[Buildroot] [git commit] package/logrotate: security bump to version 3.20.1
Arnout Vandecappelle (Essensium/Mind)
arnout at mind.be
Tue Jun 14 15:59:02 UTC 2022
commit: https://git.buildroot.net/buildroot/commit/?id=d6e7d92d822b5e8e7067e33bf69972f884a90355
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fix CVE-2022-1348: A vulnerability was found in logrotate in how the
state file is created. The state file is used to prevent parallel
executions of multiple instances of logrotate by acquiring and releasing
a file lock. When the state file does not exist, it is created with
world-readable permission, allowing an unprivileged user to lock the
state file, stopping any rotation. This flaw affects logrotate versions
before 3.20.
https://github.com/logrotate/logrotate/blob/3.20.1/ChangeLog.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout at mind.be>
---
package/logrotate/logrotate.hash | 2 +-
package/logrotate/logrotate.mk | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/logrotate/logrotate.hash b/package/logrotate/logrotate.hash
index 2af46d60b7..9c8e73f738 100644
--- a/package/logrotate/logrotate.hash
+++ b/package/logrotate/logrotate.hash
@@ -1,3 +1,3 @@
# Locally calculated
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
-sha256 841f81bf09d0014e4a2e11af166bb33fcd8429cc0c2d4a7d3d9ceb3858cfccc5 logrotate-3.18.0.tar.xz
+sha256 742f6d6e18eceffa49a4bacd933686d3e42931cfccfb694d7f6369b704e5d094 logrotate-3.20.1.tar.xz
diff --git a/package/logrotate/logrotate.mk b/package/logrotate/logrotate.mk
index 4d1344c2cd..453dbe477a 100644
--- a/package/logrotate/logrotate.mk
+++ b/package/logrotate/logrotate.mk
@@ -4,8 +4,8 @@
#
################################################################################
-LOGROTATE_VERSION = 3.18.0
-LOGROTATE_SOURCE = logrotate-3.18.0.tar.xz
+LOGROTATE_VERSION = 3.20.1
+LOGROTATE_SOURCE = logrotate-$(LOGROTATE_VERSION).tar.xz
LOGROTATE_SITE = https://github.com/logrotate/logrotate/releases/download/$(LOGROTATE_VERSION)
LOGROTATE_LICENSE = GPL-2.0+
LOGROTATE_LICENSE_FILES = COPYING
More information about the buildroot
mailing list