Hello community, here is the log from the commit of package syslog-ng checked in at Sat Sep 6 03:51:51 CEST 2008. -------- --- syslog-ng/syslog-ng.changes 2008-08-22 15:56:32.000000000 +0200 +++ syslog-ng/syslog-ng.changes 2008-09-06 03:48:10.898056000 +0200 @@ -1,0 +2,12 @@ +Wed Sep 3 13:49:37 CEST 2008 - mt@suse.de + +- Added patch to avoid getpwnam/getgrnam calls with on negative + values, e.g. on -1 to skip file chown/grp/mod. This calls has + caused an ldap search request on systems using nss_ldap and if + the ldap server was running on the same machine and tried to + log, a deadlock happened (bnc#414955). +- Applied a backported patch allowing to disable permission and + ownership changes on existing files, when the owner/group/perm + option in the file/pipe destination definition is set to -1. + +------------------------------------------------------------------- New: ---- syslog-ng-avoid-getpwgrnam_-1.dif syslog-ng-no-perm-change.dif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ syslog-ng.spec ++++++ --- /var/tmp/diff_new_pack.oc4924/_old 2008-09-06 03:49:32.000000000 +0200 +++ /var/tmp/diff_new_pack.oc4924/_new 2008-09-06 03:49:32.000000000 +0200 @@ -21,7 +21,7 @@ Name: syslog-ng %define eventlog_version 0.2.7 Version: 2.0.9 -Release: 16 +Release: 22 License: GPL v2 only Group: System/Daemons Summary: The new-generation syslog-daemon @@ -44,6 +44,8 @@ Patch13: syslog-ng-afunix_no_hostname.dif Patch14: syslog-ng-update_own_hostname.dif Patch15: syslog-ng-man-pages.dif +Patch16: syslog-ng-avoid-getpwgrnam_-1.dif +Patch17: syslog-ng-no-perm-change.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: bison flex gcc-c++ glib2-devel pkgconfig BuildRequires: klogd libnet python tcpd-devel @@ -84,6 +86,8 @@ %patch13 -p0 %patch14 -p0 %patch15 -p0 +%patch16 -p0 +%patch17 -p0 cp -a $RPM_SOURCE_DIR/syslog-ng.README README.SuSE cp -a $RPM_SOURCE_DIR/syslog-ng.rc-script . cp -a $RPM_SOURCE_DIR/syslog-ng.conf.default . @@ -275,6 +279,15 @@ /var/adm/fillup-templates/sysconfig.syslog-ng %changelog +* Wed Sep 03 2008 mt@suse.de +- Added patch to avoid getpwnam/getgrnam calls with on negative + values, e.g. on -1 to skip file chown/grp/mod. This calls has + caused an ldap search request on systems using nss_ldap and if + the ldap server was running on the same machine and tried to + log, a deadlock happened (bnc#414955). +- Applied a backported patch allowing to disable permission and + ownership changes on existing files, when the owner/group/perm + option in the file/pipe destination definition is set to -1. * Fri Aug 22 2008 aj@suse.de - Fix fillup call. * Mon Jul 14 2008 mt@suse.de ++++++ syslog-ng-avoid-getpwgrnam_-1.dif ++++++ --- src/affile.c +++ src/affile.c 2008/08/19 09:46:57 @@ -455,7 +455,7 @@ affile_dd_set_file_uid(LogDriver *s, con AFFileDestDriver *self = (AFFileDestDriver *) s; self->file_uid = 0; - if (!resolve_user(file_uid, &self->file_uid)) + if (!resolve_user(file_uid, &self->file_uid) && self->file_uid != (uid_t)-1) { msg_error("Error resolving user", evt_tag_str("user", file_uid), @@ -469,7 +469,7 @@ affile_dd_set_file_gid(LogDriver *s, con AFFileDestDriver *self = (AFFileDestDriver *) s; self->file_gid = 0; - if (!resolve_group(file_gid, &self->file_gid)) + if (!resolve_group(file_gid, &self->file_gid) && self->file_gid != (gid_t)-1) { msg_error("Error resolving group", evt_tag_str("group", file_gid), @@ -491,7 +491,7 @@ affile_dd_set_dir_uid(LogDriver *s, cons AFFileDestDriver *self = (AFFileDestDriver *) s; self->dir_uid = 0; - if (!resolve_user(dir_uid, &self->dir_uid)) + if (!resolve_user(dir_uid, &self->dir_uid) && self->dir_uid != (uid_t)-1) { msg_error("Error resolving user", evt_tag_str("user", dir_uid), @@ -505,7 +505,7 @@ affile_dd_set_dir_gid(LogDriver *s, cons AFFileDestDriver *self = (AFFileDestDriver *) s; self->dir_gid = 0; - if (!resolve_group(dir_gid, &self->dir_gid)) + if (!resolve_group(dir_gid, &self->dir_gid) && self->dir_gid != (gid_t)-1) { msg_error("Error resolving group", evt_tag_str("group", dir_gid), --- src/afunix.c +++ src/afunix.c 2008/08/19 09:45:05 @@ -36,7 +36,7 @@ afunix_sd_set_uid(LogDriver *s, gchar *o { AFUnixSourceDriver *self = (AFUnixSourceDriver *) s; - if (!resolve_user(owner, &self->owner)) + if (!resolve_user(owner, &self->owner) && self->owner != (uid_t)-1) msg_error("Error resolving username", evt_tag_str("owner", owner), NULL); @@ -47,7 +47,7 @@ afunix_sd_set_gid(LogDriver *s, gchar *g { AFUnixSourceDriver *self = (AFUnixSourceDriver *) s; - if (!resolve_group(group, &self->group)) + if (!resolve_group(group, &self->group) && self->group != (gid_t)-1) msg_error("Error resolving group", evt_tag_str("group", group), NULL); --- src/cfg.c +++ src/cfg.c 2008/08/19 10:18:38 @@ -91,6 +91,8 @@ cfg_file_owner_set(GlobalConfig *self, g msg_error("Error resolving user", evt_tag_str("user", owner), NULL); + if (self->file_uid == (uid_t)-1) + self->file_uid = 0; } void @@ -100,6 +102,8 @@ cfg_file_group_set(GlobalConfig *self, g msg_error("Error resolving group", evt_tag_str("group", group), NULL); + if (self->file_gid == (gid_t)-1) + self->file_gid = 0; } void @@ -115,6 +119,8 @@ cfg_dir_owner_set(GlobalConfig *self, gc msg_error("Error resolving user", evt_tag_str("user", owner), NULL); + if (self->dir_uid == (uid_t)-1) + self->dir_uid = 0; } void @@ -124,6 +130,8 @@ cfg_dir_group_set(GlobalConfig *self, gc msg_error("Error resolving group", evt_tag_str("group", group), NULL); + if (self->dir_gid == (gid_t)-1) + self->dir_gid = 0; } void --- src/misc.c +++ src/misc.c 2008/08/19 09:36:15 @@ -250,7 +250,16 @@ resolve_user(const char *user, uid_t *ui { struct passwd *pw; + if (!uid || !user || !*user) + return FALSE; + *uid = 0; + if (*user == '-') + { + *uid = -1; + return FALSE; + } + pw = getpwnam(user); if (pw) { @@ -270,7 +279,16 @@ resolve_group(const char *group, gid_t * { struct group *gr; + if (!gid || !group || !*group) + return FALSE; + *gid = 0; + if (*group == '-') + { + *gid = -1; + return FALSE; + } + gr = getgrnam(group); if (gr) { ++++++ syslog-ng-no-perm-change.dif ++++++ --- src/affile.c +++ src/affile.c 2008/08/19 11:49:06 @@ -38,12 +38,22 @@ #if !HAVE_O_LARGEFILE #define O_LARGEFILE 0 #endif +/* + * Flags used to remember which option was explicitly set + * to the default value (-1) to avoid any permission and + * ownership changes on already existing (device) files. + * In case the file does not exists, global options apply. + * Note: The pipe driver never creates any (device) file. + */ +#define OPT_NO_CHMOD 0x0001 +#define OPT_NO_CHOWN 0x0002 +#define