!30 [sync] PR-29: do not pack directories belonging to other packages

From: @openeuler-sync-bot 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock

backport-Also-check-seteuid-fails-after-dropping-privileges.patch

@@ -0,0 +1,30 @@
+From 68d343b1c97f35ffbc77e07f83c84fc24df59f97 Mon Sep 17 00:00:00 2001
+From: cgzones <cgzones@googlemail.com>
+Date: Sat, 5 Jun 2021 18:56:55 +0200
+Subject: [PATCH] Also check seteuid fails after dropping privileges
+
+This patch is the rear patch of "switch_user_permanently: skip switchback check if switched to root"
+
+Conflict:NA
+Reference:https://github.com/logrotate/logrotate/commit/68d343b1c97f35ffbc77e07f83c84fc24df59f97
+
+---
+ logrotate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/logrotate.c b/logrotate.c
+index 645105c..165a1df 100644
+--- a/logrotate.c
++++ b/logrotate.c
+@@ -206,7 +206,7 @@ static int switch_user_permanently(const struct logInfo *log) {
+         return 1;
+     }
+ 
+-    if (user != ROOT_UID && setuid(ROOT_UID) != -1) {
++    if (user != ROOT_UID && (setuid(ROOT_UID) != -1 || seteuid(ROOT_UID) != -1)) {
+         message(MESS_ERROR, "failed to switch user permanently, able to switch back (pid %d)\n",
+                 getpid());
+         return 1;
+-- 
+2.27.0
+

backport-add-sanity-check.patch

@@ -0,0 +1,61 @@
+From e8208913459d95d4c03b4e0c348e53e6f219ec5c Mon Sep 17 00:00:00 2001
+From: cgzones <cgzones@googlemail.com>
+Date: Wed, 8 Apr 2020 16:38:06 +0200
+Subject: [PATCH] switch_user_permanently: add sanity check that effective ids
+ match configuration specified ones
+
+This patch is for fixing the issue of "switch_user_permanently: skip switchback check if switched to root"
+
+Conflict:NA
+Reference:https://github.com/logrotate/logrotate/pull/319/commits/e8208913459d95d4c03b4e0c348e53e6f219ec5c
+
+---
+ logrotate.c | 23 ++++++++++++++++++++---
+ 1 file changed, 20 insertions(+), 3 deletions(-)
+
+diff --git a/logrotate.c b/logrotate.c
+index 2e315b9..6bc8ad5 100644
+--- a/logrotate.c
++++ b/logrotate.c
+@@ -167,18 +167,35 @@ int switch_user(uid_t user, gid_t group) {
+ }
+ 
+ static int switch_user_permanently(const struct logInfo *log) {
+-    gid_t group = getegid();
+-    uid_t user = geteuid();
++    const gid_t group = getegid();
++    const uid_t user = geteuid();
++
+     if (!(log->flags & LOG_FLAG_SU)) {
+         return 0;
+     }
+-    if (getuid() == user && getgid() == group)
++
++    if (user != log->suUid) {
++        message(MESS_ERROR, "current euid (%u) does not match uid of log configuration (%u)\n",
++                (unsigned) user, (unsigned) log->suUid);
++        return 1;
++    }
++    if (group != log->suGid) {
++        message(MESS_ERROR, "current egid (%u) does not match gid of log configuration (%u)\n",
++                (unsigned) group, (unsigned) log->suGid);
++        return 1;
++    }
++
++    /* we are already the final configuration specified user/group */
++    if (getuid() == user && getgid() == group) {
+         return 0;
++    }
++
+     /* switch to full root first */
+     if (setgid(getgid()) || setuid(getuid())) {
+         message(MESS_ERROR, "error getting rid of euid != uid\n");
+         return 1;
+     }
++
+     message(MESS_DEBUG, "switching uid to %u and gid to %u\n",
+             (unsigned) user, (unsigned) group);
+     if (setgid(group) || setuid(user)) {
+-- 
+2.27.0
+

