Bug Fix Advisory logrotate bug fix update

Advisory: RHBA-2013:1095-1
Type: Bug Fix Advisory
Severity: N/A
Issued on: 2013-07-18
Last updated on: 2013-11-20
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)

Details

Updated logrotate packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.

The logrotate utility simplifies the administration of multiple log files,
allowing the automatic rotation, compression, removal, and mailing of log files.

This update fixes the following bugs:

* The logrotate utility always tried to set owner of the rotated log even when
the owner was the same as the current owner of the log file. Conseqeuntly, the
rotation failed on file systems or systems where changing the ownership was not
supported. With this update, before the ownership is changed, logrotate check if
it is a real ownership change; that is, logrotate verifies if the new ownership
is not the same as the previous one, and skips the change if the ownership
change has not been real. The logrotate utility now rotates logs as expected in
this scenario. (BZ#841520)

* Setting the Access control list (ACL) on a rotated log overwrote the
previously set mode of the log file. As a consequence, the "create" directive
was ignored. To fix this bug, the ACL is no longer copied from the old log file
when using the "create" directive and the mode defined using the "create"
directive is used instead. As a result, "create" mode works as expected and it
is no longer ignored in the described scenario. (BZ#847338)

* Both the acl_set_fd() and fchmod() functions were called to set the log files
permissions. Consequently, there was a race condition where the log file could
have unsafe permissions for a short time during its creation. With this update,
only one of those functions is now called depending on directives combination
used in the configuration file and race condition between the acl_set_fd() and
fchmod() function is not possible in the described scenario. (BZ#847339)

* Because the inverse umask value 0000 was used when creating a new log file,
the newly created log file could have unwanted 0600 permissions for a short time
before the permissions were set to the proper value using the fchmod() function.
With this update, umask is set to 0777 and the newly created log file has proper
0000 permissions for this short period. (BZ#848131)

* The default SELinux context was set after the compressed log file had been
created. Consequently, the compressed log did not have the proper SELinux
context. With this update, the default SELinux context is now set before the
compressed log file creation and compressed log files have proper SELinux
context. (BZ#920030)

* Temporary files created by the logrotate utility were not removed if an error
occurred during its use. With this update, temporary files are now removed in
such a case. (BZ#922169)

Users of logrotate are advised to upgrade to these updated packages, which fix
these bugs.


Solution

Before applying this update, make sure all previously-released errata relevant
to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red
Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
logrotate-3.7.8-17.el6.src.rpm
File outdated by:  RHBA-2017:0625
    MD5: 4d670a9a678cdec94b8db8b93c4352db
SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416
 
IA-32:
logrotate-3.7.8-17.el6.i686.rpm
File outdated by:  RHBA-2017:0625
    MD5: 5ed9a45856ee6346c75d7cfab31df5e3
SHA-256: 23ea59dbf142cef5fd16961e2d6c063339c772b3e40ea9c3e64410ba6e5dfe86
logrotate-debuginfo-3.7.8-17.el6.i686.rpm
File outdated by:  RHBA-2017:0625
    MD5: 69e4260624804ac4f34f5d773eef8fb3
SHA-256: 3adfab8316aca4357983c82c8b75a187cc0ab5ff399eca2eec0cca2ff464d43f
 
x86_64:
logrotate-3.7.8-17.el6.x86_64.rpm
File outdated by:  RHBA-2017:0625
    MD5: ee2f2becad0339f6b3369319361e44e7
SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm
File outdated by:  RHBA-2017:0625
    MD5: af659df0bebb1c9d877360c5ad6e920b
SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
logrotate-3.7.8-17.el6.src.rpm
File outdated by:  RHBA-2017:0625
    MD5: 4d670a9a678cdec94b8db8b93c4352db
SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416
 
x86_64:
logrotate-3.7.8-17.el6.x86_64.rpm
File outdated by:  RHBA-2017:0625
    MD5: ee2f2becad0339f6b3369319361e44e7
SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm
File outdated by:  RHBA-2017:0625
    MD5: af659df0bebb1c9d877360c5ad6e920b
SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
logrotate-3.7.8-17.el6.src.rpm
File outdated by:  RHBA-2017:0625
    MD5: 4d670a9a678cdec94b8db8b93c4352db
SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416
 
