From 22ce1366f576044169a3443d78c1f11c3484e0bb Mon Sep 17 00:00:00 2001 From: zyppe <210hcl@gmail.com> Date: Thu, 29 Feb 2024 16:13:11 +0800 Subject: [PATCH] Initialize for logrotate --- .gitignore | 1 + .logrotate.metadata | 1 + logrotate-3.13.0-systemd_add_home_env.patch | 12 + logrotate-3.18.1.tar.xz.asc | 16 + logrotate-CVE-2022-1348-follow-up.patch | 55 ++ logrotate-CVE-2022-1348.patch | 151 +++++ ...tate-dont_warn_on_size=_syntax.patch.patch | 31 + ...enforce-stricter-parsing-extra-tests.patch | 140 +++++ logrotate-enforce-stricter-parsing.patch | 152 +++++ logrotate-rpmlintrc | 1 + logrotate.changes | 534 ++++++++++++++++++ logrotate.default | 23 + logrotate.spec | 110 ++++ logrotate.wtmp | 10 + 14 files changed, 1237 insertions(+) create mode 100644 .gitignore create mode 100644 .logrotate.metadata create mode 100644 logrotate-3.13.0-systemd_add_home_env.patch create mode 100644 logrotate-3.18.1.tar.xz.asc create mode 100644 logrotate-CVE-2022-1348-follow-up.patch create mode 100644 logrotate-CVE-2022-1348.patch create mode 100644 logrotate-dont_warn_on_size=_syntax.patch.patch create mode 100644 logrotate-enforce-stricter-parsing-extra-tests.patch create mode 100644 logrotate-enforce-stricter-parsing.patch create mode 100644 logrotate-rpmlintrc create mode 100644 logrotate.changes create mode 100644 logrotate.default create mode 100644 logrotate.spec create mode 100644 logrotate.wtmp diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2f05cd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +logrotate-3.18.1.tar.xz diff --git a/.logrotate.metadata b/.logrotate.metadata new file mode 100644 index 0000000..b2569d4 --- /dev/null +++ b/.logrotate.metadata @@ -0,0 +1 @@ +e4aae3c68132334d70e996b8e8e879fce6f0c19415473ad81fe4f9ee15b3f066 logrotate-3.18.1.tar.xz diff --git a/logrotate-3.13.0-systemd_add_home_env.patch b/logrotate-3.13.0-systemd_add_home_env.patch new file mode 100644 index 0000000..83be102 --- /dev/null +++ b/logrotate-3.13.0-systemd_add_home_env.patch @@ -0,0 +1,12 @@ +Index: logrotate-3.14.0/examples/logrotate.service +=================================================================== +--- logrotate-3.14.0.orig/examples/logrotate.service ++++ logrotate-3.14.0/examples/logrotate.service +@@ -11,6 +11,7 @@ ExecStart=/usr/sbin/logrotate /etc/logro + Nice=19 + IOSchedulingClass=best-effort + IOSchedulingPriority=7 ++Environment=HOME=/root + + # hardening options + # details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html diff --git a/logrotate-3.18.1.tar.xz.asc b/logrotate-3.18.1.tar.xz.asc new file mode 100644 index 0000000..ae6d583 --- /dev/null +++ b/logrotate-3.18.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEmSqW4HUFbnnNghT5hz2zdXKjezYFAmCnuBYACgkQhz2zdXKj +ezYHVhAAj1FztazRPopzx0PRrxdJ04+eaDtwbblZcH6N2NUCSnn/jMpx3iKZgogJ +WmA/SzaK9BBh4VQhi9kphTyTRcXQc0c0ApieVeKNfkrIQImfigcrlHzA3aBo7fhb +xLQqgPqBV+9l5hxaqKlShEgRN13FwN59PiYeirbHQfONMTe/OJajCysZExrQQ584 +dVfpmmXBXg1HpZlKat0ZNlEzaguapIPMsTaowbkkb7iOl606K6U6dT+SkRX9Peo8 +4FlE2OirnF7sXy6fggVOZsA4va/qdSMneA/QosfvugosEL6MUgQ0928VhfD30VAl +wEeIi+LAzs/Dm92f5b9D/KwQhUUVdoLCFj46u19TN4CtR/DM5r4bMKKqzo+V1Nzk +/2amuVwAPb/Lz5mqSdoocgHoG1pHPRCOFDhKmcYKcT9SIyU4lJvbgaazwsXXOCCH +qd6iIqmxvQdKWRPXF9Y6wSBVr6TObyc9G2NmrpqBXefep6zt4qeQyekzWGGS/qNc +MfJv16MZEGcEExRdTo4L5z6B9cbVZix0XLeybwcCchf70lzRFiDAMe4dvQfkYlYC +XvyCR+mWRIja2cgatCFJOJotMnbjqnxg8wgZVGvpcnSc+9vCmquvgnmmWNi1HcjV +WWHHjI8V8l0FGSyXATk/B8iFrIOstZwxqcsgF9Dk8VYsaEri06M= +=uDcC +-----END PGP SIGNATURE----- diff --git a/logrotate-CVE-2022-1348-follow-up.patch b/logrotate-CVE-2022-1348-follow-up.patch new file mode 100644 index 0000000..86d11a6 --- /dev/null +++ b/logrotate-CVE-2022-1348-follow-up.patch @@ -0,0 +1,55 @@ +From addbd293242b0b78aa54f054e6c1d249451f137d Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 25 May 2022 09:55:02 +0200 +Subject: [PATCH] drop world-readable permission on state file + +... even when ACLs are enabled. This is a follow-up to the fix +of CVE-2022-1348. It has no impact on security but makes the state +file locking work again in more cases. + +Closes: https://github.com/logrotate/logrotate/pull/446 +--- + logrotate.c | 10 +++++++--- + test/test-0048.sh | 1 + + 2 files changed, 8 insertions(+), 3 deletions(-) + +Index: logrotate-3.18.1/logrotate.c +=================================================================== +--- logrotate-3.18.1.orig/logrotate.c ++++ logrotate-3.18.1/logrotate.c +@@ -2514,6 +2514,7 @@ static int writeState(const char *stateF + struct tm now; + time_t now_time, last_time; + char *prevCtx; ++ int force_mode = 0; + + localtime_r(&nowSecs, &now); + +@@ -2582,9 +2583,13 @@ static int writeState(const char *stateF + close(fdcurr); + + /* drop world-readable flag to prevent others from locking */ +- sb.st_mode &= ~(mode_t)S_IROTH; ++ if (sb.st_mode & (mode_t)S_IROTH) { ++ /* drop world-readable flag to prevent others from locking */ ++ sb.st_mode &= ~(mode_t)S_IROTH; ++ force_mode = 1; ++ } + +- fdsave = createOutputFile(tmpFilename, O_RDWR | O_CREAT | O_TRUNC, &sb, prev_acl, 0); ++ fdsave = createOutputFile(tmpFilename, O_RDWR | O_CREAT | O_TRUNC, &sb, prev_acl, force_mode); + #ifdef WITH_ACL + if (prev_acl) { + acl_free(prev_acl); +Index: logrotate-3.18.1/test/test-0048.sh +=================================================================== +--- logrotate-3.18.1.orig/test/test-0048.sh ++++ logrotate-3.18.1/test/test-0048.sh +@@ -18,6 +18,7 @@ cat > state << EOF + logrotate state -- version 2 + EOF + ++chmod 0640 state + setfacl -m u:nobody:rwx state + + $RLR test-config.48 diff --git a/logrotate-CVE-2022-1348.patch b/logrotate-CVE-2022-1348.patch new file mode 100644 index 0000000..f725c77 --- /dev/null +++ b/logrotate-CVE-2022-1348.patch @@ -0,0 +1,151 @@ +From 9eda222ac8b53d5b3ed10ee1f2af8739d9e9adfd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Tue, 