diff options
author | Sam James <sam@gentoo.org> | 2022-06-07 02:30:45 +0100 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2022-06-07 02:30:45 +0100 |
commit | f22a1ea1d23806ba35b1fe2b4c7772819d1bb776 (patch) | |
tree | 7356c5c7afbc86a29925ba9ed7ba0610670009fa /app-admin | |
parent | app-emulation/cloud-init: Stabilize 22.2 amd64, #850160 (diff) | |
download | gentoo-f22a1ea1d23806ba35b1fe2b4c7772819d1bb776.tar.gz gentoo-f22a1ea1d23806ba35b1fe2b4c7772819d1bb776.tar.bz2 gentoo-f22a1ea1d23806ba35b1fe2b4c7772819d1bb776.zip |
app-admin/logrotate: backport log setting tweaks
Should make things a bit less noisy w/ recent CVE fix.
Bug: https://bugs.gentoo.org/847382
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'app-admin')
-rw-r--r-- | app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch | 147 | ||||
-rw-r--r-- | app-admin/logrotate/logrotate-3.20.1-r1.ebuild | 96 |
2 files changed, 243 insertions, 0 deletions
diff --git a/app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch b/app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch new file mode 100644 index 000000000000..b7c4bb5275db --- /dev/null +++ b/app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch @@ -0,0 +1,147 @@ +https://bugs.gentoo.org/847382#c3 +https://github.com/logrotate/logrotate/commit/31cf1099ab8514dfcae5a980bc77352edd5292f8 +https://github.com/logrotate/logrotate/commit/7b1fa328bf70eb8434166f151bd075cd1440d0dc + +From 31cf1099ab8514dfcae5a980bc77352edd5292f8 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Fri, 27 May 2022 09:56:07 +0200 +Subject: [PATCH] lockState: do not print `error:` when exit code is unaffected + +Closes: https://github.com/logrotate/logrotate/pull/448 +--- a/logrotate.c ++++ b/logrotate.c +@@ -3050,8 +3050,8 @@ static int lockState(const char *stateFilename, int skip_state_lock) + } + + if (sb.st_mode & S_IROTH) { +- message(MESS_ERROR, "state file %s is world-readable and thus can" +- " be locked from other unprivileged users." ++ message(MESS_NORMAL, "warning: state file %s is world-readable" ++ " and thus can be locked from other unprivileged users." + " Skipping lock acquisition...\n", + stateFilename); + close(lockFd); + +From 7b1fa328bf70eb8434166f151bd075cd1440d0dc Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Fri, 27 May 2022 16:02:57 +0200 +Subject: [PATCH] log: unify handling of log levels + +Use MESS_WARN instead of MESS_NORMAL and make it always use +the `warning:` prefix. MESS_WARN is now mapped to LOG_WARNING +for syslog. + +Also drop MESS_VERBOSE, which was not set anywhere. + +Closes: https://github.com/logrotate/logrotate/pull/239 +Closes: https://github.com/logrotate/logrotate/pull/449 +--- a/config.c ++++ b/config.c +@@ -643,7 +643,7 @@ static void set_criterium(enum criterium *pDst, enum criterium src, int *pSet) + { + if (*pSet && (*pDst != src)) { + /* we are overriding a previously set criterium */ +- message(MESS_VERBOSE, "warning: '%s' overrides previously specified '%s'\n", ++ message(MESS_DEBUG, "note: '%s' overrides previously specified '%s'\n", + crit_to_string(src), crit_to_string(*pDst)); + } + *pDst = src; +@@ -1021,7 +1021,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig) + + if (getuid() == ROOT_UID) { + if ((sb_config.st_mode & 07533) != 0400) { +- message(MESS_NORMAL, ++ message(MESS_WARN, + "Potentially dangerous mode on %s: 0%o\n", + configFile, (unsigned) (sb_config.st_mode & 07777)); + } +@@ -1386,7 +1386,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig) + RAISE_ERROR(); + } + } else if (!strcmp(key, "errors")) { +- message(MESS_NORMAL, ++ message(MESS_WARN, + "%s: %d: the errors directive is deprecated and no longer used.