app-admin/logrotate: backport log setting tweaks

Should make things a bit less noisy w/ recent CVE fix. Bug: https://bugs.gentoo.org/847382 Signed-off-by: Sam James <sam@gentoo.org>
author: Sam James <sam@gentoo.org> 2022-06-07 02:30:45 +0100
committer: Sam James <sam@gentoo.org> 2022-06-07 02:30:45 +0100
commit: f22a1ea1d23806ba35b1fe2b4c7772819d1bb776 (patch)
tree: 7356c5c7afbc86a29925ba9ed7ba0610670009fa /app-admin/logrotate
parent: app-emulation/cloud-init: Stabilize 22.2 amd64, #850160 (diff)
download: gentoo-f22a1ea1d23806ba35b1fe2b4c7772819d1bb776.tar.gz
gentoo-f22a1ea1d23806ba35b1fe2b4c7772819d1bb776.tar.bz2
gentoo-f22a1ea1d23806ba35b1fe2b4c7772819d1bb776.zip
2 files changed, 243 insertions, 0 deletions
diff --git a/app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch b/app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch
new file mode 100644
index 000000000000..b7c4bb5275db
--- /dev/null
+++ b/app-admin/logrotate/files/logrotate-3.20.1-log-changes.patch
@@ -0,0 +1,147 @@
+https://bugs.gentoo.org/847382#c3
+https://github.com/logrotate/logrotate/commit/31cf1099ab8514dfcae5a980bc77352edd5292f8
+https://github.com/logrotate/logrotate/commit/7b1fa328bf70eb8434166f151bd075cd1440d0dc
+
+From 31cf1099ab8514dfcae5a980bc77352edd5292f8 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Fri, 27 May 2022 09:56:07 +0200
+Subject: [PATCH] lockState: do not print `error:` when exit code is unaffected
+
+Closes: https://github.com/logrotate/logrotate/pull/448
+--- a/logrotate.c
++++ b/logrotate.c
+@@ -3050,8 +3050,8 @@ static int lockState(const char *stateFilename, int skip_state_lock)
+     }
+ 
+     if (sb.st_mode & S_IROTH) {
+-        message(MESS_ERROR, "state file %s is world-readable and thus can"
+-                " be locked from other unprivileged users."
++        message(MESS_NORMAL, "warning: state file %s is world-readable"
++                " and thus can be locked from other unprivileged users."
+                 " Skipping lock acquisition...\n",
+                 stateFilename);
+         close(lockFd);
+
+From 7b1fa328bf70eb8434166f151bd075cd1440d0dc Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Fri, 27 May 2022 16:02:57 +0200
+Subject: [PATCH] log: unify handling of log levels
+
+Use MESS_WARN instead of MESS_NORMAL and make it always use
+the `warning:` prefix.  MESS_WARN is now mapped to LOG_WARNING
+for syslog.
+
+Also drop MESS_VERBOSE, which was not set anywhere.