29 Mar 2022 21:06:54 +0200 +Subject: [PATCH v2] skip locking if state file is world-readable + +Fixes: CVE-2022-1348 - potential DoS from unprivileged users via the state file +Bug: https://bugzilla.redhat.com/CVE-2022-1348 +--- + logrotate.c | 24 ++++++++++++++++++++++-- + logrotate.spec.in | 3 +-- + test/Makefile.am | 1 + + test/test-0087.sh | 1 + + test/test-0092.sh | 20 ++++++++++++++++++++ + test/test-config.92.in | 4 ++++ + 6 files changed, 49 insertions(+), 4 deletions(-) + create mode 100755 test/test-0092.sh + create mode 100644 test/test-config.92.in + +Index: logrotate-3.18.1/logrotate.c +=================================================================== +--- logrotate-3.18.1.orig/logrotate.c ++++ logrotate-3.18.1/logrotate.c +@@ -2581,6 +2581,9 @@ static int writeState(const char *stateF + + close(fdcurr); + ++ /* drop world-readable flag to prevent others from locking */ ++ sb.st_mode &= ~(mode_t)S_IROTH; ++ + fdsave = createOutputFile(tmpFilename, O_RDWR | O_CREAT | O_TRUNC, &sb, prev_acl, 0); + #ifdef WITH_ACL + if (prev_acl) { +@@ -2914,15 +2917,17 @@ static int readState(const char *stateFi + + static int lockState(const char *stateFilename, int skip_state_lock) + { ++ struct stat sb; ++ + int lockFd = open(stateFilename, O_RDWR | O_CLOEXEC); + if (lockFd == -1) { + if (errno == ENOENT) { + message(MESS_DEBUG, "Creating stub state file: %s\n", + stateFilename); + +- /* create a stub state file with mode 0644 */ ++ /* create a stub state file with mode 0640 */ + lockFd = open(stateFilename, O_CREAT | O_EXCL | O_WRONLY, +- S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH); ++ S_IWUSR | S_IRUSR | S_IRGRP); + if (lockFd == -1) { + message(MESS_ERROR, "error creating stub state file %s: %s\n", + stateFilename, strerror(errno)); +@@ -2940,6 +2945,22 @@ static int lockState(const char *stateFi + stateFilename); + close(lockFd); + return 0; ++ } ++ ++ if (fstat(lockFd, &sb) == -1) { ++ message(MESS_ERROR, "error stat()ing state file %s: %s\n", ++ stateFilename, strerror(errno)); ++ close(lockFd); ++ return 1; ++ } ++ ++ if (sb.st_mode & S_IROTH) { ++ message(MESS_ERROR, "state file %s is world-readable and thus can" ++ " be locked from other unprivileged users." ++ " Skipping lock acquisition...\n", ++ stateFilename); ++ close(lockFd); ++ return 0; + } + + if (flock(lockFd, LOCK_EX | LOCK_NB) == -1) { +Index: logrotate-3.18.1/logrotate.spec.in +=================================================================== +--- logrotate-3.18.1.orig/logrotate.spec.in ++++ logrotate-3.18.1/logrotate.spec.in +@@ -41,7 +41,6 @@ install -p -m 644 examples/logrotate.con + install -p -m 644 examples/btmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/btmp + install -p -m 644 examples/wtmp $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/wtmp + install -p -m 755 examples/logrotate.cron $RPM_BUILD_ROOT%{_sysconfdir}/cron.daily/logrotate +-touch $RPM_BUILD_ROOT%{_localstatedir}/lib/logrotate.status + + %clean + rm -rf $RPM_BUILD_ROOT +@@ -55,4 +54,4 @@ rm -rf $RPM_BUILD_ROOT + %attr(0755, root, root) %{_sysconfdir}/cron.daily/logrotate + %attr(0644, root, root) %config(noreplace) %{_sysconfdir}/logrotate.conf + %attr(0755, root, root) %{_sysconfdir}/logrotate.d +-%attr(0644, root, root) %verify(not size md5 mtime) %config(noreplace) %{_localstatedir}/lib/logrotate.status ++%ghost %attr(0640, root, root) %verify(not size md5 mtime) %{_localstatedir}/lib/logrotate.status +Index: logrotate-3.18.1/test/Makefile.am +=================================================================== +--- logrotate-3.18.1.orig/test/Makefile.am ++++ logrotate-3.18.1/test/Makefile.am +@@ -87,6 +87,7 @@ TEST_CASES = \ + test-0086.sh \ + test-0087.sh \ + test-0088.sh \ ++ test-0092.sh \ + test-0100.sh \ + test-0101.sh + +Index: logrotate-3.18.1/test/test-0087.sh +=================================================================== +--- logrotate-3.18.1.orig/test/test-0087.sh ++++ logrotate-3.18.1/test/test-0087.sh +@@ -8,6 +8,7 @@ cleanup 87 + preptest test.log 87 1 + + touch state ++chmod 0640 state + + $RLR test-config.87 -f & + +Index: logrotate-3.18.1/test/test-0092.sh +=================================================================== +--- /dev/null ++++ logrotate-3.18.1/test/test-0092.sh +@@ -0,0 +1,20 @@ ++#!/bin/sh ++ ++. ./test-common.sh ++ ++# check state file locking ++cleanup 92 ++ ++preptest test.log 92 1 ++ ++touch state ++chmod 0644 state ++flock state -c "sleep 10" & ++ ++$RLR -f test-config.92 || exit 23 ++ ++checkoutput < +Date: Mon Jul 26 19:35:00 2021 +0200 + + Do not warn on key value pair separated by only an equal sign + + Do not warn if a configuration directive is specified with the key and + value separated by just an equal sign, like: + + size=+2048k + + The warning is intended for the usage of: + + size2048k + + Fixes: 2b588b5e ("Log if keyword is not properly separated") + Fixes: #410 + +Index: logrotate-3.18.1/config.c +=================================================================== +--- logrotate-3.18.1.orig/config.c ++++ logrotate-3.18.1/config.c +@@ -1097,7 +1097,7 @@ static int readConfigFile(const char *co + configFile, lineNum); + RAISE_ERROR(); + } +- if (!isspace((unsigned char)*start)) { ++ if (!isspace((unsigned char)*start) && *start != '=') { + message(MESS_ERROR, "%s:%d keyword '%s' not properly" + " separated, found %#x\n", + configFile, lineNum, key, *start); diff --git a/logrotate-enforce-stricter-parsing-extra-tests.patch b/logrotate-enforce-stricter-parsing-extra-tests.patch new file mode 100644 index 0000000..264868c --- /dev/null +++ b/logrotate-enforce-stricter-parsing-extra-tests.patch @@ -0,0 +1,140 @@ +From 1ee058d5eab4d1ba2c43ecf28a0ff2181d74c821 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 13 Dec 2021 21:47:16 +0100 +Subject: [PATCH] Add more testcases for stricter configuration parsing + +--- + test/Makefile.am | 4 +++- + test/test-0102.sh | 5 +++++ + test/test-0103.sh | 5 +++++ + test/test-0104.sh | 19 +++++++++++++++++++ + test/test-0105.sh | 25 +++++++++++++++++++++++++ + test/test-config.104.in | 8 ++++++++ + test/test-config.105.in | 8 ++++++++ + 7 files changed, 73 insertions(+), 1 deletion(-) + create mode 100755 test/test-0104.sh + create mode 100755 test/test-0105.sh + create mode 100644 test/test-config.104.in + create mode 100644 test/test-config.105.in + +Index: logrotate-3.18.1/test/Makefile.am +=================================================================== +--- logrotate-3.18.1.orig/test/Makefile.am ++++ logrotate-3.18.1/test/Makefile.am +@@ -91,7 +91,9 @@ TEST_CASES = \ + test-0100.sh \ + test-0101.sh \ + test-0102.sh \ +- test-0103.sh ++ test-0103.sh \ ++ test-0104.sh \ ++ test-0105.sh + + EXTRA_DIST = \ + compress \ +Index: logrotate-3.18.1/test/test-0102.sh +=================================================================== +--- logrotate-3.18.1.orig/test/test-0102.sh ++++ logrotate-3.18.1/test/test-0102.sh +@@ -14,3 +14,8 @@ if [ $? -eq 0 ]; then + echo "No error, but there should be one." + exit 3 + fi ++ ++checkoutput < +Date: Thu, 21 Oct 2021 09:47:57 +0000 +Subject: [PATCH] config.c: enforce stricter parsing of config files + +Abort parsing of config files that contain invalid lines. +This makes it harder to abuse logrotate for privilege escalation +attacks where an attacker can partially control a privileged file write. +--- + ChangeLog.md | 1 + + config.c | 7 ++++--- + test/Makefile.am | 4 +++- + test/test-0102.sh | 16 ++++++++++++++++ + test/test-0103.sh | 16 ++++++++++++++++ + test/test-config.102.in | 10 ++++++++++ + test/test-config.103.in | 12 ++++++++++++ + 7 files changed, 62 insertions(+), 4 deletions(-) + create mode 100755 test/test-0102.sh + create mode 100755 test/test-0103.sh + create mode 100644 test/test-config.102.in + create mode 100644 test/test-config.103.in + +Index: logrotate-3.18.1/ChangeLog.md +=================================================================== +--- logrotate-3.18.1.orig/ChangeLog.md ++++ logrotate-3.18.1/ChangeLog.md +@@ -5,6 +5,7 @@ All notable changes to this project will + ## [UNRELEASED] + + [UNRELEASED]: https://github.com/logrotate/logrotate/compare/3.18.1...master ++ - enforce stricter parsing of configuration files + + ## [3.18.1] - 2021-05-21 + - fix memory leaks on error-handling paths (#383, #387) +Index: logrotate-3.18.1/config.c +=================================================================== +--- logrotate-3.18.1.orig/config.c ++++ logrotate-3.18.1/config.c +@@ -1095,12 +1095,13 @@ static int readConfigFile(const char *co + if (key == NULL) { + message(MESS_ERROR, "%s:%d failed to parse keyword\n", + configFile, lineNum); +- continue; ++ RAISE_ERROR(); + } + if (!isspace((unsigned char)*start)) { +- message(MESS_NORMAL, "%s:%d keyword '%s' not properly" ++ message(MESS_ERROR, "%s:%d keyword '%s' not properly" + " separated, found %#x\n", + configFile, lineNum, key, *start); ++ RAISE_ERROR(); + } + if (!strcmp(key, "compress")) { + newlog->flags |= LOG_FLAG_COMPRESS; +@@ -1978,7 +1979,7 @@ duperror: + message(MESS_ERROR, "%s:%d lines must begin with a keyword " + "or a filename (possibly in double quotes)\n", + configFile, lineNum); +- state = STATE_SKIP_LINE; ++ RAISE_ERROR(); + } + break; + case STATE_SKIP_LINE: +Index: logrotate-3.18.1/test/Makefile.am +=================================================================== +--- logrotate-3.18.1.orig/test/Makefile.am ++++ logrotate-3.18.1/test/Makefile.am +@@ -89,7 +89,9 @@ TEST_CASES = \ + test-0088.sh \ + test-0092.sh \ + test-0100.sh \ +- test-0101.sh ++ test-0101.sh \ ++ test-0102.sh \ ++ test-0103.sh + + EXTRA_DIST = \ + compress \ +Index: logrotate-3.18.1/test/test-0102.sh +=================================================================== +--- /dev/null ++++ logrotate-3.18.1/test/test-0102.sh +@@ -0,0 +1,16 @@ ++#!/bin/sh ++ ++. ./test-common.sh ++ ++cleanup 102 ++ ++# ------------------------------- Test 102 ------------------------------------ ++# test invalid config file with binary content ++preptest test.log 102 1 ++ ++$RLR test-config.102 --force ++ ++if [ $? -eq 0 ]; then ++ echo "No error, but there should be one." ++ exit 3 ++fi +Index: logrotate-3.18.1/test/test-0103.sh +=================================================================== +--- /dev/null ++++ logrotate-3.18.1/test/test-0103.sh +@@ -0,0 +1,16 @@ ++#!/bin/sh ++ ++. ./test-common.sh ++ ++cleanup 103 ++ ++# ------------------------------- Test 103 ------------------------------------ ++# test invalid config file with unknown keywords ++preptest test.log 103 1 ++ ++$RLR test-config.103 --force ++ ++if [ $? -eq 0 ]; then ++ echo "No error, but there should be one." ++ exit 3 ++fi +Index: logrotate-3.18.1/test/test-config.102.in +=================================================================== +--- /dev/null ++++ logrotate-3.18.1/test/test-config.102.in +@@ -0,0 +1,10 @@ ++ELF ++ ++&DIR&/test.log { ++ daily ++ size=0 ++ ++firstaction ++ /bin/sh -c "echo test123" ++ endscript ++} +Index: logrotate-3.18.1/test/test-config.103.in +=================================================================== +--- /dev/null ++++ logrotate-3.18.1/test/test-config.103.in +@@ -0,0 +1,12 @@ ++random noise ++a b c d ++a::x ++ ++&DIR&/test.log { ++ daily ++ size=0 ++ ++firstaction ++ /bin/sh -c "echo test123" ++ endscript ++} diff --git a/logrotate-rpmlintrc b/logrotate-rpmlintrc new file mode 100644 index 0000000..16a19dc --- /dev/null +++ b/logrotate-rpmlintrc @@ -0,0 +1 @@ +addFilter(".