[ubuntu/karmic] logrotate 3.7.8-4ubuntu1 (Accepted)

Bhavani Shankar right2bhavi at gmail.com
Thu Aug 20 05:50:18 BST 2009 

logrotate (3.7.8-4ubuntu1) karmic; urgency=low

  * Merge from debian unstable, remaining changes: LP: #414347
    - debian/control: Drop mailx to Suggests for Ubuntu; it's only used
      on request, and we don'c configure an MTA by default.

logrotate (3.7.8-4) unstable; urgency=high

  * New patch:
    + security-388608.patch: A race condition in the creation of
      compressed and copied log files makes it possible to overwrite
      arbitrary files by generating a link or symlink during a window
      of opportunity between logrotate renaming a log file and creating
      the copy of the next. (Closes: #388608) Once again, many thanks to
      Florian Zumbiehl for forcing me to think.
  * Uploading to unstable.

logrotate (3.7.8-3) experimental; urgency=low

  * New patch:
    + nofollow.patch: If a logfile is a symlink, it may be read when
      being compressed, being copied (copy, copytruncate) or mailed.
      Secure data (eg. password files) may be exposed. Thanks to
      Florian Zumbiehl for getting me thinking about this one.

logrotate (3.7.8-2) experimental; urgency=low

  * New patch:
    + create-388608.patch: Really squash the race condition for the
      creation of compressed log files and the creation of new ones.
      (Closes: 388608)

logrotate (3.7.8-1) experimental; urgency=low

  * New upstream release:
    - do not exit on status file errors
    - limit config file inclusion nesting
    - use hashes for status file handling (patch by Petr Tesarik
      <ptesarik at suse.cz> and Leonardo Chiquitto)
    - dateformat to allow unixtime (patch by Sami Kerola <kerolasa at iki.fi>)
  * Upstream has taken some of our patches:
    - manpage.patch: partial uptake, updated
    - man-189243.patch: fully applied upstream
    - man-sizetypo.patch: fully applied upstream
    - man-overriden.patch: fully applied upstream
  * Added a watch file (but upstream has a redirect to https).
  * Upstream has also fixed createOutputFile to be more secure
    (Closes: #388608)
  * New Debian patch:
    + sharedscripts-519432.patch: Prerotate and postrotate scripts get the
      list of rotated files passed to them as arguments. (Closes: #519432)
    + chown-484762.patch: If running as non-root, warn but don't abort if
      we can't chown the compressed log file. (Closes: #484762)
  * Update Standards-Version to 3.8.2. (No changes)

Date: Sun, 16 Aug 2009 12:40:24 +0530
Changed-By: Bhavani Shankar <right2bhavi at gmail.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Daniel Holbach <daniel.holbach at ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/logrotate/3.7.8-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 16 Aug 2009 12:40:24 +0530
Source: logrotate
Binary: logrotate
Architecture: source
Version: 3.7.8-4ubuntu1
Distribution: karmic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Bhavani Shankar <right2bhavi at gmail.com>
Description: 
 logrotate  - Log rotation utility
Closes: 388608 388608 388608 484762 519432
Changes: 
 logrotate (3.7.8-4ubuntu1) karmic; urgency=low
 .
   * Merge from debian unstable, remaining changes: LP: #414347
     - debian/control: Drop mailx to Suggests for Ubuntu; it's only used
       on request, and we don'c configure an MTA by default.
 .
 logrotate (3.7.8-4) unstable; urgency=high
 .
   * New patch:
     + security-388608.patch: A race condition in the creation of
       compressed and copied log files makes it possible to overwrite
       arbitrary files by generating a link or symlink during a window
       of opportunity between logrotate renaming a log file and creating
       the copy of the next. (Closes: #388608) Once again, many thanks to
       Florian Zumbiehl for forcing me to think.
   * Uploading to unstable.
 .
 logrotate (3.7.8-3) experimental; urgency=low
 .
   * New patch:
     + nofollow.patch: If a logfile is a symlink, it may be read when
       being compressed, being copied (copy, copytruncate) or mailed.
       Secure data (eg. password files) may be exposed. Thanks to
       Florian Zumbiehl for getting me thinking about this one.
 .
 logrotate (3.7.8-2) experimental; urgency=low
 .
   * New patch:
     + create-388608.patch: Really squash the race condition for the
       creation of compressed log files and the creation of new ones.
       (Closes: 388608)
 .
 logrotate (3.7.8-1) experimental; urgency=low
 .
   * New upstream release:
     - do not exit on status file errors
     - limit config file inclusion nesting
     - use hashes for status file handling (patch by Petr Tesarik
       <ptesarik at suse.cz> and Leonardo Chiquitto)
     - dateformat to allow unixtime (patch by Sami Kerola <kerolasa at iki.fi>)
   * Upstream has taken some of our patches:
     - manpage.patch: partial uptake, updated
     - man-189243.patch: fully applied upstream
     - man-sizetypo.patch: fully applied upstream
     - man-overriden.patch: fully applied upstream
   * Added a watch file (but upstream has a redirect to https).
   * Upstream has also fixed createOutputFile to be more secure
     (Closes: #388608)
   * New Debian patch:
     + sharedscripts-519432.patch: Prerotate and postrotate scripts get the
       list of rotated files passed to them as arguments. (Closes: #519432)
     + chown-484762.patch: If running as non-root, warn but don't abort if
       we can't chown the compressed log file. (Closes: #484762)
   * Update Standards-Version to 3.8.2. (No changes)
Checksums-Sha1: 
 567bb0748b0dbda14b712728bb7716b49feb488c 1139 logrotate_3.7.8-4ubuntu1.dsc
 5742dc0d9541ac59eba5f5718520f7504aea2159 43246 logrotate_3.7.8.orig.tar.gz
 b013924fb98cd279dcf15ce5c644a0856b130e10 19940 logrotate_3.7.8-4ubuntu1.diff.gz
Checksums-Sha256: 
 4c5886455fa294eb6825a70d7f41c675ec36bda9393c959bde8289d2ff596b7f 1139 logrotate_3.7.8-4ubuntu1.dsc
 21aa3dc830e8cc895ee4199d9325aa1e37cd3b525d0eaef400f66f6c7fc536dd 43246 logrotate_3.7.8.orig.tar.gz
 7c86f820653f426997ec38b88b7efededb3ee86ff5b567aac323190e92b53104 19940 logrotate_3.7.8-4ubuntu1.diff.gz
Files: 
 ac9b9b66ad2b2313b69c098bd76778bc 1139 admin important logrotate_3.7.8-4ubuntu1.dsc
 b3589bea6d8d5afc8a84134fddaae973 43246 admin important logrotate_3.7.8.orig.tar.gz
 fd3703e93b91252d3410bb6d102aece1 19940 admin important logrotate_3.7.8-4ubuntu1.diff.gz
Launchpad-Bugs-Fixed: 414347
Original-Maintainer: Paul Martin <pm at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqM1U8ACgkQRjrlnQWd1ev1VgCZARZ8bKWvSWs5qv8hT4DZI4j1
vf0AniTYQUCRG0d54MDULnScew1LC6ZG
=UVcO
-----END PGP SIGNATURE-----

More information about the Karmic-changes mailing list