+
+Closes: https://github.com/logrotate/logrotate/pull/239
+Closes: https://github.com/logrotate/logrotate/pull/449
+--- a/config.c
++++ b/config.c
+@@ -643,7 +643,7 @@ static void set_criterium(enum criterium *pDst, enum criterium src, int *pSet)
+ {
+     if (*pSet && (*pDst != src)) {
+         /* we are overriding a previously set criterium */
+-        message(MESS_VERBOSE, "warning: '%s' overrides previously specified '%s'\n",
++        message(MESS_DEBUG, "note: '%s' overrides previously specified '%s'\n",
+                 crit_to_string(src), crit_to_string(*pDst));
+     }
+     *pDst = src;
+@@ -1021,7 +1021,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
+ 
+     if (getuid() == ROOT_UID) {
+         if ((sb_config.st_mode & 07533) != 0400) {
+-            message(MESS_NORMAL,
++            message(MESS_WARN,
+                     "Potentially dangerous mode on %s: 0%o\n",
+                     configFile, (unsigned) (sb_config.st_mode & 07777));
+         }
+@@ -1386,7 +1386,7 @@ static int readConfigFile(const char *configFile, struct logInfo *defConfig)
+                             RAISE_ERROR();
+                         }
+                     } else if (!strcmp(key, "errors")) {
+-                        message(MESS_NORMAL,
++                        message(MESS_WARN,
+                                 "%s: %d: the errors directive is deprecated and no longer used.\n",
+                                 configFile, lineNum);
+                     } else if (!strcmp(key, "mail")) {
+--- a/log.c
++++ b/log.c
+@@ -40,9 +40,12 @@ static void log_once(FILE *where, int level, const char *format, va_list args)
+ {
+     switch (level) {
+         case MESS_DEBUG:
+-        case MESS_NORMAL:
+-        case MESS_VERBOSE:
+             break;
++
++        case MESS_WARN:
++            fprintf(where, "warning: ");
++            break;
++
+         default:
+             fprintf(where, "error: ");
+             break;
+@@ -78,10 +81,11 @@ void message(int level, const char *format, ...)
+                 priority |= LOG_DEBUG;
+                 break;
+             case MESS_DEBUG:
+-            case MESS_VERBOSE:
+-            case MESS_NORMAL:
+                 priority |= LOG_INFO;
+                 break;
++            case MESS_WARN:
++                priority |= LOG_WARNING;
++                break;
+             case MESS_ERROR:
+                 priority |= LOG_ERR;
+                 break;
+--- a/log.h
++++ b/log.h
+@@ -5,8 +5,7 @@
+ 
+ #define MESS_REALDEBUG  1
+ #define MESS_DEBUG      2
+-#define MESS_VERBOSE    3
+-#define MESS_NORMAL     4
++#define MESS_WARN       4
+ #define MESS_ERROR      5
+ #define MESS_FATAL      6
+ 
+--- a/logrotate.c
++++ b/logrotate.c
+@@ -3050,7 +3050,7 @@ static int lockState(const char *stateFilename, int skip_state_lock)
+     }
+ 
+     if (sb.st_mode & S_IROTH) {
+-        message(MESS_NORMAL, "warning: state file %s is world-readable"
++        message(MESS_WARN, "state file %s is world-readable"
+                 " and thus can be locked from other unprivileged users."
+                 " Skipping lock acquisition...\n",
+                 stateFilename);
+@@ -3106,7 +3106,7 @@ int main(int argc, const char **argv)
+         POPT_AUTOHELP { NULL, 0, 0, NULL, 0, NULL, NULL }
+     };
+ 
+-    logSetLevel(MESS_NORMAL);
++    logSetLevel(MESS_WARN);
+     setlocale (LC_ALL, "");
+ 
+     optCon = poptGetContext("logrotate", argc, argv, options, 0);
+@@ -3117,7 +3117,7 @@ int main(int argc, const char **argv)
+         switch (arg) {
+             case 'd':
+                 debug = 1;
+-                message(MESS_NORMAL, "WARNING: logrotate in debug mode does nothing"