backport-call-switch_user_back-on-early-return.patch

@@ -0,0 +1,41 @@
+From dc49327c5e55f488397c1e3f48b25fe2fc372e22 Mon Sep 17 00:00:00 2001
+From: cgzones <cgzones@googlemail.com>
+Date: Wed, 8 Apr 2020 17:07:08 +0200
+Subject: [PATCH] rotateLogSet: call switch_user_back on early return
+
+This patch is for fixing the issue of "switch_user_permanently: skip switchback check if switched to root"
+
+Conflict:NA
+Reference:https://github.com/logrotate/logrotate/pull/319/commits/dc49327c5e55f488397c1e3f48b25fe2fc372e22
+
+---
+ logrotate.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/logrotate.c b/logrotate.c
+index 55887a5..645105c 100644
+--- a/logrotate.c
++++ b/logrotate.c
+@@ -2294,6 +2294,9 @@ static int rotateLogSet(struct logInfo *log, int force)
+ 
+     if (state == NULL || rotNames == NULL) {
+         message(MESS_ERROR, "can not allocate memory\n");
++        if (log->flags & LOG_FLAG_SU) {
++             switch_user_back();
++        }
+         free(rotNames);
+         free(state);
+         free(logHasErrors);
+@@ -2314,6 +2317,9 @@ static int rotateLogSet(struct logInfo *log, int force)
+             rotNames[i] = malloc(sizeof(struct logNames));
+             if (rotNames[i] == NULL) {
+                 message(MESS_ERROR, "can not allocate memory\n");
++                if (log->flags & LOG_FLAG_SU) {
++                    switch_user_back();
++                }
+                 free(rotNames);
+                 free(state);
+                 free(logHasErrors);
+-- 
+2.27.0
+

backport-do-not-rotate-old-logs-on-prerotate-failure.patch

@@ -0,0 +1,45 @@
+From 5f24239f282b8c6291cf35ea5f871ed0ca6b2672 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Tue, 4 Apr 2023 17:49:06 +0200
+Subject: [PATCH] do not rotate old logs on prerotate failure
+
+Ensures old logs are preserved and not rotated out for logs with a
+failing prerotate script.
+
+Alternative to #502
+---
+ logrotate.c       | 14 ++++++++++----
+ 1 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/logrotate.c b/logrotate.c
+index f44b3851..d3ccb447 100644
+--- a/logrotate.c
++++ b/logrotate.c
+@@ -2476,10 +2476,6 @@ static int rotateLogSet(const struct logInfo *log, int force)
+                 return 1;
+             }
+             memset(rotNames[i], 0, sizeof(struct logNames));
+-
+-            logHasErrors[i] |=
+-                prerotateSingleLog(log, i, state[i], rotNames[i]);
+-            hasErrors |= logHasErrors[i];
+         }
+ 
+         if (log->pre
+@@ -2509,6 +2505,16 @@ static int rotateLogSet(const struct logInfo *log, int force)
+             }
+         }
+ 
++        for (i = j;
++             ((log->flags & LOG_FLAG_SHAREDSCRIPTS) && i < log->numFiles)
++             || (!(log->flags & LOG_FLAG_SHAREDSCRIPTS) && i == j); i++) {
++            if (! ( (logHasErrors[i] && !(log->flags & LOG_FLAG_SHAREDSCRIPTS))
++                    || (hasErrors && (log->flags & LOG_FLAG_SHAREDSCRIPTS)) ) ) {
++                logHasErrors[i] |= prerotateSingleLog(log, i, state[i], rotNames[i]);
++                hasErrors |= logHasErrors[i];
++            }
++        }
++
+         for (i = j;
+                 ((log->flags & LOG_FLAG_SHAREDSCRIPTS) && i < log->numFiles)
+                 || (!(log->flags & LOG_FLAG_SHAREDSCRIPTS) && i == j); i++) {