*incoherent-logrotate-file /etc/logrotate.d/wtmp") diff --git a/logrotate.changes b/logrotate.changes new file mode 100644 index 0000000..8ec8157 --- /dev/null +++ b/logrotate.changes @@ -0,0 +1,534 @@ +* Wed Jun 15 2022 david.anes@suse.com +- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864) + * enforce stricter parsing to avoid CVE-2021-3864 + * Added patch logrotate-enforce-stricter-parsing.patch + * Added patch logrotate-enforce-stricter-parsing-extra-tests.patch +* Tue Jun 7 2022 manfred.h@gmx.net +- Fix "logrotate emits unintended warning: keyword size not properly + separated, found 0x3d" (bsc#1200278, bsc#1200802): + * Added patch logrotate-dont_warn_on_size=_syntax.patch +* Thu May 19 2022 david.anes@suse.com +- Security fix: (bsc#1199652, CVE-2022-1348) + * insecure permissions for state file creation + * Added patch logrotate-CVE-2022-1348.patch + * Added patch logrotate-CVE-2022-1348-follow-up.patch +* Thu May 27 2021 dmueller@suse.com +- update to 3.18.1: + * fix memory leaks on error-handling paths + * make `renamecopy` and `copytruncate` override each other + * improve error handling in the parser of configuration files + * improve user experience for non-privileged users of logrotate +* Wed Feb 3 2021 pmonreal@suse.com +- Update to 3.18.0: + * Allow UIDs and GIDs to be specified numerically + * Add support for Zstandard compressed files + * Make delaycompress not to fail with rotate 0 +* Tue Jul 28 2020 pmonreal@suse.com +- Update to 3.17.0: + * lock state file to prevent parallel execution of logrotate + * add '.bak' extension to default taboo list + * allow to pass a home-relative path to 'include' + * 'switch_user_permanently': skip switchback check if switched to root + * logrotate.service: enable 'ProtectClock' to restrict setting of clock + * delete old logs hit by 'maxage' regardless of 'dateext' +* Wed Apr 15 2020 kukuk@suse.com +- Require /usr/bin/xz instead of xz to make it working with busybox +* Mon Mar 2 2020 tchvatal@suse.com +- Update to 3.16.0 bsc#1160281: + * fix compilation with gcc-10, which defaults to -fno-common (#288) + * reduce number of open() operations on state file (#282) + * validate user/group given to the su directive early (#276) + * add hardening options to systemd unit file in examples (#274, #291) + * fix crash of logrotate on invalid configuration with include (#271) + * fix heap buffer overflow on too long logfile extension (#270) +* Wed Jan 8 2020 tchvatal@suse.com +- Update to 3.15.1: + * use correct create mode in examples/btmp (#257) + * fix several bugs found by fuzzing (#254) + * do not abort globbing on a broken symlink (#251) + * rearrange logrotate.8 man page to improve readability (#248) + * encourage admins to use the su directive in logrotate.8 man page (#236) +* Thu Jan 2 2020 kukuk@suse.de +- Use systemd_ordering instead of systemd_requires +* Thu Apr 4 2019 pmonrealgonzalez@suse.com +- Version update to 3.15.0: + * timer unit: change trigger fuzz from 12h to 1h + * service unit: only run if /var/log is mounted + * preserve fractional part of timestamps when compressing + * re-indent source code using spaces only + * minage: avoid rounding issue while comparing the amount of seconds + * never remove old log files if rotate -1 is specified + * return non-zero exit status if a config file contains an error + * make copytruncate work with rotate 0 + * warn user if both size and the time interval options are used + * pass rotated log file name as the 2nd argument of the postrotate + script when sharedscript is not enabled + * rename logrotate-default to logrotate.conf +- Added asc file. +* Thu Sep 13 2018 tchvatal@suse.com +- Rebase the logrotate-3.13.0-systemd_add_home_env.patch to be + unified patch again +* Mon Sep 10 2018 jengelh@inai.de +- Use noun phrase. Trim filler wording from description. + Add a note that it is unrelated to journald. +* Fri Sep 7 2018 liedke@rz.uni-mannheim.de +- Version update to 3.14.0: + * make configure show support status for SELinux and ACL at the end + * make logrotate build again on FreeBSD + * move wtmp and btmp definitions from logrotate.conf to + separate configuration files in logrotate.d + * print a warning about logrotate doing nothing when -d is used + * do not reject executable config files + * add hardening options to logrotate.service in examples + * fix spurious compressor failure when using su and compress + * keep logrotate version in .tarball-version in release tarballs + * introduce the hourago configuration directive + * ignore empty patterns in tabooext to avoid exclusion of everything + * properly report skipped test cases instead of pretending success +* Thu Jun 7 2018 kstreitova@suse.com +- Add "Environment=HOME=/root" to logrotate.service file in order + to allow mariadb to rotate its logs when the database has a root + password defined [bsc#1093617] +- Added patch: + * logrotate-3.13.0-systemd_add_home_env.patch +* Tue Apr 3 2018 kukuk@suse.de +- Use %%license instead of %%doc [bsc#1082318] +* Fri Jan 5 2018 pmonrealgonzalez@suse.com +- Version update to 3.13.0: + * make distribution tarballs report logrotate version properly + * make (un)compress work even if stdin and/or stdout are closed (#154) + * remove -s from DEFAULT_MAIL_COMMAND and improve its documenation (#152) + * uncompress logs before mailing them even if delaycompress is enabled (#151) + * handle unlink of a non-existing log file as a warning only (#144) + * include compile-time options in the output of logrotate --version (#145) + * make logrotate --version print to stdout instead of stderr (#145) + * flush write buffers before syncing state file (#148) + * specify (un)compress utility explicitly in tests (#137) + * enable running tests in parallel (#132) + * explicitly map root UID/GID to 0 on Cygwin (#133) + * add .dpkg-bak and .dpkg-del to default tabooext list (#134) +* Fri Jul 7 2017 tchvatal@suse.com +- Version update to 3.12.3: + * Fixed accident removal of rotated files with dateext. (#118) + * Line comments inside globs in config files are now skipped. (#109) + * logrotate now recovers from a corrupted state file. (#45) + * createolddir now creates old directory as unprivileged user. (#114) + * weekly rotations are now predictable and configurable. (#93) + * Errors in config files are no longer treated as fatal errors. (#81) + * configure --with-default-mail-command specifies default mail command. (#100) + * Fixed heap buffer overflow when parsing crafted config file. (#33) + * build fixes related to -Werror (#119) and -Werror=format= (#108) + * configure --enable-werror now controls use of the -Werror flag (#123) + * copy and copytruncate directives now work together again + * unlink() is no longer preceded by open() unless shred is enabled (#124) + * compress and uncompress now take commands from $PATH, too (#122) +- By default disable werror while building +* Fri Jul 7 2017 tchvatal@suse.com +- Remove aaa_base compat setting that is from 2003, we do not + support such migration anymore +* Wed Dec 28 2016 tchvatal@suse.com +- Version update to 3.11.0: + * Merges from distribution patchsets and small fixes around +- Remove all patches merged upstream: + * logrotate-addextension.patch + * logrotate-autoext.patch + * logrotate-conf.patch + * logrotate-fix-test62_with_bash-4.4.patch + * logrotate-manpage_config_clarification.patch + * logrotate-var-lib-misc.patch + * logrotate-3.7.8-suse.patch +* Mon Nov 21 2016 tchvatal@suse.com +- Fix post scriptlet condition bnc#1011120 +* Sat Nov 12 2016 kukuk@suse.de +- Move logrotate.status to /var/lib/misc following FHS/LSB and + making implementing read-only root filesystem much easier. + [FATE#322036] +- Add patch: + * logrotate-var-lib-misc.patch +* Wed Oct 5 2016 tchvatal@suse.com +- Version update to 3.10.0 fate#322037: + * Update url to point to github +- Remove upstreamed patch: + * logrotate-3.7.8-mess_err.patch +- Rebase patches: + * logrotate-3.7.8-suse.patch + * logrotate-addextension.patch + * logrotate-autoext.patch + * logrotate-fix-test62_with_bash-4.4.patch +* Mon Oct 3 2016 dimstar@opensuse.org +- Add logrotate-fix-test62_with_bash-4.4.patch: Fix the test suite + when running with bash 4.4 (gh#logrotate/logrotate#66). +* Mon Jun 22 2015 kstreitova@suse.com +- update to 3.9.1 + * 3.9.1 + - Fix off-by-one error which can lead to crash when copytruncate + is used. + * 3.9.0 + - Fix crash when using long dateformat. [nmerdan] + - Add support for %%H dateformat. [czchen] + - Fix regression introduced in 3.8.9 when when rotating multiple + logs when one of them is missing. + - In the debug mode, do not skip the code-path which handles the + case when the last rotation does not exist. [Sergey Vidishev] + - Show more precise description when "log does not need rotating". + - Add new -l option to log verbose output to file. The file is + overwritten on every logrotate execution. + - Allow rotation of sparse files with copytruncate. + * update logrotate-addextension.patch +- use spec-cleaner +- remove unused PreReq tags +* Tue May 19 2015 crrodriguez@opensuse.org +- Enable Persistent timer since we are now in systemd 219. +* Fri Feb 20 2015 p.drouand@gmail.com +- Update to version 3.8.9 + * Add new directive "createolddir" and "nocreateolddir". These directives + can be used to create the directory specified by olddir with particular + "mode", "owner" and "group". + * Continue with rotation even when first log from logset is removed + during the rotation. + * Fix crash on BSD systems introduced in 3.8.8 caused by different qsort_r + function. Function qsort is now used instead. + * Fix potential buffer overflow in usage of strncat function. + * Fix compilation with musl-libc. + * Add experimental 'renamecopy' directive to allow 'olddir' on different + physical device. See the "man logrotate" for more information. +- Remove logrotate-fail_if_ENOENT_and_nomissingok.patch; merged on + upstream release +- Updated patches + * logrotate-3.7.8-addextension.patch > logrotate-addextension.patch + * logrotate-3.7.8-autoext.patch > logrotate-autoext.patch + * logrotate-3.7.8-conf.patch > logrotate-conf.patch + * logrotate-manpage_config_clarification.patch +- Remove redunant %%clean section +* Thu Jun 26 2014 vcizek@suse.com +- temporarily remove the 'Persistent' option from logrotate.timer + * our current systemd doesn't support it yet (bnc#884338) +* Thu Apr 3 2014 crrodriguez@opensuse.org +- Also, avoid logrotate unit activation when the system is + on battery power. +* Thu Apr 3 2014 crrodriguez@opensuse.org +- BuildRequire systemd 197 or later. +* Wed Apr 2 2014 crrodriguez@opensuse.org +- Migrate from cron to systemd timer units, this is overall + the most important package to migrate since it is one + of the very few base components that hard-require cron. +* Tue Apr 1 2014 vcizek@suse.com +- return error when nomissingok is specified and the log path + doesn't exist (bnc#871217) + * added logrotate-fail_if_ENOENT_and_nomissingok.patch +* Thu Nov 7 2013 sweet_f_a@gmx.de +- enable acl support to preserve ACLs during rotation +* Thu Nov 7 2013 sweet_f_a@gmx.de +- update to 3.8.7, fix bnc#849436 +- Changelog 3.8.7: + * Fixed --force/-f option handling together with "size" directive + (3.8.5 regression). + * Use "logrotate_tmp_t" context for SELinux tests and if this + context does not exist, skip SELinux related tests. +- Changelog 3.8.6 + * Fixed memory corruption caused by rotation directory which + does not exist with "sharedscripts" together with "prerotate" + script. +* Tue Aug 20 2013 vcizek@suse.com +- install COPYING file (bnc#817870) +* Thu Aug 1 2013 vcizek@suse.com +- mention in the manpage that = is an allowed separator in the + config file (bnc#831072) + * added