++                message(MESS_WARN, "logrotate in debug mode does nothing"
+                         " except printing debug messages!  Consider using verbose"
+                         " mode (-v) instead if this is not what you want.\n\n");
+                 /* fallthrough */
+--- a/test/test-0080.sh
++++ b/test/test-0080.sh
+@@ -10,4 +10,4 @@ cleanup 80
+ preptest test.log 80 1 0
+ 
+ $RLR -d test-config.80 2>&1 | \
+-    grep -q "warning: 'daily' overrides previously specified 'size'"
++    grep -q "note: 'daily' overrides previously specified 'size'"
+
diff --git a/app-admin/logrotate/logrotate-3.20.1-r1.ebuild b/app-admin/logrotate/logrotate-3.20.1-r1.ebuild
new file mode 100644
index 000000000000..9023bd91b43b
--- /dev/null
+++ b/app-admin/logrotate/logrotate-3.20.1-r1.ebuild
@@ -0,0 +1,96 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/kamildudka.asc
+inherit systemd tmpfiles verify-sig
+
+DESCRIPTION="Rotates, compresses, and mails system logs"
+HOMEPAGE="https://github.com/logrotate/logrotate"
+SRC_URI="https://github.com/${PN}/${PN}/releases/download/${PV}/${P}.tar.xz"
+SRC_URI+=" verify-sig? ( https://github.com/${PN}/${PN}/releases/download/${PV}/${P}.tar.xz.asc )"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="acl +cron selinux"
+
+DEPEND=">=dev-libs/popt-1.5
+	selinux? ( sys-libs/libselinux )
+	acl? ( virtual/acl )"
+RDEPEND="${DEPEND}
+	selinux? ( sec-policy/selinux-logrotate )
+	cron? ( virtual/cron )"
+BDEPEND="verify-sig? ( sec-keys/openpgp-keys-kamildudka )"
+
+STATEFILE="${EPREFIX}/var/lib/misc/logrotate.status"
+OLDSTATEFILE="${EPREFIX}/var/lib/logrotate.status"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-3.15.0-ignore-hidden.patch
+	"${FILESDIR}"/${P}-log-changes.patch
+)
+
+move_old_state_file() {
+	elog "logrotate state file is now located at ${STATEFILE}"
+	elog "See bug #357275"
+	if [[ -e "${OLDSTATEFILE}" ]] ; then
+		elog "Moving your current state file to new location: ${STATEFILE}"
+		mv -n "${OLDSTATEFILE}" "${STATEFILE}" || die
+	fi
+}
+
+install_cron_file() {
+	exeinto /etc/cron.daily
+	newexe "${S}"/examples/logrotate.cron "${PN}"
+}
+
+src_prepare() {
+	default
+
+	sed -i -e 's#/usr/sbin/logrotate#/usr/bin/logrotate#' examples/logrotate.{cron,service} || die
+}
+
+src_configure() {
+	econf \
+		$(use_with acl) \
+		$(use_with selinux) \
+		--with-state-file-path="${STATEFILE}"
+}
+
+src_install() {
+	dobin logrotate
+	doman logrotate.8
+	dodoc ChangeLog.md
+
+	insinto /etc
+	doins "${FILESDIR}"/logrotate.conf
+
+	use cron && install_cron_file
+
+	systemd_dounit examples/logrotate.{service,timer}
+	newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf
+
+	keepdir /etc/logrotate.d
+}
+
+pkg_postinst() {
+	elog
+	elog "The ${PN} binary is now installed under /usr/bin. Please"
+	elog "update your links"
+	elog
+
+	move_old_state_file
+
+	tmpfiles_process ${PN}.conf
+
+	if [[ -z ${REPLACING_VERSIONS} ]] ; then
+		elog "If you wish to have logrotate e-mail you updates, please"
+		elog "emerge virtual/mailx and configure logrotate in"
+		elog "/etc/logrotate.conf appropriately"
+		elog
+		elog "Additionally, /etc/logrotate.conf may need to be modified"
+		elog "for your particular needs. See man logrotate for details."
+	fi
+}
author	Sam James <sam@gentoo.org>	2022-06-07 02:30:45 +0100
committer	Sam James <sam@gentoo.org>	2022-06-07 02:30:45 +0100
commit	f22a1ea1d23806ba35b1fe2b4c7772819d1bb776 (patch)
tree	7356c5c7afbc86a29925ba9ed7ba0610670009fa /app-admin/logrotate
parent	app-emulation/cloud-init: Stabilize 22.2 amd64, #850160 (diff)
download	gentoo-f22a1ea1d23806ba35b1fe2b4c7772819d1bb776.tar.gz gentoo-f22a1ea1d23806ba35b1fe2b4c7772819d1bb776.tar.bz2 gentoo-f22a1ea1d23806ba35b1fe2b4c7772819d1bb776.zip