Ubuntu
frr package

Merge ~ahasenack/ubuntu/+source/frr:lunar-frr-syslog-user-not-present into ubuntu/+source/frr:ubuntu/devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/frr
  3. lunar-frr-syslog-user-not-present
  4. Merge into ubuntu/devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: 50011f5f8f56ba8d90fb3afac05e3dd858efd8f6
Proposed branch: ~ahasenack/ubuntu/+source/frr:lunar-frr-syslog-user-not-present
Merge into: ubuntu/+source/frr:ubuntu/devel
Diff against target: 69 lines (+30/-20)
2 files modified
debian/changelog (+8/-0)
debian/frr.postinst (+22/-20)
Reviewer Review Type Date Requested Status
git-ubuntu bot Approve
Lucas Kanashiro (community) Approve
Canonical Server Reporter Pending
Review via email: mp+432329@code.launchpad.net

Description of the change

Don't take any action if the syslog user does not exist, as that is a strong indication of local configuration changes, and our chown (later on) would not work anyway.

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/frr-no-syslog/

The linked bug has the SRU details filled in, including test cases and other information like a justification.

Diff review hint: use "git show -w HEAD^" to ignore whitespace changes.

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) :
review: Approve
Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, lucaskanashiro
Uploaders: ahasenack, lucaskanashiro
MP auto-approved

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, uploaded:

Uploading frr_8.1-1ubuntu4.dsc
Uploading frr_8.1-1ubuntu4.debian.tar.xz
Uploading frr_8.1-1ubuntu4_source.buildinfo
Uploading frr_8.1-1ubuntu4_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 6a923e5..718cacf 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,11 @@
6+frr (8.1-1ubuntu4) lunar; urgency=medium
7+
8+ * d/frr.postinst: don't change log ownership if the syslog user
9+ doesn't exist. Thanks to Alessandro Ratti
10+ <alessandro.ratti@exoscale.ch> for the fix (LP: #1991812).
11+
12+ -- Andreas Hasenack <andreas@canonical.com> Fri, 28 Oct 2022 11:35:27 -0300
13+
14 frr (8.1-1ubuntu3) kinetic; urgency=medium
15
16 * SECURITY UPDATE: DoS via out-of-bounds read
17diff --git a/debian/frr.postinst b/debian/frr.postinst
18index 382edcb..7152e62 100644
19--- a/debian/frr.postinst
20+++ b/debian/frr.postinst
21@@ -50,26 +50,28 @@ done
22 # fix logging for Ubuntu, which does not run rsyslog as root (LP: #1958162),
23 # and upgrades from quagga (what the block above used to do also for /var/log)
24
25-# frr user was created above, this really shouldn't fail
26-frruid=`getent passwd frr | cut -d : -f 3`
27-frrgid=`getent group frr | cut -d : -f 3`
28-
29-find \
30- /var/log/frr \
31- \( -uid 0 -o -uid $quaggauid -o -uid $frruid \) -a \
32- \( -gid 0 -o -gid $quaggauid -o -gid $frrgid \) | \
33- while read filename; do
34-
35- # don't chown anything that has ACLs (but don't fail if we don't
36- # have getfacl)
37- if { getfacl -c "$filename" 2>/dev/null || true; } \
38- | egrep -q -v '^((user|group|other)::|$)'; then
39- :
40- else
41- chown syslog:adm "$filename"
42- chmod o-rwx "$filename"
43- fi
44-done
45+if getent passwd syslog > /dev/null; then
46+ # frr user was created above, this really shouldn't fail
47+ frruid=`getent passwd frr | cut -d : -f 3`
48+ frrgid=`getent group frr | cut -d : -f 3`
49+
50+ find \
51+ /var/log/frr \
52+ \( -uid 0 -o -uid $quaggauid -o -uid $frruid \) -a \
53+ \( -gid 0 -o -gid $quaggauid -o -gid $frrgid \) | \
54+ while read filename; do
55+
56+ # don't chown anything that has ACLs (but don't fail if we don't
57+ # have getfacl)
58+ if { getfacl -c "$filename" 2>/dev/null || true; } \
59+ | egrep -q -v '^((user|group|other)::|$)'; then
60+ :
61+ else
62+ chown syslog:adm "$filename"
63+ chmod o-rwx "$filename"
64+ fi
65+ done
66+fi
67
68 # fix misconfigured vtysh.conf & frr.conf ownership caused by config save
69 # mishandling in earlier FRR (and Quagga) versions

Subscribers

People subscribed via source and target branches