logrotate-manpage_config_clarification.patch +* Thu Jul 25 2013 vcizek@suse.com +- update to 3.8.5 + * dropped logrotate-3.7.9-compressoptions.patch (upstream) + * refreshed other patches + Changelog: + - Improved rotation during daylight saving time and between timezone + changes. + - Fixed ACL setting problem caused by ext3 erroneously reporting ENOSYS + instead of ENOSUP. + - Do not continue with rotation if state file is corrupted. + - Make logrotate.status creation atomic. + - Allow "hourly" rotation. See manpage for more information. + - Use "/bin/echo" in tests. Fixes tests execution in Dash. + - Do no try to parse config files bigger than 16MB. + - Improved manpage consistency and formatting. + - Fix race condition between acl_set_fd() and fchmod(). + - Added --version command line option + - Disable ACL tests if logrotate is not compiled WITH_ACL support or if + ACLs are not supported by the system running tests + - Disable SELinux tests if logrotate is not compiled WITH_SELINUX support + or if SELinux is not supported by the system running tests + - Fixed bug which prevented skipping particular log file config + if the config contained errors. + - Fixed skipping of configs containing firstaction/lastaction scripts + with '}' character in case of error before these scripts. + - Support also 'K' unit for *size directives. + - Added preremove option to let admin to do something with the old logs + before they are removed by logrotate. + - Fixed possible loop in tabooext parsing. + - Move code to set SELinux context before compressLogFile calls to create + compressed log files with the proper context. + - Call prerotate/postrotate script only for really rotated files in + nosharedscripts mode (as stated in man page). + - Fixed setting "size" bigger than 4GB on 32bit architectures + - Do not overwrite mode set by "create" option when using ACL. "create" + directive is now not mixed up with ACLs. If you use "create" in config + file and log file has some ACLs set, ACLs are not kept and are + overwritten by the mode set in "create" directive. + - Mode argument in "create" directive can be omitted. Only owner and group + is set in this case. Check man page for more info. + - show error and ignore config if '{' is not present after log files + declaration + - support whitespaces in compressoptions directive + - support for tilde expansion in config files + - 'su' directive does not affect script execution - scripts + are executed as a root if 'su' directive is present + - fixed mail sending for 'mailfirst', 'dateext' and 'delaycompress' + combination + - do not use gzip/gunzip from /usr/local on Solaris + - add O_NOFOLLOW when opening files as safeguard against symlink tricks. + Symlinks rotation is now officially unsupported. It didn't work + as expected in the past anyway. + - do not run external programs with uid != euid + - fixed potential bad-free when ACL is used + - Do not include alloca.h on NetBSD, since alloca() is declared in + stdlib.h there +* Tue Apr 16 2013 mmeister@suse.com +- Added url as source. + Please see http://en.opensuse.org/SourceUrls +* Fri Sep 30 2011 uli@suse.com +- cross-build fix: use %%__cc macro +* Wed Sep 7 2011 vcizek@suse.com +- update to 3.8.1 +- dropped CVE patches as they were merged to upstream +- changelog + - fixed 1 memory leak in prerotateSingleLog + - do not redirect logrotate errors to /dev/null in cron script + - fixed "size" directive parsing + - handle situation when acl_get_fd is supported, but acl_set_fd is not + - added "maxsize" directive (see man page) + - added "dateyesterday" option (see man page) + - fixed crash when config file had exactly 4096*N bytes + - added WITH_ACL make option to link against -lacl and preserve ACLs + during rotation + - added "su" option to define user/group for rotation. Logrotate now + skips directories which are world writable or writable by group + which is not "root" unless "su" directive is used. + - fixed CVE-2011-1098: race condition by creation of new files + - fixed possible shell injection when using "shred" directive (CVE-2011-1154) + - fixed escaping of file names within 'write state' action (CVE-2011-1155) + - better 'size' directive description + - fixed possible buffer-overflow when reading config files +* Wed Sep 7 2011 vcizek@suse.com +- allow whitespace separated options in compressoptions (bnc#711780) +* Mon Jul 25 2011 jengelh@medozas.de +- Change compression scheme to xz +* Tue May 10 2011 puzel@novell.com +- add logrotate-CVE-2011-1098.patch (bnc#677336) +- add logrotate-shred-CVE-2011-1154.patch (bnc#679661) +- add logrotate-CVE-2011-1155.patch (bnc#679662) +- use spec-cleaner +* Thu Nov 18 2010 lnussel@suse.de +- also rotate /var/log/btmp +* Tue Sep 14 2010 puzel@novell.com +- use proper syslog facility/priority in logrotate cron + script (bnc#636236) +* Tue Aug 17 2010 puzel@novell.com +- update to logrotate-3.7.9 + - don't copy config files on the stack -- mmap them instead + (fixes segfaults with too large/invalid config files) + - symlinked conf file man page as requested by Fedora guidelines + - added rotating (copying) non-writable, readable files + - fixed missingok problem with globs + - fixed bug when log files could be removed even there was + some error in rotation process. + - allow setting size greater than 4.2GB in configuration file + - pass currently rotated file to postrotate/prerotate script + in nosharedscripts mode + - added new TabooExts: ".disabled", ".dpkg-old", ".dpkg-dist", + ".dpkg-new", ".cfsaved", ".ucf-old", ".ucf-dist", ".ucf-new" + - Don't change utime atime/mtime when compressing files + - Better *rotate scripts parser. + - Allow 'include' directive in log file definitions +- merge logrotate-3.7.8-cron-check-for-another-instance.patch into + logrotate-3.7.8-suse.patch +- add logrotate-rpmlintrc: suppress false-positive rpmlint warning +* Sun Dec 20 2009 jengelh@medozas.de +- enable parallel build +* Fri Mar 6 2009 puzel@suse.cz +- update to 3.7.8 + - do not exit on status file errors + - limit config file inclusion nesting + - use hashes for status file handling + - dateformat to allow unixtime + - manual page corrections +- drop hashes patch (upstream) +* Wed Dec 10 2008 schwab@suse.de +- Fix compresscmd default. +* Tue Oct 21 2008 puzel@suse.cz +- logrotate-3.7.7-hashes.patch (bnc#415072) +* Tue Sep 30 2008 puzel@suse.cz +- use chekcproc in logrotate.cron script instead of pgrep (bnc#426162) +* Wed Sep 3 2008 puzel@suse.cz +- update to 3.7.7 + - dateformat + - fix possible buffer overflows in strings handling + - change logInfo handling + - fix compile warnings + - tabooext honor wildcards + - fix selinux support with dateext + - various minor bugfixes +- removed logrotate-3.7.5-errorHandling.patch, logrotate-3.7.5-shred.patch, + logrotate-3.7.5-cfengine.patch, logrotate-3.7.5-date.patch, + logrotate-3.7.5-logfn.patch + - merged to upstream +* Mon Aug 25 2008 prusnak@suse.cz +- enabled SELinux support [Fate#303662] +* Wed Aug 20 2008 puzel@suse.cz +- added logrotate-3.7.5-cron-check-for-another-instance.patch + - cronjob exits immediately if there is another logrotate instance + running + - fixes (bnc#415072) +* Thu Aug 14 2008 puzel@suse.cz +- fix rpmlint warnings: + - make test moved to %%check section + - require cron +* Thu Jan 31 2008 ro@suse.de +- log error if target file already exists + (upgrade from MESS_DEBUG to MESS_ERROR) +* Wed Oct 31 2007 ro@suse.de +- added bzip2 as dependency since it's used as default compressor + (#334555) +* Thu Aug 16 2007 ro@suse.de +- update to 3.7.5 with some bugfixes containing: + - 251040 config option size not handled correctly +- added the current fedora patchkit which adds shred support +* Mon Aug 7 2006 ro@suse.de +- try adding new option "addextension" which provides what + some users expected the old "extension" keyword to do +* Wed Jun 21 2006 ro@suse.de +- update to 3.7.4 + - adds the "minsize" option +- clean up comments in sample logrotate.conf (#183440) +* Wed Jan 25 2006 mls@suse.de +- converted neededforbuild to BuildRequires +* Wed Jan 11 2006 ro@suse.de +- fixed segfault in autoext patch (#142021) +* Fri Dec 9 2005 ro@suse.de +- updated to 3.7.3 +- removed upstreamed patches +- added autoext patch for determining file extension + from used compression program +* Tue Oct 18 2005 ro@suse.de +- update to upstream patchkit +* Tue Oct 11 2005 ro@suse.de +- update to 3.7.2 and some upstream patches +* Mon Oct 10 2005 ro@suse.de +- fix else case in maxage patch (thanks to pvrabec) +* Tue Jul 26 2005 ro@suse.de +- added noTMPDIR and selinux patches +* Thu May 19 2005 ro@suse.de +- update to 3.7.1 +* Wed Apr 20 2005 ro@suse.de +- cron-script: give some more details when things fail +* Mon Sep 6 2004 ro@suse.de +- changed patch sequence, simple ones first +- added one-liner fix from cvs +- fix mail call +- fix uninitialized variable when mailing out first rotation +- fix number of logs kept with dateext +* Thu Mar 25 2004 ro@suse.de +- adapted logger path (#36947) +* Mon Feb 23 2004 ro@suse.de +- update to version 3.7 +* Fri Oct 17 2003 ro@suse.de +- don't build as root +- use defattr +* Mon Oct 13 2003 ro@suse.de +- updated to 3.6.10 and ported patches +* Thu Jun 12 2003 kukuk@suse.de +- /etc/logrotate.d is part of filesystem +* Thu Jan 23 2003 ro@suse.de +- update to 3.6.6 (some tmpfile fixes, new options supported) +- remove system-config /etc/logrotate.d/aaa_base and all code + messing with it (all logrotate configs have been moved to + their respective packages) +- add /etc/logrotate.d/wtmp +* Wed Jan 22 2003 ro@suse.de +- remove mgetty logfiles +* Mon Jan 20 2003 ro@suse.de +- remove i4l logfiles +* Wed Jan 15 2003 ro@suse.de +- removed xdm logfile from main config (in XFree86 now) +* Wed Jan 15 2003 ro@suse.de +- removed more files from main config and moved to their packages +* Sun Nov 10 2002 ro@suse.de +- fix deprecated multiline string literals +* Mon Oct 14 2002 ro@suse.de +- remove postgresql logfile from config on update (#20860) +* Mon Oct 14 2002 ro@suse.de +- moved syslog logrotation config to syslogd package +* Mon Sep 23 2002 ro@suse.de +- mark logrotate.del as missingok +* Mon Sep 9 2002 ro@suse.de +- remove handling of /var/account/pacct (moved to acct package) +* Fri Aug 16 2002 ro@suse.de +- dropped insserv from prereq (not used) +* Mon Aug 5 2002 kukuk@suse.de +- Add rm and mv to PreRequires +* Tue Jul 30 2002 ro@suse.de +- fixed typo in specfile +- added comment in config-file about bzip2 usage +* Mon Jul 29 2002 ro@suse.de +- removed fetchmail logrotate entry (#17279) +* Mon Jul 29 2002 ro@suse.de +- removed apache,smail,perforce,abuild components +- remove old entries also from logrotate.d/aaa_base on update +* Mon Jul 29 2002 ro@suse.de +- squid components removed (done in squid package now) (#17278) +* Fri Jul 19 2002 gd@suse.de +- fixed samba log paths +* Fri Jul 12 2002 kukuk@suse.de +- Fix post-install script for the case that there is no rc.config +* Mon Jun 24 2002 ro@suse.de +- fixed squid log paths (#16557) +* Wed May 8 2002 ro@suse.de +- uucp-logfiles are handled by own config +* Mon Mar 18 2002 ro@suse.de +- don't rotate any file for /var/log/news.