[arch-dev-public] [signoff] logrotate 3.8.0-1
Dave Reisner
d at falconindy.com
Sat Jul 9 10:28:04 EDT 2011
On Thu, Jul 07, 2011 at 11:56:24PM -0400, Eric Bélanger wrote:
> Hi,
>
> logrotate 3.8.0-1 is in testing. Changes:
> - Upstream update
> - Added check function
>
> Please test and signoff.
>
> Eric
>
> 3.7.9 -> 3.8.0
> - added "dateyesterday" option (see man page)
> - fixed crash when config file had exactly 4096*N bytes
> - added WITH_ACL make option to link against -lacl and preserve ACLs
> during rotation
> - added "su" option to define user/group for rotation. Logrotate now
> skips directories which are world writable or writable by group
> which is not "root" unless "su" directive is used.
> - fixed CVE-2011-1098: race condition by creation of new files
> - fixed possible shell injection when using "shred"
> directive (CVE-2011-1154)
> - fixed escaping of file names within 'write state' action
> (CVE-2011-1155)
> - better 'size' directive description
> - fixed possible buffer-overflow when reading config files
> - NetBSD/FreeBSD compilation fixes
> - Solaris compilation fixes
Signoff x86_64. Logs still rotate. Just encountered the need for the
'su' directive too.
dave
More information about the arch-dev-public
mailing list