From 972dcfcdbfe75dcfeb777150c136576cf1a71e99 Mon Sep 17 00:00:00 2001 From: Tudor Florea Date: Fri, 9 Oct 2015 22:59:03 +0200 Subject: initial commit for Enea Linux 5.0 arm Signed-off-by: Tudor Florea --- .../logrotate/act-as-mv-when-rotate.patch | 134 +++++++++++++++++++++ .../disable-check-different-filesystems.patch | 34 ++++++ .../logrotate/logrotate-CVE-2011-1548.patch | 43 +++++++ .../logrotate/logrotate/update-the-manual.patch | 32 +++++ meta/recipes-extended/logrotate/logrotate_3.8.7.bb | 56 +++++++++ 5 files changed, 299 insertions(+) create mode 100644 meta/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch create mode 100644 meta/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch create mode 100644 meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch create mode 100644 meta/recipes-extended/logrotate/logrotate/update-the-manual.patch create mode 100644 meta/recipes-extended/logrotate/logrotate_3.8.7.bb (limited to 'meta/recipes-extended/logrotate') diff --git a/meta/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch b/meta/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch new file mode 100644 index 0000000000..ce64040d5f --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate/act-as-mv-when-rotate.patch @@ -0,0 +1,134 @@ +Act as the "mv" command when rotate log + +Act as the "mv" command when rotate log, first rename, if failed, then +read and write. + +Upstream-Status: Submitted + +Signed-off-by: Robert Yang +--- + logrotate.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++--------- + 1 file changed, 56 insertions(+), 9 deletions(-) + +diff --git a/logrotate.c b/logrotate.c +index 174a26b..b18b629 100644 +--- a/logrotate.c ++++ b/logrotate.c +@@ -906,6 +906,53 @@ int findNeedRotating(struct logInfo *log, int logNum, int force) + return 0; + } + ++/* Act as the "mv" command, if rename failed, then read the old file and ++ * write to new file. The function which invokes the mvFile will use ++ * the strerror(errorno) to handle the error message, so we don't have ++ * to print the error message here */ ++ ++int mvFile (char *oldName, char *newName, struct logInfo *log, acl_type acl) ++{ ++ struct stat sbprev; ++ int fd_old, fd_new, n; ++ char buf[BUFSIZ]; ++ ++ /* Do the rename first */ ++ if (!rename(oldName, newName)) ++ return 0; ++ ++ /* If the errno is EXDEV, then read old file, write newfile and ++ * remove the oldfile */ ++ if (errno == EXDEV) { ++ /* Open the old file to read */ ++ if ((fd_old = open(oldName, O_RDONLY)) < 0) ++ return 1; ++ ++ /* Create the file to write, keep the same attribute as the old file */ ++ if (stat(oldName, &sbprev)) ++ return 1; ++ else { ++ if ((fd_new = createOutputFile(newName, ++ O_WRONLY | O_CREAT | O_TRUNC, &sbprev, acl, 0)) < 0 ) ++ return 1; ++ } ++ ++ /* Read and write */ ++ while ((n = read(fd_old, buf, BUFSIZ)) > 0) ++ if (write(fd_new, buf, n) != n) ++ return 1; ++ ++ if ((close(fd_old) < 0) || ++ removeLogFile(oldName, log) || ++ (close(fd_new) < 0)) ++ return 1; ++ ++ return 0; ++ } ++ ++ return 1; ++} ++ + int prerotateSingleLog(struct logInfo *log, int logNum, struct logState *state, + struct logNames *rotNames) + { +@@ -1268,15 +1315,15 @@ int prerotateSingleLog(struct logInfo *log, int logNum, struct logState *state, + } + + message(MESS_DEBUG, +- "renaming %s to %s (rotatecount %d, logstart %d, i %d), \n", ++ "moving %s to %s (rotatecount %d, logstart %d, i %d), \n", + oldName, newName, rotateCount, logStart, i); + +- if (!debug && rename(oldName, newName)) { ++ if (!debug && mvFile(oldName, newName, log, prev_acl)) { + if (errno == ENOENT) { + message(MESS_DEBUG, "old log %s does not exist\n", + oldName); + } else { +- message(MESS_ERROR, "error renaming %s to %s: %s\n", ++ message(MESS_ERROR, "error moving %s to %s: %s\n", + oldName, newName, strerror(errno)); + hasErrors = 1; + } +@@ -1408,11 +1455,11 @@ int rotateSingleLog(struct logInfo *log, int logNum, struct logState *state, + } + } + #endif /* WITH_ACL */ +- message(MESS_DEBUG, "renaming %s to %s\n", log->files[logNum], ++ message(MESS_DEBUG, "moving %s to %s\n", log->files[logNum], + rotNames->finalName); + if (!debug && !hasErrors && +- rename(log->files[logNum], rotNames->finalName)) { +- message(MESS_ERROR, "failed to rename %s to %s: %s\n", ++ mvFile(log->files[logNum], rotNames->finalName, log, prev_acl)) { ++ message(MESS_ERROR, "failed to move %s to %s: %s\n", + log->files[logNum], rotNames->finalName, + strerror(errno)); + hasErrors = 1; +@@ -1775,7 +1822,7 @@ int rotateLogSet(struct logInfo *log, int force) + return hasErrors; + } + +-static int writeState(char *stateFilename) ++static int writeState(struct logInfo *log, char *stateFilename) + { + struct logState *p; + FILE *f; +@@ -1939,7 +1986,7 @@ static int writeState(char *stateFilename) + fclose(f); + + if (error == 0) { +- if (rename(tmpFilename, stateFilename)) { ++ if (mvFile(tmpFilename, stateFilename, log, prev_acl)) { + unlink(tmpFilename); + error = 1; + message(MESS_ERROR, "error renaming temp state file %s\n", +@@ -2223,7 +2270,7 @@ int main(int argc, const char **argv) + rc |= rotateLogSet(log, force); + + if (!debug) +- rc |= writeState(stateFile); ++ rc |= writeState(log, stateFile); + + return (rc != 0); + } +-- +1.7.10.4 + diff --git a/meta/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch b/meta/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch new file mode 100644 index 0000000000..43068bdbd7 --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate/disable-check-different-filesystems.patch @@ -0,0 +1,34 @@ +Disable the check for different filesystems + +The logrotate supports rotate log across different filesystems now, so +disable the check for different filesystems. + +Upstream-Status: Submitted + +Signed-off-by: Robert Yang +--- + config.c | 8 -------- + 1 files changed, 0 insertions(+), 8 deletions(-) + +diff --git a/config.c b/config.c +index a85d1df..24575b3 100644 +--- a/config.c ++++ b/config.c +@@ -1453,14 +1453,6 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig) + dirName, strerror(errno)); + goto error; + } +- +- if (sb.st_dev != sb2.st_dev) { +- message(MESS_ERROR, +- "%s:%d olddir %s and log file %s " +- "are on different devices\n", configFile, +- lineNum, newlog->oldDir, newlog->files[i]); +- goto error; +- } + } + } + +-- +1.7.4.1 + diff --git a/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch b/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch new file mode 100644 index 0000000000..ed2750e9c3 --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch @@ -0,0 +1,43 @@ +Upstream-Status: Backport + +logrotate: fix for CVE-2011-1548 + +If a logfile is a symlink, it may be read when being compressed, being +copied (copy, copytruncate) or mailed. Secure data (eg. password files) +may be exposed. + +Portback nofollow.patch from: +http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz + +Signed-off-by: Wenzong Fan + +--- +--- a/logrotate.c 2012-09-06 13:25:08.000000000 +0800 ++++ b/logrotate.c 2012-09-06 13:35:57.000000000 +0800 +@@ -390,7 +390,7 @@ + compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2); + sprintf(compressedName, "%s%s", name, log->compress_ext); + +- if ((inFile = open(name, O_RDWR)) < 0) { ++ if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) { + message(MESS_ERROR, "unable to open %s for compression\n", name); + return 1; + } +@@ -470,7 +470,7 @@ + char *mailArgv[] = { mailCommand, "-s", subject, address, NULL }; + int rc = 0; + +- if ((mailInput = open(logFile, O_RDONLY)) < 0) { ++ if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) { + message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile, + strerror(errno)); + return 1; +@@ -561,7 +561,7 @@ + message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog); + + if (!debug) { +- if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) { ++ if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) { + message(MESS_ERROR, "error opening %s: %s\n", currLog, + strerror(errno)); + return 1; diff --git a/meta/recipes-extended/logrotate/logrotate/update-the-manual.patch b/meta/recipes-extended/logrotate/logrotate/update-the-manual.patch new file mode 100644 index 0000000000..517acdd27e --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate/update-the-manual.patch @@ -0,0 +1,32 @@ +Update the manual + +Update the manual for rotating on different filesystems. + +Upstream-Status: Submitted + +Signed-off-by: Robert Yang +--- + logrotate.8 | 7 +++---- + 1 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/logrotate.8 b/logrotate.8 +index 8b34167..5f15432 100644 +--- a/logrotate.8 ++++ b/logrotate.8 +@@ -374,10 +374,9 @@ Do not rotate the log if it is empty (this overrides the \fBifempty\fR option). + .TP + \fBolddir \fIdirectory\fR + Logs are moved into \fIdirectory\fR for rotation. The \fIdirectory\fR +-must be on the same physical device as the log file being rotated, +-and is assumed to be relative to the directory holding the log file +-unless an absolute path name is specified. When this option is used all +-old versions of the log end up in \fIdirectory\fR. This option may be ++is assumed to be relative to the directory holding the log file unless ++an absolute path name is specified. When this option is used all old ++versions of the log end up in \fIdirectory\fR. This option may be + overridden by the \fBnoolddir\fR option. + + .TP +-- +1.7.4.1 + diff --git a/meta/recipes-extended/logrotate/logrotate_3.8.7.bb b/meta/recipes-extended/logrotate/logrotate_3.8.7.bb new file mode 100644 index 0000000000..faa8e0264f --- /dev/null +++ b/meta/recipes-extended/logrotate/logrotate_3.8.7.bb @@ -0,0 +1,56 @@ +SUMMARY = "Rotates, compresses, removes and mails system log files" +SECTION = "console/utils" +HOMEPAGE = "https://fedorahosted.org/logrotate/" +LICENSE = "GPLv2" + +DEPENDS="coreutils popt" + +LIC_FILES_CHKSUM = "file://COPYING;md5=18810669f13b87348459e611d31ab760" + +SRC_URI = "https://fedorahosted.org/releases/l/o/logrotate/logrotate-${PV}.tar.gz \ + file://act-as-mv-when-rotate.patch \ + file://disable-check-different-filesystems.patch \ + file://update-the-manual.patch \ + " + +SRC_URI[md5sum] = "99e08503ef24c3e2e3ff74cc5f3be213" +SRC_URI[sha256sum] = "f6ba691f40e30e640efa2752c1f9499a3f9738257660994de70a45fe00d12b64" + +PACKAGECONFIG ?= "\ + ${@base_contains('DISTRO_FEATURES', 'acl', 'acl', '', d)} \ + ${@base_contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)} \ +" + +# If RPM_OPT_FLAGS is unset, it adds -g itself rather than obeying our +# optimization variables, so use it rather than EXTRA_CFLAGS. +EXTRA_OEMAKE = "\ + LFS= \ + OS_NAME='${OS_NAME}' \ + \ + 'CC=${CC}' \ + 'RPM_OPT_FLAGS=${CFLAGS}' \ + 'EXTRA_LDFLAGS=${LDFLAGS}' \ + \ + ${@base_contains('PACKAGECONFIG', 'acl', 'WITH_ACL=yes', '', d)} \ + ${@base_contains('PACKAGECONFIG', 'selinux', 'WITH_SELINUX=yes', '', d)} \ +" + +# OS_NAME in the makefile defaults to `uname -s`. The behavior for +# freebsd/netbsd is questionable, so leave it as Linux, which only sets +# INSTALL=install and BASEDIR=/usr. +OS_NAME = "Linux" + +do_compile_prepend() { + # Make sure the recompile is OK + rm -f ${B}/.depend +} + +do_install(){ + oe_runmake install DESTDIR=${D} PREFIX=${D} MANDIR=${mandir} BINDIR=${bindir} + mkdir -p ${D}${sysconfdir}/logrotate.d + mkdir -p ${D}${sysconfdir}/cron.daily + mkdir -p ${D}${localstatedir}/lib + install -p -m 644 examples/logrotate-default ${D}${sysconfdir}/logrotate.conf + install -p -m 755 examples/logrotate.cron ${D}${sysconfdir}/cron.daily/logrotate + touch ${D}${localstatedir}/lib/logrotate.status +} -- cgit v1.2.3-54-g00ecf