xz.asc)) ([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.18.1)) * [logrotate-3.18.0](https://github.com/logrotate/logrotate/releases/download/3.18.0/logrotate-3.18.0.tar.xz) ([sig](https://github.com/logrotate/logrotate/releases/download/3.18.0/logrotate-3.18.0.tar.xz.asc)) ([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.18.0)) * [logrotate-3.17.0](https://github.com/logrotate/logrotate/releases/download/3.17.0/logrotate-3.17.0.tar.xz) ([sig](https://github.com/logrotate/logrotate/releases/download/3.17.0/logrotate-3.17.0.tar.xz.asc)) ([Changelog](https://github.com/logrotate/logrotate/releases/tag/3.17.0)) diff -Nru logrotate-3.19.0/.tarball-version logrotate-3.20.1/.tarball-version --- logrotate-3.19.0/.tarball-version 2022-01-07 09:04:13.000000000 +0000 +++ logrotate-3.20.1/.tarball-version 2022-05-25 15:28:25.000000000 +0000 @@ -1 +1 @@ -3.19.0 +3.20.1 diff -Nru logrotate-3.19.0/test/Makefile.am logrotate-3.20.1/test/Makefile.am --- logrotate-3.19.0/test/Makefile.am 2022-01-06 16:11:00.000000000 +0000 +++ logrotate-3.20.1/test/Makefile.am 2022-05-25 07:06:46.000000000 +0000 @@ -90,6 +90,7 @@ test-0089.sh \ test-0090.sh \ test-0091.sh \ + test-0092.sh \ test-0100.sh \ test-0101.sh \ test-0102.sh \ diff -Nru logrotate-3.19.0/test/Makefile.in logrotate-3.20.1/test/Makefile.in --- logrotate-3.19.0/test/Makefile.in 2022-01-07 09:04:07.000000000 +0000 +++ logrotate-3.20.1/test/Makefile.in 2022-05-25 15:28:14.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.16.4 from Makefile.am. +# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. @@ -519,6 +519,7 @@ test-0089.sh \ test-0090.sh \ test-0091.sh \ + test-0092.sh \ test-0100.sh \ test-0101.sh \ test-0102.sh \ @@ -1362,6 +1363,13 @@ $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +test-0092.sh.log: test-0092.sh + @p='test-0092.sh'; \ + b='test-0092.sh'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) test-0100.sh.log: test-0100.sh @p='test-0100.sh'; \ diff -Nru logrotate-3.19.0/test/test-0018.sh logrotate-3.20.1/test/test-0018.sh --- logrotate-3.19.0/test/test-0018.sh 2021-06-11 13:12:52.000000000 +0000 +++ logrotate-3.20.1/test/test-0018.sh 2022-05-09 08:44:06.000000000 +0000 @@ -14,7 +14,7 @@ EOF (echo "gzip -f -9") | diff -u - compress-args -egrep -q '^LOGROTATE_COMPRESSED_FILENAME=.+/test.log.1$' compress-env +grep -Eq '^LOGROTATE_COMPRESSED_FILENAME=.+/test.log.1$' compress-env if [ $? != 0 ]; then echo "LOGROTATE_COMPRESSED_FILENAME environment variable not found." cat compress-env diff -Nru logrotate-3.19.0/test/test-0048.sh logrotate-3.20.1/test/test-0048.sh --- logrotate-3.19.0/test/test-0048.sh 2021-06-11 13:12:52.000000000 +0000 +++ logrotate-3.20.1/test/test-0048.sh 2022-05-25 15:19:45.000000000 +0000 @@ -18,6 +18,7 @@ logrotate state -- version 2 EOF +chmod 0640 state setfacl -m u:nobody:rwx state $RLR test-config.48 || exit 23 diff -Nru logrotate-3.19.0/test/test-0087.sh logrotate-3.20.1/test/test-0087.sh --- logrotate-3.19.0/test/test-0087.sh 2021-01-05 13:01:16.000000000 +0000 +++ logrotate-3.20.1/test/test-0087.sh 2022-05-25 07:06:46.000000000 +0000 @@ -8,6 +8,7 @@ preptest test.log 87 1 touch state +chmod 0640 state $RLR test-config.87 -f & diff -Nru logrotate-3.19.0/test/test-0092.sh logrotate-3.20.1/test/test-0092.sh --- logrotate-3.19.0/test/test-0092.sh 1970-01-01 00:00:00.000000000 +0000 +++ logrotate-3.20.1/test/test-0092.sh 2022-05-25 07:32:42.000000000 +0000 @@ -0,0 +1,19 @@ +#!/bin/sh + +. ./test-common.sh + +# check state file locking +cleanup 92 + +preptest test.log 92 1 + +touch state +chmod 0644 state +flock state -c "sleep 10" & + +$RLR -f test-config.92 || exit 23 + +checkoutput <