Bug#535523: marked as done (lighttpd.logrotate: do not start lighttpd (through "reload") if it is not running currently)

Fri, 10 Jul 2009 03:00:42 -0700 

Your message dated Fri, 10 Jul 2009 09:32:29 +0000
with message-id <[email protected]>
and subject line Bug#535523: fixed in lighttpd 1.4.23-1
has caused the Debian Bug report #535523,
regarding lighttpd.logrotate: do not start lighttpd (through "reload") if it is 
not running currently
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
535523: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535523
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: lighttpd
Version: 1.4.22-1
Severity: important
Tags: patch
User: [email protected]
Usertags: origin-ubuntu karmic ubuntu-patch

>From https://launchpad.net/bugs/393792:
"""
The logrotate script of lighttpd does a lighttpd reload, which is what it 
should do, but if I stop the lighttpd daemon manually I certainly do NOT want 
it to be started again by the log rotation. reload should NOT start a daemon if 
it is not running IMO.

restart -> stop and start
reload -> reload config (for some this is also stop/start, but it should only 
be executed if the daemon was running before.)

This is a security issue, because if someone does not know that and 
intentionally stops the server for some reason and wants to leave it that way 
eg. for testing or so, the server gets started and may run with faulty 
software. (happened to me)
"""

Please note that e.g. "apache2ctl graceful" will start apache, if it is not 
running, too.
However, the PID file gets removed when stopping and therefore Apache's 
logrotate script (which includes the same "is the pidfile there" check), won't 
start Apache, if it is not running currently.

I could not find any information about if "reload" should start a service; the 
most sane fix for this problem appears to add the check in the logrotate script.

*** /tmp/tmpOYo0z1
In Ubuntu, we've applied the attached patch to achieve the following:

  * debian/lighttpd.logrotate: check if lighttpd is running, before
    calling reload, which would start the daemon if it is not running
    currently (LP: #393792)

We thought you might be interested in doing the same. 

diff -u lighttpd-1.4.22/debian/lighttpd.logrotate lighttpd-1.4.22/debian/lighttpd.logrotate
--- lighttpd-1.4.22/debian/lighttpd.logrotate
+++ lighttpd-1.4.22/debian/lighttpd.logrotate
@@ -7,7 +7,7 @@
         notifempty
         sharedscripts
         postrotate
-           if [ -f /var/run/lighttpd.pid ]; then \
+           if [ -f /var/run/lighttpd.pid ] && ps --pid $(cat /var/run/lighttpd.pid) > /dev/null 2>&1; then \
              if [ -x /usr/sbin/invoke-rc.d ]; then \
                 invoke-rc.d lighttpd reload > /dev/null 2>&1; \
              else \

--- End Message ---
--- Begin Message --- 
Source: lighttpd
Source-Version: 1.4.23-1

We believe that the bug you reported is fixed in the latest version of
lighttpd, which is due to be installed in the Debian FTP archive:

