diff options
author | Robert Yang <liezhi.yang@windriver.com> | 2014-01-02 03:29:45 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-01-06 11:12:30 +0000 |
commit | e15d7955a98cfd6923775cdb3aa61756d4f58c2d (patch) | |
tree | ca93a5f5016bd3a9496415d9eb7588ac44bc16a5 /meta/recipes-extended/logrotate/logrotate | |
parent | 82cc941128f9eaf57c3a9a648fc58227f6c1956c (diff) | |
download | openembedded-core-contrib-e15d7955a98cfd6923775cdb3aa61756d4f58c2d.tar.gz |
logrotate: upgrade to 3.8.7
* Upgrade to 3.8.7
* Rename the patches dir from logrotate-3.8.1 -> logrotate
* Remove grotate-CVE-2011-1548.patch since it had been fixed
* Update act-as-mv-when-rotate.patch and update-the-manual.patch to make
them work with the higher version, and send them to the upstream
* Fix the HOMEPAGE
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta/recipes-extended/logrotate/logrotate')
4 files changed, 243 insertions, 0 deletions
diff --git a/meta/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch b/meta/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch new file mode 100644 index 0000000000..ce64040d5f --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch @@ -0,0 +1,134 @@ +Act as the "mv" command when rotate log + +Act as the "mv" command when rotate log, first rename, if failed, then +read and write. + +Upstream-Status: Submitted + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + logrotate.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 56 insertions(+), 9 deletions(-) + +diff --git a/logrotate.c b/logrotate.c +index 174a26b..b18b629 100644 +--- a/logrotate.c ++++ b/logrotate.c +@@ -906,6 +906,53 @@ int findNeedRotating(struct logInfo *log, int logNum, int force) + return 0; + } + ++/* Act as the "mv" command, if rename failed, then read the old file and ++ * write to new file. The function which invokes the mvFile will use ++ * the strerror(errorno) to handle the error message, so we don't have ++ * to print the error message here */ ++ ++int mvFile (char *oldName, char *newName, struct logInfo *log, acl_type acl) ++{ ++ struct stat sbprev; ++ int fd_old, fd_new, n; ++ char buf[BUFSIZ]; ++ ++ /* Do the rename first */ ++ if (!rename(oldName, newName)) ++ return 0; ++ ++ /* If the errno is EXDEV, then read old file, write newfile and ++ * remove the oldfile */ ++ if (errno == EXDEV) { ++ /* Open the old file to read */ ++ if ((fd_old = open(oldName, O_RDONLY)) < 0) ++ return 1; ++ ++ /* Create the file to write, keep the same attribute as the old file */ ++ if (stat(oldName, &sbprev)) ++ return 1; ++ else { ++ if ((fd_new = createOutputFile(newName, ++ O_WRONLY | O_CREAT | O_TRUNC, &sbprev, acl, 0)) < 0 ) ++ return 1; ++ } ++ ++ /* Read and write */ ++ while ((n = read(fd_old, buf, BUFSIZ)) > 0) ++ if (write(fd_new, buf, n) != n) ++ return 1; ++ ++ if ((close(fd_old) < 0) || ++ removeLogFile(oldName, log) || ++ (close(fd_new) < 0)) ++ return 1; ++ ++ return 0; ++ } ++ ++ return 1; ++} ++ + int prerotateSingleLog(struct logInfo *log, int logNum, struct logState *state, + struct logNames *rotNames) + { +@@ -1268,15 +1315,15 @@ int prerotateSingleLog(struct logInfo *log, int logNum, struct logState *state, + } + + message(MESS_DEBUG, +- "renaming %s to %s (rotatecount %d, logstart %d, i %d), \n", ++ "moving %s to %s (rotatecount %d, logstart %d, i %d), \n", + oldName, newName, rotateCount, logStart, i); + +- if (!debug && rename(oldName, newName)) { ++ if (!debug && mvFile(oldName, newName, log, prev_acl)) { + if (errno == ENOENT) { + message(MESS_DEBUG, "old log %s does not exist\n", + oldName); + } else { +- message(MESS_ERROR, "error renaming %s to %s: %s\n", ++ message(MESS_ERROR, "error moving %s to %s: %s\n", + oldName, newName, strerror(errno)); + hasErrors = 1; + } +@@ -1408,11 +1455,11 @@ int rotateSingleLog(struct logInfo *log, int logNum, struct logState *state, + } + } + #endif /* WITH_ACL */ +- message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum], ++ message(MESS_DEBUG, "moving %s to %s\n", log->files[logNum], + rotNames->finalName); + if (!debug && !hasErrors && +- rename(log->files[logNum], rotNames->finalName)) { +- message(MESS_ERROR, "failed to rename %s to %s: %s\n", ++ mvFile(log->files[logNum], rotNames->finalName, log, prev_acl)) { ++ message(MESS_ERROR, "failed to move %s to %s: %s\n", + log->files[logNum], rotNames->finalName, + strerror(errno)); + hasErrors = 1; +@@ -1775,7 +1822,7 @@ int rotateLogSet(struct logInfo *log, int force) + return hasErrors; + } + +-static int writeState(char *stateFilename) ++static int writeState(struct logInfo *log, char *stateFilename) + { + struct logState *p; + FILE *f; +@@ -1939,7 +1986,7 @@ static int