Your message dated Fri, 07 Jan 2022 20:53:13 +0000
with message-id <[email protected]>
and subject line Bug#1002022: fixed in logrotate 3.19.0-1
has caused the Debian Bug report #1002022,
regarding logrotate: enforce stricter parsing of config files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1002022: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002022
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: logrotate
Version: 3.18.1-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/logrotate/logrotate/pull/427
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 3.18.0-2
Control: found -1 3.14.0-4
Hi
Background for this hardening for logrotate is from
https://www.openwall.com/lists/oss-security/2021/10/20/2 .
See the upstream issue
https://github.com/logrotate/logrotate/pull/427, but I suggest to wait
until the changes are commited.
Later on after some expure, it might be worth making the fixes as well
available to stable and older via point releases.
Regards,
Salvatore
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.16.0-rc3-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: logrotate
Source-Version: 3.19.0-1
Done: Christian Göttsche <[email protected]>
We believe that the bug you reported is fixed in the latest version of
logrotate, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Göttsche <[email protected]> (supplier of updated logrotate
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 07 Jan 2022 19:14:25 +0100
Source: logrotate
Architecture: source
Version: 3.19.0-1
Distribution: unstable
Urgency: medium
Maintainer: Christian Göttsche <[email protected]>
Changed-By: Christian Göttsche <[email protected]>
Closes: 1002022
Changes:
logrotate (3.19.0-1) unstable; urgency=medium
.
* New upstream version 3.19.0
- More strict configuration parser, e.g. invalid lines are no longer
accepted (Closes: #1002022)
- Files with multiple hard links are no longer rotated by default
.
* d/rules: enable LTO
* d/copyright: update years and upstream names
* d/control: bump to std version 4.6.0 (no further changes)
* d/patches: add patch to drop ELF header from test case file
Checksums-Sha1:
6bc29300398ae0701ef1c5abc8361b379613f4d2 2080 logrotate_3.19.0-1.dsc
4e165be70471b482ab526d6f7c3c5e6dcf923a36 166276 logrotate_3.19.0.orig.tar.xz
81eae794cd454f6841aee4898657e135745391ca 833 logrotate_3.19.0.orig.tar.xz.asc
92db07cb738c6d6de0c31237a6ee4dbed1272fb7 19176 logrotate_3.19.0-1.debian.tar.xz
17b6c603dda5d00a1d789f7e858e825c88e4309a 5624
logrotate_3.19.0-1_source.buildinfo
Checksums-Sha256:
eb1e5f27e929588df4f441066ce552cc8a8cf9fe36e9b42d7ac28d52c800ec94 2080
logrotate_3.19.0-1.dsc
ddd5274d684c5c99ca724e8069329f343ebe376e07493d537d9effdc501214ba 166276
logrotate_3.19.0.orig.tar.xz
43f148e6296cdf6a6d46e7f1ae98f88faab8a5350cf531d60d8ee10b72b07225 833
logrotate_3.19.0.orig.tar.xz.asc
52624f4217be1e599be0aecef60731074c9f89455c709c246fd2fb02910279a0 19176
logrotate_3.19.0-1.debian.tar.xz
98f143574c2052e12d9634b18aad3c7d86148b09f778332818df42b29b8c76d0 5624
logrotate_3.19.0-1_source.buildinfo
Files:
d6f62d6035aabe031c368a3a8284ec5a 2080 admin important logrotate_3.19.0-1.dsc
1cee3e80df6856435aeb751b98065f9c 166276 admin important
logrotate_3.19.0.orig.tar.xz
19104728cf2ac9ddc1138303d7377d59 833 admin important
logrotate_3.19.0.orig.tar.xz.asc
70ea2cba04aa6102943c0f736a12a73b 19176 admin important
logrotate_3.19.0-1.debian.tar.xz
0683674feb4a95aa3aeb6378bdf803af 5624 admin important
logrotate_3.19.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmHYppoQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFGc6DADGvUUSQESxvQyYRE5V4oZMr8NeZJ56JgXs
ATyfKMplOgOkguYls9PKa+5yzsV3i+F+F9U4YK+hnpQQzUqYAG+z/+5+tJ2QKG3f
JyQp1MqeVyE1vlrfl7fDUiV+eBltnIleRgzd6wZzGzp3Q7IbVSfS2hrc03eWeFBK
gxs0QEOTjj8SeBKYJbFtmq3rojQxNcrjim5ZgRntC2xY0K7t/8ZPjOd63fp6QuN0
7u8E8QeN31VTizYpHizviQOSAs1LB2DQ8C3FjNN0uzF1i0z13k8QqwZUxQxY+R6S
IPmgeoVvk/jvA3Ii4Zw3COB0LzuOkieeqDfe2OXWGxJ/toHAJTEwDEIIF6I+vvxj
WEgNNDKiPqu6SKWHlu8u5+9ArwKQnRL5Vc4cqIPiWiBtm5JLLfA6rQN5+GmsBJkK
K5vMKTlw9LwhTBVBLctd55l5+BHQVFTtZ4frFWwaFLz1SQIGeMGAAMgldEiwIOOo
sHnph0GzPFWUXK65H136u2RCNDfgCJ0=
=2DuG
-----END PGP SIGNATURE-----
--- End Message ---