* +* Thu Feb 28 2002 ro@suse.de +- don't overwrite logfiles with dateext if run more than once + a day (partial solution for #13202) +* Mon Feb 25 2002 ro@suse.de +- install etc_logfiles as 644 +* Mon Feb 18 2002 ro@suse.de +- removed yast from logrotate.d +* Sat Feb 16 2002 ro@suse.de +- removed postgresql logfile (handled by package) +* Sun Jan 6 2002 ro@suse.de +- take wtmp out of default config +* Fri Dec 14 2001 ro@suse.de +- really remove old variable from rc.config +* Wed Dec 12 2001 ro@suse.de +- mark files in /etc/logrotate.d as noreplace +* Tue Dec 11 2001 ro@suse.de +- implement maxage if dateext is not used +- uncompress log for mail if maillast is used +* Mon Dec 10 2001 ro@suse.de +- added etc_logfiles as reminder to sources +- moved convert script into postinstall and try to find + old etc/logfiles and use etc_logfiles as fallback +- added yast and syslog to /etc/logrotate.d as config files +* Mon Dec 10 2001 ro@suse.de +- added maxage extension +* Thu Dec 6 2001 ro@suse.de +- split patches for purpose +* Tue Dec 4 2001 ro@suse.de +- archiving option changed to "dateext" and + works completely transparent otherwise +* Tue Nov 27 2001 ro@suse.de +- added multiple rotation criteria can be selected at one time +- added/completed implementation for days (max days) +* Mon Nov 26 2001 ro@suse.de +- added archiving option +- added script to convert /etc/logfiles +* Tue Nov 13 2001 ro@suse.de +- initial package for SuSE Linux (version 3.5.9) diff --git a/logrotate.default b/logrotate.default new file mode 100644 index 0000000..1693421 --- /dev/null +++ b/logrotate.default @@ -0,0 +1,23 @@ +# see "man logrotate" for details +# rotate log files weekly +weekly + +# keep 4 weeks worth of backlogs +rotate 4 + +# create new (empty) log files after rotating old ones +create + +# use date as a suffix of the rotated file +dateext + +# uncomment this if you want your log files compressed +compress + +# comment these to switch compression to use gzip or another +# compression scheme +compresscmd /usr/bin/xz +uncompresscmd /usr/bin/xzdec + +# RPM packages drop log rotation information into this directory +include /etc/logrotate.d diff --git a/logrotate.spec b/logrotate.spec new file mode 100644 index 0000000..1c4e901 --- /dev/null +++ b/logrotate.spec @@ -0,0 +1,110 @@ +# +# spec file for package logrotate +# +# Copyright (c) 2022-2023 ZhuningOS +# + + +Name: logrotate +Version: 3.18.1 +Release: 150400.3.7.1 +Summary: Cron service for rotating, compressing, mailing and removing system log files +License: GPL-2.0-or-later +Group: System/Base +URL: https://github.com/logrotate/logrotate +Source0: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz +# SUSE specific logrotate configurations +Source1: logrotate.wtmp +Source2: logrotate.default +Source10: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}.tar.xz.asc +Source100: %{name}-rpmlintrc +Patch0: logrotate-3.13.0-systemd_add_home_env.patch +# PATCH FIX (bsc#1199652, CVE-2022-1348) insecure permissions for state file creation +Patch1: logrotate-CVE-2022-1348.patch +# PATCH FIX UPSTREAM (bsc#1199652, CVE-2022-1348) insecure permissions for state file creation +# follow up patch for CVE: https://github.com/logrotate/logrotate/pull/446 +Patch2: logrotate-CVE-2022-1348-follow-up.patch +# PATCH FIX UPSTREAM (bsc#1192449) Core-dump handing with SUID binaries +# - https://github.com/logrotate/logrotate/pull/427 +# - https://github.com/logrotate/logrotate/pull/431 +Patch3: logrotate-enforce-stricter-parsing.patch +Patch4: logrotate-enforce-stricter-parsing-extra-tests.patch +Patch5: logrotate-dont_warn_on_size=_syntax.patch.patch +BuildRequires: acl +BuildRequires: libacl-devel +BuildRequires: automake +BuildRequires: pkgconfig +BuildRequires: pkgconfig(libselinux) +BuildRequires: pkgconfig(popt) +BuildRequires: pkgconfig(systemd) >= 197 +Requires: %{_bindir}/xz +%{?systemd_ordering} + +%description +The logrotate utility does automatic rotation, compression, mailing and removal +of log files. Logrotate can be set to handle a log file daily, weekly, monthly, +or when the log file reaches a certain size. Normally, logrotate runs as a +daily cron job. + +It manages plain files only and is not involved in systemd's journal rotation. + +%prep +%autosetup -p1 + +%build +autoreconf -fi + +%configure \ + --disable-silent-rules \ + --with-state-file-path=%{_localstatedir}/lib/misc/logrotate.status \ + --disable-werror +%make_build + +%check +# Make all test cases executable to avoid them failing (new +# tests may be introduced by patches, like CVE-2022-1348) +chmod +x test/*.sh + +%make_build check + +%install +%make_install +mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d +install -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/wtmp +install -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.conf +install -D -m 0644 examples/%{name}.service %{buildroot}%{_unitdir}/%{name}.service +install -D -m 0644 examples/%{name}.timer %{buildroot}%{_unitdir}/%{name}.timer +ln -s service %{buildroot}%{_sbindir}/rc%{name} + +%pre +#only the timer can be enabled/disabled/masked ! +%service_add_pre %{name}.service %{name}.timer + +%post +%{remove_and_set MAX_DAYS_FOR_LOG_FILES} +# Move /var/lib/logrotate.status +if [ -f %{_localstatedir}/lib/logrotate.status -a ! -f %{_localstatedir}/lib/misc/logrotate.status ]; then + mv %{_localstatedir}/lib/logrotate.status %{_localstatedir}/lib/misc/logrotate.status ||: +fi + +%service_add_post %{name}.service %{name}.timer + +%preun +%service_del_preun %{name}.service %{name}.timer + +%postun +%service_del_postun %{name}.service %{name}.timer + +%files +%license COPYING +%doc ChangeLog.md README.md +%{_sbindir}/logrotate +%{_sbindir}/rc%{name} +%{_mandir}/man8/logrotate.8%{?ext_man} +%{_mandir}/man5/logrotate.conf.5%{?ext_man} +%config %{_sysconfdir}/logrotate.conf +%config(noreplace) %{_sysconfdir}/logrotate.d/wtmp +%{_unitdir}/%{name}.service +%{_unitdir}/%{name}.timer + +%changelog diff --git a/logrotate.wtmp b/logrotate.wtmp new file mode 100644 index 0000000..44ca4e1 --- /dev/null +++ b/logrotate.wtmp @@ -0,0 +1,10 @@ +/var/log/wtmp /var/log/btmp { + compress + dateext + maxage 365 + rotate 99 + size=+400k + notifempty + missingok + copytruncate +}