OPT_NO_CHGRP 0x0004 static gboolean affile_open_file(gchar *name, int flags, int uid, int gid, int mode, int dir_uid, int dir_gid, int dir_mode, - int create_dirs, int *fd) + int create_dirs, int *fd, guint32 nochopts) { if (strstr(name, "../") || strstr(name, "/..")) { @@ -53,7 +63,7 @@ affile_open_file(gchar *name, int flags, return FALSE; } - *fd = open(name, flags, mode); + *fd = open(name, flags, mode != -1 ? mode : 0600); if (create_dirs && *fd == -1 && errno == ENOENT) { /* directory does not exist */ @@ -71,7 +81,7 @@ affile_open_file(gchar *name, int flags, } else if (errno == ENOENT) { - if (mkdir(name, dir_mode) == -1) + if (mkdir(name, dir_mode != (mode_t)-1 ? dir_mode : 0700) == -1) return 0; if (dir_uid != -1 || dir_gid != -1) chown(name, dir_uid, dir_gid); @@ -81,16 +91,16 @@ affile_open_file(gchar *name, int flags, *p = '/'; p = strchr(p + 1, '/'); } - *fd = open(name, flags, mode); + *fd = open(name, flags, mode != (mode_t)-1 ? mode : 0600); } if (*fd != -1) { g_fd_set_cloexec(*fd, TRUE); - if (uid != -1) + if (uid != (uid_t)-1 && !(nochopts & OPT_NO_CHOWN)) fchown(*fd, uid, -1); - if (gid != -1) + if (gid != (gid_t)-1 && !(nochopts & OPT_NO_CHGRP)) fchown(*fd, -1, gid); - if (mode != -1) + if (mode != (mode_t)-1 && !(nochopts & OPT_NO_CHMOD)) fchmod(*fd, mode); } return *fd != -1; @@ -106,7 +116,8 @@ affile_sd_open_file(AFFileSourceDriver * else flags = O_RDONLY | O_NOCTTY | O_NONBLOCK | O_LARGEFILE; - if (affile_open_file(self->filename->str, flags, -1, -1, -1, 0, 0, 0, 0, fd)) + if (affile_open_file(self->filename->str, flags, -1, -1, -1, 0, 0, 0, 0, fd, + (OPT_NO_CHOWN|OPT_NO_CHGRP|OPT_NO_CHMOD))) return TRUE; return FALSE; @@ -340,7 +351,7 @@ affile_dw_init(LogPipe *s, GlobalConfig if (affile_open_file(self->filename->str, flags, self->owner->file_uid, self->owner->file_gid, self->owner->file_perm, self->owner->dir_uid, self->owner->dir_gid, self->owner->dir_perm, - !!(self->owner->flags & AFFILE_CREATE_DIRS), &fd)) + !!((self->owner->flags & AFFILE_PIPE) ? 0 : (self->owner->flags & AFFILE_CREATE_DIRS)), &fd, self->owner->chopt)) { FDWrite *fdw; @@ -461,6 +472,8 @@ affile_dd_set_file_uid(LogDriver *s, con evt_tag_str("user", file_uid), NULL); } + if (self->file_uid == (uid_t)-1) + self->chopt |= OPT_NO_CHOWN; } void @@ -475,6 +488,8 @@ affile_dd_set_file_gid(LogDriver *s, con evt_tag_str("group", file_gid), NULL); } + if (self->file_gid == (gid_t)-1) + self->chopt |= OPT_NO_CHGRP; } void @@ -483,6 +498,8 @@ affile_dd_set_file_perm(LogDriver *s, mo AFFileDestDriver *self = (AFFileDestDriver *) s; self->file_perm = file_perm; + if (self->file_perm == (mode_t)-1) + self->chopt |= OPT_NO_CHMOD; } void @@ -840,6 +857,7 @@ affile_dd_new(gchar *filename, guint32 f self->super.super.free_fn = affile_dd_free; self->filename_template = log_template_new(NULL, filename); self->flags = flags; + self->chopt = 0; self->file_uid = self->file_gid = -1; self->file_perm = (mode_t) -1; self->dir_uid = self->dir_gid = -1; --- src/affile.h +++ src/affile.h 2008/08/19 11:20:12 @@ -53,6 +53,7 @@ typedef struct _AFFileDestDriver LogTemplate *filename_template; AFFileDestWriter *writer; guint32 flags; + guint32 chopt; uid_t file_uid; gid_t file_gid; mode_t file_perm; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org