backport-improve-debug-logging.patch

@@ -0,0 +1,88 @@
+From bffe3d842399263b4566320572d781684b1c276e Mon Sep 17 00:00:00 2001
+From: cgzones <cgzones@googlemail.com>
+Date: Wed, 8 Apr 2020 16:38:14 +0200
+Subject: [PATCH] switch_user*: improve debug logging
+
+Print pid to distinguish processes.
+Print previous effective ids.
+
+This patch is for fixing the issue of "switch_user_permanently: skip switchback check if switched to root"
+
+Conflict:NA
+Reference:https://github.com/logrotate/logrotate/pull/319/commits/bffe3d842399263b4566320572d781684b1c276e
+
+---
+ logrotate.c | 31 +++++++++++++++++--------------
+ 1 file changed, 17 insertions(+), 14 deletions(-)
+
+diff --git a/logrotate.c b/logrotate.c
+index 6bc8ad5..55887a5 100644
+--- a/logrotate.c
++++ b/logrotate.c
+@@ -156,11 +156,12 @@ int switch_user(uid_t user, gid_t group) {
+     save_euid = geteuid();
+     if (save_euid == user && save_egid == group)
+         return 0;
+-    message(MESS_DEBUG, "switching euid to %u and egid to %u\n",
+-            (unsigned) user, (unsigned) group);
++    message(MESS_DEBUG, "switching euid from %u to %u and egid from %u to %u (pid %d)\n",
++            (unsigned) save_euid, (unsigned) user, (unsigned) save_egid, (unsigned) group, getpid());
+     if (setegid(group) || seteuid(user)) {
+-        message(MESS_ERROR, "error switching euid to %u and egid to %u: %s\n",
+-                (unsigned) user, (unsigned) group, strerror(errno));
++        message(MESS_ERROR, "error switching euid from %u to %u and egid from %u to %u (pid %d): %s\n",
++                (unsigned) save_euid, (unsigned) user, (unsigned) save_egid, (unsigned) group, getpid(),
++                strerror(errno));
+         return 1;
+     }
+     return 0;
+@@ -175,13 +176,13 @@ static int switch_user_permanently(const struct logInfo *log) {
+     }
+ 
+     if (user != log->suUid) {
+-        message(MESS_ERROR, "current euid (%u) does not match uid of log configuration (%u)\n",
+-                (unsigned) user, (unsigned) log->suUid);
++        message(MESS_ERROR, "current euid (%u) does not match uid of log configuration (%u) (pid %d)\n",
++                (unsigned) user, (unsigned) log->suUid, getpid());
+         return 1;
+     }
+     if (group != log->suGid) {
+-        message(MESS_ERROR, "current egid (%u) does not match gid of log configuration (%u)\n",
+-                (unsigned) group, (unsigned) log->suGid);
++        message(MESS_ERROR, "current egid (%u) does not match gid of log configuration (%u) (pid %d)\n",
++                (unsigned) group, (unsigned) log->suGid, getpid());
+         return 1;
+     }
+ 
+@@ -192,20 +193,22 @@ static int switch_user_permanently(const struct logInfo *log) {
+ 
+     /* switch to full root first */
+     if (setgid(getgid()) || setuid(getuid())) {
+-        message(MESS_ERROR, "error getting rid of euid != uid\n");
++        message(MESS_ERROR, "error getting rid of euid != uid (pid %d): %s\n",
++                getpid(), strerror(errno));
+         return 1;
+     }
+ 
+-    message(MESS_DEBUG, "switching uid to %u and gid to %u\n",
+-            (unsigned) user, (unsigned) group);
++    message(MESS_DEBUG, "switching uid to %u and gid to %u permanently (pid %d)\n",
++            (unsigned) user, (unsigned) group, getpid());
+     if (setgid(group) || setuid(user)) {
+-        message(MESS_ERROR, "error switching euid to %u and egid to %u: %s\n",
+-                (unsigned) user, (unsigned) group, strerror(errno));
++        message(MESS_ERROR, "error switching uid to %u and gid to %u (pid %d): %s\n",
++                (unsigned) user, (unsigned) group, getpid(), strerror(errno));
+         return 1;
+     }
+ 
+     if (user != ROOT_UID && setuid(ROOT_UID) != -1) {
+-        message(MESS_ERROR, "failed to switch user permanently, able to switch back\n");
++        message(MESS_ERROR, "failed to switch user permanently, able to switch back (pid %d)\n",
++                getpid());
+         return 1;
+     }
+ 
+-- 
+2.27.0
+

