rpms/logrotate
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: #2090926 - lockState: do not print error: when exit code is unaffected

Browse Source
This commit is contained in:
Kamil Dudka 2022-05-27 17:33:17 +02:00
parent b86eb3c0bb
commit c769cd24bc
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
0001-logrotate-3.20.1-lock-state-msg.patch Normal file
View File

@ -0,0 +1,31 @@
From e509c7db71cefd150e9c4360b8abd3b378b129b2 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 27 May 2022 09:56:07 +0200
Subject: [PATCH] lockState: do not print `error:` when exit code is unaffected
Closes: https://github.com/logrotate/logrotate/pull/448
Upstream-commit: 31cf1099ab8514dfcae5a980bc77352edd5292f8
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
logrotate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/logrotate.c b/logrotate.c
index 2350672..6188a35 100644
--- a/logrotate.c
+++ b/logrotate.c
@@ -3050,8 +3050,8 @@ static int lockState(const char *stateFilename, int skip_state_lock)
}
if (sb.st_mode & S_IROTH) {
- message(MESS_ERROR, "state file %s is world-readable and thus can"
- " be locked from other unprivileged users."
+ message(MESS_NORMAL, "warning: state file %s is world-readable"
+ " and thus can be locked from other unprivileged users."
" Skipping lock acquisition...\n",
stateFilename);
close(lockFd);
--
2.35.3

8
logrotate.spec
View File

@ -1,7 +1,7 @@
Summary: Rotates, compresses, removes and mails system log files
Name: logrotate
Version: 3.20.1
Release: 1%{?dist}
Release: 2%{?dist}
License: GPLv2+
URL: https://github.com/logrotate/logrotate
Source0: https://github.com/logrotate/logrotate/releases/download/%{version}/logrotate-%{version}.tar.xz
@ -13,6 +13,9 @@ Source2: kdudka.pgp
Source3: rwtab
# lockState: do not print `error:` when exit code is unaffected (#2090926)
Patch: 0001-logrotate-3.20.1-lock-state-msg.patch
BuildRequires: acl
BuildRequires: automake
BuildRequires: gcc
@ -115,6 +118,9 @@ fi
%config(noreplace) %{_sysconfdir}/rwtab.d/logrotate
%changelog
* Fri May 27 2022 Kamil Dudka <kdudka@redhat.com> - 3.20.1-2
- lockState: do not print `error:` when exit code is unaffected (#2090926)
* Wed May 25 2022 Kamil Dudka <kdudka@redhat.com> - 3.20.1-1
- new upstream version 3.20.1, which fixes the following security issue:
CVE-2022-1348 - potential DoS from unprivileged users via the state file