| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| applied-upstream/Open-files-we-want-to-compress-as-read-only.patch | Open files we want to compress as read-only. It is not required to be able to open the logfile in read-write mode when we are compressing the file. A read-only open is sufficient. This is useful when trying to run logrotate as non-root, to handle rotation of files created by a container for instance. As long as we have write permission in the directory holding the logfile, there is no reason to prevent the operation (since that user could manually rename() the file with write permissions in the directory and then compress it). |
Raphael Manfredi <Raphael_Manfredi@pobox.com> | no | 2021-01-26 | ||
| applied-upstream/Only-attempt-to-set-user-group-if-running-as-root.patch | Only attempt to set user/group if running as root. There is no need to attempt to change the user/group of files if we are not running as root. We can leave the permissions to what the user running logrotate would get if doing the same operation manually by copying the file! |
Raphael Manfredi <Raphael_Manfredi@pobox.com> | no | 2021-01-26 | ||
| applied-upstream/logrotate.8-make-the-var-log-news-example-consistent.patch | logrotate.8: make the /var/log/news example consistent We should use `sharedscripts` to make sure the daemon is signalled only once. Moreover, the note about log files not being compressed on failure was misleading because the example uses `nocompress`. |
Kamil Dudka <kdudka@redhat.com> | no | 2021-02-19 | ||
| applied-upstream/Fix-a-typo-in-the-example-logrotate.conf.patch | Fix a typo in the example logrotate.conf | Louis Sautier <sautier.louis@gmail.com> | no | 2021-02-25 | ||
| applied-upstream/Log-if-keyword-is-not-properly-separated.patch | Log if keyword is not properly separated The man page states Values are separated from directives by whitespace and/or an optional =. But logrotate does accept no separator, like rotate7 Log those occurrences with a normal severity, as this usage is not intended. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2021-04-20 | ||
| applied-upstream/Log-error-on-keyword-parse-failure.patch | Log error on keyword parse failure isolateWord() only fails on OOM and EOF. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2021-04-20 | ||
| applied-upstream/Do-not-use-incorrect-stat-information.patch | Do not use incorrect stat information Do not the device number of the configuration file when verifying an olddir configuration after creating the olddir. Use different stat structs with more distinct names to avoid misuses. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2021-06-02 | ||
| applied-upstream/Remove-invalid-configuration-on-error.patch | Remove invalid configuration on error After failing while parsing an invalid configuration file, like: /some/path remove the erroneous configuration structure from the internal list. Else one might see: reading config file config.tmp error: config.tmp:1 missing '{' after log files definition Reading state from file: state.tmp error: error opening state file state.tmp: No such file or directory Allocating hash table for state file, size 64 entries Handling 1 logs rotating pattern: (null) forced from command line (no old logs will be kept) empty log files are rotated, old logs are removed No logs found. Rotation not needed. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2021-06-22 | ||
| applied-upstream/Do-not-warn-on-key-value-pair-separated-by-only-an-e.patch | Do not warn on key value pair separated by only an equal sign Do not warn if a configuration directive is specified with the key and value separated by just an equal sign, like: size=+2048k The warning is intended for the usage of: size2048k |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2021-07-26 | ||
| applied-upstream/Fix-full_write-on-incomplete-write.patch | Fix full_write on incomplete write Currently on an incomplete write(2) the subsequent write(2) will again use the same starting position in the given buffer, which was already successfully written, leading to data corruption. Found by clang-13 logrotate.c:1140:17: warning: variable 'ptr' set but not used [-Wunused-but-set-variable] const char *ptr = (const char *) buf; ^ Also check for EINTR only on write(2) failure. Also use `unsigned char *` to signal handling bytes, not a string. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2021-08-07 | ||
| applied-upstream/config.c-enforce-stricter-parsing-of-config-files.patch | config.c: enforce stricter parsing of config files Abort parsing of config files that contain invalid lines. This makes it harder to abuse logrotate for privilege escalation attacks where an attacker can partially control a privileged file write. |
Felix Wilhelm <fwilhelm@google.com> | no | 2021-10-21 | ||
| applied-upstream/Add-more-testcases-for-stricter-configuration-parsin.patch | Add more testcases for stricter configuration parsing | =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2021-12-13 | ||
| applied-upstream/Do-not-lock-state-file-dev-null.patch | Do not lock state file /dev/null #395 introduced /dev/null as supported state file path for cases when no state file is desired. lockState() tries to open and lock the state file to avoid issues with concurrent instances, see #295. Locking the character file /dev/null might either be not supported, e.g. on Debian GNU/Hurd (hurd-i386), nor not allowed, e.g. by SELinux. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2022-01-17 | ||
| applied-upstream/skip-locking-if-state-file-is-world-readable.patch | skip locking if state file is world-readable | =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | yes | upstream | 2022-03-29 | |
| applied-upstream/drop-world-readable-permission-on-state-file.patch | drop world-readable permission on state file ... even when ACLs are enabled. This is a follow-up to the fix of CVE-2022-1348. It has no impact on security but makes the state file locking work again in more cases. |
Kamil Dudka <kdudka@redhat.com> | no | 2022-05-25 | ||
| applied-upstream/writeState-do-nothing-if-state-file-is-dev-null.patch | writeState: do nothing if state file is /dev/null If users do not want to use any state file, they can specify `/dev/null` as the state file. Without this fix, logrotate would unnecessarily fail to rename a temporary file to `/dev/null`. |
Kamil Dudka <kdudka@redhat.com> | no | 2021-06-03 | ||
| debian/skip-cronjob-when-running-with-systemd.patch | skip cronjob when running with systemd and in removed state | =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | not-needed | 2017-09-01 | ||
| debian/logrotate.conf-disable-dateext-on-Debian.patch | logrotate.conf: disable dateext on Debian The option dateext has not been enabled since its introduction in version 3.7.2. Might be subject to change in the future, see #551888. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2021-02-28 | ||
| debian/replace-ELF-header-in-test-case.patch | replace ELF header in test case Reduces the noise from Lintian and avoid interferences with dbgsym package. |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | no | 2022-01-30 |