backport-skip-switchback-check-if-switched-to-root.patch

@@ -0,0 +1,39 @@
+From bf18aec66a2a8bc0c3ef56c6be41846076c8a3f1 Mon Sep 17 00:00:00 2001
+From: cgzones <cgzones@googlemail.com>
+Date: Wed, 8 Apr 2020 16:38:00 +0200
+Subject: [PATCH] switch_user_permanently: skip switchback check if switched to
+ root
+
+Allow switching only the real group (not the user) with a configuration
+like `su root somegroup`.
+E.g. mailman uses `su root list`, which currently fails with:
+    error: failed to switch user permanently, able to switch back
+    error: failed to compress log /var/log/mailman/qrunner.1
+
+Fixes: a0b05e42a590efa3e575dd2001b6aa390a79c769 ("switch_user_permanently: check if switchback is possible")
+
+This patch is for fixing the issue of "switch_user_permanently: skip switchback check if switched to root"
+
+Conflict:NA
+Reference:https://github.com/logrotate/logrotate/pull/319/commits/bf18aec66a2a8bc0c3ef56c6be41846076c8a3f1
+
+---
+ logrotate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/logrotate.c b/logrotate.c
+index 25902bc..2e315b9 100644
+--- a/logrotate.c
++++ b/logrotate.c
+@@ -187,7 +187,7 @@ static int switch_user_permanently(const struct logInfo *log) {
+         return 1;
+     }
+ 
+-    if (setuid(ROOT_UID) != -1) {
++    if (user != ROOT_UID && setuid(ROOT_UID) != -1) {
+         message(MESS_ERROR, "failed to switch user permanently, able to switch back\n");
+         return 1;
+     }
+-- 
+2.27.0
+

logrotate.spec

@@ -2,11 +2,19 @@
 
 Name: logrotate
 Version: 3.16.0
-Release: 1
+Release: 6
 Summary: simplify the administration of log files
 License: GPLv2+
 Url: https://github.com/logrotate/logrotate
 Source0: https://github.com/logrotate/logrotate/releases/download/%{version}/logrotate-%{version}.tar.xz
+
+Patch6000:      backport-skip-switchback-check-if-switched-to-root.patch
+Patch6001:      backport-add-sanity-check.patch
+Patch6002:      backport-improve-debug-logging.patch
+Patch6003:      backport-call-switch_user_back-on-early-return.patch
+Patch6004:      backport-Also-check-seteuid-fails-after-dropping-privileges.patch
+Patch6005:      backport-do-not-rotate-old-logs-on-prerotate-failure.patch
+
 BuildRequires: acl gcc automake libacl-devel libselinux-devel popt-devel
 Requires: coreutils
 
@@ -57,7 +65,6 @@ fi
 %files
 %defattr(-,root,root)
 %license COPYING
-%dir %{_sysconfdir}/cron.daily
 %config(noreplace) %{_sysconfdir}/cron.daily/logrotate
 %config(noreplace) %{_sysconfdir}/logrotate.conf
 %dir %{_sysconfdir}/logrotate.d
@@ -73,6 +80,27 @@ fi
 %{_mandir}/man5/logrotate.conf.5*
 
 %changelog
+* Thu Jan 11 2024 hanhuihui <hanhuihui5@huawei.com> - 3.16.0-6
+- do not pack directories belonging to other packages
+
+* Mon Jun 5 2023 hanhuihui <hanhuihui5@huawei.com> - 3.16.0-5
+- do not rotate old logs on prerotate failure
+
+* Tue Mar 29 2022 dongyuzhen <dongyuzhen@h-partners.com> - 3.16.0-4
+- fix switch_user_permanently: skip switchback check if switched to root 
+
+* Fri Jun 11 2021 shixuantong <shixuantong@huawei.com> - 3.16.0-3
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:revert Solution to the failure of SUT full upgrade
+
+* Fri Jun 11 2021 shixuantong <shixuantong@huawei.com> - 3.16.0-2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:Solution to the failure of SUT full upgrade
+
 * Fri Apr 24 2020 BruceGW <gyl93216@163.com> - 3.16.0-1
 - update upstream to 3.16.0