\n", + configFile, lineNum); + } else if (!strcmp(key, "mail")) { +--- a/log.c ++++ b/log.c +@@ -40,9 +40,12 @@ static void log_once(FILE *where, int level, const char *format, va_list args) + { + switch (level) { + case MESS_DEBUG: +- case MESS_NORMAL: +- case MESS_VERBOSE: + break; ++ ++ case MESS_WARN: ++ fprintf(where, "warning: "); ++ break; ++ + default: + fprintf(where, "error: "); + break; +@@ -78,10 +81,11 @@ void message(int level, const char *format, ...) + priority |= LOG_DEBUG; + break; + case MESS_DEBUG: +- case MESS_VERBOSE: +- case MESS_NORMAL: + priority |= LOG_INFO; + break; ++ case MESS_WARN: ++ priority |= LOG_WARNING; ++ break; + case MESS_ERROR: + priority |= LOG_ERR; + break; +--- a/log.h ++++ b/log.h +@@ -5,8 +5,7 @@ + + #define MESS_REALDEBUG 1 + #define MESS_DEBUG 2 +-#define MESS_VERBOSE 3 +-#define MESS_NORMAL 4 ++#define MESS_WARN 4 + #define MESS_ERROR 5 + #define MESS_FATAL 6 + +--- a/logrotate.c ++++ b/logrotate.c +@@ -3050,7 +3050,7 @@ static int lockState(const char *stateFilename, int skip_state_lock) + } + + if (sb.st_mode & S_IROTH) { +- message(MESS_NORMAL, "warning: state file %s is world-readable" ++ message(MESS_WARN, "state file %s is world-readable" + " and thus can be locked from other unprivileged users." + " Skipping lock acquisition...\n", + stateFilename); +@@ -3106,7 +3106,7 @@ int main(int argc, const char **argv) + POPT_AUTOHELP { NULL, 0, 0, NULL, 0, NULL, NULL } + }; + +- logSetLevel(MESS_NORMAL); ++ logSetLevel(MESS_WARN); + setlocale (LC_ALL, ""); + + optCon = poptGetContext("logrotate", argc, argv, options, 0); +@@ -3117,7 +3117,7 @@ int main(int argc, const char **argv) + switch (arg) { + case 'd': + debug = 1; +- message(MESS_NORMAL, "WARNING: logrotate in debug mode does nothing" ++ message(MESS_WARN, "logrotate in debug mode does nothing" + " except printing debug messages! Consider using verbose" + " mode (-v) instead if this is not what you want.\n\n"); + /* fallthrough */ +--- a/test/test-0080.sh ++++ b/test/test-0080.sh +@@ -10,4 +10,4 @@ cleanup 80 + preptest test.log 80 1 0 + + $RLR -d test-config.80 2>&1 | \ +- grep -q "warning: 'daily' overrides previously specified 'size'" ++ grep -q "note: 'daily' overrides previously specified 'size'" + diff --git a/app-admin/logrotate/logrotate-3.20.1-r1.ebuild b/app-admin/logrotate/logrotate-3.20.1-r1.ebuild new file mode 100644 index 000000000000..9023bd91b43b --- /dev/null +++ b/app-admin/logrotate/logrotate-3.20.1-r1.ebuild @@ -0,0 +1,96 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/kamildudka.asc +inherit systemd tmpfiles verify-sig + +DESCRIPTION="Rotates, compresses, and mails system logs" +HOMEPAGE="https://github.com/logrotate/logrotate" +SRC_URI="https://github.com/${PN}/${PN}/releases/download/${PV}/${P}.tar.xz" +SRC_URI+=" verify-sig? ( https://github.com/${PN}/${PN}/releases/download/${PV}/${P}.tar.xz.asc )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +IUSE="acl +cron selinux" + +DEPEND=">=dev-libs/popt-1.5 + selinux? ( sys-libs/libselinux ) + acl? ( virtual/acl )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-logrotate ) + cron? ( virtual/cron )" +BDEPEND="verify-sig? ( sec-keys/openpgp-keys-kamildudka )" + +STATEFILE="${EPREFIX}/var/lib/misc/logrotate.status" +OLDSTATEFILE="${EPREFIX}/var/lib/logrotate.status" + +PATCHES=( + "${FILESDIR}"/${PN}-3.15.0-ignore-hidden.patch + "${FILESDIR}"/${P}-log-changes.patch +) + +move_old_state_file() { + elog "logrotate state file is now located at ${STATEFILE}" + elog "See bug #357275" + if [[ -e "${OLDSTATEFILE}" ]] ; then + elog "Moving your current state file to new location: ${STATEFILE}" + mv -n "${OLDSTATEFILE}" "${STATEFILE}" || die + fi +} + +install_cron_file() { + exeinto /etc/cron.daily + newexe "${S}"/examples/logrotate.cron "${PN}" +} + +src_prepare() { + default + + sed -i -e 's#/usr/sbin/logrotate#/usr/bin/logrotate#' examples/logrotate.{cron,service} || die +} + +src_configure() { + econf \ + $(use_with acl) \ + $(use_with selinux) \ + --with-state-file-path="${STATEFILE}" +} + +src_install() { + dobin logrotate + doman logrotate.8 + dodoc ChangeLog.md + + insinto /etc + doins "${FILESDIR}"/logrotate.conf + + use cron && install_cron_file + + systemd_dounit examples/logrotate.{service,timer} + newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf + + keepdir /etc/logrotate.d +} + +pkg_postinst() { + elog + elog "The ${PN} binary is now installed under /usr/bin. Please" + elog "update your links" + elog + + move_old_state_file + + tmpfiles_process ${PN}.conf + + if [[ -z ${REPLACING_VERSIONS} ]] ; then + elog "If you wish to have logrotate e-mail you updates, please" + elog "emerge virtual/mailx and configure logrotate in" + elog "/etc/logrotate.conf appropriately" + elog + elog "Additionally, /etc/logrotate.conf may need to be modified" + elog "for your particular needs. See man logrotate for details." + fi +} |