writeState(char *stateFilename) + fclose(f); + + if (error == 0) { +- if (rename(tmpFilename, stateFilename)) { ++ if (mvFile(tmpFilename, stateFilename, log, prev_acl)) { + unlink(tmpFilename); + error = 1; + message(MESS_ERROR, "error renaming temp state file %s\n", +@@ -2223,7 +2270,7 @@ int main(int argc, const char **argv) + rc |= rotateLogSet(log, force); + + if (!debug) +- rc |= writeState(stateFile); ++ rc |= writeState(log, stateFile); + + return (rc != 0); + } +-- +1.7.10.4 + diff --git a/meta/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch b/meta/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch new file mode 100644 index 0000000000..43068bdbd7 --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch @@ -0,0 +1,34 @@ +Disable the check for different filesystems + +The logrotate supports rotate log across different filesystems now, so +disable the check for different filesystems. + +Upstream-Status: Submitted + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + config.c | 8 -------- + 1 files changed, 0 insertions(+), 8 deletions(-) + +diff --git a/config.c b/config.c +index a85d1df..24575b3 100644 +--- a/config.c ++++ b/config.c +@@ -1453,14 +1453,6 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig) + dirName, strerror(errno)); + goto error; + } +- +- if (sb.st_dev != sb2.st_dev) { +- message(MESS_ERROR, +- "%s:%d olddir %s and log file %s " +- "are on different devices\n", configFile, +- lineNum, newlog->oldDir, newlog->files[i]); +- goto error; +- } + } + } + +-- +1.7.4.1 + diff --git a/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch b/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch new file mode 100644 index 0000000000..ed2750e9c3 --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch @@ -0,0 +1,43 @@ +Upstream-Status: Backport + +logrotate: fix for CVE-2011-1548 + +If a logfile is a symlink, it may be read when being compressed, being +copied (copy, copytruncate) or mailed. Secure data (eg. password files) +may be exposed. + +Portback nofollow.patch from: +http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz + +Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> + +--- +--- a/logrotate.c 2012-09-06 13:25:08.000000000 +0800 ++++ b/logrotate.c 2012-09-06 13:35:57.000000000 +0800 +@@ -390,7 +390,7 @@ + compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2); + sprintf(compressedName, "%s%s", name, log->compress_ext); + +- if ((inFile = open(name, O_RDWR)) < 0) { ++ if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) { + message(MESS_ERROR, "unable to open %s for compression\n", name); + return 1; + } +@@ -470,7 +470,7 @@ + char *mailArgv[] = { mailCommand, "-s", subject, address, NULL }; + int rc = 0; + +- if ((mailInput = open(logFile, O_RDONLY)) < 0) { ++ if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) { + message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile, + strerror(errno)); + return 1; +@@ -561,7 +561,7 @@ + message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog); + + if (!debug) { +- if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) { ++ if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) { + message(MESS_ERROR, "error opening %s: %s\n", currLog, + strerror(errno)); + return 1; diff --git a/meta/recipes-extended/logrotate/logrotate/update-the-manual.patch b/meta/recipes-extended/logrotate/logrotate/update-the-manual.patch new file mode 100644 index 0000000000..517acdd27e --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate/update-the-manual.patch @@ -0,0 +1,32 @@ +Update the manual + +Update the manual for rotating on different filesystems. + +Upstream-Status: Submitted + +Signed-off-by: Robert Yang <liezhi.yang@windriver.com> +--- + logrotate.8 | 7 +++---- + 1 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/logrotate.8 b/logrotate.8 +index 8b34167..5f15432 100644 +--- a/logrotate.8 ++++ b/logrotate.8 +@@ -374,10 +374,9 @@ Do not rotate the log if it is empty (this overrides the \fBifempty\fR option). + .TP + \fBolddir \fIdirectory\fR + Logs are moved into \fIdirectory\fR for rotation. The \fIdirectory\fR +-must be on the same physical device as the log file being rotated, +-and is assumed to be relative to the directory holding the log file +-unless an absolute path name is specified. When this option is used all +-old versions of the log end up in \fIdirectory\fR. This option may be ++is assumed to be relative to the directory holding the log file unless ++an absolute path name is specified. When this option is used all old ++versions of the log end up in \fIdirectory\fR. This option may be + overridden by the \fBnoolddir\fR option. + + .TP +-- +1.7.4.1 + |