Hello community, here is the log from the commit of package logrotate for openSUSE:11.3 checked in at Wed May 18 18:21:59 CEST 2011.
-------- --- old-versions/11.3/all/logrotate/logrotate.changes 2009-12-20 16:30:13.000000000 +0100 +++ 11.3/logrotate/logrotate.changes 2011-05-16 11:34:46.000000000 +0200 @@ -1,0 +2,7 @@ +Tue May 10 14:27:07 UTC 2011 - [email protected] + +- add logrotate-CVE-2011-1098.patch (bnc#677336) +- add logrotate-shred-CVE-2011-1154.patch (bnc#679661) +- add logrotate-CVE-2011-1155.patch (bnc#679662) + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.3/all/logrotate Destination is old-versions/11.3/UPDATES/all/logrotate calling whatdependson for 11.3-i586 New: ---- logrotate-CVE-2011-1098.patch logrotate-CVE-2011-1155.patch logrotate-shred-CVE-2011-1154.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ logrotate.spec ++++++ --- /var/tmp/diff_new_pack.kxvXjl/_old 2011-05-18 18:15:56.000000000 +0200 +++ /var/tmp/diff_new_pack.kxvXjl/_new 2011-05-18 18:15:56.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package logrotate (Version 3.7.8) +# spec file for package logrotate # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ BuildRequires: libselinux-devel Summary: Rotate, Compress, Remove, and Mail System Log Files Version: 3.7.8 -Release: 2 +Release: 7.<RELEASE2> License: GPL v2 or later Group: System/Base Source: %{name}-%{version}.tar.bz2 @@ -34,6 +34,9 @@ Patch3: %{name}-%{version}-addextension.patch Patch4: %{name}-%{version}-mess_err.patch Patch5: %{name}-%{version}-cron-check-for-another-instance.patch +Patch6: logrotate-CVE-2011-1098.patch +Patch7: logrotate-shred-CVE-2011-1154.patch +Patch8: logrotate-CVE-2011-1155.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %fillup_prereq /bin/rm /bin/mv Requires: bzip2 cron @@ -62,6 +65,9 @@ %patch3 %patch4 %patch5 +%patch6 -p1 +%patch7 +%patch8 %build make %{?_smp_mflags} RPM_OPT_FLAGS="$RPM_OPT_FLAGS" WITH_SELINUX=yes ++++++ logrotate-CVE-2011-1098.patch ++++++ Index: logrotate-3.7.8/logrotate.c =================================================================== --- logrotate-3.7.8.orig/logrotate.c +++ logrotate-3.7.8/logrotate.c @@ -198,7 +198,9 @@ int createOutputFile(char *fileName, int { int fd; - fd = open(fileName, flags, sb->st_mode); + unlink(fileName); + fd = open(fileName, (flags | O_EXCL | O_NOFOLLOW), + (S_IRUSR | S_IWUSR) & sb->st_mode); if (fd < 0) { message(MESS_ERROR, "error creating output file %s: %s\n", fileName, strerror(errno)); @@ -309,7 +311,7 @@ static int compressLogFile(char *name, s } outFile = - createOutputFile(compressedName, O_RDWR | O_CREAT | O_TRUNC, sb); + createOutputFile(compressedName, O_RDWR | O_CREAT, sb); if (outFile < 0) { close(inFile); return 1; @@ -482,7 +484,7 @@ static int copyTruncate(char *currLog, c } #endif fdsave = - createOutputFile(saveLog, O_WRONLY | O_CREAT | O_TRUNC, sb); + createOutputFile(saveLog, O_WRONLY | O_CREAT, sb); #ifdef WITH_SELINUX if (selinux_enabled) { setfscreatecon_raw(prev_context); ++++++ logrotate-CVE-2011-1155.patch ++++++ Index: logrotate.c =================================================================== --- logrotate.c.orig +++ logrotate.c @@ -30,6 +30,12 @@ int selinux_enforce = 0; #define GLOB_ABORTED GLOB_ABEND #endif +#ifdef PATH_MAX +#define STATEFILE_BUFFER_SIZE 2 * PATH_MAX + 16 +#else +#define STATEFILE_BUFFER_SIZE 4096 +#endif + struct logState { char *fn; struct tm lastRotated; /* only tm.mon, tm_mday, tm_year are good! */ @@ -76,6 +82,34 @@ static int globerr(const char *pathname, return 1; } +static void unescape(char *arg) +{ + char *p = arg; + char *next; + char escaped; + while ((next = strchr(p, '\\')) != NULL) { + + p = next; + + switch (p[1]) { + case 'n': + escaped = '\n'; + break; + case '\\': + escaped = '\\'; + break; + default: + ++p; + continue; + } + + /* Overwrite the backslash with the intended character, + * and shift everything down one */ + *p++ = escaped; + memmove(p, p+1, 1 + strlen(p+1)); + } +} + #define HASH_SIZE_MIN 64 static int allocateHash(void) { @@ -1452,7 +1486,13 @@ static int writeState(char *stateFilenam for (chptr = p->fn; *chptr; chptr++) { switch (*chptr) { case '"': + case '\\': fputc('\\', f); + break; + case '\n': + fputc('\\', f); + fputc('n', f); + continue; } fputc(*chptr, f); @@ -1473,7 +1513,8 @@ static int writeState(char *stateFilenam static int readState(char *stateFilename) { FILE *f; - char buf[1024]; + char buf[STATEFILE_BUFFER_SIZE]; + char *filename; const char **argv; int argc; int year, month, day; @@ -1584,7 +1625,10 @@ static int readState(char *stateFilename year -= 1900, month -= 1; - if ((st = findState(argv[0])) == NULL) + filename = strdup(argv[0]); + unescape(filename); + + if ((st = findState(filename)) == NULL) return 1; st->lastRotated.tm_mon = month; @@ -1596,6 +1640,7 @@ static int readState(char *stateFilename st->lastRotated = *localtime(&lr_time); free(argv); + free(filename); } fclose(f); ++++++ logrotate-shred-CVE-2011-1154.patch ++++++ Index: logrotate.c =================================================================== --- logrotate.c.orig +++ logrotate.c @@ -65,7 +65,7 @@ const char * compress_cmd_list[][2] = { time_t nowSecs = 0; -static int shred_file(char *filename, struct logInfo *log); +static int shred_file(int fd, char *filename, struct logInfo *log); static int globerr(const char *pathname, int theerr) { @@ -227,58 +227,78 @@ int createOutputFile(char *fileName, int return fd; } -#define SHRED_CALL "shred -u " -#define SHRED_COUNT_FLAG "-n " #define DIGITS 10 + /* unlink, but try to call shred from GNU fileutils */ -static int shred_file(char *filename, struct logInfo *log) +static int shred_file(int fd, char *filename, struct logInfo *log) { - int len, ret; - char *cmd; char count[DIGITS]; /* that's a lot of shredding :) */ + const char **fullCommand; + int id = 0; + int status; if (!(log->flags & LOG_FLAG_SHRED)) { return unlink(filename); } - len = strlen(filename) + strlen(SHRED_CALL); - len += strlen(SHRED_COUNT_FLAG) + DIGITS; - cmd = malloc(len); + message(MESS_DEBUG, "Using shred to remove the file %s\n", filename); - if (!cmd) { - message(MESS_ERROR, "malloc error while shredding"); - return unlink(filename); + if (log->shred_cycles != 0) { + fullCommand = alloca(sizeof(*fullCommand) * 6); + } + else { + fullCommand = alloca(sizeof(*fullCommand) * 4); } - strcpy(cmd, SHRED_CALL); + fullCommand[id++] = "shred"; + fullCommand[id++] = "-u"; + if (log->shred_cycles != 0) { - strcat(cmd, SHRED_COUNT_FLAG); + fullCommand[id++] = "-n"; snprintf(count, DIGITS - 1, "%d", log->shred_cycles); - strcat(count, " "); - strcat(cmd, count); + fullCommand[id++] = count; } - strcat(cmd, filename); - ret = system(cmd); - free(cmd); - if (ret != 0) { - message(MESS_ERROR, "Failed to shred %s\n, trying unlink", filename); - if (ret != -1) { - message(MESS_NORMAL, "Shred returned %d\n", ret); + fullCommand[id++] = "-"; + fullCommand[id++] = NULL; + + if (!fork()) { + dup2(fd, 1); + close(fd); + + execvp(fullCommand[0], (void *) fullCommand); + exit(1); } + + wait(&status); + + if (!WIFEXITED(status) || WEXITSTATUS(status)) { + message(MESS_ERROR, "Failed to shred %s\n, trying unlink", filename); return unlink(filename); - } else { - return ret; } + + /* We have to unlink it after shred anyway, + * because it doesn't remove the file itself */ + return unlink(filename); } static int removeLogFile(char *name, struct logInfo *log) { + int fd; message(MESS_DEBUG, "removing old log %s\n", name); - if (!debug && shred_file(name, log)) { + if ((fd = open(name, O_RDWR)) < 0) { + message(MESS_ERROR, "error opening %s: %s\n", + name, strerror(errno)); + return 1; + } + + if (!debug && shred_file(fd, name, log)) { message(MESS_ERROR, "Failed to remove old log %s: %s\n", name, strerror(errno)); + close(fd); return 1; } + + close(fd); return 0; } @@ -305,7 +325,7 @@ static int compressLogFile(char *name, s compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2); sprintf(compressedName, "%s%s", name, log->compress_ext); - if ((inFile = open(name, O_RDONLY)) < 0) { + if ((inFile = open(name, O_RDWR)) < 0) { message(MESS_ERROR, "unable to open %s for compression\n", name); return 1; } @@ -327,7 +347,6 @@ static int compressLogFile(char *name, s exit(1); } - close(inFile); close(outFile); wait(&status); @@ -337,7 +356,8 @@ static int compressLogFile(char *name, s return 1; } - shred_file(name, log); + shred_file(inFile, name, log); + close(inFile); return 0; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