lighttpd-doc_1.4.23-1_all.deb
  to pool/main/l/lighttpd/lighttpd-doc_1.4.23-1_all.deb
lighttpd-mod-cml_1.4.23-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-cml_1.4.23-1_i386.deb
lighttpd-mod-magnet_1.4.23-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-magnet_1.4.23-1_i386.deb
lighttpd-mod-mysql-vhost_1.4.23-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.23-1_i386.deb
lighttpd-mod-trigger-b4-dl_1.4.23-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.23-1_i386.deb
lighttpd-mod-webdav_1.4.23-1_i386.deb
  to pool/main/l/lighttpd/lighttpd-mod-webdav_1.4.23-1_i386.deb
lighttpd_1.4.23-1.diff.gz
  to pool/main/l/lighttpd/lighttpd_1.4.23-1.diff.gz
lighttpd_1.4.23-1.dsc
  to pool/main/l/lighttpd/lighttpd_1.4.23-1.dsc
lighttpd_1.4.23-1_i386.deb
  to pool/main/l/lighttpd/lighttpd_1.4.23-1_i386.deb
lighttpd_1.4.23.orig.tar.gz
  to pool/main/l/lighttpd/lighttpd_1.4.23.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Krzysztof Krzyżaniak (eloy) <[email protected]> (supplier of updated lighttpd 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 09 Jul 2009 11:24:16 +0200
Source: lighttpd
Binary: lighttpd lighttpd-doc lighttpd-mod-mysql-vhost 
lighttpd-mod-trigger-b4-dl lighttpd-mod-cml lighttpd-mod-magnet 
lighttpd-mod-webdav
Architecture: source i386 all
Version: 1.4.23-1
Distribution: unstable
Urgency: low
Maintainer: Debian lighttpd maintainers 
<[email protected]>
Changed-By: Krzysztof Krzyżaniak (eloy) <[email protected]>
Description: 
 lighttpd   - A fast webserver with minimal memory footprint
 lighttpd-doc - Documentation for lighttpd
 lighttpd-mod-cml - Cache meta language module for lighttpd
 lighttpd-mod-magnet - Control the request handling module for lighttpd
 lighttpd-mod-mysql-vhost - MySQL-based virtual host configuration for lighttpd
 lighttpd-mod-trigger-b4-dl - Anti-deep-linking module for lighttpd
 lighttpd-mod-webdav - WebDAV module for lighttpd
Closes: 535523
Changes: 
 lighttpd (1.4.23-1) unstable; urgency=low
 .
   * New upstream release
   * spawn-fcgi is now separate package, recommends it debian/control
   * Update Standards-Version to 3.8.2 without changes
   * Remove cdbs, patchutils from Build-Depends, debian/rules uses
     debhelper 7 scripts
   * lighttpd.logrotate apply patch (closes: #535523)
     from Ubuntu (Daniel Hahler, https://launchpad.net/bugs/393792)
Checksums-Sha1: 
 c1cb07bce79a4f91d9c01f945845471c908e7c52 1651 lighttpd_1.4.23-1.dsc
 37f8b4827d7a1f69812d8185fcecf72277020876 803422 lighttpd_1.4.23.orig.tar.gz
 bed9a9a8d5b6f877310679e5a61677c65c06143d 23391 lighttpd_1.4.23-1.diff.gz
 c9ccd844cfe6cde4d42922c11a55ecd434baec41 289500 lighttpd_1.4.23-1_i386.deb
 916411d968acf1c73fdf7e85e930bac466168a26 98130 lighttpd-doc_1.4.23-1_all.deb
 560c8f029684d83e080c137f57c97b147e201c6e 53544 
lighttpd-mod-mysql-vhost_1.4.23-1_i386.deb
 55c1d0bff52dd0d66fceb288646b518d51d8de83 55282 
lighttpd-mod-trigger-b4-dl_1.4.23-1_i386.deb
 78ce1d711d44be4d77a77f231c3ed48ae4bc36e8 58270 
lighttpd-mod-cml_1.4.23-1_i386.deb
 1298a761575f8b002a9991a060684e95296c69f8 58340 
lighttpd-mod-magnet_1.4.23-1_i386.deb
 bbcd030c946c0612e04fd6e121bbe0b8bf93aa0b 65708 
lighttpd-mod-webdav_1.4.23-1_i386.deb
Checksums-Sha256: 
 767bae25c7fbc1a7119b716834ef78aed8434a9efee582890f2c31ac1dd5fdbb 1651 
lighttpd_1.4.23-1.dsc
 8555db22ed7d429160701555611d8cd5eff42fc7e6e3ad3b050279c9b2145469 803422 
lighttpd_1.4.23.orig.tar.gz
 6e9a4122a652bd2bd064929a4c99afdae1a6323830cee6e7191d2d9de7535de8 23391 
lighttpd_1.4.23-1.diff.gz
 0ed578b97b22b0d06191c3329401f13f5c1a1347c564cecf601475e2b72752e5 289500 
lighttpd_1.4.23-1_i386.deb
 6408440106e42818995d84c9eef71592e7cc996ee639d62884fab82c1e4f741a 98130 
lighttpd-doc_1.4.23-1_all.deb
 938aaf6f05e3a256546d84936a8bc9eabf582b3f2f8e91b1df1ae86f287d63c4 53544 
lighttpd-mod-mysql-vhost_1.4.23-1_i386.deb
 19dde738b82fb691cb1c0d875830d952f8c473a8f7cc55ec11ed8b1cd4600359 55282 
lighttpd-mod-trigger-b4-dl_1.4.23-1_i386.deb
 6325b1fe2903c5db794905496b7fce76552b52f714d963d95437dabd8188acae 58270 
lighttpd-mod-cml_1.4.23-1_i386.deb
 1e40665e8e0a76937e3c2360d0c4ffa978002a376068e1a5d4158d70ff464fdc 58340 
lighttpd-mod-magnet_1.4.23-1_i386.deb
 b0b7e5d0571423d0fa0dfdaf902f40d532d57a20a8534f65c059e57cdb194846 65708 
lighttpd-mod-webdav_1.4.23-1_i386.deb
Files: 
 638215017fce456ee5d4d519a1ed1e80 1651 web optional lighttpd_1.4.23-1.dsc
 41dfad5c366d34d83c3d2b46d4c08f5c 803422 web optional 
lighttpd_1.4.23.orig.tar.gz
 dc821d012dc991f1f92de965081e3a68 23391 web optional lighttpd_1.4.23-1.diff.gz
 eb7eab36cc1d93b2f0206306a6dd1908 289500 web optional lighttpd_1.4.23-1_i386.deb
 ee3be6dd1fc7a8c2712bb4464f8d5f37 98130 doc optional 
lighttpd-doc_1.4.23-1_all.deb
 6b3140f37192e496de59c09843c2a2a8 53544 web optional 
lighttpd-mod-mysql-vhost_1.4.23-1_i386.deb
 804cebc8a50524f712ad8753cf6c7e96 55282 web optional 
lighttpd-mod-trigger-b4-dl_1.4.23-1_i386.deb
 2452abcbfb59fe370cce6db6e3f65ae3 58270 web optional 
lighttpd-mod-cml_1.4.23-1_i386.deb
 4782db1582e0f59598c41ea651ee1e0c 58340 web optional 
lighttpd-mod-magnet_1.4.23-1_i386.deb
 ff02ca77f2ac192d3f15b19eb21bd6dc 65708 web optional 
lighttpd-mod-webdav_1.4.23-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpXBaYACgkQy+HP4f7iC8sprQCdGhMG13ty3LeFp+oLnV81srkq
2TAAn0yGf9nGqYwmFrs5MAX+QSFXPvra
=Sxsc
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to