IA-32:
logrotate-3.7.8-17.el6.i686.rpm
File outdated by:  RHBA-2017:0625
    MD5: 5ed9a45856ee6346c75d7cfab31df5e3
SHA-256: 23ea59dbf142cef5fd16961e2d6c063339c772b3e40ea9c3e64410ba6e5dfe86
logrotate-debuginfo-3.7.8-17.el6.i686.rpm
File outdated by:  RHBA-2017:0625
    MD5: 69e4260624804ac4f34f5d773eef8fb3
SHA-256: 3adfab8316aca4357983c82c8b75a187cc0ab5ff399eca2eec0cca2ff464d43f
 
PPC:
logrotate-3.7.8-17.el6.ppc64.rpm
File outdated by:  RHBA-2017:0625
    MD5: 37bdf1436c920a595364c34f3b42d919
SHA-256: 7d36089491ec5482ea29947b6e29bc790400c12911d885878a9ae93de5ffd277
logrotate-debuginfo-3.7.8-17.el6.ppc64.rpm
File outdated by:  RHBA-2017:0625
    MD5: 4966ac4e94d579c0f1710aaf073ebbd8
SHA-256: f8f2f74dc8b1c4bc7433a90769033e281a1c33458dc04169842b42a06b0d0d5c
 
s390x:
logrotate-3.7.8-17.el6.s390x.rpm
File outdated by:  RHBA-2017:0625
    MD5: f76aca90e183ce9a9eec79d5be6b95b3
SHA-256: 2bd5aa378af19be91dfede5fd88b60a85350ce399c1fb3c2314cd29daae333f0
logrotate-debuginfo-3.7.8-17.el6.s390x.rpm
File outdated by:  RHBA-2017:0625
    MD5: 9e1f51b2128c91e5610bdbaf6c2c40af
SHA-256: 28699de78daafe48faaf62a56116c634ae2c556133e0e7ee8adc5a53d402ce27
 
x86_64:
logrotate-3.7.8-17.el6.x86_64.rpm
File outdated by:  RHBA-2017:0625
    MD5: ee2f2becad0339f6b3369319361e44e7
SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm
File outdated by:  RHBA-2017:0625
    MD5: af659df0bebb1c9d877360c5ad6e920b
SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
logrotate-3.7.8-17.el6.src.rpm
File outdated by:  RHBA-2017:0625
    MD5: 4d670a9a678cdec94b8db8b93c4352db
SHA-256: bc42cf70cdc7f9c595a5d8bd1ff54edb23146e7d88206959867c04e23900a416
 
IA-32:
logrotate-3.7.8-17.el6.i686.rpm
File outdated by:  RHBA-2017:0625
    MD5: 5ed9a45856ee6346c75d7cfab31df5e3
SHA-256: 23ea59dbf142cef5fd16961e2d6c063339c772b3e40ea9c3e64410ba6e5dfe86
logrotate-debuginfo-3.7.8-17.el6.i686.rpm
File outdated by:  RHBA-2017:0625
    MD5: 69e4260624804ac4f34f5d773eef8fb3
SHA-256: 3adfab8316aca4357983c82c8b75a187cc0ab5ff399eca2eec0cca2ff464d43f
 
x86_64:
logrotate-3.7.8-17.el6.x86_64.rpm
File outdated by:  RHBA-2017:0625
    MD5: ee2f2becad0339f6b3369319361e44e7
SHA-256: d777161414195b4b753dc6158ed8b3ebf9fff74b681875bc527e67621a3730c6
logrotate-debuginfo-3.7.8-17.el6.x86_64.rpm
File outdated by:  RHBA-2017:0625
    MD5: af659df0bebb1c9d877360c5ad6e920b
SHA-256: be91ad1234374d1f3ce8c48bd852cbd87e1db4431d05fbcf4ce22e6163b0ac37
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

841520 - logrotate is unable to compress log files on NFS mounted directory
847338 - logrotate ignores create mode
847339 - logrotate ACL fix race condition
848131 - logrotate uses inverse umask


Keywords

logrotate


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/